Abstract: A robot apparatus includes a storage that stores first instructional information which serves as a guide to first work operation, an acquirer that acquires second instructional information which serves as a guide to second work operation similar to the first work operation or second work operation related to the first work operation from a different apparatus having the second instructional information, and a work controller that performs the first work operation based on the first instructional information stored in the storage and the second work operation based on the second instructional information acquired by the acquirer.

Abstract: Systems and methods are provided for performing simulated phishing attacks using social engineering indicators. One or more failure indicators can be configured in a phishing email template, and each failure indicator can be assigned a description about that failure indicator through use of a markup tag. The phishing email template containing the markup tags corresponding to the failure indicators can be stored and can be used to generate a simulated phishing email in which the one or more markup tags are removed.

Abstract: An Information Handling System (IHS) includes multiple hardware devices, and a baseboard Management Controller (BMC) in communication with the plurality of hardware devices. The BMC includes instructions for executing an assistance application (APP) in an untrusted domain of the BMC. The assistance APP configured to monitor a custom BMC firmware stack executed in the untrusted domain. The instructions are further executed to verify an integrity of the assistance APP from a trusted domain of the BMC by encrypting communications between the trusted and untrusted domains using an encryption key that comprises a function of a time counter value.

Abstract: A method for workload security rings that includes receiving a plurality of workloads, each associated with respective security criteria and scheduled for execution on a distributed computing system divided into a plurality of security rings each associated with a respective subset of computing devices of the distributed computing system that is physically isolated from the other security rings. For each respective workload, the method includes determining, using the respective security criteria, a security level of the respective workload and identifying, using the security level of the respective workload, one or more of the plurality of security rings that are eligible for executing the respective workload. The method also includes executing the respective workload on one or more computing devices selected from one of the respective subsets of computing devices associated with the identified one or more of the plurality of security rings eligible for executing the respective workload.

Abstract: An information processing apparatus connectable with a terminal via a network to manage a license of a package including applications assignable to a device includes circuitry configured to display a first screen for displaying a device list, the license of the package being assignable to and cancellable from the device in response to receiving a first request, receive a selection of a specific device in the device list and any one of an operation of assigning and cancelling the license of the package, assign the license of the package to the selected specific device in response to receiving the selection of the specific device and the operation of assigning the license of the package, and cancel the license of the package from the selected specific device in response to receiving the selection of the specific device and the operation of cancelling the license of the package.

Abstract: In general, this disclosure describes a multi-zone secure AI exchange. The multi-zone secure AI exchange may be implemented in a multi-cloud, multi-data center environment, where each zone may be in a different cloud or data center. The multi-zone secure AI exchange may include a data repository, a data exchange, and shared services. The data repository may be configured to store algorithms and datasets, each having a respective owning user. The data exchange may receive datasets and algorithms from the data repository, and may perform the algorithms to produce output data. Each of the data repository, data exchange, and shared services may have a different level of security. The data repository may implement the highest level of security, allowing the owner user, and only the owning user, to control how their data and algorithms move in and out of the data repository, or are changed while in the data repository.

Abstract: Methods, systems, and computer program products for identifying and redacting data from diagnostic operations via monitoring of data are provided herein. A computer-implemented method includes automatically monitoring data, which includes determining which portions of the data are accessed during a diagnostic operation; parsing an input file into portions of parsed data, wherein the input file comprises an initial output of the diagnostic operation; classifying the portions of parsed data into classes by applying at least one of multiple classification models to the parsed data, wherein the at least one classification model is specific to the accessed portions of data; automatically identifying sensitive data in the classified portions of parsed data by applying a class-to-sensitivity mapping technique to the classified portions of parsed data; redacting the identified sensitive data from the input file; and generating and outputting an updated output of the diagnostic operation based on the redacting.

Abstract: A method for recovering a network key of an access point to a network, implemented by a terminal. The network key allows the terminal to be associated with the access point upon a first connection of the terminal to the access point. The network key recovery method includes: receiving, by the terminal, a network key provided by the access point on a server following a request, by the terminal to the server, for the network key of the access point, the request including an identifier of the access point and having been relayed by the server to the access point associated with the identifier of the access point in the request. Thus, as the access point does not transmit the network key directly to the terminal, but to a server on which the terminal will recover it, this limits intrusions into the network linked to the vulnerability of the Wi-Fi network.

Abstract: An application (App)-BOT, scans a context of a user of an application and obtains current scanned user data. The App BOT determines a set of user information entities from the scanned user data containing current information about the user. In a negotiation phase, the App BOT a data access request offer from a mixed reality data (MRD)-BOT. A privacy leak score is estimated that represents a user value attributed to the permission to access the labelled user information entity based on the data access request offer. Responsive to determining that the privacy leak score exceeds a privacy leak score threshold, an acceptance of the data access request offer is sent to the MRD BOT and providing access requested by the data access request. Otherwise, a counteroffer is sent to the offer to the MRD BOT.

Abstract: A method for setting a permission to view an operation record based on a time range is disclosed in the present invention, including: selecting a grantee; setting one or more viewed objects for each grantee, wherein said grantee and said viewed object are the same type as a role, a user, and an employee; and setting a viewing-permission time range for each grantee, wherein said grantee obtains the permission to view the operation records of its corresponding viewed object within the viewing-permission time range of the grantee.

Abstract: A client computing system inserts selected advertising into digital content. Ads may be inserted into content based on a dynamic advertising matching process that is securely implemented within a hardware-based root of trust. User profiles used in ad matching may be privacy protected and maintained with confidentiality protection in the client computing system and/or a service provider server, respectively. When a client computing system makes a request to the service provider server for content with specified ad slots, the request may be made with the client's EPID signature, which is inherently privacy protected. The hardware-based root of trust protects insertion of selected ads into the linear rendering flow of the content.

Abstract: A mobile wallet computer server receives a fund access request from a user device. The fund access request is made in connection with a payment transaction. The mobile wallet server generates a tokenized card number, transmits the tokenized card number to the user device, and receives receive the tokenized card number from a card network computer system after having been routed from the user device via a merchant computer system and via an acquirer processor computer system. The mobile wallet computer server converts the tokenized card number to the actual credit card account number of the user and transmits the actual credit card account number to the card network computer system to process the payment transaction.

Abstract: Systems and methods for censoring text characters in text-based data are provided. In some embodiments, an artificial intelligence system may be configured to receive text-based data and store the text-based data in a database. The artificial intelligence system may be configured to receive a list of target pattern types identifying sensitive data and receive censorship rules for the target pattern types determining target pattern types requiring censorship. The artificial intelligence system may be configured to assemble a computer-based model related to a received target pattern type in the list of target pattern types. The artificial intelligence system may be configured to use a computer-based model to identify a target data pattern corresponding to the received target pattern type within the text-based data, identify target characters within the target data pattern, and to assign an identification token to the target characters.

Abstract: A data input method and apparatus, and user equipment are provided. The method includes: when it is determined that an operation of a user on the user equipment UE is not performed in a preset display area, deliver an event corresponding to the operation to a first operating environment for processing, where the preset display area runs in a second operating environment of the UE, and the second operating environment has a higher security level than the first operating environment. This can better improve security of an event generated when the user operates a program that runs in a Normal World of the user equipment, and can directly operate an event that runs in the Normal World.

Abstract: Methods and systems for acquiring a freehand or cursive signature on a secondary device with a touch receiving surface for use on a primary device without a touch receiving surface are provided. The primary device sends a message to the secondary device requesting a signature. The user responds by signing her name, using a finger or stylus, on a touch receiving surface. As the user signs her name, the signature is displayed on the secondary device and transmitted to the primary device. The signature may then be stored, displayed, analyzed, or validated by the primary device.

Abstract: In some implementations, a device may receive an activation signal transmitted by an activator device. The device may determine that a first signal pattern of the activation signal matches a second signal pattern associated with activating the Bluetooth capability of the device. The device may activate the Bluetooth capability of the device based on determining that the first signal pattern matches the second signal pattern. The device may communicate with a wireless communication device using the Bluetooth capability of the device based on activating the Bluetooth capability of the device.

Abstract: A method and system for providing on-demand updating of metadata information associated with clinical image data files is disclosed. The system allows for extracting, on the fly, additional metadata fields from clinical image data files and re-indexing the metadata to include the additional fields so that an end-user can perform operations (e.g., searching, browsing, etc.) based on the newly indexed fields. The metadata fields may be defined in a configurable schema file (e.g., XML, YML, etc.). The system can gain efficiencies by, for example, reading only a subset of the DICOM file (e.g., reading only the first few kilobytes that contain the header), scanning only a subset of source data folders, etc.

Abstract: One or more interfaces may be provided that indicate a plurality of times at which a plurality of publicized players are scheduled to play in a plurality of video games for which a plurality of player slots are acquired based on satisfaction of at least one acquisition criterion. Player access to the plurality of video games may be limited to the publicized players and a plurality of users that acquire the plurality of player slots. A request may be received, via the one or more interfaces, for a first user to acquire a first player slot for playing in a first video game with a first publicized player. It may be verified that the at least one acquisition criterion has been satisfied in relation to the first user. Game access information may be provided, to the first user, that allows the first user to enter the first video game.

Abstract: A server may support an aggregation service for a multitenant system. The service may support a method for data processing that includes determining that a plurality of tenants of a multitenant database system correspond to a common entity, where each tenant is associated with a respective instance of a cloud platform that services data from a corresponding database instance. The method may further include provisioning a new database instance for the common entity, generating a connector that is configured to access data of the corresponding database instance, generating a schema for the new database instance that aggregates the data of each database instance accessed by the connector, and instantiating a new cloud platform instance that is configured to access the schema of the new database instance, where the new cloud platform instance is configured to serve data queried from the schema of the new database instance via a client application.

Abstract: A method for improving data transmission security at a user equipment comprises receiving, from a source network node, a connection release message including instructions for computing a hash value for data to be included in a connection request message; computing the hash value based on the instructions included in the connection release message; calculating a token based on the hash value, and sending, to a target network node, the connection request message including the token. The method may further forward the data from the target network node directly to a gateway after the token has been verified. The method may reduce a signaling overhead by having a fixed-size hash value for data. Furthermore, the method may improve a transmission security by including the token in an RRC message, in which the token is calculated based on the hash value representing the data.

Abstract: Systems, methods, and apparatus are described herein for determining a location from anonymous data. For example, a computing device may receive anonymous data associated with a browser session initialized by a user via a browser on a user computing device. The computing device may determine that the user has not been assigned a unique identifier. The computing device may determine whether the user opted-in to location tracking. If the user opted-out of location tracking, the computing device may determine a latitude coordinate and a longitude coordinate of the user computing device during the browser session. The computing device may identify a physical address for the user based on the latitude coordinate and the longitude coordinate, for example, using a map application programming interface (API). The computing device may assign the unique identifier to the user. The computing device may associate the unique identifier to the physical address.

Abstract: Systems, computer-implemented methods, and computer program products to facilitate quantum platform routing of a quantum application component are provided. According to an embodiment, a system can comprise a memory that stores computer executable components and a processor that executes the computer executable components stored in the memory. The computer executable components can comprise a dissection component that identifies one or more components of a quantum application. The computer executable components can further comprise a determination component that selects at least one quantum platform to execute the one or more components of the quantum application based on a defined run criterion.

Abstract: A system supports symmetric release of cryptologically-locked asset transactions. A leading exchange party and a reciprocal exchange party establish, at least in part, a peer challenge in a pre-exchange proposal. The reciprocal party uses the peer challenge to lock a cryptologically-locked asset transaction. The solution to the peer challenge corresponds to an exchange key controlled by the leading exchange party. After establishment of the cryptologically-locked asset transaction, the leading party may request that exchange logic initiate release of the cryptologically-locked asset transaction. In response to the request, the exchange logic may execute a symmetric release of the exchange key and/or signature to the reciprocal exchange party and cryptologically-locked asset transaction (such that the asset is transferred to the leading exchange party).

Abstract: A computer-implemented method, computer program product and computing system for: detecting one or more security events within a computing platform of a client; notifying the client of the one or more security events within the computing platform; determining if the client responded to the one or more security events within the computing platform; and providing a response report to the client that quantifies client response performance based, at least in part, upon if the client responded to the one or more security events within the computing platform.

Abstract: A method for managing licenses for soft IP on a partially reconfigurable hardware system, in particular an FPGA, wherein a license manager is provided in the non-configurable part of the hardware system, or is accessible only for the non-configurable part of the hardware system, where the license manager has exclusive access to a non-volatile memory in which license data having a time restriction of the useful life of at least one soft IP is stored, where before activating a particular soft IP, the license manager checks whether the useful life has expired, where the license manager only releases use of the soft IP if the useful life has not yet expired, where the license data is changed using a key, which is stored in a non-volatile memory for license data, and where a new key is stored and the preceding key is deleted when the license data is changed.

Abstract: To provide a relay apparatus and a relay method by which an app can be flexibly connected to a device and various apps can be connected to various devices to realize stable operation.

Abstract: A mobile terminal includes a touch screen display, a camera, a power button and an activation button for turning on the touch screen display. The mobile terminal has a first function and a second function to perform in response to user input and provides user settings for configuring at least one of the first and second functions such that the at least one of the first and second functions is performed along with turning on the touch screen display when pressing of the activation button is detected while the touch screen display is turned off. The mobile terminal is configured to perform the first and second functions depending upon length of pressing of the activation button in addition to turning on the touch screen display.

Abstract: A method for encrypting a piece of payment means data is disclosed. This method is implemented by a payment means having a data processor. Such a method has at least one iteration of the following steps: obtaining a current piece of payment means data from a memory of the payment means; generating a following piece of payment means data as a function of the current piece of payment means data and as a function of an encryption key of the payment means; replacing the current piece of payment means data by the following piece of payment means data within the memory of the payment means.

Abstract: Systems and methods for anonymizing content suggestive of a particular characteristic while preserving relevant content are disclosed.

Abstract: A fifth generation (5G) network can provide Rich Communication Services (RCS) between multiple user equipment (UE) of different device types and/or different operating systems. An RCS server in an IP Multimedia Subsystem (IMS) can be used to format data associated with a chat between UEs having different operating systems. The RCS server can initiate, establish, maintain, format, augment, or otherwise determine a rich communication chat message between the UEs over the 5G network.

Abstract: A method of generating wallets for discrete blockchain networks comprising receiving a primary and a first secondary seeds, generating an enhanced hierarchical deterministic (HD) wallet, comprising deriving an enhanced parent public key and an enhanced parent private key from the primary seed, generating a first toughened HD wallet, comprising deriving a first toughened parent public and private key pair from the first secondary seed, deriving a first toughened primary child public/private key pair from a function including as inputs the first toughened parent public/private key pair, a first parent chain code, and the enhanced parent public key, and performing an identity registration and certification procedure for both the enhanced and the first toughened HD wallets. An identify of a user associated with each of the enhanced and the first toughened HD wallets is verifiable by an external blockchain network because of the identity registration and certification procedures.

Abstract: One example method includes checking an asset against an Inclusion List and/or an Exclusion List to determine if the asset is permitted to contribute data, generated by the asset, to an enterprise data confidence fabric, when the asset is present on the Inclusion List, or not present on the Exclusion List, designating the asset as a trusted asset and appending the data generated by the asset to a ledger of the enterprise data confidence fabric, updating a ledger content index to reflect the data that was appended to the ledger, and annotating the data generated by the asset with trust metadata.

Abstract: Embodiments of this application disclose a picture processing method, including: when a copy instruction is detected, obtaining positioning information included in a picture; modifying the positioning information in a preset information modification manner; and copying the picture whose positioning information is modified. The embodiments of this application further disclose a picture processing apparatus, a device, and a storage medium. According to the embodiments of this application, user privacy can be better protected, and information security can be improved.

Abstract: A system and method for performing distributed facial recognition divides processing steps between a user engagement device/robot, having lower processing power, and a remotely located server, having significantly more processing power. Images captured by the user engagement device/robot are processed at the device/robot by applying a first set of image processing steps that includes applying a first face detection. First processed images having at least one detected face is transmitted to the server, whereat a second set of image processing steps are applied to determine a stored user facial image matching the detected face of the first processed image. At least one user property associated to the given matching user facial image is then transmitted to the user engagement device/robot. An interactive action personalized to the user can further be performed at the user engagement device/robot.

Abstract: Some examples of the present disclosure relate to generating artificially intelligent entities represented on a blockchain using a non-fungible token (NFT). In one such example, a system can generate an NFT on a blockchain. The NFT can represent an artificially intelligent entity. The system can also generate a personality dataset on the blockchain, the personality dataset describing personality characteristics of the artificially intelligent entity. The system can then correlate the NFT to the personality dataset, thereby assigning the personality characteristics to the artificially intelligent entity. Once generated, the artificially intelligent entity may reside in a virtual ecosystem in which it can perform tasks and learn over time.

Abstract: A method for protecting visual private data by preventing data reconstruction from latent representations of deep networks is presented. The method includes obtaining latent features from an input image and learning, via an adversarial reconstruction learning framework, privacy-preserving feature representations to maintain utility performance and prevent the data reconstruction by simulating a black-box model inversion attack by training a decoder to reconstruct the input image from the latent features and training an encoder to maximize a reconstruction error to prevent the decoder from inverting the latent features while minimizing the task loss.

Abstract: An ecosystem for monitoring the status of a consumable good is provided. The ecosystem includes an identification registry configured to (i) store identifying information regarding a consumer, and (ii) associate the stored identifying information with a unique cryptographic consumer identifier. The ecosystem further includes a transaction registry configured to (i) receive a fulfillment order for a consumable good, and (ii) generate a unique cryptographic transaction identifier for fulfillment of the fulfillment order. The ecosystem further includes a fulfillment computer subsystem configured to (i) receive the fulfillment order, (ii) verify the consumer identifier, and (iii) validate the transaction identifier. The ecosystem further includes a distributed ledger configured to encode transaction details relating to the fulfillment order.

Abstract: A method for identifying that an item of information potentially includes an item of sensitive information can be provided. The item of information can be received in response to a query of an end-user database. An existence of a characteristic associated with the item of information can be determined. The characteristic can be indicative that the item of information potentially includes the item of sensitive information. The characteristic can be different from being that a source of the item of information has been designated, via an information management system, as unsearchable. An action can be caused in response to a determination of the existence of the characteristic. The end-user database can be included in a multi-tenant database.

Abstract: An example of a computer-readable medium to store machine-readable instructions. The instructions may cause a processor to verify a licensing object and determine a license has expired. An application may be controlled based on an expiration parameter specific to the licensing object.

Abstract: A method of user data authorization based on blockchain includes: storing, by a first application client, encrypted user data of user data in a blockchain database through a blockchain node, generating authorization information in response to a request of acquiring the user data by a second application client, and notifying the second application client to obtain the authorization information such that the second application client obtains the user data based on the encrypted user data and the authorization information. The encrypted user data is stored in the blockchain database such that the encrypted user data cannot be tampered with and a leak of real user data is prevented. The second application client obtains the user data based on the authorization information and the encrypted user data.

Abstract: Disclosed herein are methods, systems, and processes for recovering opaque credentials in deception systems. A plaintext credential is received at a honeypot and a plaintext lookup table is accessed. It is determined that the plaintext credential does not exist in the plaintext lookup table and the plaintext credential is added to the plaintext lookup table and a protocol specific plaintext lookup table. An opaque credential is generated for the plaintext credential and the opaque credential is added to a protocol specific opaque lookup table.

Abstract: Digital rights management systems and methods for audience measurement are disclosed. Example methods disclosed herein include enabling a media handler implemented by a media device to begin presenting first media based on a first digital license associated with the first media. Such example methods also include retrieving a second digital license different from the first digital license from a license server separate from the media device. Such example methods further include causing the media handler to perform a first media monitoring operation based on the second digital license, the first media monitoring operation being deactivated by default.

Abstract: Techniques are described that eliminate storage of primary account numbers (PANs) by third-party cloud applications executed in external networks. An example method includes receiving a query from an external network that includes a card reference number (CRN) and converting the CRN into a primary account number (PAN). The method includes modifying the query to include the PAN in place of the CRN and performing a service call to retrieve a record responsive to the query from a master account database using the PAN. The method includes, when the record includes the PAN, converting the PAN into the CRN via the tokenization server. Additionally, the method includes adding the record with the CRN to a query response and transmitting the query response to the external network.

Abstract: Systems and methods for providing trusted local orchestration of workspaces are described. In some embodiments, an Information Handling System (IHS) may include a processor and a system memory coupled to the processor, the system memory having program instructions stored thereon that, upon execution, cause the IHS to: receive an orchestration code from a workspace orchestration service; record, using a trusted controller coupled to the processor, a log comprising: the orchestration code, and an indication of a sequence of operations performed during an instantiation of a workspace by the local management agent; provide a copy of the log to the workspace orchestration service; and establish a connection between the workspace and the workspace orchestration service in response to the workspace orchestration service's successful: (i) authentication of the orchestration code, and (ii) verification of the sequence of operations.

Abstract: Aspects of the disclosure relate to information masking. A computing platform may receive, from a user computing device, a request to access information that includes personal identifiable information (PII). The computing platform may retrieve source data comprising the PII and mask, within the source data and based on a data management policy, the PII. The computing platform may send the masked information in response to the request to access the information. The computing platform may receive a request to unmask the masked information and unmask the PII. The computing platform may log the request to unmask the masked information in an unmasking event log and send the unmasked PII in response to the request to unmask the masked information. The computing platform may apply a machine learning model to the unmasking event log to identify malicious events and trigger remediation actions based on identification of the malicious events.

Abstract: A method for managing customer information pertaining to at least one application associated with a provider. The method includes obtaining initial application information pertaining to the at least one application. The initial application information includes a location of processing of the customer information by the at least one application. The method further includes determining whether additional application information is required based on the location of processing. The method further includes, upon determining that the additional application information is required, obtaining the additional application information based at least in part on the location of processing. The method further includes determining a risk level associated with the at least one application based on the initial application information and the additional application information.

Abstract: A system and method for scrubbing data to be shared between organizations to test a joint solution, and for preventing the introduction of unscrubbed data. Each organization captures a subset of data, which may be customer data from a line of business. The first organization scrubs its data according to scrubbing rules, and then passes the scrubbed data to its test environment, while the second organization passes its unscrubbed data to its test environment. The scrubbed data is communicated to the second organization and is applied to the unscrubbed data in order to scrub it, and then communicate it to the first organization. Both organizations use the scrubbed data in their respective test environments to test the joint solution or joint testing. Scrubbing the data may involve scrubbing only specific data fields containing sensitive information.

Abstract: A network appliance receives a communication from a client device that includes a request to establish a network connection to a server. The network appliance establishes, in response to the communication, a single connection between the network appliance and the server based on application of a policy that causes the network appliance to determine not to decrypt data transmitted between the client device and the server. The network appliance transmits encrypted data between the client device and the server over the single connection.

Abstract: Data is efficiently read from a sequence without a read position being revealed. A secure reading apparatus 1 receives a secret text sequence and a secret text of a read position as input, and outputs an element at the read position of the secret text sequence. A vector creating part (12) creates a vector expressing the read position. A compression computing part (13) repeatedly generates a new secret text sequence in which an inner product of a vector based on the secret text sequence and a vector expressing the read position is set as an element. The reading part (14) outputs the new secret text sequence having the number of elements of one as the element at the read position of the secret text sequence.

Abstract: Data is efficiently read from and written in a sequence without an access position being revealed. A secure reading and writing apparatus (1) receives a read command or a write command as input, and, when the read command is input, outputs a secret text [a[x]] which is an x-th element of a secret text sequence [a], and, when the write command is input, adds the secret text [a[x]] which is the x-th element of the secret text sequence [a], to a secret text [d]. A secure reading part (12) reads the secret text [a[x]] which is the x-th element from the secret text sequence [a]. A buffer addition part (13) adds a secret text [c] of an unreflected value c to the secret text [a[x]]. A buffer appending part (14) appends a secret text [x] and the secret text [d] to a write buffer [b].