Abstract: An autonomous distributed wise area network (AD-WAN) includes several nodes, where each node connects a local area network to an open wide area network, and provides tunnels over the open wide area network to other nodes in the AD-WAN so that computing resources behind each node can communicate as if they were located on a common intranet. Each node has a blockchain wallet and receives updates to a private permissioned blockchain ledger for that AD-WAN. The updates are provided by a control node. Set up, and subsequent change to the AD-WAN are commenced via a customer portal which provides order information to the control node, where the control node processes the order information and generates a blockchain update that informs the affected nodes in the AD-WAN as to what changes are to be made. As a result, the blockchain provides both control plane and order management operation of the AD-WAN.

Abstract: Securing a file against user actions in a computer network includes processing a request for a file-directed action that identifies a user, a file, and a mode of file access. Generating a mediated covenant of association that defines constraints of the user action and is produced by node-by-node informatic convolution of a hierarchy of informational nodes present in profiles of the user, the file and the mode. Enforcing securing of the user actions with a computer security event-specific model based on an instance of trust derived from the covenant of association.

Abstract: A container corresponding to executable code may be received. In response to receiving the container, a container manager resident in a memory of a computation environment may be executed to verify the container. The container manager may be verified by a boot loader of the computation environment. Permissions of the container to access the resources of a computation environment may be determined after the verification of the container by the container manager. Access to one or more resources of the computation environment may be provided by transferring control to the one or more resources from the container manager to the container based on the permissions of the container for the resources of the computation environment.

Abstract: Systems and methods for content customization are provided. One aspect of the systems and methods includes receiving dynamic characteristics for a plurality of users, wherein the dynamic characteristics include interactions between the plurality of users and a digital content channel; clustering the plurality of users in a plurality of segments based on the dynamic characteristics using a machine learning model; assigning a user to a segment of the plurality of segments based on static characteristics of the user; and providing customized digital content for the user based on the segment.

Abstract: Search management systems and methods that cryptographically-secure search indices, search queries, and associated document records while in-use by cloud-based search software without requiring modification to the cloud-based search core software. The search proxy resides between a cloud-based vendor application and the cloud-based search software. The search proxy uses key-based deterministic cryptographic tokenization to irreversibly cryptographically-secure plaintext words from document records for indexing and plaintext keywords from search queries for search and retrieval. The search proxy separately uses key-based encryption on the document record's pre-tokenized plaintext words, adding the encrypted data as a separate field to the document record. This encrypted field is stored as part of the document by the search service.

Abstract: Unclonable function circuitry includes a plurality of pairs of phase-change memory cells in a virgin state, and sensing circuitry coupled to the plurality of pairs of phase-change memory cells in the virgin state. The sensing circuitry identifies a subset of the plurality of pairs of phase-change memory cells in the virgin state based on a reliability mask. Signs of differences of effective resistance values of the identified subset of the plurality of pairs of phase-change memory cells in the virgin state are sensed by the sensing circuitry. The sensing circuitry generates a string of bits based on the sensed signs of differences in the effective resistance values of the identified subset of the plurality of pairs of phase-change memory cells in the virgin state. Processing circuitry coupled to the unclonable function circuitry, in operation, executes one or more operations using the generated string of bits.

Abstract: Systems and methods are described herein for assessing the device posture of user devices requesting access to a managed resource and for determining a confidence level in the device's posture. In an example, a user device can request a managed resource. A server can receive the request and retrieve an associated access policy. The access policy can include policy attributes to use for assessing the user device's device posture. The server can calculate a device attribute score for each policy attribute. The server can also calculate a confidence score for each device attribute score that measures the confidence level in the device attribute score. Using the two scores, the server can calculate a device posture score. Access to the resource can be granted or denied based on whether the device posture score exceeds a threshold score designated in the access policy.

Abstract: Described herein are approaches for generating a new queue based on an existing queue. This may include receiving a request to transfer the existing queue from a first device to a second device. A set of move criteria may be evaluated using a playback context, a user profile, a configuration associated with the second device, and/or a level of access constraints. Depending on the results of the evaluation, the existing queue may be completely reformulated to define the new queue. The second device may then be instructed to play the new queue.

Abstract: A method for performing an address translation context switch includes initializing a computer processor to a first context by storing information identifying the first context in a control register of the computer processor. The first context specifies a mapping of virtual addresses of instructions to physical memory addresses in a first memory area. Information identifying a second context is stored in a memory address translation independent storage, where the second context specifies mapping of virtual addresses of instructions to physical memory addresses in a second memory area. The information identifying the second context is written to the control register of the computer processor.

Abstract: A method is described for the release of use of functions of at least one local data receiving unit (1) for a user by means of a central data processing unit (7) and the at least one selected local data receiving unit (1). The local data receiving unit (1) is configured to receive an encrypted release dataset from a user and to release use if at least one security feature contained in the release dataset in each case matches a corresponding release criterion stored in the local data receiving unit (1).

Abstract: Generally discussed herein are devices, systems, and methods for scan surface reduction in sensitive information scanning. A method can include receiving a document, determining, by an evidence checker, a keyword that indicates sensitive information of a sensitive information type, is present in the document, responsive to determining the keyword is present, determining, by a sensitive information scanner and based on a regular expression associated with the sensitive information type, that sensitive information is present in the document, and performing a sensitive information mitigation operation to mitigate the sensitive information.

Abstract: In general, embodiments relate to a method for managing a network device, including receiving an incoming frame originating from a host, where the incoming frame includes IP address of the host and a payload specifying information associated with an external server. The further includes determining, using the IP address of the host and an IP address to segment identifier (ID) mapping, that the host is associated with a first segment, in response to the determining, forwarding the incoming frame towards a redirection server executing on the network device, where the first segment is associated with a first policy and where the first policy specifies that the incoming frame is to be forwarded to the redirection server.

Abstract: The present disclosure involves systems, software, and computer implemented methods for integrated data privacy services. An example method includes determining, by a data privacy integration service, a condition that indicates that all applications in a multiple-application landscape are to attempt a blocking operation on at least one object as part of a data privacy integration protocol. Blocking responder group configurations are identified that group applications in the multiple-application landscape into multiple blocking responder groups for performing blocking operations in response to requests from the data privacy integration service. A blocking command to perform a blocking operation on the at least one object is sent to applications in a first blocking responder group. Blocking statuses are received from each of the applications in the first blocking responder group and a determination is made as to whether all received blocking statuses indicate successful completion of the blocking command.

Abstract: The disclosure relates to techniques for operating an imaging facility for preparing an imaging process. For each imaging process, at least one image dataset is reconstructed in a reconstruction step from raw data recorded in accordance with at least one recording protocol using a reconstruction facility with reconstruction software. For advance calculation of a duration for the reconstruction step, an input dataset comprising at least one protocol parameter of the recording protocol influencing the duration of the reconstruction step and at least one hardware parameter describing the hardware of the reconstruction facility and/or at least one software parameter describing the reconstruction software is compiled, and the duration is ascertained from the input dataset by way of a trained advance calculation function, which is trained by machine learning.

Abstract: Provided is a method, performed by an electronic device, of performing secure ranging with a target device. The method of performing secure ranging may include receiving a connection message for communication with the target device using a first communication method through a first communicator, transmitting, by a first applet in a secure element of the electronic device, a ranging session key for the target device to a second applet in the secure element, the ranging session key being stored in the first applet, receiving a ranging session request from the target device, based on the ranging session request, obtaining, by a second communicator, the ranging session key for the target device from the second applet, and by using the ranging session key, performing secure ranging using a second communication method with the target device through the second communicator.

Abstract: Various techniques described herein relate to analyzing and redacting information from customer interaction records such as call transcripts, to support transmission of the interaction records from a secured environment to various external analytics systems. Transcript texts may be received and processed by a redaction system, during which the transcript texts may be analyzed to generate conversations and convert numerical texts into numbers. One or more regular expressions defining search and replace patterns may be selected and used to redact confidential or sensitive information from the transcripts. In various implementations, the regular expressions used to redact transcripts may be determined or generated based on transcript categorization, the security characteristics of the transmission networks and/or external systems to which the redacted transcripts are to be transmitted, and/or other attributes of the transcript or the associated systems.

Abstract: The invention provides a consent management system for managing a user's consent for a plurality of services. The system includes a consent management unit adapted to register a plurality of services to a user and obtain user consent information associated with the user. The consent management unit is further adapted to control consent operation of the plurality of services registered to the user, based on user consent information associated with the user.

Abstract: A computerized-method for sensitive data redaction from screenshots, is provided herein. The computerized-method includes retrieving records of a sequence of screenshots from a database. Then, grouping the sequence-of-screenshots by one feature of one or more features to yield one or more groups. Each group includes screenshots having one common feature. Then, calculating a score for each pixel across all similar screenshots in each group. For each group of screenshots, blackening pixels in all screenshots having a score above a preconfigured threshold to yield data redacted screenshots. The score of each pixel above the preconfigured threshold indicates a high variance between screenshots in the group and a presence of sensitive data therein and then storing the data-redacted screenshots in a screenshots-database.

Abstract: Disclosed are methods and systems for orchestrating application use while preventing unauthorized data sharing. For instance, an orchestration management system may provide orchestration logic to a computing platform system hosting a virtual environment configured to run an application on behalf of a data owner computing device. Once the orchestration logic is loaded thereon, a public key to and a location of the virtual environment may be provided to an application owner's computing device. The orchestration logic may enable the application owner's computing device to access the virtual environment at the location to load the application into the virtual environment utilizing a first key combination including the public key and a matching private key. At least the private key may then be disabled by the orchestration logic to prevent subsequent access to the virtual environment by the application owner to guarantee no unauthorized data sharing.

Abstract: An image forming apparatus connected to a first post-processing machine that executes first post-processing on at least one of a plurality of sheets includes: an image forming device that forms an image on each of the sheet; and a controller that instructs, in response to an output of a target sheet that satisfies a specific condition from the image forming section, the first post-processing machine to execute the first post-processing on the target sheet and a stacked sheet among the sheets.

Abstract: A method, apparatus and computer readable storage to implement an automated system for video surveillance in a casino or other controlled environment. Players in the casino can be automatically scanned and analyzed for whether they are under the legal gambling age or not. When an underage gambler is detected, a casino security employee (or other casino personnel) is notified so they can take the appropriate action. Similarly, players who are excluded from the casino can also be automatically detected and would be ejected when detected.

Abstract: A transmission system includes a first touch device and a second touch device. The second touch device includes a transmission region and the transmission region forms an invisible barcode. The first touch device and the second touch device work together to operate in a touch mode or in an application mode. When the first touch device and the second touch device work together to operate in the application mode, the transmission region uses the invisible barcode to transmit a transmission signal to the first touch device to unlock the first touch device.

Abstract: Example methods are provided to identify unused memory regions in pages that are allocated for storing executable code. One or more of the unused memory regions are usable as a secure location to store confidential information shared between a hypervisor on the host and a guest (such as a guest virtual computing instance) that runs on the host. The one or more unused memory regions may also be used to store executable code (such as valid executable code of antivirus software or other security program) that has been prevented/delayed in its execution by malicious code that has occupied the pages, thereby providing the executable code with sufficient memory resources to enable the executable code to at least partially complete execution.

Abstract: Systems, program storage devices, and methods for improving data privacy/trust/anonymity/pseudonymity and data value, wherein data related to a Data Subject can be used and stored, while minimizing re-identification risk by unauthorized parties and enabling data related to the Data Subject to be disclosed to an authorized party by granting access only to the data relevant to that authorized party's purpose, time, place, and/or other criterion via the obfuscation of specific data values. The techniques described herein maintain this level of privacy/trust/anonymity/pseudonymity, while empowering Data Subjects, e.g., consumers or customers of such authorized parties, by enabling protection of data at the desired level of engagement with various business entities. The techniques described herein also allow Data Controllers to perform General Data Protection Regulation (GDPR) and Schrems II-compliant (and surveillance-proof) data processing, via the functional separation of heterogeneous data (e.g.

Abstract: Aspects of the disclosure relate to preventing unauthorized screen capture activity. A computing platform may detect, via an infrared sensor associated with a computing device, an infrared signal from a second device attempting an unauthorized image capture of contents being displayed by a display device of the computing device. Subsequently, the computing platform may determine, via the computing platform, the contents being displayed by the display device. Then, the computing platform may retrieve a record of the contents being displayed by the display device. Then, the computing platform may determine a risk level associated with the infrared signal. Subsequently, the computing platform may perform, via the computing platform and based on the risk level, a remediation task to prevent the unauthorized image capture.

Abstract: Systems and methods for providing controlled access to a system by a user device include receiving, from a user device, a request including a current context. The method includes receiving a request for access to a computing resource, the request including a current context, the current context defining a user space and a resource space. The user device evaluates the current context against a security policy. The user device determines that the user device is permitted to access the computing resource based on the request in response to the evaluating the current context against the security policy. In response to determining that the user device is permitted to access the computing resource, accessing the computing resource as requested.

Abstract: A cloud-based system and method for encrypting media content is disclosed. The system comprises a key server microservice, for receiving control word requests and for generating encoded control words and a software encryption microservice, communicatively coupled to the key server microservices, the encryption microservice for receiving the media content, for generating the control word requests, for receiving the encoded control words, and for white-box encrypting the media content according to the generated encoded control words.

Abstract: Systems and methods described herein facilitate the management of personalized life information using a distributed ledger. For example, a distributed ledger system, such as one or more blockchains, may manage personalized life information of one or more individuals to, for example, determine an occurrence of a life event for a first individual based at least in part on personalized life information for the first individual, to access various types of personalized life information for the first individual in response to the determination of the occurrence of the life event for the first individual, and to provide a subset of the personalized life information data for the first individual to a user device associated with a second individual.

Abstract: Use of embedded metadata for data privacy compliance is provided. In a data store, self-managed data is maintained including metadata specifying retention policy data. Responsive to a self-update to scrub PII from the self-managed data being indicated by the retention policy data, the PII is removed from the self-managed data maintained by the data store. Responsive to a self-update to delete the self-managed data from the self-managed data being indicated by the retention policy data, the self-managed data is removed from the data store.

Abstract: An example operation includes one or more of receiving, by a server, a request for particular data, determining, by the server, a transport that can provide the particular data based on one or more current settings of the transport and a current route of the transport, requesting, by the server, the transport to provide the particular data for a value, and receiving, by the server, the particular data.

Abstract: Techniques for code modification for detecting abnormal activity are described. Web code is obtained. Modified web code is generated by changing a particular programmatic element to a modified programmatic element throughout the web code. Instrumentation code is generated configured to monitor and report on one or more interactions with versions of the particular programmatic element. The instrumentation code is caused to be provided in association with the modified web code to the first client device in response to the first request from the first client device. Report data generated by the instrumentation code is received. The report data describes abnormal activity at the first client device, the abnormal activity comprising an interaction with a version of the particular programmatic element that does not exist in the modified web code. Based on the report, it is determined that the first client device is likely controlled by malware.

Abstract: This application provides a system architecture switching method and apparatus. The method includes: when a system architecture needs to be switched, transforming a first system architecture into a second system architecture, where the first system architecture represents a system architecture before switching; and providing a service for a user by using the second system architecture. Dynamic switching of a system architecture is implemented by using a transformable system architecture, so that switching of different architectures can be implemented by using only one system architecture. Therefore, only code for implementing the system architecture is required, and code overheads can be reduced in comparison with a conventional technology.

Abstract: Systems, methods, and apparatuses for providing a central location to manage permissions provided to third-parties and devices to access and use user data and to manage accounts at multiple entities. A central portal may allow a user to manage all access to account data and personal information as well as usability and functionality of accounts. The user need not log into multiple third-party systems or customer devices to manage previously provided access to the information, provision new access to the information, and to manage financial or other accounts. A user is able to have user data and third-party accounts of the user deleted from devices, applications, and third-party systems via a central portal. The user is able to impose restrictions on how user data is used by devices, applications, and third-party systems, and control such features as recurring payments and use of rewards, via a central portal.

Abstract: Methods and systems are provided for securing access to confidential data using a blockchain ledger. An update to access permissions can be received from a first entity on behalf of a second entity, the update can change access permissions to a confidential data store. A smart contract that validates the update can be called. Upon consensus from a blockchain community, the update to the access permissions for the second entity can be executed. The blockchain community can be a plurality of different organizations that share access to the confidential data store, and the update can be appended to a blockchain ledger that stores access permissions for the blockchain community.

Abstract: This disclosure relates to systems and methods for managing protected electronic content that employ relatively efficient messaging schemes. Rights management architectures that provide end-to-end protection of content keys from their point of origination at a content creator and/or content service to end user devices. Certain embodiments further provide for message protocols where fewer messages are sent in connection with a protected content license request process, thereby reducing latency associated with license request and provisioning processes.

Abstract: An integrated circuit comprises first and second interfaces, an internal addressable space comprising a plurality of address ranges, and a control unit. Each of the first and second interfaces is coupled to the internal addressable space via the control unit. The control unit is configurable in a first state in which the control unit is configured to allow or deny the second interface access to a subset of the plurality of address ranges of the internal addressable space.

Abstract: Systems, methods, and apparatuses for providing a central location to manage permissions provided to third-parties and devices to access and use user data and to manage accounts at multiple entities. A central portal may allow a user to manage all access to account data and personal information as well as usability and functionality of accounts. The user need not log into multiple third-party systems or customer devices to manage previously provided access to the information, provision new access to the information, and to manage financial or other accounts. A user is able to have user data and third-party accounts of the user deleted from devices, applications, and third-party systems via a central portal. The user is able to impose restrictions on how user data is used by devices, applications, and third-party systems, and control such features as recurring payments and use of rewards, via a central portal.

Abstract: A system for validating a response based on context information receives a first message that indicates that a data object is removed from a memory resource via a third party device without authorization by a user. The system communicates a second response that indicates whether a third party confirms the removal of the data object without the authorization by the user to the third party device. The system receives a response from the third party device. The system extracts context information from the response. The system determines whether the response is valid based on the context information, where it is determined to be valid if the response is actionable. In response to determining that the response is actionable, the system recommends one or more actions to be performed with respect to the memory resource.

Abstract: Methods and apparatus to collect distributed user information for media impressions and search terms are disclosed. An example method includes accessing, from a media device, a first identifier and a search term at a first server, the first identifier corresponding to at least one of the media device or a user of the media device, the search term associated with a search request, generating a second identifier based on the first identifier, sending the second identifier and the search term from the first server to a data collection server to facilitate the data collection server to logging the search request, and receiving user information associated with the search request from a database proprietor based on the second identifier.

Abstract: Systems, methods, and apparatus are described herein data extraction and analysis, and more particularly, to the generation of compliant and optimized peer data.

Abstract: A USB protocol-based IP infringement identification method for USB devices, including the following steps: S1, connecting an infringement identification device at a peer side of the USB host to be tested; S2, the USB host to be tested entering compliance mode; S3, the infringement identification device sending an X.LFPS file to the USB host to be tested; S4, upon the USB host to be tested receiving the X.LFPS file, the USB host to be tested sending IP copyright information to the infringement identification device; S5, determining whether the USB host to be tested infringes the IP. The infringement identification of the USB device to be tested is performed by using the compliance mode specified in the USB protocol, which is more stable, reliable and can also save costs.

Abstract: A system for providing compartmented access to secure data assets includes a mobile device, a secure access platform, and a secure data storage platform. The mobile device may be configured to generate a user interface configured to allow a user to input credentials and a request for a secure data asset on the secure data storage platform. The mobile device may transmit the credentials and the request to a secure access platform. The secure access platform may transmit the credentials to the secure data storage platform. The secure data storage platform may transfer a copy of the secure data assets to a data access module on the secure data access platform. The secure access platform may be configured to create an appling instance, receive the copy of the secure data assets, and transmit a response package based on the copy of the secure data access to the mobile device.

Abstract: A call to action processor receives an entity datapoint containing data related to an entity, a campaign objective datapoint containing data associated with a campaign objective, at least one definite script element based on the campaign objective, and entity metadata containing data associated with the entity. The call to action further performs generating at least one variable script element based on the entity metadata, presenting to a device the at least one definite script element the at least one variable script element.

Abstract: Encryption is performed at the field level within a data object, in response to an encryption indicator. Encrypted fields are nulled or zeroed out and the encrypted values are stored in encryption metadata with a path identifying the locations of the encrypted fields. An encrypted data key is appended with a decryption identifier and stored in the encryption metadata. The encrypted data object may be reformatted while encrypted. The encrypted data key is extracted from the encryption metadata and the decryption identifier is used to identify a master key used to decrypt the encrypted data key. The data key is used to decrypt the encrypted values and the decrypted values are stored in the fields identified by the paths.

Abstract: Exemplary systems, methods, and apparatuses implement efficient storage and validation of data and metadata within a blockchain using Distributed Ledger Technology (DLT) in conjunction with a cloud based computing environment.

Abstract: Various embodiments of the present technology generally relate to management of big data storage and data access control systems. In some embodiments, a data access system for use in multiple application service and multiple storage service environments comprises a sandbox database for users, wherein the sandbox database is a virtual database environment via which a user may access datasets according to one or more access policies. In some embodiments, the data access system receives a user request to access a dataset stored in a database into the sandbox environment, wherein the database is associated with the data access system. In response to the request, the data access system may retrieve the corresponding data from the database, determine any associated sandbox access policies, and generate an anonymized data table in the sandbox environment.

Abstract: An example method of performing interactive videogame verification using cryptographically protected transaction records includes: receiving, by a videogame server, from a first videogame client device, a first transaction record reflecting a first set of events associated with an interactive videogame session, wherein the first transaction record is cryptographically signed by a first private cryptographic key associated with the first videogame client device; receiving, from a second videogame client device, a second transaction record reflecting a second set of events associated with the interactive videogame session, wherein the second transaction record is cryptographically signed by a second private cryptographic key associated with the second videogame client device; and validating the first transaction record based on the second transaction record.

Abstract: A method includes receiving a system call from an application within a container executing on an operating system, the system call comprising a synchronization operation to synchronize memory of the application to storage. The method further includes determining, by the kernel, whether a system call filtering policy associated with the container indicates that the system call is to be prevented. preventing, by the kernel, performance of the synchronization operation in view of the system call filtering policy.

Abstract: A system and method are provided for implementing a secure configuration of a networked system for secure communications, the networked system including at least one instrument for performing corresponding tasks and at least one controller for controlling functions of the at least one instrument. The method includes providing a secure instrument configuration (SIC); displaying status provided by the SIC server identifying the controller and the instruments to a user via a user interface; writing controller secure configuration information from the SIC server to the controller through a software agent on the controller, the controller secure configuration information including authentication data for the instruments, and/or credentials of the one controller acceptable by the one instruments for identifying the controller; and communicating with the controller to initiate implementation of the secure configuration.

Abstract: An operating method for a media stream transmission key includes: detecting, by a media gateway, lifetime status information of a media stream transmission key; and when the media gateway determines that a lifetime of the media stream transmission key expires, executing, by the media gateway, a media stream transmission key lifetime expiry behavior according to an instruction of a media gateway controller. The embodiments of the present invention fill a technical gap that an operation is performed on a lifetime status of a media stream transmission key in an architecture where an MG and an MGC are separated.