Abstract: Various embodiments are directed to an example apparatus, computer-implemented method, and computer program product for rapid machine learning in a data-constrained environment. Such embodiments may include using a decision space generation model to generate candidate content data objects based on content generation objectives. Such embodiments may further include generating a first plurality of rated content data objects for a first target client based on a first experimental classification group and generating a second plurality of rated content data objects for a second target client based on a second experimental classification group. Such embodiments may further generate, based on a learning model, the first experimental classification group, and the second experimental classification group, a custom output content set including one or more of the first plurality of rated content data objects and one or more of the second plurality of rated content data objects.

Abstract: A method of investigating a host computer uses an investigation system remote to the host computer. The investigation system includes at least one computer system. The method includes establishing a connection with the remote host computer, and sending at least one investigative module to the host computer. The at least one investigative module is configured to run on the host computer to perform at least one investigative function on the host computer. The at least one investigative module includes an agentless computer program configured to run on the host computer to perform at least one investigative function on the host computer to investigate the host computer to ascertain if the host computer has any data or process (hereinafter collectively referred to as data forms) with suspicious attributes.

Abstract: Various embodiments of the present invention provide a system and method for open digital media distribution. According to one embodiment, a system is provided which performs the operations of: creating a profile (e.g., artist or label profile) based on an input from a first party; receiving a digital media upload from the first party, wherein the digital media upload contains media content and the first party has a property interest in the media content; receiving from the first party an assignment of a payment account to the digital media upload, such that money from sales relating to the digital media upload is deposited into the payment account; receiving from the first party a sales parameters associated with the digital media upload; presenting through a computing device the digital media upload for sale to a second party; and selling the digital media upload to the second party through a computing device.

Abstract: A digital object is associated with a smart contract that stores a first hash value to represent a user device used to acquire ownership of the digital object. When a request to transfer ownership of the digital object from a first user to a second user is received, a user account of the first user is accessed to retrieve information identifying a user device associated with the user account of the first user. The first hash value in the smart contract is authenticated based on the information representing the first user's device. If the first hash value is determined to match the user device information stored in the first user's account, a token representing the digital object is transferred to a wallet associated with the second user. The smart contract is updated to include a second hash value that represents a user device used by the second user to request the ownership transfer of the digital object.

Abstract: An information processing apparatus includes circuitry to read identification information of an application and a program of the application from a recording medium; generate license information using unique information assigned to the information processing apparatus, the identification information, and the program; and store the generated license information in the recording medium. The license information is for using the application on the information processing apparatus.

Abstract: The present application discloses a method, system, and computer system for deleting, auditing, and/or performing disaster recovery for personal identifiable information (PII). The method includes determining to delete from a dataset PII data corresponding to an individual, determining a PII key associated with the individual, and performing a lookup with respect to the dataset for PII data associated with the individual using the PII key.

Abstract: A system and method for applying a policy on a network path is presented. The method includes: selecting a reachable resource having a network path to access the reachable resource, wherein the reachable resource is deployed in a cloud computing environment, having access to an external network; actively inspecting an external network path to determine if the network path of the reachable resource is accessible from the external network; determining that the network path is a valid path, in response to determining that the reachable resource is accessible from the external network path; applying a policy on the valid path; and initiating a mitigation action, in response to determining that the policy is violated.

Abstract: The application discloses a method of data processing based on a cloud document component, which can be executed by the first client. The first client may send an access token to the cloud document component, to cause the cloud document component to perform authentication on the first client. After the cloud document component receives the access token, authentication can be performed on the first client with the access token. After the cloud document component confirms that the first client has passed the authentication, the first client can load a cloud document in the first client with the cloud document component in response to the cloud document component determining that the first client has passed the authentication. The cloud document component can load the cloud document with a first component provided by the first client, and the first component can provide a capability of rendering a web page.

Abstract: According to computerized methods of distributing software and data, software components may be distributed electronically for execution in controlled environments. Such a controlled environment may, for example, restrict the components' ability to communicate through a network to one or more specified hosts. When a component requests data, such as a stream of financial data, the request may specify a source of the data, and the request may be granted or denied by the distributor based on whether the specified source is an authorized source of the data and/or whether the requested data is available from an authorized source.

Abstract: An information processing device comprising a processor configured to determine a first timing designated for a product registered as a purchased product. The processor is also configured to determine a first registration position where the product is designated. The processor is also configured to determine a second timing designated for the product. The processor is also configured to determine a second registration position where the product is designated. The processor is also configured to determine, based on the first timing, the first registration position, the second timing, and the second registration position, a first reliability of the first registration position. The processor is also configured to generate first tracking data relating to the product by associating the second timing, the second registration position, and the first reliability.

Abstract: Interaction events collected across disparate customer communication channels of an enterprise are processed to generate an encoded unique content item identifier for each content item referenced in an interaction event such that the content item is resolvable to a location in a content repository. A training data set is built using the interaction events thus processed and a multi-channel content recommendation model is trained using the training data set. The multi-channel content recommendation model thus trained stores data points representing intersections of customers and content items that the enterprise has been tracking, with each data point having an effectiveness score for an associated content item.

Abstract: A method, system and computer program product are configured to access data, the data including a plurality of attributes, classify each of the attributes into one of a plurality of classifications, receive a privacy objective and a utility objective, determine a data transformation to achieve the privacy objective and the utility objective, apply the data transformation to the data, wherein the data transformation is applied to at least one of the attributes of the data based on the classifications to produce selectively modified data, iteratively refine data transformations through adjustment of utility objectives, and present the data for disclosure.

Abstract: A display apparatus with increased security performance, for using the resources of a restricted secure world (SW), and/or an operation method thereof. The display apparatus may include a display, and a controller including at least one processor configured to perform one or more instructions to separately run a normal operating system (OS) and a secure OS, which are respectively executed in a normal world (NWD) and an SWD corresponding to a TrustZone.

Abstract: A monitoring method and system for secure conveying are provided. In a process of conveying a confidential document or item by a secure conveying device, a conveying path of the secure conveying device can be monitored in real time, and a distance between the secure conveying device and an accompanying person can also be monitored in real time. In a case where the secure conveying device neither deviates from a predetermined path nor is separated from the accompanying person, safe opening of the secure conveying device is ensured through a combination of open time, an open position, and open authorization information, thereby ensuring security of the confidential document or item conveyed by the secure conveying device.

Abstract: Existing systems provide data selection for one differential technique considering an analytical problem or synthetic data but not an arrangement for selection of one or more techniques together. The embodiments herein provide a method and system for differential privacy enabled service with hybrid rule management and similarity metrics to select data. The system generates a query table called universal data from the associates tables and databases. The system further based on query on the universal table of single columns or selected columns with different parameters using different privacy rules generates differential private data stored in temp tables/views. The system retrieves queried data of different techniques and parameters interactively viewing the privacy and similarity of each data types of retrieved data with universal data using different metrics like bar charts, Histograms, average, std.

Abstract: Systems and techniques for privacy preserving document analysis are described that derive insights pertaining to a digital document without communication of the content of the digital document. To do so, the privacy preserving document analysis techniques described herein capture visual or contextual features of the digital document and creates a stamp representation that represents these features without included the content of the digital document. The stamp representation is projected into a stamp embedding space based on a stamp encoding model generated through machine learning techniques capturing feature patterns and interaction in the stamp representations. The stamp encoding model exploits these feature interactions to define similarity of source documents based on location within the stamp embedding space. Accordingly, the techniques described herein can determine a similarity of documents without having access to the documents themselves.

Abstract: In some embodiments, a processor receives, via an interface, natural language data associated with a user request for performing an identified computational task associated with a cybersecurity management system. The processor is configured to provide the natural language data as input to a machine learning (ML) model. The ML model is configured to automatically infer a template query based on the natural language data. The processor is further configured to cause the template query to be displayed, via the interface. The processor is further configured to receive, via the interface, user input indicating a finalized query associated with the identified computational task, and to provide the finalized query as input to a system configured to perform the identified computational task. The processor is further configured to modify a security setting in the cybersecurity management system based on the performance of the identified computational task.

Abstract: A method includes: generating, based on a hash function using at least one input including first data, a first digest; storing the first data in a memory; reading the first data from the memory; generating, based on the read data, a second digest; comparing the first digest and the second digest; and determining, based on comparing the first digest and the second digest, whether the read data is corrupted.

Abstract: Methods of referencing row access policy (RAP) protected mapping tables in a RAP for a data table are disclosed herein. An example method of referencing a mapping table in a data table using nested RAP includes defining, by a processing device, a first access policy for the mapping table to control access by specific users or under specific conditions. The processing device further defines a second access policy attached to the data table referencing the mapping table. The processing device in response to a query, executes the second access policy of the data table to provide a response or operation of data associated with the data table and the mapping table. Executing the second access policy invokes executing the first access policy of the mapping table. The executing of both the second access policy of the data table and the first access policy of the mapping table are recorded.

Abstract: Methods and systems for managing operation of data processing systems are disclosed. To manage operation of the data processing systems, the data processing systems may present unified communication and management systems. The unified communication and management systems may be used to manage the operation of any number of management controller embedded devices hosted by the data processing systems. The unified communication and management systems may be implemented using access to the management controller embedded devices.

Abstract: A method of protecting an endpoint against a security threat detected at the endpoint, wherein the endpoint includes, in memory pages of the endpoint, an operating system (OS), a separate software entity, and remediation code, includes the steps of: transferring control of virtual CPUs (vCPUs) of the endpoint from the OS to the separate software entity; and while the separate software entity controls the vCPUs, storing, in an interrupt dispatch table, an instruction address corresponding to an interrupt, wherein the remediation code is stored at the instruction address, and replacing a next instruction to be executed by the OS, with an interrupt instruction, wherein the interrupt is raised when the OS executes the interrupt instruction, and the remediation code is executed as a result of handling of the interrupt that is raised.

Abstract: Presented herein are techniques to facilitate fast roaming between a mobile network operator-public (MNO-public) wireless wide area (WWA) access network and an enterprise private WWA access network. In one example, a method is provided that may include generating, by an authentication node, authentication material for a user equipment (UE) based on the UE being connected to a public WWA access network, wherein the public WWA access network is associated with a mobile network operator, and the authentication node and the UE are associated with an enterprise entity; obtaining, by the authentication node, an indication that the UE is attempting to access a private WWA access network associated with the enterprise entity; and providing, by the authentication node, the authentication material for the UE, wherein the authentication material facilitates connection establishment between the UE and the private WWA access network.

Abstract: The embodiments disclose a publisher website consent management system including a publisher website having a graphical user interface configured to display medical product content information, a first and second publisher-partner computer wirelessly coupled to the publisher website to provide medical product content information, a first and second rules set having first and second consent form parameters coupled to the publisher website configured to generate healthcare professional consent forms, a processor coupled to the publisher website configured to generate first and second consent codes to identify the types of medical product content information that has received the HCP end user consent to be displayed on the HCP end user's digital devices, and a consent database coupled to the publisher website to store the first and second consent codes configured to filter the types of medical product content information that have received acceptance or rejection of consent from the HCP end user.

Abstract: Systems, methods and computer readable products are provided for enabling dynamic loading of one or more digital image branding functions associated with one or more distribution rules. A distribution rule is used to target a group of end users that are selected from a dataset mapping a plurality of end-users according to one or more distribution rules. Instructions are forwarded to present an indication the digital image branding function to each member of the end users group.

Abstract: Systems and methods for connecting applications based on exchanged information are disclosed. According to one embodiment, a method may include: (1) receiving, by a data mining computer program, application information for a plurality of applications in an organization; (2) receiving, by the data mining computer program, application details for each application comprising application programmable interface (API) used by each application; (3) receiving, by the data mining computer program, API information for each API in the application details; (4) populating, by the data mining computer program, an application data objects table for each application; (5) creating, by the data mining computer program, parent-child relationships for the plurality of applications based on the application data objects table; and (6) generating, by the data mining computer program, an application dependency graph for the parent-child relationships.

Abstract: Certain aspects of the present disclosure provide techniques for enhancing vehicle operations safety using coordinating vehicle platooning or enhancing platooning safety against location spoofing attacks. In one example, a source user equipment (UE) detects a potential spoofing event associated with location information being altered in an unauthorized manner, the source UE may transmit a request to a platoon control system (PCS) to join a vehicle platoon. In another example, a first UE associated with a lead vehicle in an existing platoon may detect a potential spoofing event associated with location information being altered in an unauthorized manner. The lead vehicle may transmit to a second UE of another vehicle in the platoon an indication of the detection and a request to exchange the respective roles in the platoon. The PCS may also monitor the conditions of the first and the second UEs, and arrange for the platoon reorganization.

Abstract: The present disclosure relates to a system, method, and computer program for restoring extracted data to a cloud-based application. The system extracts a copy of data associated with a cloud-based application. The system provides a user interface that enables a user to enter a restoration flow for restoring the extracted data to the cloud-based application, where the restoration flow includes one or more routines for execution. The system receives a restoration flow comprising a pre-restoration routine and a restoration routine, where the pre-restoration routine specifies one or more data transformations to render the extracted data compatible with a restoration to the cloud-based application. The system executes the pre-restoration routine to transform the extracted data to be compatible with a restoration to the cloud-based application. The system executes the restoration routine to restore the transformed data to the cloud-based application.

Abstract: In an embodiment, an application is created on a data-provider platform. The application includes one or more application programming interfaces (APIs) corresponding to one or more underlying code blocks. Provider data is shared with the application on the data-provider platform. An application instance of the application is installed in a trusted execution environment (TEE). The application instance includes one or more APIs corresponding to the one or more APIs in the application on the data-provider platform. Consumer data is shared with the application instance from a data-consumer platform. One or more of the APIs of the application instance are invoked to execute, on the TEE, respective associated underlying code blocks that are not visible on the TEE. The output of the one or more respective associated underlying code blocks is saved to the data-consumer platform.

Abstract: The present disclosure relates to systems and methods for providing cloud-based services securely to on-premises networks or other infrastructure. More particularly, the present disclosure relates to systems and methods for enriching first-party data (e.g., data collected directly by an on-premises server) stored within on-premises networks by enabling the on-premises networks to retrieve and process third-party data stored on cloud-based networks. As a technical benefit, cloud-based services can be performed on the first-party data within the on-premises networks.

Abstract: An example system includes a processor to receive an instance of a composite format comprising a masking restriction. The processor can generate a mask for the instance of the composite format based on the masking restriction. The processor can output the generated mask.

Abstract: A system includes a memory and processor. The memory stores code segment vulnerability findings that were generated through static application security testing (SAST). For a first code segment, a first vulnerability finding has been classified as a real vulnerability, and a second vulnerability finding has been classified as a false positive by external review. The processor generates a code fingerprint for each code segment, which corresponds to an abstract syntax tree that has been augmented by data flow information and flattened. The processor determines that the fingerprint for the first code segment matches the fingerprint for a second code segment and that the vulnerability findings for the first code segment match those for the second. In response, the processor automatically classifies a matching first vulnerability finding for the second code segment as the real vulnerability, and a matching second vulnerability finding for the second code segment as the false positive.

Abstract: In accordance with an embodiment, described herein are systems and methods for use with a microservices or other computing environment, including a web server together with related libraries and features usable to build cloud-native applications or services. The system provides, by means of a header enumeration, an abstraction that allows message headers to be treated as objects, accessible via an application program interface that supports multiple communication protocols and allows clients and servers to communicate request/response messages using any of the supported protocols. When a request message with a known header type is encountered, the system can obtain an indexed value from the enumeration, if available, and provide the associated data directly to the process to which the request is directed, and/or cache the header value for later use.

Abstract: In order to automatically classify data without using a classifier constructed by machine learning, an information processing apparatus (1) includes: a data acquiring section (11) for acquiring target data, which is data to be classified into one of a plurality of categories in a hierarchical structure; and a classifying section (12) for classifying the target data into one of the plurality of categories in accordance with (i) a matching degree indicating a degree to which the target data matches that category and (ii) an upper-level matching degree indicating a degree to which the target data matches an upper-level category of that category.

Abstract: A method for performing a power disturbing operation to reduce a success rate of cryptosystem power analysis attack, an associated cryptosystem processing circuit and an associated electronic device are provided.

Abstract: A system comprises a memory and a processing apparatus. The memory stores a collection of personal information data and a data catalog of the collection of personal information data. The processing apparatus executes generating the machine learning model according to a designated machine learning logic, based on personal information data, corresponding to designated metadata in the data catalog and a designated data range. And the processing apparatus, executes calculating a personal identification risk which shows a risk of a person being identified based on an output of the machine learning model. Then the processing apparatus executes outputting the machine learning model when the personal identification risk, does not exceed a predetermined threshold.

Abstract: Embodiments related to using a foundational model for network packet traces. A technique includes receiving network traffic of a network and extracting features from the network traffic, the features having a function related to communications in the network. The technique includes generating tokens from the features, each of the features corresponding to a respective one of the tokens, training a machine learning model by inputting the tokens, the machine learning model being trained to output contextual embeddings for the tokens, and using the contextual embeddings to determine an anomaly in the network traffic.

Abstract: The subject application relates to a method and server for handling streaming data, and includes: Obtaining a request for entering the live streaming as an invisible viewer; in response to obtaining the request, starting to provide a first user terminal of a first viewer with the streaming data for the live streaming while setting information on the first viewer invisible to other viewers and a streamer; and in response to detecting a first action of the first viewer in the live streaming, setting at least a part of the information visible to at least a part of the other viewers and the streamer. According to the subject application, it is possible to encourage further communication between the streamer and the viewer, and enhance user-user interactions through the live streaming.

Abstract: A system and method for automated cybersecurity defensive strategy analysis that predicts the evolution of new cybersecurity attack strategies and makes recommendations for cybersecurity improvements to networked systems based on a cost/benefit analysis. The system and method use machine learning algorithms to run simulated attack and defense strategies against a model of the networked system created using a directed graph. Recommendations are generated based on an analysis of the simulation results against a variety of cost/benefit indicators.

Abstract: A system and method including receiving, from a first user of a first service, an indication of a second service to integrate with the first service; correlating a presence of the first user of the first service with an identifier of the first user in the second service; receiving, from a second user of the first service, an indication of the second service to integrate with the first service; correlating a presence of the second user of the first service with an identifier of the second user in the second service; receiving, from the second service via an application programming interface, a replication of a statement of work generated by the second service and associated with the second user; and persisting the replication of the statement of work in a data store of the first service that is accessible by the first user of the first service.

Abstract: A method for privacy preserving data processing in a linked data operating environment wherein applications have secure and permissioned access in an interoperable manner to data that is stored in one or more online data stores. The method begins by creating a privacy preserving data processing (PPDP) agent for use by an entity to process the data in association with the online data stores. The PPDP agent is then subjected to a certification process that ensures that the PPDP agent does not exfiltrate any data from the online data stores. After a successful certification, and following registration of the agent with an agent repository, a secure PPDP environment is instantiated in association with the data stores and in which the PPDP agent is then configured to execute. The PPDP agent is then executed within the secure PPDP environment over a configured security context and life-cycle of the PPDP agent.

Abstract: Content data is registered in a file management system, an identifier of a user in the file management system is registered in blockchain data, and a right-holder terminal includes a permission request receiving unit that receives, from the file management system, permission request data for the content including an identifier of the user, a verification unit that verifies that the identifier of the user registered in the blockchain data corresponds to the identifier of the user included in the permission request data, and an permission issuing unit that transmits, to the file management system, permission data for permitting a use of the content by the user.

Abstract: Embodiments of the present disclosure relate to electronic lockout of a client device, specifically to managing electronic lockout of a client device associated with a claim process via a device protection program management system and third-party provider. In this regard, embodiments herein may process various data associated with determining whether to authorize a claim under a device protection program, and cause initiation of and/or termination of an electronic lockout of a client device depending on received data and/or lack of received data. In this regard, example embodiments include receiving a device claim request indication associated with a client device, where the client device is associated with a functionality lockout state; initiating a claim associated with the client device; causing initiation of an electronic lockout of the client device; processing the claim to determine whether to authorize the claim; and causing updating of the electronic lockout based on the determination.

Abstract: The present disclosure relates to a remote attestation in a network. Embodiments provide a method comprising: attesting a first node in a network, by a node adjacent to the first node in the network; and generating an attestation result of the first node. A plurality of attestation results of the first node generated by a plurality of nodes adjacent to the first node in the network are combined to determine a credibility of the first node. In such embodiments, a fixed verifier for other nodes is eliminated, and a risk of a collapse due to a failure of such fixed verifier may be avoided.

Abstract: Examples of the present disclosure describe systems and methods for discrete processor feature behavior collection and analysis. In aspects, a monitoring utility may initialize a set of debugging and/or performance monitoring feature sets for a microprocessor. When the microprocessor receives from software content a set of instructions that involves the loading of a set of modules or code segments, the set of modules or code segments may be evaluated by the monitoring utility. The monitoring utility may generate a process trace of the loaded set of modules or code segments. Based on the process trace output, various execution paths may be reconstructed in real-time. The system and/or API calls made by the microprocessor may then be compared to the process trace output to quickly observe the interaction between the software content and the operating system of the microprocessor.

Abstract: A system and method for providing access to third-party software tools as a service. A service access manager can communicate with one or more third parties to manage licenses associated with third-party software tools. A machine learning model can be trained using logs generated by the system and causes of detected errors to automatically determine the cause of errors occurring in the future. Vendor logs generated by software instances instantiated by third-party systems can be collected and used to improve error attribution.

Abstract: A system and method for providing access to third-party application programming interfaces (APIs) as a service. In particular, an API access manager can be configured to execute one or more serverless functions selected form a database of serverless functions in order to obtain data from one or more third-party APIs. Retrieved data can be used to evaluate compliance with one or more information security policies.

Abstract: In an embodiment, a data platform creates an application in a data-provider account. The application includes one or more APIs corresponding to one or more underlying code blocks. The data platform shares provider data with the application in the data-provider account, and also installs, in a data-consumer account, an application instance of the application. The application instance includes one or more APIs corresponding to the one or more APIs in the application in the data-provider account. The data platform shares consumer data with the application instance in the data-consumer account, and invokes one or more of the APIs of the application instance to execute respective associated underlying code blocks, which are not visible to the data-consumer account. The data platform also saves output of the one or more respective associated underlying code blocks locally within the data-consumer account.

Abstract: Embodiments of the present disclosure provide methods, apparatus, systems, computing devices, and computing entities for predictive data protection using a data protection policy determination machine learning model.

Abstract: An example method for data auditing for object storage public clouds includes a service broker receiving a request to store data in public object storage, where the request includes user information or a container image. The service broker, based on either the user information or the container image, determines that data auditing is necessary. The service broker creates a storage unit, in public object storage, and a storage proxy. The method further includes the storage proxy storing data, and a data auditor retrieving data from the storage proxy. The data auditor determines a data qualification for the data, and notifies the storage proxy of the data qualification.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for using additive and subtractive noise for preserving the privacy of users. In one aspect, a method includes obtaining a first set of genuine user group identifiers that identify user groups that include a user as a member. A second set of user group identifiers is generated for the user by removing zero or more genuine user group identifiers from the first set to generate the second set and adding, to the second set, one or more fake user group identifiers for user groups that do not include the user as a member. A probabilistic data structure is generated based on the second set of user group identifiers. The probabilistic data structure is transmitted. Data indicating a set of digital components including at least one digital component selected based on the probabilistic data structure is received.