Abstract: A method for sharing resource identification includes receiving, at a lookup service, from a first application executing on a particular device associated with a user, a resource identifier (ID) request requesting the lookup service to provide the first application access to a resource ID that identifies the particular device. The method also includes determining, by the lookup service, whether the first application executing on the particular device is authorized to access the resource ID. When the first application is authorized to access the resource ID, the method includes obtaining, by the lookup service, the resource ID and transmitting, by the lookup service, to the first application executing on the particular device, the resource ID.

Abstract: A computer-implemented method, a system and a computer program for identifying malicious URI data items are provided. The method a) gathers URI data items and b) analyses said URI data items to classify them into malicious URI data items and non-malicious URI data items. The method also c1) intercepts communications with malicious servers, identified by malicious URIs, from several computing entities, using sinkholing techniques, and uncovers and retrieves information which is being exfiltrated to said malicious or supervised servers, and c2) periodically monitors a status of the malicious servers identified by the malicious URIs, to control if they have been taken down or not, and simulates an infected bot to get updates of the commands sent from said malicious servers. The method also d) processes the uncovered information with learning algorithms, e) delivers to a mass storage device normalized and interpreted data; and f) provides warnings about potential cyber threats.

Abstract: In one embodiment, a method includes sending, to a client system of a first user, a notification for presentation to the first user. The notification may include a reference to a media-content item and an activatable element for accessing the media-content item. A user input selecting the activatable element may be received. Responsive to the user input, a list of proximate media-player devices to the client system may be determined. The list of proximate media-player devices may be sent to the client system for presentation to the first user. Each of the proximate media-player devices may correspond to a deep link being selectable by the first user. Each deep link may include instructions for presenting the media-content item on a display device coupled to the respective media-player device.

Abstract: The disclosed computer-implemented method for protecting users may include (i) detecting, by a privacy-protecting security application, an attempt by a user to upload an item of media content, (ii) determining, by the privacy-protecting security application, that the item of media content matches a true identity signature for the user that the privacy-protecting security application generated based on other items of media content relating to the user, and (iii) prompting, by the privacy-protecting security application in response to determining that the item of media content matches the true identity signature, the user to perform a privacy-protecting security action to prevent exposing a true identity for the user. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: An information processing apparatus includes a storage unit in which a boot program is stored, a first control unit and a second control unit. The first control unit validates the boot program stored in the storage unit and transmits a pattern signal indicating that the boot program stored in the storage unit is validated. The second control unit executes the boot program stored in the storage unit in accordance with the pattern signal received from the first control unit.

Abstract: Embodiments of the present invention provide methods, systems, apparatuses, and computer program products for predicting network asset requests for a future network time interval.

Abstract: A method of managing a configuration of a computer network system includes creating of an instance of a server by a user through an interface of a public cloud service. A management process detects the existence of the instance by regularly polling the cloud service for infrastructure data and analyzing the infrastructure data to determine that the newly created instance exists. The method also includes testing parameters of the server indicated in the infrastructure data, which parameters are fully determined by the request, against predefined one or more infrastructure policies, whereby the parameters are available and testable against the policies during the generating, but are tested after the request is enacted to create the instance without creating policy enforcement encumbrance on the user when the user creates the new instance of the server.

Abstract: In a computer-implemented method for providing obfuscated data to users, first, a user request to access data is received; then, an authorization level associated with the request received is identified. Next, obfuscated data is accessed in a protected enclave, which data corresponds to the request received. The data accessed has been obfuscated with an obfuscation algorithm that yields a level of obfuscation compatible with the authorization level identified. Finally, the obfuscated data accessed is provided to the user, from the protected enclave. Related systems and computer program products are also disclosed.

Abstract: A privacy protection component can automatically comply with a set of privacy requirements when displaying input data. An ingestion module collects input data describing network activity executed by a network entity. A clustering module identifies data fields with data values within the input data as data identifiable to the network entity using machine-learning models trained on known data fields and their data. The clustering module also clusters the data values with other data values having similar characteristics using machine-learning models to infer a privacy level associated with each data field. The privacy level is utilized to indicate whether a data value in that data field should be anonymized. A permission module determines a privacy status of that data field by comparing the privacy level from the clustering module to a permission threshold. An aliasing module applies an alias transform to the data value of that data field with a privacy alias to anonymize that data value in that data field.

Abstract: A computer-implemented method for executing a transaction includes receiving, by a card network computer system, an identification number, the identification number being received from an acquirer processor computer system after having been routed from a mobile wallet computer system, via a user device and a merchant computer system, to the acquirer processor computer system. The method also includes transmitting, by the card network computer system, the identification number back to the mobile wallet computer system. The method also includes receiving, by the card network computer system, from the mobile wallet computer system, an approval of the transaction, the approval being generated by the mobile wallet computer system based on a match of the identification number transmitted by the mobile wallet computer system to the user device and the identification number received by the mobile wallet computer system from the card network computer system.

Abstract: Apparatus and method for verifying firmware used by a programmable processor in a processor-based device, such as but not limited to a solid-state drive (SSD). In some embodiments, the firmware is stored in a device memory and is accessed to generate an output value using a suitable mathematical function, such as a cryptographic function, a cyclic redundancy check (CRC) function, etc. The output value is used to verify a state of the firmware, such as by ensuring a proper version of firmware has been loaded, that an attacking party has not tampered with the firmware, etc. The firmware may be subsequently loaded and executed by the programmable processor responsive to successful verification. A nonce value supplied by a host can be incorporated into the output value generation process.

Abstract: The present disclosure involves systems, software, and computer implemented methods for a efficient distributed secret shuffle protocol for encrypted database entries using independent shufflers. Each of multiple data providers provides an encrypted secret input value. A set of shuffling clients, independent of the data providers, participate with a service provider in a secret shuffling of the encrypted secret input values. The protocol includes generation and exchange of random numbers, random permutations and different blinding values. A last protocol step includes using homomorphism, for each client, to perform computations on intermediate encrypted data to homomorphically remove a first blinding value and a second blinding value, to generate a rerandomized encrypted secret input value. As a result, the rerandomized encrypted secret input values are generated in an order that is unmapped to an order of receipt, at the service provider, of the encrypted secret input values.

Abstract: An improved technique for identifying a user's mobile device is discussed. A persistent and unified identifier that bridges mobile app to mobile web and to other web browser-compatible mediums is utilized. Using a unique verification identifier, the unified identifier is consistently verified, revived and distributed across application and browser mediums.

Abstract: This information processing device is provided with an editing unit and a storage unit. The editing unit performs editing on one or more controller data sets that contain control programs to be executed on a control device. The storage unit stores a sharing setting table indicative of sharing settings of the control programs included in the respective controller data sets. When the control program for a first controller data set and the control program for a second controller data set that are included in the plurality of controller data sets are set to be shared, the editing unit synchronizes the edited content for the control program for the first controller data set with the control program for the second controller data set.

Abstract: A system for launching content for publication using a content management system (CMS) is provided. The system includes a server of a plurality of servers that is configured for enabling editing of entities using an editor application associated with the CMS. The editing includes authoring fields for each entity. The system includes a server of the plurality of servers that is configured for receiving selection of a group of entities, via a launch interface of the CMS. The selection is for publishing the group of entities. The system includes a server of the plurality of servers that is configured for generating, responsive to the selection, an API call to the CMS. The API call is defined to trigger initiation of a validation process to validate each entity in the group of entities. The validation process is executed in a draft entity store of the CMS that is created for said validation without requiring separate API calls for validating each entity in the group of entities.

Abstract: A data processing method includes determining whether a first conflicting application related to a first conflicting peripheral is in a whitelist, independently taking over the first conflicting peripheral in response to the first conflicting application being in the whitelist, where the first conflicting application runs in a rich execution environment (REE), and sending data generated by the first conflicting peripheral to the first conflicting application in response to a trusted user interface (TUI) being displayed.

Abstract: Aspects of the disclosure relate to multicomputer processing and dissemination of data files. A computing platform having at least one processor, a memory, and a communication interface may search one or more social media platforms for unauthorized dissemination of a data file. The computing platform may correlate a unique identifying feature(s) of the disseminated data file to that of a copy of the data file previously distributed to a linked user account. The computing platform may transmit, via the communication interface, to an administrative computing device, an unauthorized dissemination report which, when processed by the administrative computing device causes a notification to be displayed on the administrative computing device. The notification may identify the linked user account associated with the unauthorized dissemination, the name, content, or general nature of the data file, and/or the social media platform(s) on which the data file was discovered.

Abstract: Implementations of the disclosure are directed to capturing a time series of distributed ledger identities of entities and/or locations over time. In implementations, a method includes: capturing, at a device, a time series dataset, the time series dataset including: for each time of a plurality of times, a secured representation of a distributed ledger address in a beacon received by the device; using the device to make the time series dataset available to a distributed ledger network for verification; and receiving, at the device, confirmation from the distributed ledger network that the time series dataset was verified.

Abstract: The computer-implemented invention provides a method and corresponding system for controlling access to and/or use of an internet-enabled resource. The invention uses an electronic ledger such as, for example, the Bitcoin blockchain. The resource may be an IoT device or system. Access to the resource is permitted or enabled upon provision of a cryptographic key e.g. a private key which corresponds to a public key which has been stored in memory. In one embodiment, the public key is stored in a DHT. Access to the resource is prevented or disabled by removing the public key from memory, and using a redeem script of a second blockchain Transaction to spend a tokenised output of a first blockchain Transaction. The second transaction detokenizes the token (or ‘coloured coin’) contained within the first Transaction. In order to prevent further access to the resource, an encrypted message is sent to the internet-enabled resource, wherein the message communicates a public key and the redeem script.

Abstract: Methods, apparatus, systems, and articles of manufacture to deconflict malware or content remediation are disclosed. An example apparatus includes a site redirector to identify a first request to be transmitted from a client device to a destination site identified by a uniform resource locator (URL), a site verifier to determine whether the first request indicates that a user has authorized navigation to the destination site, and a URL encoder to, in response to determining that the user has authorized the navigation to the destination site, generate a data field based the domain of the destination site, the site redirector to transmit a second request to a network security monitor, the second request to indicate to the network security monitor that the user has authorized the navigation to the destination site, the second request including the data field and the URL.

Abstract: An example system includes a processor to monitor a user interface to generate activity logs including step-flows. The processor is to extract features and common variables from unstructured data in the activity logs and generate structured log events based on the extracted features and the common variables. The processor is to generate a workflow model based on the structured log events. The processor is to automate or assist workflow based on the generated workflow model.

Abstract: Techniques for autonomously tracking and/or predicting an alert event are provided. In one example, a system can comprise a memory that stores computer executable components. The system can also comprise a processor, operably coupled to the memory, and that executes the computer executable components stored in the memory. The computer executable components can comprise a schedule component that determines plan information for a hub of a plurality of hubs, and the hub can be coupled to a device. The computer executable components can further comprise a tracking component that identifies a deviation from the plan information by the hub. Additionally, the computer executable components can comprise a prediction component that determines a probability that the deviation will result in an alert event.

Abstract: Provided is a method for bypassing an analysis evasion technique, which includes: loading a dummy DEX file; parsing a dummy method containing a dummy code from the dummy DEX file; a bypass point identifying step of determining whether a function to be currently called is a bypass target function to which the analysis evasion technique is applied; a branch target point changing step of changing information according to the determination result so that the dummy code is executed instead of the call target function; and a dummy code executing step of transmitting the dummy code to a framework of the application, so that a modulated framework is executed with a bypass code.

Abstract: A data routing method includes obtaining a target identifier of a received target data packet, determining a target network interface card corresponding to the target identifier, and sending the target data packet using the target network interface card.

Abstract: A method and for child state analysis, a vehicle, an electronic device, and a storage medium are provided. The method includes: performing face feature extraction on at least one image frame in an obtained video stream; classifying whether a person in the image is a child and at least one state of the person according to face features to obtain a first classification result of whether the person in the image is a child, and a second classification result of the at least one state of the person; outputting the first classification result and the second classification result; and/or outputting prompt information according to the first classification result and the second classification result.

Abstract: A system and method for wireless transactions provides a software development kit (SDK) that provides accessibility to inherent communication capabilities within a wireless communication device. The communication capabilities are normally not accessible to a software developer. However, the SDK provides an appropriate interface that permits a software developer to create application programs for a variety of transactions between the wireless communication device and a mobile network operator (MNO). In some transactions, the MNO may function as a financial service provider in which a user has an account with an associated monetary value. The SDK provides a simplified technique for executing a financial transaction, such as making a payment or transferring money by presenting easy-to-use menus that avoid the difficulty of memorizing transaction codes, user phone numbers, and the like.

Abstract: A method for verifying an identity of an individual as a first party via a first party system by a second party system comprises: sending a request for identification information of the first party; receiving first party information associated with a mobile identification credential (MIC) which the first party system received from an authorizing party system (APS) before the second party system sends the request for identification information of the first party to the first party system, the first party having consented to release the first party information to the second party system, and the first party information having been verified by the APS before the APS sends the MIC to the first party system; using the verified first party information associated with the MIC to verify or not verify an identity of the first party; verifying the identity of the first party before providing services to the first party.

Abstract: A data key for secure financial and other types of data transactions with a key-shaped case, lightbox touch sensor carrying a removable wafer, processor, secure memory, general-purpose memory, battery, antenna, speaker, microphone, and a dual-purpose USB and chip pin pad. Bluetooth, NFC and/or RFID provides the ability to pair the data key through a wireless channel with another device, such as a smartphone, using a pairing button on the back of the data key. The data key provides chip-and-pin type security to online financial transactions. Dual-device security requires both the data key and another communication device registered to an authorized user to be present to activate the data key for secure operations. Device pairing enables geo-proximity features, such as dual-device security with a paired device, key finder, phone finder, and panic button. The data key may provide secure, remotely programmable security for building and equipment access.

Abstract: Methods and systems for obfuscating computer program code are disclosed. In an embodiment, a method of generating obfuscated binary code from input source code for execution on a target processor comprises: generating a set of random obfuscation transform selections; and iteratively optimizing the obfuscation transform selections until a termination criterion is met. The obfuscation transformation selections may comprise indications of custom instructions which are executable on the co-processor in order to reduce side channel leakage.

Abstract: Systems and techniques are provided for a resource transfer system. An instruction to transfer a first quantity of a resource from a first resource pool to a second resource pool may be received. A hold may be placed on a second quantity of the resource in the first resource pool. The held second quantity of the first resource may not be transferred from the first resource pool until the hold is released. Responsive to receiving a message that fulfills a condition on the hold and an instruction to execute the transfer, the hold may be released. A register that is in the first resource pool and is associated with the resource may decremented by the first quantity, and a register that is in the second resource pool and is associated with the resource may be incremented by the first quantity.

Abstract: A controlling method of an electronic apparatus is provided. The controlling method of the electronic apparatus includes monitoring whether an application executed by the electronic apparatus performs a potentially malicious action, detecting that the application is a suspicious application based on the monitoring of the potentially malicious action, and isolating the suspicious application. The isolating may include at least one of: blocking communication with other applications stored in the electronic apparatus (or executed by the electronic apparatus) or blocking access to a shared memory (or shared directory). The controlling method may also include, based on the suspicious application being identified as not being malicious after the isolating of the suspicious application, releasing the isolating of the suspicious application.

Abstract: A detection device that detects unauthorized communication in an on-vehicle network mounted on a vehicle includes: a monitoring unit that monitors first information that indicates a state or control related to the vehicle and that is transmitted in the on-vehicle network; a prediction unit that predicts an occurrence of second information in the on-vehicle network that indicates the state or control related to the vehicle based on the first information monitored by the monitoring unit; and a determination unit that determines, in a case where the second information is transmitted in the on-vehicle network, whether or not the transmitted second information is unauthorized, based on a result of prediction performed by the prediction unit.

Abstract: The disclosed computer-implemented method for hindering malicious computing actions may include (i) identifying an attempt by an agent to perform an action on a computing resource that is vulnerable to attempted actions performed by unauthorized agents, (ii) requesting from the agent, in response to identifying the attempt to perform the action on the computing resource, a payment to an owner of the computing resource equal to a monetary value assigned to performing the action on the computing resource, (iii) receiving, by the owner of the computing resource, the payment of the monetary value from the agent, and (iv) allowing, in response to receiving the payment of the monetary value from the agent, the attempt by the agent to perform the action on the computing resource. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Embodiments relate to a system, program product, and method for use with a computer platform to support privacy preservation. The platform measures and verifies data privacy provided by a shared resource service provider. An assessment is utilized to support the privacy preservation with respect to a data steward, and associated shared data. It is understood that data associated with a data service has an expected level of privacy. A privacy score directly correlating to a leakage indicator of the service is formed, and an associated data container is populated with inferred entities deemed to at least meet a preferred privacy level. The privacy score effectively certifies the security of the populated data container.

Abstract: An approach for establishing and managing authentication circles is disclosed. The circles may be used to facilitate management of accounts, goals, or resources of one or more entities, or to provide an integrated view of the circumstances of, for example, family members or other interrelated persons. A person receiving assistance with the management of one or more accounts need not disclose authentication credentials to persons helping manage the accounts, enhancing security. Members may view members and access accounts administered by separate computing systems without needing credentials for each member, account, and/or computing system. The multiple accounts (which may be held at multiple institutions) need not be accessed individually by each member of the authentication circle, saving time and computing resources of users.

Abstract: Systems and techniques are provided for a resource transfer system. An instruction to transfer a first quantity of a resource from a first resource pool to a second resource pool may be received. A hold may be placed on a second quantity of the resource in the first resource pool. The held second quantity of the first resource may not be transferred from the first resource pool until the hold is released. Responsive to receiving a message that fulfills a condition on the hold and an instruction to execute the transfer, the hold may be released. A register that is in the first resource pool and is associated with the resource may decremented by the first quantity, and a register that is in the second resource pool and is associated with the resource may be incremented by the first quantity.

Abstract: A wireless communication device includes a processor, a display device coupled to the processor, and a memory accessible to the processor. The memory includes instructions executable by the processor to perform operations. The operations include receiving a user input to play a media content item. The operations include sending a request for a summary of the media content item to a network device in response to the user input in lieu of sending a particular request for the media content item. The operations also include, in response to the reply including media content, sending the media content to the display device for display.

Abstract: A method for controlling an electronic apparatus according to the disclosure includes receiving image data and information associated with a filter set that is applied to an artificial intelligence model for upscaling the image data from an external server; decoding the image data; upscaling the decoded image data using a first artificial intelligence model that is obtained based on the information associated with the filter set; and providing the upscaled image data for output.

Abstract: Systems and methods for enabling and enforcing cryptocurrency transactions associated with at least a portion of data are provided. Systems and methods may include a cryptocurrency transaction service, the cryptocurrency transaction service including one or more transaction servers and one or more ledger processing devices. At least one streaming server configured to associate at least a portion of data with a cryptocurrency transaction and to transmit the at least a portion of data may be provided. A client device may be provided, the client device being configured to receive the at least a portion of data from the streaming server, wherein at least one of the client device and at least one streaming server are configured to initiate a cryptocurrency transaction with the cryptocurrency transaction server based at least in part on the association between the at least a portion of data, the cryptocurrency transaction, and the cryptocurrency transaction service.

Abstract: Systems and methods are described for receiving a first request from a user to grant authorization for a first data recipient to access user information associated with a data provider, and receiving a second request from the user to grant authorization for a second data recipient to access user information associated with the data provider. An authentication token is received from the data provider, where the authentication token enables access to user information associated with the data provider. A first token may be generated for, and provided to, the first data recipient and a second token may be generated for, and provided to, the second data recipient. In response to receiving the first token from the first data recipient, user information data may be provided to the first data recipient. In response to receiving the second token from the second data recipient, user information data may be provided to the second data recipient.

Abstract: The invention relates to a computer-implemented system and method for automatic collection, analysis and reporting of data relating to a cybersecurity threat. The method may comprise the steps of: presenting an interface through which an executable can be configured and automatically generated; transmitting the executable to a client to enable the client to execute the executable on client systems to automatically collect forensic data; receiving from the client an encrypted data package that includes the forensic data; using a forensic toolset to automatically analyze the forensic data; presenting an option to select one or more of at least two types of output reports designed for different types of readers; inputting the analysis files into an automatic report generator to automatically generate the types of output reports selected by the client; and sending the output reports selected by the client to the client.

Abstract: Approaches provide for monitoring attempted network activity such as network port connections and corresponding payloads of network data obtained by a network device and, based on the attempted connections and/or payloads, identifying malicious network activity in real time. For example, network activity obtained from a plurality of network devices in a service provider environment can be monitored to attempt to detect compliance with appropriate standards and/or any of a variety of resource usage guidelines (e.g., network behavioral standards or other such rules, guidelines, or network behavior tests) based at least in part on network port connection activity with respect to at least one network device. If it is determined that network activity is not in compliance with the usage guidelines, or other such network behavior test, the system can take one or more remedial actions, which can include generating a notification identifying the malicious network activity.

Abstract: Devices and techniques are generally described for fraud detection. In various examples, a first plurality of requests are received over a first time period. In at least some examples, the first plurality of requests may be requests to access a first service. A hierarchical data representation comprising an ordered set of values may be determined for each request of the first plurality of requests. A first subset of the first plurality of requests may be determined. The hierarchical data representation associated with each request of the first subset may include fewer than a threshold number of value substitutions relative to each other hierarchical data representation of the first subset of the first plurality of requests. Access to the first service may be prevented by subsequent requests associated with the first subset of the first plurality of requests.

Abstract: Methods and computer software are disclosed for establishing mesh connectivity. In one embodiment the method includes advertising, by a first Converged Wireless System (CWS) the presence of a mesh; detecting, by a second CWS, the presence of the mesh being advertised by a first CWS; performing, by the second CWS, secure certificate based authentication with the first CWS; and allocating, by the second CWS, an Internet Protocol (IP) address over the mesh and using the IP address as a logical address in an IP domain.

Abstract: An authentication system of a service generates a session corresponding to a browser of a client device in response to the browser accessing a webpage of the service. Through the webpage, the authentication system presents a security challenge and an option for requesting a bypass to the security challenge. In response to selection of the option, the authentication system establishes a communications session between the client device and a service agent that can verify the identity of a user of the client device. If the identity of the user is verified, the service agent can request issuance of a bypass token usable to bypass the security challenge. If a request is received from the service agent, the bypass token is generated and issued to the client device. The client device uses the bypass token to remove the security challenge from the webpage without the user providing the correct response.

Abstract: A method for generating a special effect program file package includes: importing a group of sub-materials, where the group of sub-materials include a plurality of sub-materials; obtaining parameter values of playback parameters of the group of sub-materials; and generating a special effect program file package according to the group of sub-materials and the parameter values of the playback parameters.

Abstract: Systems and methods for provisioning user privacy parameters necessary for network security in 5G telecommunication networks are provided, such as the subscriber permanent identifier (SUPI), the routing indicator, the protection scheme identifier, or the home network key. In order to protect the user privacy parameters, the techniques disclosed herein use private and public key encryption, as well as integrity protection offered by 5G telecommunications protocols. Such techniques use registration response messages, update location requests, or update notification request messages to provide end-to-end or end-to-middle security in the provisioning process. Unlike existing over-the-air (OTA) techniques, the techniques described herein provision user privacy parameters or other similar data in a secure and verifiable manner.

Abstract: Aspects of the disclosure provide for managing traffic for multiple versions of an application deployed in a computer system. A method of the disclosure includes: determining first workload information relating to a deployment of a first version of an application in a computer system and second workload information relating to a deployment of a second version of the application in the computer system; determining traffic information relating to the deployment of the first version of the application, wherein the traffic information comprises information about traffic handled by the first version of the application during a time frame; and determining an amount of traffic to be routed to the second version of the application in view of the first workload information, the second workload information, and the traffic information.

Abstract: In one embodiment, a method includes receiving a request to transfer a handle to an object from a first process to a second process, accessing a first security context of the handle and a second security context of the second process, identifying one or more security policies based on at least one of the first security context and the second security context, determining that the handle is allowed to be transferred to the second process by applying the one or more security policies on the first security context of the handle and the second security context of the second process, and transferring the handle to the second process in response to the request.

Abstract: Systems and techniques are provided for a resource transfer system. An instruction to transfer a first quantity of a resource from a first resource pool to a second resource pool may be received. A hold may be placed on a second quantity of the resource in the first resource pool. The held second quantity of the first resource may not be transferred from the first resource pool until the hold is released. Responsive to receiving a message that fulfills a condition on the hold and an instruction to execute the transfer, the hold may be released. A register that is in the first resource pool and is associated with the resource may decremented by the first quantity, and a register that is in the second resource pool and is associated with the resource may be incremented by the first quantity.