Abstract: Described embodiments provide systems and methods for adaptive data loss prevention. A first computing device may generate, according to a first response from a server and an output from a second computing device identifying sensitive data in the first response, at least one rule regarding the sensitive data, and at least one template for data loss prevention (DLP) responses. The first computing device may determine, according to the at least one rule, a match to a second response from the server, that includes the sensitive data. The first computing device may provide, according to the match and the at least one template, a DLP response to redact the sensitive data of the second response, in place of a DLP output from the second computing device identifying the sensitive data in the second response.

Abstract: An information processing system includes at least one server and one or more devices communicable with the server through a network. The information processing system includes circuitry configured to: manage a service in association with a device type that can use the service; manage the devices in association with the device type, the devices each being a target device to which a license is to be allocated; and compare a device type associated with the target device to which the license is to be allocated with the device type associated with the service, to determine whether an allocation of the license of the service to the target device is permitted.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for implementing a privacy manager are disclosed. In one aspect, a method includes the actions of receiving, from a client device, an indication of a first setting of the client device. The actions further include receiving, from the client device, an indication of a type of data that the client device is prepared to transmit. The actions further include, based on the first setting and the type of data, generating an instruction to adjust the first setting or a second setting of the client device. The actions further include, before the client device transmits the data, providing, for output to the client device, the instruction to adjust the first setting or the second setting of the client device.

Abstract: Techniques for business data protection for running tasks in a computer system are described herein. An aspect includes receiving a request. Another aspect includes processing a task corresponding to the request. Another aspect includes receiving a debugging request from a user corresponding to the task, wherein the debugging request is received during the processing of the task. Another aspect includes, based on receiving the debugging request, determining whether the user is authorized to access business data corresponding to the task. Another aspect includes, based on determining that the user is not authorized to access the business data corresponding to the task, redacting the business data from debugging data corresponding to the debugging request. Another aspect includes providing the redacted debugging data to the user.

Abstract: Methods, systems, articles of manufacture and apparatus to privatize consumer data are disclosed. A disclosed example apparatus includes a consumer data acquirer to collect original data corresponding to (a) confidential information associated with consumers and (b) behavior information associated with the consumers, and a data obfuscator. The data obfuscator is to determine a degree to which the original data is to be obfuscated and a type of obfuscation to be applied to the original data based on the original data, generate obfuscation adjustments of the original data based on the degree and the type, and generate an obfuscation model based on the obfuscation adjustments.

Abstract: Embodiments of the invention are directed to a system, method, or computer program product for deciphering and unblocking applications in error in real-time. The invention creates, maintains, and continuously updates a back-end database with a rules depository for providing alternative routes for error obfuscation via machine learning and historic action logs. The appropriate alternate route is determined based on workflow and coding. The system integrates a user facing virtual system to provide an assistant launcher in application alerts. In case of failed operations, the user facing virtual system launches in integration with the invention for knowledgeably reiteration of details of the error based on launch point after failure. The system may decipher the error code, provide an alternative resolution path to the user, and execute the flow by assisting the user via the user facing virtual system.

Abstract: Systems and methods are provided for storing, at a storage device communicatively coupled to a computer, one or more operations to be executed for a web browser. A closed shadow document object model (DOM) may be generated by a component of a web page to be displayed in the web browser using the one or more of the stored operations. The closed shadow DOM may be configured to receive sensitive data or restricted data. The component of the web page that receives the sensitive data or restricted data may instantiate an inline frame (iFrame) with a same domain as the component. The web page to receive the sensitive data or restricted data via the instantiated iFrame may be displayed on a displayed device from an input device communicatively coupled to the computer for a component of the web page.

Abstract: A processor receives a signal representing data including event information detailing an event involving an entity having a registered ownership interest in a product and loads a portion of a distributed electronic ledger for tracking ownership information associated with the product. The distributed electronic ledger includes, within a block thereof and associated with the product, an event trigger list including entity data associated with each entity having a registered ownership interest in the product and a rules engine including rules associated with event triggers in the event trigger list. The processor determines whether a triggering event corresponding to the event is stored in the event trigger list and, when the event has a corresponding triggering event, determines the associated rule within the rules engine. The processor updates and saves the distributed electronic ledger by performing an action specified by the determined associated rule.

Abstract: Various surgical hubs and data stripping methods are disclosed. The surgical hub comprises a processor and a memory coupled to the processor. The memory stores instructions executable by the processor to interrogate a modular device coupled to the processor via a modular communication hub. The modular device is a source of data sets that include patient identity data and surgical procedure data. The processor also executes instructions to: receive a data set from the modular device; discard the patient identity data and any portion of the surgical procedure data that identifies the patient from the data set; extract anonymous data from the data set and create an anonymized data set; and configure operation of the surgical hub or the modular device based on the anonymized data set.

Abstract: A system for dynamic data modification and correction is provided. The system comprising: a memory device with computer-readable program code stored thereon; a communication device connected to a network; a processing device, wherein the processing device is configured to execute the computer-readable program code to: monitor a first data storage location for an artifact stored in the first data storage location, the artifact comprising unobscured private data; move the artifact to a second data storage location based on identifying the unobscured private data; generate a context rule set for the artifact based on an artifact type and one or more data fields of the artifact; modify the artifact to remove the unobscured private data based on the context rule set; and reintroduce the modified artifact to the first data storage location.

Abstract: A method for establishing a campaign for a simulated phishing attack includes receiving, via a campaign manager, specification of a plurality of parameters for a campaign including at least an identifier of a campaign and identification of users to which to send the campaign, establishing, via the campaign manager, a type of exploit for the campaign and one or more types of data to collect via the type of exploit, storing, by the campaign manager, the campaign comprising the plurality of parameters, and identifying, by a simulation server, the campaign stored in the database to create a simulated phishing email, to be sent to email accounts of the users, using the plurality of parameters of the campaign, wherein the simulated phishing email is to be created to have a link to a landing page comprising the type of exploit and configured to collect the one or more types of data.

Abstract: Embodiments described herein are generally directed to a cloud-native approach to software license enforcement in a container orchestration system. According to an example, information indicative of a number of sets of containers that are making use of one or more components of an application is received. The application is licensed by the tenant and the sets of containers are running within a namespace of the tenant within a cluster of a container orchestration system. Overuse of the application by the tenant is determined based on whether the number exceeds a licensing constraint for the application specified within an Application Programming Interface (API) object of the container orchestration system corresponding to the application. Responsive to a determination that the application is being overused by the tenant, the tenant is caused to be notified regarding the overuse.

Abstract: Disclosed is a distributed profile building system, gathering video data, audio data, electronic device identification data, and spatial position data from multiple input devices, performing human emotion and identity detection, and gaze tracking, and forming user profiles. Also disclosed is a method for building user profiles using a distributed profile building system by gathering video data, audio data, electronic device identification data, and spatial position data from multiple input devices, performing human emotion and identity detection, and gaze tracking, and forming user profiles. Also included is a targeted promotion system, which includes software for making real-time promotions for select products based on retail customers' individual characteristics. Additionally, a targeted digital coupon management system creates, delivers and facilitates redemption of various types of digital coupons according to the business rules set by the retailers.

Abstract: A consumable can be used to securely send data to devices. A security platform can produce a consumable, for example an ink cartridge, with data to be uploaded onto a device, such as a printer. If the consumable and device can perform a successful authentication, broadcast data can be delivered to the device via the consumable. Such techniques can help ensure that authentic consumables are being used in authentic devise. Further, such techniques can enable a licensing model where different consumables can be configured with different data to enable or disable different features of the device.

Abstract: A system for managing composed information handling systems to provide data protection services for data generated by applications hosted by the composed information handling systems, includes a processor that executes applications and a system control processor manager that obtains a composition request for a composed information handling system, identifies a compute resource set having compute resources specified by the composition request, identifies a hardware resource set having hardware resources specified by the composition request, sets up storage management services for managing reads and writes of data the hardware resource set using a control resource set, which performs deduplication on data generated by the applications, to obtain logical hardware resources, and presents the logical hardware resources using the control resource set to the compute resource set as bare metal resources to instantiate a composed information handling system to service the composition request.

Abstract: The present disclosure relates to systems and methods for microservice execution load balancing in virtual distributed ledger networks. In one embodiment, a system comprises a plurality of hardware processors; and at least one memory device storing processor-executable instructions to perform operations comprising: creating one or more virtual machines or containers; and executing a plurality of microservices via the one or more virtual machines or containers, wherein the plurality of microservices includes: a smart contract execution microservice configured to execute a smart contract after receiving a smart contract microservice request; and a load balancer microservice configured to distribute hardware processing load associated with the smart contract execution microservice across the plurality of hardware processors.

Abstract: A method for reducing a level of secure data exposure within the dark web may be provided. The secure data may be associated with a third party data custodian that may be associated with a pre-determined entity. The method may include searching the communications to identify one or more single locations that may include numerous communications that may include text identifying the selected third party data custodian. Each communication may be assigned a time-stamp in order to calculate a speed of how many communications within a pre-determined time period may be identified to include text identifying the third party data custodian. Simultaneous to the searching, the method may include running a time clock. When a rate per unit of time of identification of each identifying text is equal to or greater than a pre-determined rate per unit of time, increasing a monitoring at the one or more single locations.

Abstract: A method of routing a payment transaction includes receiving a transaction request message. The message includes a payment token that was previously issued to an account holder. The payment token is translated into a funding account indicator. The funding account indicator is in a format defined for payment card account numbers in a payment account system. The funding account indicator is translated into a bank account number. The bank account number identifies a bank deposit account owned by the account holder. An EFT message is transmitted to initiate an EFT transaction to be funded from the bank deposit account owned by the account holder. The EFT message includes the bank account number.

Abstract: Techniques are described for runtime checking of function metadata prior to execution of a function in an environment. An application may include any appropriate number of components at one or more levels in a hierarchical arrangement, and each component may be packaged with metadata that describes the component. A function, or any component, may be packaged with metadata that includes term(s) governing the usage of the function. The term(s) may be checked, at runtime, during execution of the application to determine whether the function is to be executed. A function may also be hashed at runtime for verification of function version. Function(s) may be individually and independently executed as containerized nano functions within the environment.

Abstract: Embodiments of architecture, systems, and methods that enable a User to maintain certain personal information across various vendors automatically are described herein. Other embodiments may be described and claimed.

Abstract: A method for secure interaction on a universal platform.

Abstract: An embodiment of a computerized method for detecting bootkits is described. Herein, a lowest level software component within a software stack, such as a lowest software driver within a disk driver stack, is determined. The lowest level software component being in communication with a hardware abstraction layer of a storage device. Thereafter, stored information is extracted from the storage device via the lowest level software component, and representative data based on the stored information, such as execution hashes, are generated. The generated data is analyzed to determine whether the stored information includes a bootkit.

Abstract: Embodiments of this application disclose a picture processing method, including: when a copy instruction is detected, obtaining positioning information included in a picture; modifying the positioning information in a preset information modification manner; and copying the picture whose positioning information is modified. The embodiments of this application further disclose a picture processing apparatus, a device, and a storage medium. According to the embodiments of this application, user privacy can be better protected, and information security can be improved.

Abstract: Methods and processes for manufacture of an image product from a digital image. An object in the digital image is detected and recognized. Object metadata is assigned to the object, the object metadata linking sound to the object in the digital image which produced the sound. At least one cryptographic hash of the object metadata is generated, and the hash is written to a node of a transaction processing network.

Abstract: A method includes determining a plurality of identifiers based on a data retrieval request. Integrity information is generated based on determining the plurality of identifiers. Stored integrity information corresponding to the data retrieval request is compared with the integrity information. When the stored integrity information compares unfavorably with the integrity information, corruption associated with the plurality of identifiers is determined.

Abstract: Systems, methods, and apparatuses for providing a customer a central location to manage permissions provided to third-parties and devices to access and use customer information maintained by a financial institution are described. The central location serves as a central portal where a customer of the financial institution can manage all access to account information and personal information stored at the financial institution. Accordingly, the customer does not need to log into each individual third-party system or customer device to manage previously provided access to the customer information or to provision new access to the customer information.

Abstract: A method controls one of a plurality of voting servers in an electronic voting system. The method includes receiving, from one or more terminals, one or more voting data including a first identifier (ID) associated with a vote cast by a voter and voting information indicating the vote. The method also includes generating a block including the one or more voting data when the one or more voting data satisfies a predetermined criterion of anonymization, and connecting the block to a blockchain stored in a memory.

Abstract: Embodiments described herein relate to anonymizing of trajectories of mobile devices through the obfuscation of stay points. Methods may include: receiving probe data points of a trajectory in real-time or near real-time from a probe apparatus as it travels along the trajectory; calculating, for each probe data point, a probability of the trajectory reaching a stay point within a predetermined distance; providing sequential sub-sets of probe data points of the trajectory to a location-based service provider in response to the sequential sub-sets of probe data points including probe data points having a probability failing to satisfy a predetermined value; and identifying a last sub-set of probe data points of the sequential sub-sets of probe data points to provide to the location-based service provider in response to identifying a probe data point having a probability of the trajectory reaching a stay point within the predetermined distance satisfying the predetermined value.

Abstract: A method and system includes generating event logs, storing in a database log data comprising the generated event logs, identifying a first set of log data by searching the log data for a first log data type, the first log data type having a data structure that includes a generic identifier and a specific data, identifying pairs of generic identifiers and associated specific data in the first set of log data, for each generic identifier of the identified pairs identifying a second set of log data that include the generic identifier but not the specific data, wherein identifying the second set of log data is performed by searching the log data for event logs that include the generic identifier, and updating log data stored in the database by adding, for each of the event logs of the identified second set of log data, the specific data associated with the generic identifier.

Abstract: A networked computer system enables a transaction to be executed securely. An initiator sends a service request to a control server. The control server creates a transaction server for the sole purpose of execution the transaction requested by the service request. Creating the transaction server includes: selecting an IP address randomly from a pool of IP addresses and assigning the selected IP address to the transaction server; creating a DNS entry including a randomly-constructed hostname; and associating the DNS entry with the selected IP address. If the transaction server pre-exists, it is made accessible in response to receiving the service request. The control server informs the initiator of the created transaction server. The initiator engages in the transaction with the transaction server, independently of the control server. The transaction server terminates upon completion of the transaction or the expiration of a timeout period.

Abstract: A method can include, by operation of a user device, receiving beacon data via a wireless signal. Beacon data can include unencrypted data that includes a key identification (ID) corresponding to a private key/public key pair, a time value, and a location value. Beacon data can also include encrypted data that includes at least a beacon ID, a beacon time value, and a beacon location value. If the unencrypted time value is within a predetermined range of a current time value of the user device, the beacon data can be stored in a user record with a user ID. Periodically, the user record can be uploaded to a tracking system. Corresponding devices and systems are also disclosed.

Abstract: A mobile communication device. The device comprises a central processing unit (CPU), a graphics processing unit (GPU), and a memory comprising a mobile application incorporating a search client that. When executed by at least one of the CPU and the GPU, the application receives an input selecting the search client, begins execution in a trusted security zone execution mode wherein instructions of the search client execute in the GPU, creates a genesis block of a block chain via the search client instructions executing in the GPU, creates an event block of the block chain via the search client instructions executing in the GPU, attaches the event block to the block chain via the search client instructions executing in the GPU, transmits the block chain to a data store, and reverts to execution in a normal execution mode.

Abstract: Methods and systems for monitoring a risk of re-identification for a dataset de-identified from a source database containing information identifiable to individuals are described. A first aspect of the disclosure relates to a method comprising: providing a graphical user interface (GUI) configured to receive as input the dataset and updates to said dataset; providing as input to the GUI the dataset; estimating a risk of re-identification for the dataset or a subset of the database; providing as input to the GUI the updates to said dataset; regularly monitoring whether the risk of re-identification for at least one of the updated dataset, the subset of the database and the updates is below a predetermined dataset risk threshold; and if the risk of re-identification has reached or exceeded the predetermined dataset risk threshold, notifying the user.

Abstract: A system for automatic collection and analysis of digital forensic evidence by a cloud service provider is disclosed. The system utilizes machine learning models to identify and store digital forensic evidence relating to cybercrimes committed using a cloud service. Particularly, if an image or video file uploaded to the cloud service provider is determined to relate to illicit, illegal, or malicious activity, relevant digital forensic evidence is extracted and stored for later provision to law enforcement. The digital forensic evidence that is collected may be used to assist law enforcement in their investigations of criminal activity, as well as aid in the successful prosecution of criminals in court proceedings.

Abstract: Systems, methods, and software can be used to handle security events of a device based on remediation actions and recovery actions. In some aspects, a method comprises: receiving, by a security gateway, a security event notification associated with a device; determining, by the security gateway and based on the security event notification, a risk level of the device; determining, by the security gateway and based on the risk level, a set of remediation actions and recovery actions; and sending, by the security gateway, an action plan indicating the set of remediation actions and recovery actions.

Abstract: Methods and systems are provided for a client computing device including a browser that renders a web page. Program code generates a mock upload event and a corresponding mock data transfer object for uploading data using the web page. The mock upload event and the corresponding mock data transfer object are propagated to an upload event listener of the web page and executed. Prior to generating the mock upload event and corresponding mock data transfer object, an embedded upload event listener may receive an upload event, read the upload event, drop the received upload event from an event handler pipeline, and call synchronously or asynchronously, code to perform logic on the received upload event for the generation of the mock upload event and a corresponding mock data transfer object.

Abstract: A system may include a historical managed software system data store that contains electronic records associated with controllers and deployed workloads (each electronic record may include time series data representing performance metrics). An entropy calculation system, coupled to the historical managed software system data store, may calculate at least one historical entropy value based on information in the historical managed software system data store. A detection engine, coupled to a monitored system currently executing a deployed workload in the cloud computing environment, may collect time series data representing current performance metrics associated with the monitored system. The detection engine may then calculate a current monitored entropy value (based on the collected time series data representing current performance metrics) and (iii) compare the current monitored entropy value with a threshold value (based on the historical entropy value).

Abstract: According to one example, a system includes a first computing device that determines data for transmittal to a second computing device, and determines transmittal mapping data. The first computing device also breaks the data into one or more portions, and, for each of the one or more portions of the data, the first computing device replaces the respective portion of the data with a transmittal token included in the transmittal mapping data. The first computing device also transmits the transmittal tokens for receipt by the second computing device.

Abstract: Disclosed is a method and apparatus for modulus refresh, where the method for modulus refresh of a ciphertext in homomorphic encryption includes receiving a first ciphertext corresponding to a first modulus, generating a second ciphertext by performing a blind rotation on the first ciphertext, and generating a target ciphertext corresponding to a second modulus greater than the first modulus based on the first ciphertext and the second ciphertext.

Abstract: Execution of an application in an application-level sandbox is disclosed. A request to launch an application is received by an operating system executing on a device. A determination is made that a stored copy of the application should be executed within an application-level sandbox. The stored copy of the application is executed in the application-level sandbox.

Abstract: A universal resource locator (URL) collider processes a click event referencing a URL and directs a browser to a page at the URL. While the page is being rendered by the browser with page data from a web server, the URL collider intercepts the page data including events associated with rendering the page, determines microfeatures of the page such as Document Object Model objects and any URLs referenced by the page, applies detection rules, tags as evidence any detected bad microfeature, bad URL, or suspicious sequence of events, and stores the evidence in an evidence database. Based on the evidence, a judge module dynamically determines whether to condemn the URL before or just in time as the page at the URL is fully rendered by the browser. If so, the browser is directed to a safe location or a notification page.

Abstract: A building system for operating a building and managing private building information includes a processing circuit configured to receive a request for information for a building entity of a building entity database. The processing circuit is configured to select one of the mask templates from the entity database based on access values associated with the requesting device and a relational link between the building entity and the mask templates, retrieve private information for the building entity in response to a reception of the request for the information, and generate a masked information data structure based on the private information and the one of the mask templates.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, that protect analytics for resources of a publisher from traffic directed to such resources by malicious entities. An analytics server receives a first message that includes an encrypted token and analytics data for a publisher-provided resource. The token includes a portion of the analytics data and a trust score indicating a likelihood that activity on the resource is attributed to a human (rather than an automated process). The analytics server decrypts the token. The analytics server determines a trustworthiness measure for the analytics data included in the first message based on the trust score (in the decrypted token) and a comparison of the analytics data in the first message and the portion of the analytics data (in the decrypted token). Based on the measure of trustworthiness, the analytics server performs analytics operations using the analytics data.

Abstract: A system to provide scalable and reliable communication mechanism between a plurality of requesters and a plurality of edge devices comprising one or more requests from said plurality requesters to one or more coordinators discovering one or more edge devices relevant to said request based on one or more search method and directing said requests to the one or more of said edge devices or to other coordinators, wherein the edge device comprises one or more data publishers providing data to an agent to execute said one or more request to create one or more responses and sending said one or more responses to the coordinators which are aggregating said one or more responses and sending to said one or more requesters for further processing.

Abstract: Techniques for adaptive validation and remediation are described. In some embodiments, the method includes determining, for a plurality of media service accounts, corresponding fraud suspicion values based on a model. The method also includes identifying a plurality of suspected accounts based on the corresponding fraud suspicion values. The method additionally includes identifying one or more suspected devices and predicting a likelihood of account takeover from each of the one or more suspected devices. The method further includes detecting a triggering event from a device of the one or more suspected devices associated with an account. The method additionally includes executing a validation and/or remediation procedure based on a trigger sensitivity value associated with the triggering event, a respective likelihood of account takeover from the device associated with the account, a respective device risk value associated with the device, and a respective fraud suspicion value associated with the account.

Abstract: Systems and methods for providing services are disclosed. One aspect comprises authenticating a user associated with a first service, receiving a selection of a second service, generating an opaque identifier associated with the user and the first service, wherein the opaque identifier facilitates the anonymous collection of data relating to the second service. Another aspect can comprise transmitting the opaque identifier to the second service, and receiving data relating to the second service.

Abstract: An embodiment of a semiconductor apparatus may include technology to receive data with a unique identifier, and bypass encryption logic of a media controller based on the unique identifier. Other embodiments are disclosed and claimed.

Abstract: A content delivery platform may deliver program content segments and advertising content segments to multiple user devices. The content delivery platform may deliver a program content segment to a primary user device of a user for presentation on the primary user device. The content delivery platform may retrieve an advertising content segment from an advertising content store for presentation. The advertising content segment is provided by an advertiser that is sponsoring the presentation of the program content segment on the primary user device. The content delivery platform may send the advertising content segment to a secondary user device of the user for presentation at the secondary user device.

Abstract: Systems and methods described in this application are directed to universal online video embedding through a single platform. Videos are stored all over the internet in all kinds of different formats across a wide variety of video platforms, websites, and video publishers that makes video content available online. Systems and methods of the inventive subject matter facilitate handling and embedding of videos from any number of different video sources through a single platform by, for example: initializing known video platforms having available APIs or SDKs to streamline embedding of those videos, and, in the absence of an API or SDK, the service platform can go through several steps to determine how best to present the video to a client, whether that involves embedding the video or executing a callback to cause an end-user application to open a webpage URL in a web browser to access the video.

Abstract: Disclosed herein are embodiments for providing a trusted autonomy framework for unmanned aerial systems. One embodiment of a method includes receiving a request from an entity to participate in secure data sharing within the trusted autonomy framework for unmanned aerial systems, receiving a type of data that will be shared via the entity, and verifying an identity of the entity, a security infrastructure of the entity, and validating the data to be shared. In some embodiments, in response to verifying, accepting the entity into the trusted autonomy framework for unmanned aerial systems.