Abstract: Techniques for adaptive validation and remediation are described. In some embodiments, the method includes determining, for a plurality of media service accounts, corresponding fraud suspicion values based on a model. The method also includes identifying a plurality of suspected accounts based on the corresponding fraud suspicion values. The method additionally includes identifying one or more suspected devices and predicting a likelihood of account takeover from each of the one or more suspected devices. The method further includes detecting a triggering event from a device of the one or more suspected devices associated with an account. The method additionally includes executing a validation and/or remediation procedure based on a trigger sensitivity value associated with the triggering event, a respective likelihood of account takeover from the device associated with the account, a respective device risk value associated with the device, and a respective fraud suspicion value associated with the account.

Abstract: Systems and methods for providing services are disclosed. One aspect comprises authenticating a user associated with a first service, receiving a selection of a second service, generating an opaque identifier associated with the user and the first service, wherein the opaque identifier facilitates the anonymous collection of data relating to the second service. Another aspect can comprise transmitting the opaque identifier to the second service, and receiving data relating to the second service.

Abstract: An embodiment of a semiconductor apparatus may include technology to receive data with a unique identifier, and bypass encryption logic of a media controller based on the unique identifier. Other embodiments are disclosed and claimed.

Abstract: A content delivery platform may deliver program content segments and advertising content segments to multiple user devices. The content delivery platform may deliver a program content segment to a primary user device of a user for presentation on the primary user device. The content delivery platform may retrieve an advertising content segment from an advertising content store for presentation. The advertising content segment is provided by an advertiser that is sponsoring the presentation of the program content segment on the primary user device. The content delivery platform may send the advertising content segment to a secondary user device of the user for presentation at the secondary user device.

Abstract: Systems and methods described in this application are directed to universal online video embedding through a single platform. Videos are stored all over the internet in all kinds of different formats across a wide variety of video platforms, websites, and video publishers that makes video content available online. Systems and methods of the inventive subject matter facilitate handling and embedding of videos from any number of different video sources through a single platform by, for example: initializing known video platforms having available APIs or SDKs to streamline embedding of those videos, and, in the absence of an API or SDK, the service platform can go through several steps to determine how best to present the video to a client, whether that involves embedding the video or executing a callback to cause an end-user application to open a webpage URL in a web browser to access the video.

Abstract: Disclosed herein are embodiments for providing a trusted autonomy framework for unmanned aerial systems. One embodiment of a method includes receiving a request from an entity to participate in secure data sharing within the trusted autonomy framework for unmanned aerial systems, receiving a type of data that will be shared via the entity, and verifying an identity of the entity, a security infrastructure of the entity, and validating the data to be shared. In some embodiments, in response to verifying, accepting the entity into the trusted autonomy framework for unmanned aerial systems.

Abstract: A first component determines encrypted data representing an event and encrypted threshold data corresponding to an outlier of the event. The first system may process the data using, for example, one or more composite integers, and may send the result to a second system. This second system may subtract the data to determine of the encrypted data is greater than, less than, or equal to the encrypted threshold. If so, the second system may determine that the encrypted data corresponds to an outlier of the data. The second system may send an indication of this determination to a third system.

Abstract: Systems and method are provided for data self-protection. The systems and methods may involve installing a sentry on a computer system, the sentry including a file system filter installed on a kernel of that computer system; providing a central sentry platform in communication with the sentry, operating the central sentry platform to send a data self-protection policy to the sentry, the data self-protection policy being encrypted so that it can only be modified by the central sentry platform; operating the file system filter to control access to encrypted data stored on the computer system, by, for each process making a file access request to the encrypted data, the file system filter receiving and handling that file access request according to the data self-protection policy; and, operating the central sentry platform to monitor the sentry and to receive information from the sentry regarding access to the encrypted data.

Abstract: Disclosed herein is a technique for managing permissions associated with the control of a host device that are provided to a group of wireless devices. The host device is configured to pair with a first wireless device. In response to pairing with the first wireless device, the host device grants a first level of permissions for controlling the host device to the first wireless device. Subsequently, the host device can receive a second request from a second wireless device to pair with the host device. In response to pairing with the second wireless device, the host device can grant a second level of permissions for controlling the host device to second wireless device, where the second level of permissions is distinct from the first level of permissions.

Abstract: An embodiment for media transit management is provided. The embodiment may include receiving one or more images and one or more pre-set configuration criteria regarding management of an image file. The embodiment may also include monitoring for an attempted sharing of the image file. The embodiment may further include in response to determining each object in the one or more images matches each object in the image file, identifying at least one other user who is attempting to share the image file. The embodiment may also include in response to determining the at least one other user is not authorized to share the image file, analyzing the one or more pre-set configuration criteria correlated with the image file. The embodiment may further include in response to determining the image file does not meet the one or more pre-set configuration criteria, prompting the participating user to respond to a notification.

Abstract: Examples may include a storage appliance having a mass storage device and a compute engine communicating peer-to-peer with each other, with the compute engine including a programmable logic component to execute a function to read data from the at least one storage device, process the data; and write data to the at least one storage device.

Abstract: Techniques are provided for implementing near-view notification techniques. In some instances, a viewing distance with respect to a display screen of an electronic device may be determined. In accordance with a determination that the viewing distance is above a distance threshold, content may be presented on the display screen. In accordance with a determination that the viewing distance is under a distance threshold, until the viewing distance returns to being above the distance threshold, a visual notification may be displayed. The visual notification may disrupt the content presented on the display screen.

Abstract: A method, computer system, and a computer program product for masking identifying traits contained in response text is provided. Embodiments may include receiving a request to anonymize response text in response to a predefined respondent interaction, wherein the response text is generated by the respondent and then obtaining the response text, wherein the obtained response text has semantic characteristics. Next, the obtained response text may be input into a natural language processing (NLP) algorithm and thereafter receiving an alternative masking text as output from the NLP algorithm, wherein the received alternative masking text maintains the semantic characteristics of the obtained response text. Finally, the response text may be replaced with the received alternative masking text.

Abstract: A specialized computing environment that includes hardware and data security features to enable competitive organizations to co-analyze proprietary data without revealing the underlying proprietary data to unauthorized users. Proprietary data are stored in volatile memory, which may be automatically erased according to pre-stored criteria. The analysis is performed automatically by a processing unit without human intervention. Analytical results are sanitized (e.g., using data masking) to prevent the analytical result from being tracible to any particular data source. Sanitized analytical results are output without outputting the underlying proprietary data (except to users authorized to validate analytical results). The computing environment is enclosed within a secure enclosure (e.g.

Abstract: Acoustic signatures can be used in connection with a voice-enabled computer system. An acoustic signature can be a specific noise pattern (or other sound) that is played while the user is speaking and that is mixed in the acoustic channel with the user's speech. The microphone of the voice-enabled computer system can capture, as recorded audio, a mix of the acoustic signature and the user's voice. The voice-enabled computer system can analyze the recorded audio (locally or at a backend server) to verify that the expected acoustic signature is present and/or that no previous acoustic signature is present.

Abstract: Disclosed are an electronic device for obfuscating user data and a server for decoding the same. A method for controlling an electronic device according to the present disclosure comprises the steps of: acquiring a security parameter according to data transmitted to an external server; applying an obfuscation algorithm to the data by using the security parameter; and transmitting the data, to which the obfuscation algorithm has been applied, to the external server.

Abstract: In a method for transferring payment account information, a payment information transfer request is received from an account holder device associated with a first provider account. A list of payees to which electronic payments have been made from the first provider account is transmitted to the account holder device for display to the account holder and a user selection of at least one selected payee from the list of one or more payees is received from the account holder device. A payment account information data file is assembled in a predetermined data format, the file including payment account information for each selected payee. The payment account information data file is then transmitted to at least one of the set consisting of the account holder device and an information processing system of a second account provider.

Abstract: Disclosed herein are a system on chip, a method of operating the system on chip, and an electronic device including the system on chip that execute artificial intelligence (AI) algorithms and/or machine learning algorithms in a 5G environment connected for Internet of Things in order to prevent an artificial intelligence product from being surreptitiously used, replaced, or modified by an attacker.

Abstract: Systems and methods for 3D printer management can allow or reject printing of an object based on a model that is trained with machine learning. In one example, the model classifies the object according to object type. The object type can be compared against a list, such as a whitelist or blacklist, to determine whether to block the object from printing. The lists can be specific to users, such as based on an organizational group to which the user belongs. A print server can apply the model prior to forwarding the object to a 3D printer for printing. Both the models and the lists can evolve based on machine learning, such as based on which print decisions receive override from administrators.

Abstract: A method, computer program product, and computing system for obtaining, by a computing device, encounter information of a patient encounter, wherein the encounter information may include audio encounter information and video encounter information obtained from at least a first encounter participant. A report of the patient encounter may be generated based upon, at least in part, the encounter information. A relative importance of a word in the report may be determined. A portion of the video encounter information that corresponds to the word in the report may be determined. The portion of the video encounter information that corresponds to the word in the report may be stored at a first location, wherein the video encounter information may be stored at a second location remote from the first location.

Abstract: A task definition is received. The task definition indicates at least a location from which one or more software image can be obtained and information usable to determine an amount of resources to allocate to one or more software containers for the one or more software image. A set of virtual machine instances in which to launch the one or more software containers is determined, the one or more software image is obtained from the location included in the task definition and is launched as the one or more of software containers within the set of virtual machine instances.

Abstract: A point-of-sale (POS) system used in performing a POS transaction between a merchant and a consumer. The POS system includes a display having a touch panel, a main processor and a memory device. The POS system also includes a secure enclave with a secure processor and a microcontroller. The main processor is configured to display a series of screens to guide a consumer through the POS transaction. The microcontroller provides the inputs from the touch panel to the main processor when the POS system is operated in a pass-through mode and provides the inputs from the touch panel to the secure processor when the POS system is operated in a secure touch mode.

Abstract: Methods and apparatus for invoking a security feature of a computing device display in response to detecting an onlooker based on depth data are disclosed. An example apparatus includes at least one memory, computer-readable instructions, and processor circuitry, The processor circuitry is to execute the computer-readable instructions to automatically invoke an onlooker detection model of a computing device in response to determining that the computing device is located in a public, unsecure environment. The onlooker detection model is to detect an onlooker based on data collected by a sensor associated with the computing device. The processor circuitry is to execute the computer-readable instructions to automatically invoke a security feature of a display of the computing device in response to detection of the onlooker.

Abstract: According to some embodiments, system and methods are provided including receiving, via a communication interface of an event detection and classification module comprising a processor, data from one or more sensors in a system; determining an event occurred based on the received data; applying a coherency similarity process to the received data via a classification module; determining whether the event is an actual event or a mal-doer event based on an output of the classification module; transmitting the determination of the event as the actual or the mal-doer event; and modifying operation of the system based on the transmitted output. Numerous other aspects are provided.

Abstract: Exemplary embodiments are directed to a multi-modal biometric analysis system including one or more illumination sources, one or more cameras, and a processing device. The illumination sources are configured to illuminate an iris of a subject. The cameras are configured to capture one or more images of the subject during illumination of the subject with the one or more illumination sources. The images include iris biometric data associated with the iris of the subject and face biometric data associated with a face of the subject. The processing device receives as input the one or more images, analyzes the iris biometric data for iris biometric authenticity, analyzes the face biometric data for face biometric authenticity, and compares the iris biometric data and the face biometric data to determine the biometric authenticity of the subject.

Abstract: A method is provided. The method comprises receiving an input of a user to configure a data sharing permission for a data sharing service of a platform computing system, gathering data of the user, requesting data of the user according to the data held by each experience provider from a plurality, receiving an API response containing the data of the user, aggregating the data of the user gathered from a plurality of computing systems associated with the platform computing system and the data of the user received from the plurality of experience providers, classifying the aggregated data of the user according to a classification scheme, generating a user data corpus comprising the classified data of the user, storing the user data corpus in a user data repository, and providing the user with selectable data categories responsive to the input to configure the data sharing permission.

Abstract: Providing an indication of user-tailored password strength is provided. A registration of a user in a password strength management service is received. A list of social media accounts corresponding to the user and access credentials corresponding to each social media account in the list is received from the user. Social media information corresponding to the user is gathered from the social media accounts using the access credentials corresponding to each social media account in the list. In response to receiving an input of a new password string by the user, password strength of the new password string is evaluated in view of the gathered social media information corresponding to the user.

Abstract: Aspects described herein may allow for detecting fraudulent transaction requests using light sensors on smartcards. A computing device may receive, from a terminal, a request to approve a transaction. The request may comprise a timestamp corresponding to a time when the transaction was requested, a transaction type associated with the transaction, and an identification of a card associated with the transaction. The computing device may also receive, from one or more light sensors associated with the card, light data. The light data indicates an amount of ambient light during a time period when the transaction was requested. The computing device may determine, based on the transaction type, a model of expected ambient light. If the light data corresponds to the model, the computing device may send, based on the determination that the light data corresponds to the model, an approval of the request.

Abstract: A segmentation server defines a segmentation policy and distributes the segmentation policy to be enforced by a plurality of operating system (OS) instances. The segmentation policy includes rules controlling which workloads executing on the OS instances can communicate with other workloads and controlling how the workloads may communicate. When a connection between two OS instances is requested, each OS instance provides an identity and a cryptographic proof of the identity. The OS instances each authenticate the identity received from the other OS instance, and once authenticated, determines based on the authenticated identities if the rules permit the communication. If the rules permit the communication, the OS instances obtain session parameters that enable the OS instances to validate integrity of the messages communicated between the workloads and optionally encrypt the messages.

Abstract: A system and a method for securing and authenticating serialized data associated with a product across a supply chain is disclosed. In operation, the present invention provides for generating a Hash ID by associating serialised data and serialisation ID of the product with a blockchain platform. Further, a set of authentication rules are generated for validating access to the serialised data based on the Hash ID. Furthermore, a plurality of identifier elements are generated for integration with one or more levels of product packaging. Yet further, access to the serialized data across the supply chain is authorized on determination of the authenticity of the supply chain participants based on the identifier elements using a decryption technique and the set of authentication rules. A result representative of authentication success or failure is stored in the blockchain platform.

Abstract: A method for data filtering that identifies a topic of interest for a user and individual sub-topics within the topic the user could be, or is, interested in. A three-dimensional map depicting a topic of interest containing markers for the sub-topics is created and used to specify a level of detail about the user's interest in the sub-topics that can be shared to or used by an external source.

Abstract: A method and system for blurring location data. Location data indicating a location of a mobile device and a user identification associated with the mobile device is received. Prestored data indicating a plurality of entries is accessed, each entry having a respective stored location associated with a corresponding location status. In response to an entry in the prestored data including a stored location corresponding to the location of the mobile device indicated in the location data, a derived location of the mobile device is generated based on the corresponding location status of the stored location, wherein the derived location is less accurate than the location indicated in the received location data. The derived location of the mobile device is stored in a mobile device location log associated with the received user identification.

Abstract: A system is provided for protecting services, such as cloud services, running on one or more server computers in a server rack. The system includes one or more rack processors. The one or more rack processors may receive sensor signals from one or more sensors of the server rack, the sensor signals capturing a physical environment of the server rack in a datacenter. The one or more rack processors may determine, based on the sensor signals, a security status of the server rack. The one or more rack processors may send the security status to the services on the one or more server computers within the server rack.

Abstract: A system for and a method of regulating the data interconnections between applications running on an infrastructure are provided. The system/method records access permission data into metadata embedded in the source code of each such application that regulates the data that can be received or transmitted by that application. In addition to regulating the receipt or transmission of data, the metadata can serve to provide instruction to firewalls and other regulating systems in order to configure those systems to allow the applications to receive and transmit data for which permissions have been recorded.

Abstract: A system automatically manages remote and local data through a declarative client that retrieves, tracks, and caches data in response to a transmission from an interface. The declarative client sits on an immutable image served by a secure private cloud platform. A serverless compute engine receives the immutable image and a plurality of tasks that process the immutable image in a container. An application programming interface in communication with the declarative client extracts data via queries from a database. The declarative client includes a normalized in-memory cache that breaks up results of the queries into individual objects that are each associated with a unique identifier and a unique name. The extracted data is deconstructed downloaded content in which original computer assigned links between data elements are intercepted and mapped to redirected computer-generated local links that locate the downloaded content in a local database.

Abstract: A Secure Fetch feature can be included with any file sharing or transfer service that allows access to files, folders and digital content where the party that is to gain access or possession of the materials (the requestor) desires to utilize an application that facilitates access or transfer of the materials and the party in possession of the materials (the requestee) is not required to log in to an application or even to download or open it.

Abstract: A gateway of a vehicle is connected to a telematics control unit (TCU) and a plurality of electronic control units (ECUs). The gateway is programmed to receive a command from the TCU, the command specifying an electronic serial number (ESN) of a target ECU of the ECUs, and forward the command to the target ECU responsive to confirmation that the ESN of the target ECU is included in the web of trust.

Abstract: Access techniques and systems for virtually rendered digital content are described. In one example, a collection of items of digital content is received that involves an operation of a computing device. As part of rendering the collection, the computing device generates an object model having nodes corresponding to the items in the viewable subset. The computing device then adds an additional node to the object model as a compact representation (e.g., as text) of other items of digital content that are not rendered. As a result, the compact representation supports operations involving digital content that is not currently rendered in the user interface.

Abstract: A method for encapsulating transaction instrument information in a transaction includes storing, in association with a first transaction and by a processor of the primary transaction processor server, payment data associated with a payment instrument used to settle a cost of a first transaction. The primary transaction processor server transmits the transaction data to a payment network processor. The primary transaction processor server receives an authorization package from the payment network processor that includes a cryptograph and a first network token. The processor of the primary transaction processor server generates a secondary token, and stores a correlation record to a computer-readable memory. The correlation record associates the secondary token to a second object stored by the primary transaction processor. The processor of the primary transaction processor server transmits a second transaction package including at least one of the network token and the secondary token to a merchant device.

Abstract: Techniques for managing the distribution of configuration information that supports the flow of packets in a cloud environment are described. In an example, a virtual network interface card (VNIC) hosted on a network virtualization device NVD receives a first packet from a compute instance associated with the VNIC. The VNIC determines that flow information to send the first packet on a virtual network is unavailable from a memory of the NVD. The VNIC sends, via the NVD, the first packet to a network interface service, where the network interface service maintains configuration information to send packets on the substrate network and is configured to send the first packet on the substrate network based on the configuration information. The NVD receives the flow information from the network interface service, where the flow information is a subset of the configuration information. The NVD stores the flow information in the memory.

Abstract: Methods and systems for provable, auditable and secure software updates for resource-constrained IoT devices are provided via a security framework and a protocol for owner-controlled software updates for IoT devices through blockchain.

Abstract: In a case where data is provided to a plurality of third parties, an embodiment of the present invention provides a method and the like for checking the consent and disclosure history of disclosure to the third parties while also reducing the disadvantages from a data leak. An information processing method according to an embodiment of the present invention includes writing, to a blockchain, a consent record indicating a consent with respect to the handling of data and a related party related to the consent or the data. In the case where executing the handling in the consent record would allow the data to be usable by a third party that is neither the executing party executing the handling nor the related party, the consent record is written such that the identifier is changed to a different identifier uniquely corresponding to the third party.

Abstract: Systems, methods, and non-transitory media are provided for generating obfuscated control interfaces for extended reality (XR) experiences. An example method can include determining a pose of an XR device within a mapped scene of a physical environment associated with the XR device; rendering a virtual control interface within the mapped scene according to a configuration including a first size, a first position relative to the pose of the XR device, a first ordering of input elements, and/or a first number of input elements; and adjusting the configuration of the virtual control interface based on a privacy characteristic of data associated with the virtual control interface and/or characteristics of the physical environment associated with the XR device, the adjusted configuration including a second size, a second ordering of input elements, a second number of input elements, and/or a second position relative to the pose of the XR device and/or first position.

Abstract: A method for enabling website access is provided. The method includes detecting an attempt to access a particular website by a computing device via a network, the particular website including one or more webpages, and accessing a particular data privacy policy for the particular website. Scores of the particular data privacy policy are determined based on text of the particular data privacy policy, and a particular multidimensional coordinate is determined based on the scores of the particular data privacy policy. A map including the particular multidimensional coordinate is displayed via the computing device. An instruction from a user is received via the computing device to enable accessing of the particular website, and the accessing by the computing device of the particular website is enabled in response to the instruction from the user.

Abstract: Methods, computer-readable media, and devices for auditing digital content to validate that the digital content is authentic, secure, and reaching the intended audience are disclosed. In one example, a method performed by a processing system including at least one processor includes launching a web browser application, wherein the launching includes instantiating a simulated user profile, and wherein the simulated user profile includes a simulated web browsing history, detecting, by the processing system, an item of digital content that is presented to the web browser application in response to the simulated user profile, determining, by the processing system, a relevance of the item of digital content to the simulated user profile, and generating, by the processing system, a report that indicates the relevance of the item of digital content to the user profile.

Abstract: A system, method, and computer-readable medium are disclosed for performing a security operation. The security operation includes: monitoring a data entity, the monitoring observing at least one electronically-observable data source, the data entity exhibiting a data entity behavior; deriving an observable based upon the monitoring of the electronically-observable data source, the observable comprising event information corresponding to the data entity behavior; identifying an event of analytic utility, the event of analytic utility being derived from the observable from the electronic data source and the data entity behavior; analyzing the event of analytic utility, the analyzing the event of analytic utility using the data entity behavior; and, performing the security operation in response to the analyzing the event of analytic utility.

Abstract: Example embodiments employ a selective memory swapping system for selectively placing non-volatile memory devices of a computer system offline, e.g., for background updating, and online, for use by a computer system, whereby the background updating process includes a mechanism for performing forensics analysis and updating of offline memory devices while an alternate memory device is usable by a user of the first computer system.

Abstract: A method for automated web resource deployment is provided. The method comprises creating web resource publication requests, wherein each web resource publication request comprises a number of configuration changes necessary to publish a web resource, on a network, at a particular uniform resource location. A standard format, validation workflow, and an approval workflow are provided for automation of the web resource publication requests. Once validated and approved, web resource publication requests are automatically converted to API calls which are executed on backend servers to implement the configuration changes required in the environment without further human intervention.

Abstract: Techniques for providing data preview before recalling large data files are disclosed. In one aspect, a data file is made accessible while being offline by converting the data file from a native format to a preview format, storing the data file in the preview format in a primary storage that is locally available and moving, after the conversion to the preview format, the data file in the native format to a secondary storage. When a viewing request is received for the data file, the data file in the preview format is displayed to fulfill the viewing request.

Abstract: A method and apparatus for setting profiles are provided. The profile setting method includes receiving, from a first terminal, a profile transfer request message that requests transfer of a first profile or portion thereof from a first secure element to a second secure element; configuring a second profile using the first profile or portion thereof; and sending, to a second terminal, the configured second profile.