Abstract: A method performed by a fitting device, the fitting device being a part of a hearing system configured for remotely configuring a hearing device, the method includes: obtaining hearing device data comprising a hearing device identifier of the hearing device; obtaining a session key; generating a configuration initiation request based on the session key and the hearing device identifier; transmitting the configuration initiation request to a server device; receiving a configuration initiation response from the server device, the configuration initiation response comprising configuration keying material; generating a configuration package based on configuration data for the hearing device and based on the configuration keying material, the configuration package comprising configuration package data; and transmitting the configuration package to the server device.

Abstract: A mobile terminal privacy protection method includes obtaining an application start instruction, actively obtaining a biometric feature of a user according to the application start instruction, and displaying an encrypted content list and an unencrypted content list of a corresponding application if the obtained biometric feature of the user matches a preset biometric feature. The encrypted content list of the application is generated according to encrypted content in the application, the unencrypted content list of the application is generated according to unencrypted content in the application, and the encrypted content in the application is content that is not presented when the obtained biometric feature of the user does not match the preset biometric feature.

Abstract: A system and method for determining consent user interface validity for a provided consent user interface of a web form presenting consent information, comprising: accessing a consent user interface presented on a web form; determining one or more configuration attributes of the consent user interface; accessing one or more privacy regulations associated with presenting consent information; comparing the one or more configuration attributes of the consent user interface to each of the one or more privacy regulations; determining whether the consent user interface is compliant with each of the one or more privacy regulations; and in response to determining that the consent user interface is not compliant with one or more privacy regulations, flagging the consent user interface.

Abstract: Systems, methods, and apparatuses for providing a customer a central location to manage permissions provided to third-parties and devices to access and use customer information maintained by a financial institution are described. The central location serves as a central portal where a customer of the financial institution can manage all access to account information and personal information stored at the financial institution. Accordingly, the customer does not need to log into each individual third-party system or customer device to manage previously provided access to the customer information or to provision new access to the customer information. A user additionally is able to have user data and/or third-party accounts of the user deleted from devices, applications, and third-party systems via a central portal.

Abstract: An example operation may include one or more of constructing a transaction proposal, by a computing system, wherein inputs to the transaction proposal are named using a blockchain naming system (BNS) that comprises ledger state addressing, oracles for addressing external data values, and user state addressing, the BNS providing a standard mechanism to name all blockchain resources using a universal resource indicator (URI).

Abstract: A server device for managing privilege delegation to control execution of commands thereon is described. Execution of a command, according to first privileges, by a remote management (RM) server on the server device is requested from a RM client on a client device. An agent plug-in, chained to a command execution plug-in of the RM server, intercepts the request and forwards related information to an agent service cooperating with an operating system of the server device. The agent service determines whether to execute the command according to second privileges, different from the first privileges and if permitted, delegates the second privileges to the command, and causes, via the agent plug-in chained to the command execution plug-in, the command to be executed according to the second privileges.

Abstract: The current document is directed a resource-exchange system that facilitates resource exchange and sharing among computing facilities. The currently disclosed methods and systems employ efficient, distributed-search-based auction methods and subsystems within distributed computer systems that include large numbers of geographically distributed data centers to locate resource-provider computing facilities that match the resource needs of resource-consumer computing facilities. Multiple security methods and subsystems are employed to prevent unauthorized access to resource-exchange-system services, to secure resource-exchange-system-participant data from unauthorized access, and to prevent hosted virtual machines and other hosted computational entities from interfering with operation of native virtual machines and other native computational entities within hosting resource-provider computing facilities.

Abstract: A switch and a Frame Capture Managing Module (FCMM) for managing Ethernet frames. The FCMM receives a request for capturing Ethernet frames at a network interface of the switch. The request comprises an identity of the network interface and information relating to a second filter indicating Ethernet frames for monitoring by the network node. The FCMM sends to the switch, a configuration comprising the identity of the network interface of the switch, an indication about a first multicast channel, and information relating to a first filter. The FCMM sends a response comprising a second multicast channel relating to the first multicast channel. Furthermore, the switch receives a request for receiving Ethernet frame sent to the first multicast channel. The switch filters, by use of the first filter, received Ethernet frames into a collection of Ethernet frames. The switch sends the collection of Ethernet frames on the first multicast channel.

Abstract: A database server (e.g., a replica) generates a local checksum from a sequence of database operations and contributes the sequence of operations and the local checksum to a shared log of a distributed database. Additional database servers, similarly, generate local checksums. A checksum replica agent determines a first ordering of database operations of a first database server of a database, determines a second ordering of database operations of a second database server of the database; determines whether a third ordering of database operations that is based at least in part on the first ordering and the second ordering is valid. In an embodiment, a checksum replica agent generates a global checksum over the third ordering. Checksums, in an embodiment, are digitally signed and/or encrypted.

Abstract: Embodiments are directed to techniques for constructing, configuring, triggering, and executing various types of multi-party pipelines that access and/or use a shielded asset required to exist or execute within a data trustee environment. Generally, authorized participants can build upon template data privacy pipelines and other shielded assets to create other pipelines. Building blocks such as entitlements, cross-environment pipelines, and/or shielded assets governed by various collaborative intelligence contracts can be used to construct more complicated pipelines that may include any number of data privacy pipelines, cross-environment pipelines, input datasets, computational steps, output datasets, permissible queries, participants, and/or governing collaborative intelligence contracts.

Abstract: Systems and methods are disclosed for providing interactive handoff protocol user interfaces. In one embodiment, a computerized system may comprise a memory storing instructions, and a processor of a first electronic device. The processor may be configured to receive a pick-up request from a second electronic device, receive an acceptance indication for the pick-up request via an input device, provide a GUI prompting a scan of an identification tag on an individual, the GUI including at least one button in a non-selectable state, capture an image of the identification tag using the first electronic device, determine an identity of the individual based on the captured identification tag image, compare the determined identity to an identity in the received pick-up request, and modify the at least one button to a selectable state, wherein selection of the at least one button advances a handoff protocol for the individual.

Abstract: Various examples are directed to a cloud platform system that comprises a plurality of cloud platform deployments including a first cloud platform deployment implemented at a first geographic region and a second cloud platform deployment implemented at a second geographic region. An access manager system receives from a user computing device, a user logon request identifying a user. The access manager system also receives, from an identity provider system, group data associated with the user logon request, the group data indicating a first group to which the user belongs. The access manager system determines that a subaccount access map correlates the first group to a first subaccount that is implemented at the first cloud platform deployment. The access manager system also provides the user computing device an indication that the user is authorized to access the first subaccount.

Abstract: A document management system having context-based access control and related methods are provided. The document management system determines whether to perform user authentication based on derived context-information comprising one or a combination of derived user-context parameters and document-context parameters that provide additional context to document access requests.

Abstract: Systems and methods for a multitenant computing platform. Original data is generated through operation of a computing platform system on behalf of an account of the computing platform system, and the original data is moderated according to a data retention policy set for the account. The moderated data is stored at the computing platform system. The computing platform system moderates the generated data by securing sensitive information of the generated data from access by the computing platform system, and providing operational information from the generated data. The operational information is accessible by the computing platform system during performance of system operations.

Abstract: Application security analysis including systems and methods for analyzing applications for risk is provided. In an example method, the applications reside on a mobile device configurable to access an enterprise system. The example method includes evaluating each of a plurality of applications variously for privacy, data leakage, and malicious behavior. The example method also includes calculating a risk score for each of the plurality of applications based on the evaluating; and automatically remediating (e.g., quarantining) the applications, of the plurality of applications, for which the risk score meets or exceeds a risk score threshold. The method may evaluate all of the applications residing on a mobile device. The method may include grouping application behaviors, for each of the applications, that indicate an increased risk into groups comprising two or more of privacy risk, a data leakage risk, an account takeover risk, a device takeover risk, and a malware risk.

Abstract: A method includes receiving, by a computing device, a message from a host device. In response to receiving the message, the computing device generates an identifier, a certificate, and a key. The identifier is associated with an identity of the computing device, and the certificate is generated using the message. The computing device sends the identifier, the certificate, and the key to the host device. The host device verifies the identity of the computing device using the identifier, the certificate, and the key.

Abstract: A communication system mitigating the risk of an incoming spoofed caller. The method involves issuing a token or a digital certificate to each network connection of a user, such as to each member of a social media platform to which the user is connected. The method includes determining a validity of the token or certificate of the network connection with a receiving party, which may be performed in response to searching and identifying the receiving party by a calling party. The method includes transmitting a message to the receiving party by the calling party in response to the validity confirmation of the token or the digital certificate. A message is transmitted that includes a calling identifier to be displayed to provide calling ID to the receiving party and a time of the intended call. The message may provide connection details, mutual connections, and historical events with the calling party.

Abstract: A method and an apparatus for transmitting a message in an electronic device are provided. The method for transmitting a hidden message includes displaying one or more hiding frames in an input message display area of a display, and transmitting a message including information on the hiding frame.

Abstract: Embodiments are directed to techniques for constructing, configuring, triggering, and executing various types of multi-party pipelines that access and/or use a shielded asset required to exist or execute within a data trustee environment. Generally, authorized participants can build upon template data privacy pipelines and other shielded assets to create other pipelines. Building blocks such as entitlements, cross-environment pipelines, and/or shielded assets governed by various collaborative intelligence contracts can be used to construct more complicated pipelines that may include any number of data privacy pipelines, cross-environment pipelines, input datasets, computational steps, output datasets, permissible queries, participants, and/or governing collaborative intelligence contracts.

Abstract: Embodiments of the present disclosure relate to electronic lockout of a client device, specifically to managing electronic lockout of a client device associated with a claim process via a device protection program management system and third-party provider. In this regard, embodiments herein may process various data associated with determining whether to authorize a claim under a device protection program, and cause initiation of and/or termination of an electronic lockout of a client device depending on received data and/or lack of received data. In this regard, example embodiments include receiving a device claim request indication associated with a client device, where the client device is associated with a functionality lockout state; initiating a claim associated with the client device; causing initiation of an electronic lockout of the client device; processing the claim to determine whether to authorize the claim; and causing updating of the electronic lockout based on the determination.

Abstract: A distributed storage network method begins by determining an encoded data slice to rebuild, determining a storage set of distributed storage units associated with the encoded data slice to rebuild, determining an historical performance level of each distributed storage unit of the storage set of distributed storage units, determining an estimated performance level of each distributed storage unit of the storage set of distributed storage units, selecting at least a decode threshold number of distributed storage units of the storage set of distributed storage units to produce selected distributed storage units, determining an encoded data slice partial aggregation scheme for the selected distributed storage units, sending encoded data slice partial request messages to the selected distributed storage units, and receiving encoded data slice partial response messages and extracting encoded data slice partials from the encoded data slice partial response messages to rebuild or verify the encoded data slice.

Abstract: Methods and apparatuses for performing oblivious transfer using a trusted intermediate environment are described. A data object identifier is used to identify requested data object. The requested data object is stored as a plurality of corresponding data chunks over a plurality of data buckets. The data object identifier is encoded with information identifying each of the plurality of corresponding data chunks within each respective data bucket. A trusted intermediate environment receives a data stream that includes data chunks stored in an assigned data bucket. Using the encoded information from the data object identifier, the trusted intermediate environment determines which of the data chunks in the data stream is the corresponding data chunk streamed from the assigned data bucket.

Abstract: Disclosed herein are system, method, and computer program product embodiments for optical character recognition (OCR) pre-processing using machine learning. In an embodiment, a neural network may be trained to identify a standardized document rotation and scale expected by an OCR service performing character recognition. The neural network may then analyze a received document image to identify a corresponding rotation and scale of the document image relative to the expected standardized values. In response to this identification, the document image may be modified in the inverse to standardize the rotation and scale of the document image to match the format expected by the OCR service. In some embodiments, a neural network may perform the standardization as well as the character recognition using a shared computation graph.

Abstract: Systems and methods for transmitting critical data to a server are provided. The data structure intended for transmission to the server is divided up on the client side into a substructure containing critical data (CD) and a substructure not containing CD. The substructure containing CD is further divided up at the client side into at least two substructures and the resulting substructures are sent consecutively to the server via a node with a transformation module. The substructure not containing CD is sent directly to the server, bypassing the node with the transformation module. After receiving the substructures, they are combined at the server side into a single data structure. The critical data are data with respect to which the law of the state in whose jurisdiction the client or an authorized entity is located imposes restrictions on the gathering, storage, accessing, dissemination and processing thereof.

Abstract: A method for managing data use operations in accordance with one or more embodiments of the invention includes sending, by a licensed data transfer engine executing on a local data manager, a license verification request to a data management system, obtaining a license verification response, providing licensed data to a client, and sending a ledger entry to a ledger service based on the licensed data provided to the client.

Abstract: A content delivery service that facilitates the selection of virtual machine instances utilized to implement the transcoding function. A management service first implements a test channel configuration routine that selects worst case scenario configurations for implementing the transcoding function and measures performance metrics for different virtual machine instances implementing the transcoding function. The management system can then match incoming requests for video channel transcoding with signature data from the test channel configurations to identify which virtual machine instances can implement the requested transcoding functionality.

Abstract: Techniques for code modification for detecting abnormal activity are described. Web code is obtained. Modified web code is generated by changing a particular programmatic element to a modified programmatic element throughout the web code. Instrumentation code is generated configured to monitor and report on one or more interactions with versions of the particular programmatic element. The instrumentation code is caused to be provided in association with the modified web code to the first client device in response to the first request from the first client device. Report data generated by the instrumentation code is received. The report data describes abnormal activity at the first client device, the abnormal activity comprising an interaction with a version of the particular programmatic element that does not exist in the modified web code. Based on the report, it is determined that the first client device is likely controlled by malware.

Abstract: A scan system that reads amount information from a scanned receipt and performs reporting, displays a first area in which a content read from the receipt is displayed and a second area in which an image of the scanned receipt is displayed when a scan of the receipt is completed, hides at least one of the first area and the second area displayed on a display upon receiving an operation of a user, and displays at least one of the hidden first area and second area upon receiving an operation of the user.

Abstract: The present technology addresses a scenario when a user attempts to create a cloud content item using a file system interface on a client device. The present technology can immediately create a content item that is representative of a cloud content item once the user requests a cloud content item to be created. The content item that is representative of the cloud content item can be created even before the cloud content item itself is created. After the cloud content item is created, the present technology provides a mechanism to relate the content item that this representative of the cloud content item with the actual cloud content item.

Abstract: A method comprising, during runtime of an item of software that comprises one or more portions of code and verification code: the verification code generating verification data using (a) runtime data generated by the one or more portions of code and (b) one or more predetermined parameters, the verification data representing an element of a predetermined first set of data elements; and providing the verification data to an integrity checker arranged to (i) identify that a modification relating to the verification code has not occurred if the verification data represents an element of a predetermined second set of data elements, wherein the second set is a subset of the first set, and (ii) identify that a modification relating to the verification code has occurred if the verification data does not represent an element of the second set; wherein it is computationally infeasible to determine an element of the second set without knowledge of the one or more predetermined parameters or data related to the one or m

Abstract: A method for providing access to objects associated with a particular client in a cloud storage system is disclosed. The method includes the steps of establishing a connection with a user, providing a client namespace associated with the client to the user, where the client namespace represents objects stored on the cloud storage system and objects stored on a private storage system apart from the cloud storage system, receiving a request from the user to access an object stored on the private storage system, and providing information to the user to facilitate access to the object stored on the private storage system by said user. Other systems and methods are also disclosed. Important advantages of the present invention are facilitated by separating the logic for user access (control plane) from the actual storage (Storage plane). Private file system access can still be managed from the cloud, while keeping the client data private.

Abstract: A processing device in a memory system receives a privilege key from a host system, the privilege key having an associated level of access to debug information associated with the memory device and determines the level of access associated with the privilege key. The processing device receives, from the host system, a request for debug information directed to a debug slave address associated with a system management bus port of a memory sub-system, identifies the debug information corresponding to the level of access associated with the privilege key, and sends the debug information to the host system over a system management bus coupled to the system management bus port of the memory sub-system.

Abstract: Systems and methods are disclosed for secure transmission of high-priority computer server event notifications. One method comprises obtaining a new computer server event to report; generating a first notification message pertaining to the computer server event; generating a second notification message pertaining to the computer server event and to the delivery of the first notification message; storing the first notification message; storing the second notification message; and transmitting the first notification message to a partner over a computer network.

Abstract: A user permission system manages and regulates access to secure data at one or more third-party data sites. The system may provide access to one or more databases or other data structures based on user authentication and access rules that have been established, such as by a user associated with the data being accessed at the third party data store. Access may be provided via an API to the third-party data site, along with access credentials of a user with data stored with the third-party data site, allowing the system to access data on behalf of the user.

Abstract: A method for configuring a set of one or more computing devices, includes generating, for a computing device of the set of one or more computing devices, a job profile based at least in part on a master profile, the master profile being generated based at least in part on configuration information common to a model of the computing device and job specific input including configuration information specific to the computing device of the set of one or more computing devices. The method further includes coupling the computing device of the set of one or more computing devices into communication with a pre-configuration device; and configuring, by the pre-configuration device, the computing device of the set of one or more computing devices based at least in part on the generated job profile.

Abstract: Various embodiments described herein provide for secure data communication between a host system and a memory sub-system. For example, some embodiments use a salt value, symmetric encryption, and asymmetric encryption to facilitate secure data communication between the host system and the memory sub-system.

Abstract: Provided is a method for anonymising data stocks, including the steps of determining a combination of generalization stages for quasi-identifiers of a data stock at a central node; transmitting the combination of generalization stages to a plurality of sub-nodes; and a parallel performing of an anonymisation of the data stock on the basis of the combination of generalization stages by the sub-nodes.

Abstract: According to one embodiment, a method, computer system, and computer program product for preventing statistical inference attacks is provided. The present invention may include splitting records into items, and classifying these items into shared items and private items; grouping the private items according to privacy and confidentiality requirements; restricting access of the private items to stakeholders based on the confidentiality requirements using cryptographic keys; generating and encrypting one or more placeholders for both existent and non-existent stakeholders; storing private items in private storage as indicated by links; creating shared records comprising links, placeholders, and shared items; adding integrity signatures to the shared records; and publishing the shared records to a shared medium.

Abstract: A method, a communication device, a computer program, and a computer program product for cyclic time-slotted operation in a wireless industrial network. The communication device includes a memory having a first memory area and a second memory area. The method includes running an application software at application layer. The application software is associated with a first pointer. The method includes operating a communication hardware at physical layer. The communication hardware is associated with a second pointer. The first pointer and the second pointer in a given timeslot point at a respective different one of the memory areas, such that in the given timeslot the application software is enabled to access one of the memory areas and the communication hardware is enabled to access the other of the memory areas. The method includes swapping the pointers to the memory areas at the end of each cycle of the cyclic time-slotted operation.

Abstract: Systems, methods, and apparatuses for providing a central location to manage permissions provided to third-parties and devices to access and use user data and to manage accounts at multiple entities. A central portal may allow a user to manage all access to account data and personal information as well as usability and functionality of accounts. The user need not log into multiple third-party systems or customer devices to manage previously provided access to the information, provision new access to the information, and to manage financial or other accounts. A user is able to have user data and third-party accounts of the user deleted from devices, applications, and third-party systems via a central portal. The user is able to impose restrictions on how user data is used by devices, applications, and third-party systems, and control such features as recurring payments and use of rewards, via a central portal.

Abstract: A data sharing method, server and storage medium including receiving a first part of a first key from a first client, the first key corresponding to encrypted data uploaded to a block of an information sharing system generating a first authorization code corresponding to the encrypted data; transmitting the first authorization code to the first client; based on receiving an access request from a second client for the encrypted data, obtaining a second authorization code and an incomplete key from the access request; based on the second authorization code being the same as the first authorization code and the second authorization code being valid, generating a second key according to the incomplete key and the first part of the first key corresponding to the encrypted data decrypting the encrypted data according to the second key to obtain the plaintext data; and transmitting, to the second client, the decrypted plaintext data.

Abstract: Embodiments of the invention include a physiological sensor system. According to an embodiment the sensor system may include a package substrate, a plurality of sensors formed on the substrate, a second electrical component, and an encryption bank formed along a data transmission path between the plurality of sensors and the second electrical component. In an embodiment the encryption bank may include a plurality of portions that each have one or more switches integrated into the package substrate. In an embodiment each sensor transmits data to the second electrical component along different portions of the encryption bank. In some embodiments, the switches may be piezoelectrically actuated. In other embodiments the switches may be actuated by thermal expansion. Additional embodiments may include tri- or bi-stable mechanical switches.

Abstract: The disclosed computer-implemented methods for automatically recovering from malware attacks may include (1) saving, in response to determining that a reputation of a process is unknown, a backup copy of a file on a remote storage device prior to allowing the process to modify the file; (2) determining, after the process has modified the file, that the process is potentially malicious; and (3) restoring, in response to determining that the process is potentially malicious, the backup copy of the file from the remote storage device. The provided methods may automatically recover computers from ransomware attacks and other malware attacks which encrypt file systems. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Disclosed is a new identifier allocation approach for allocating repository object identifiers beyond a maximum number usually allowed for a single repository. The new identifier allocation approach includes an enhanced identifier structure in which a portion usually reserved for a docbase identifier is modified to combine with a partition identifier. The actual docbase identifier is stored in a server configuration file. When the maximum number of object identifiers has been allocated, a new partition is created and a sequence table is updated with a new entry that reflects the new partition. A new repository object identifier is allocated using the docbase identifier combined with the new partition identifier. In this way, more than 4 billion objects per object type can be addressed uniquely within a docbase by creating new partitions. This new approach is very unique and flexible in accommodating both on premises and multi-tenant environments.

Abstract: Embodiments of the present disclosure relate to policy-based request tracing in a distributed environment. In an embodiment, a computer-implemented method is disclosed. According to the method, a first set of requests and a second set of requests are determined in a plurality of received requests based on a policy. A first subset of requests is selected from the first set of requests based on a first sampling rate, and a second subset of requests is selected from the second set of requests based on a second sampling rate that is less than the first sampling rate. Executions of the first subset of requests and the second subset of requests on components of a distributed system are then traced. In other embodiments, a system and a computer program product are disclosed.

Abstract: A method of dynamically adjusting access privileges of system identities. A set of access logs associated with a system are analyzed in order to generate a restricted access policy for an over privileged system identity. An initial access policy of the system identity is replaced with the restricted access policy and a continuous monitoring and access management (CMAM) service is initiated. Access logs are collected for a monitoring time window and an access denied error can be extracted from the access logs. The access denied error can be compared to an ignore list and/or the access denied error can be added to the ignore list. Authorization checks can be performed to determine if the action associated with the access denied error is authorized. If the action is authorized, the access policy is adjusted to allow for performance of the action.

Abstract: Techniques are disclosed relating to securely storing file system metadata in a computing device. In one embodiment, a computing device includes a processor, memory, and a secure circuit. The memory has a file system stored therein that includes metadata for accessing a plurality of files in the memory. The metadata is encrypted with a metadata encryption key that is stored in an encrypted form. The secure circuit is configured to receive a request from the processor to access the file system. In response to the request, the secure circuit is configured to decrypt the encrypted form of the metadata encryption key. In some embodiments, the computing device includes a memory controller configured to receive the metadata encryption key from the secure circuit, retrieve the encrypted metadata from the memory, and decrypt the encrypted metadata prior to providing the metadata to the processor.

Abstract: A data processing apparatus having a first secure area and a second secure area coupled by a monitor is provided. The monitor applies security credentials to processing circuitry transitioning from the first secure area to the second secure area to enable the processing circuitry to perform functions in the second secure area. A call gateway comprising a transition instruction and access parameters stored in a trusted storage device is used by the monitor to determine when to applying the security credentials to the processing circuitry. The access parameters comprising a target function or a memory location.

Abstract: An image file is to be posted on a social media web site is automatically detected, the image file containing at least an image of a first individual with a background image depicting a location determined to be unsafe. A risk level associated with the location is determined. Based on the risk level, an action is automatically activated, which prevents at least a second individual from taking a photograph of the second individual at the location.

Abstract: Described herein are methods and systems for the efficient resyncing of stale components of a distributed-computing system. One method includes determining that a first base component at a remote site will go offline. After determining that the first base component at the remote site will go offline, a first delta component is created at the remote site. While the first base component at the remote site is offline, data corresponding to the offline component is collected at the first delta component at the remote site. After collecting data at the first delta component, the collected data is sent to a local site. The method includes determining that the first base component has come back online. In response to determining that the first base component has come back online, the collected data is sent from the first delta component to the first base component via an intra-site network.