Abstract: A gateway device includes a call handling equipment (CHE) listener interface, an Internet Protocol (IP) interface, a provisioning engine, and a message parsing engine. The CPE listener interface forms a communication channel with a CHE and receives call event data from the CHE. The IP interface communicates with a cloud-based processing system. The provisioning engine receives, from the cloud-based processing system via the IP interface, instructions for parsing data from a data output format of the CHE into a consistent data format of the cloud-based processing system. The message parsing engine parses the call event data received from the CHE via the CHE listener interface, and formats the call event data according to the consistent data format. The gateway device transmits the formatted call event data to the cloud-based processing system via the IP interface.

Abstract: Identifying malicious code execution of executing subject code of a software enclave of a processing system follows a process that includes monitoring performance characteristics of the processing system attributed to execution of the subject code of the software enclave. The monitoring produces performance data, which is stored to a relational database. The process applies a classification model to the stored performance data to obtain an output, and, based on the output of the classification model, identifies anomalous behavior in the execution of the subject code and determines a confidence level that the anomalous behavior exhibits malicious activity. Based on the confidence level exceeding a threshold, the process determines that the executing subject code is malicious and initiates halting of the execution of the subject code.

Abstract: The method includes receiving a challenge request sent by a first service trusted server and obtaining to-be-verified information of the first service trusted server in the challenge request; sending a verification request to a trusted remote proving server, wherein the verification request includes the to-be-verified information of the first service trusted server; and obtaining a verification response returned by the trusted remote proving server.

Abstract: A method for performing an electronic transaction is disclosed. The method provides authentication data and authentication software to an electronic device and preferably stored in a secure storage location or other location inaccessible to the user or the operating system of the device. The authentication software is activated to generate a digital signature from the authentication data. Next, the digital signature is provided to the other transaction party.

Abstract: Techniques are disclosed for generating and modifying digital content including graphical representations of items offered within an electronic catalog. Various interfaces are provided to enable a user to create digital content utilizing graphical representations of these items. Once created, the digital content may be shared with other users and feedback may be obtained from the recipients of the digital content.

Abstract: A collection of documents or other files and the like within an enterprise network are labelled according to an enterprise document classification scheme, and then a recognition model such as a neural network or other machine learning model can be used to automatically label other files throughout the enterprise network. In this manner, documents and the like throughout an enterprise can be automatically identified and managed according to features such as confidentiality, sensitivity, security risk, business value, and so forth.

Abstract: A Trustonic DRM Plug-in is provided that can be downloaded and operate in conjunction with an Android framework. The solution also includes a PVP with the downloadable DRM. The system includes components that can be added by Trustonic based on the Android 4.3 Framework in addition to current t-base 300 that can be used by any DRM vendor. The system enables the DRM to be downloaded in the field since all DRMs could use the standard API services of the Android 4.3 OS. With a codec component employed like H.264 or HEVC that can use the PVP with the downloaded DRM component, the Android video player can use the component to satisfy HD content security requirements.

Abstract: A verification system using additional factors such as biometrics can provide a tenant system with the ability to verify the identity of an end user. The enrollment and verification can be performed without sharing identity knowledge between the tenant and the verification ensuring the privacy of the end user. The enrollment and verification can also be performed in an auditable way while maintaining anonymity.

Abstract: A storage apparatus and its control method capable of reducing load and necessary memory capacity on the side of the apparatus, which are required for management, are proposed.

Abstract: An image forming apparatus is provided with USB sockets on front and back sides, and includes a determining unit for determining whether or not a USB device inserted to a front side USB socket is a function enhancement device, and a control unit making, when it is determined by the determining unit that a function enhancement device is inserted to the front side USB socket, the USB device unusable and making, when it is determined that a USB device other than the function enhancement device is inserted, the USB device usable. Thus, it is possible to prevent a USB wireless LAN adapter or the like from being used constantly connected to the front side USB socket and thereby to reduce possibility of USB wireless LAN adapter of being damaged or removed.

Abstract: Techniques are disclosed that permit storage and availability operations, such as backup and restore, snapshot and cloning, application disaster recovery, and reporting and analytics, to be performed for stateful containerized applications. In one embodiment, a container cluster service is configured to create application instance objects that capture metadata associated with containerized applications and that (optionally) specify scripts to be run before and/or after taking an application consistent snapshot and/or an order in which to take snapshots. Application instances having the configurations specified in the application instance object may then be deployed.

Abstract: An on-demand disposable virtual work system that includes: a virtual machine monitor to host virtual machines, a virtual machine pool manager, a host operating system, a host program permissions list, and a request handler module. The virtual machine pool manager manages virtual machine resources. The host operating system interfaces with a user and virtual machines created with an image of a reference operating system. The host program permissions list may be a black list and/or a white list used to indicate allowable programs. The request handler module allows execution of the program if the program is allowable. If the program is not allowable, the host request handler module: denies program execution and urges a virtual machine specified by the virtual machine pool manager to execute the program. The virtual machine is terminated when the program closes.

Abstract: Certain aspects of the present disclosure provide techniques for improved control of workflow execution. Embodiments include receiving, by an execution engine, a request from a user to execute a workflow that is stored in a repository. The workflow may be an operation that is associated with an operation privilege level, and a user privilege level of the user may be a lower privilege level than the operation privilege level. Embodiments include determining a repository privilege level associated with the repository by accessing repository privilege data in a file stored on the repository. Embodiments include escalating the user privilege level to the repository privilege level. Embodiments include executing the workflow, based on the request from the user, at the repository privilege level. Embodiments include restoring the user privilege level to the lower privilege level.

Abstract: A system and method for operating a policy aware unification file system within a computer system that takes into account the security requirements of each file system as each file system is unified into the unified file system are provided. As the application is compatible with existing run time policies of files and directories within each file system that is to be unified, the application supports the enforcement of security policies or requirements of each file and/or directory that has been unified into the unified file system.

Abstract: A system and method for exchanging data among partitions of a storage device is disclosed. For example, data stored in a first partition is exchanged with an application included in the first partition or with a second application included in a second partition. In one embodiment, the second application is associated with a global certificate while the first application is associated with a different platform certificate. A verification module included in the first partition receives a request for data and determines if the request for data is received from the first application. If the request for data is not received from the first application, the verification module determines whether the request is received from the second application and whether the global certificate is an authorized certificate. For example, the verification module determines whether the global certificate is included in a listing of authorized certificates.

Abstract: Described are devices, systems, and methods for improving network security by providing network interface devices communicatively coupled to end-point-protection platforms (EPP) based on integration of two different technologies (e.g., smart NICs and EPP software) allowing each to automatically signal the other and implement automated protection mechanisms to isolate or protect a host, a virtual machine, and/or a container.

Abstract: An approach is described for processing command line templates for database queries. A method pertaining to such approach may include retrieving a set of command line templates based upon command line information received from a plurality of respective clients in a computing environment. The method further may include receiving a command line query from a first client among the plurality of respective clients and searching the set of command line templates based upon contents of the command line query. The method further may include transmitting to the first client at least one command line recommendation based upon the search. In an embodiment, retrieving the set of command line templates according to the method may include receiving from a centralized server at least one update with respect to the set of command line templates.

Abstract: An electronic device for securing information, and a method therefor are provided. The electronic device includes a receiver for receiving an encrypted data from a server, the encrypted data being encrypted with an encryption key by a key cryptography based on a private information, a nonvolatile memory for storing the encrypted data, a decryptor for receiving the encrypted data from the nonvolatile memory, decrypting the encrypted data into an unencrypted data including the private information, and a volatile memory for storing the unencrypted data. The receiver authenticates a communication channel and receives the encryption key through the authenticated communication channel, and the decryptor receives the encryption key from the receiver and decrypts the encrypted data with the encryption key.

Abstract: A computer system identifies one or more characteristics corresponding to a memory of a user device based on analyzing information stored in the memory of the user device during one or more instances of a first time period. The computer system detects an untrusted user device attempting to access an account during a second time period. In response to the detecting the untrusted device attempting to access the account, the computer system compares one or more characteristics of the information stored in a memory of the untrusted user device to the identified one or more characteristics. In response to determining that a similarity level between the one or more characteristics of the information stored in the memory of the untrusted device and the identified one or more characteristics is above a threshold level, the computer system allows access to the account.

Abstract: A system can include, for example, a secure data module(s) configured to store sensitive data regarding the user(s), a synthetic dataset generating module(s) configured to generate the synthetic dataset based on the sensitive data, and a control module configured to receive a request from an application for a dataset related to the user(s), provide the request to the synthetic dataset generating module(s), receive the synthetic dataset from the synthetic dataset generating module(s), and provide the synthetic dataset to the application. The synthetic dataset generating module(s) can be configured to generate the synthetic dataset based on the dataset.

Abstract: A system may have a mobile device having at least two wheels and a distance measuring device configured to be removably attached to a frame of the mobile device, which can be a mobility assistance device, such as a walker and a wheelchair. The distance measuring device may have at least a sensing mechanism, an accumulator, and a display that are in communication with one another, with the sensing mechanism configured to monitor rotation of the at least one of the at least two wheels of the mobile device and the accumulator configured to determine the distance traveled by the mobile device based on this rotation and output the distance result on the display.

Abstract: Embodiments of the present disclosure relate to digital rights management. A method for managing rights transfer of using digital content from a first device (120) to a second device (130) is proposed, comprising generating at an authentication device (110) a first authentication dataset C by encrypting a first verification code R1 using at least one public key for at least one device blacklisted by the authentication device (110). The first authentication dataset C and a second verification code R2 are provided from the authentication device 110 to the first device (120) and a response message M is returned from the second device (130) to the authentication device (110). The method also comprises verifying validity of the second device (130) at the authentication device (110) based on the received response message M. In accordance with embodiments of the present disclosure, the DRM protected digital content can be shared with high security, while the recipient is kept anonymous to the DRM server.

Abstract: Systems and methods for location-based automated authentication are disclosed. A system comprises a mobile device, a sensor and a backend platform. The sensor and the backend platform are in network communication. The mobile device is operable to continuously transmit Bluetooth Low Energy (BLE) signals comprising encrypted transitory identifiers. The sensor is operable to receive a BLE signal from the mobile device when the mobile device is within a predetermined range, and communicate over a network connection the encrypted transitory identifier comprised in the BLE signal to the backend platform. The backend platform is operable to extract a unique identifier and a changing encrypted identifier from the received encrypted transitory identifier, generate a changing encrypted identifier, and validate a user identification by comparing the generated changing encrypted identifier and the extracted changing encrypted identifier.

Abstract: Thwarting data leakage from a webpage. In some embodiments, a method may include detecting, at a browser on the network device, a visit to the webpage, directing a headless browser on the network device to visit the webpage in parallel to the browser visiting the webpage, detecting, at the headless browser, data leakage from the webpage, presenting, at the browser, a notification regarding the data leakage that allows a user to indicate whether the data leakage should be allowed, receiving, at the browser, an indication that the data leakage should not be allowed, and in response to receiving the indication that the data leakage should not be allowed, thwarting the data leakage by performing a remedial action at the network device to protect the network device from the data leakage.

Abstract: A method performed by a fitting device, the fitting device being a part of a hearing system configured for remotely configuring a hearing device, the method includes: obtaining hearing device data comprising a hearing device identifier of the hearing device; obtaining a session key; generating a configuration initiation request based on the session key and the hearing device identifier; transmitting the configuration initiation request to a server device; receiving a configuration initiation response from the server device, the configuration initiation response comprising configuration keying material; generating a configuration package based on configuration data for the hearing device and based on the configuration keying material, the configuration package comprising configuration package data; and transmitting the configuration package to the server device.

Abstract: A system and method for transaction bitcoin is described. Bitcoin can be sent to an email address. No miner's fee is paid by a host computer system. Hot wallet functionality is provided that transfers values of some Bitcoin addresses to a vault for purposes of security. A private key of a Bitcoin address of the vault is split and distributed to keep the vault secure. Instant exchange allows for merchants and customers to lock in a local currency price. A vault has multiple email addresses to authorize a transfer of bitcoin out of the vault. User can opt to have private keys stored in locations that are under their control. A tip button rewards content creators for their efforts. A bitcoin exchange allows for users to set prices that they are willing to sell or buy bitcoin and execute such trades.

Abstract: A facility stores a person's personal information (“PI”) on a portable storage device (“PSD”) of the person. In some cases, the PSD bears a fax number mapping uniquely to the person; when a fax containing the person's PI is sent to this fax number, the facility stores an encrypted version of the PI on a relay server (“RS”). When the PSD connects with an access device, the encrypted version of the PI is retrieved from the RS and stored on the PSD. In some cases, the PSD bears a non-textual visual symbol; when its images is captured by a device such as a smartphone, an identifier encoded in the symbol is used to transmit encrypted PI to the RS. In some cases, each access device reports aggregates of personal data to an analysis server. In some cases, the facility statistically obfuscates these aggregates for transmission to/storage on the analysis server.

Abstract: System and techniques for multifactor intelligent agent control are described herein. A workload request may be received from a user device via a network. The workload may be instantiated in an isolated environment on an edge computing platform. Here, the isolated environment may be a container or a virtual machine. The instantiation of the workload may include using a hardware security component (SEC) of the mobile edge computing platform to prevent access to data or code of the workload from other environments hosted by the mobile edge computing platform. The workload may then be executed in the isolated environment and a result of the workload returned to the user device.

Abstract: The present disclosure is directed to systems, methods and devices for securing communication resources of group communication devices. Secure resources of a group communication computing device may be maintained in a secure operating environment of the group communication computing device, which is separate from a normal operating environment of the group communication computing device, via a trust partition comprising one or both of an SoC trust partition and a hypervisor. The secure operating environment may comprise input resources including a microphone, a camera, audio encoding and decoding engines, audio encryption and decryption engines, and a secure operating system. The normal operating environment may comprise resources including LTE and WiFi communication resources, transport layer security layer resources, and an operating system.

Abstract: A system and method for storing and accessing password verification data on multi-user computer systems that prevents remote attacks. Along with commonly-employed measures that limit the number of unsuccessful attempts to login or otherwise verify a password, it allows users to choose relatively simple passwords with full security. The secret component cannot be easily leaked or exfiltrated does not require periodic backup and is isolated in a way that allows it to be protected by conventional security measures such as safes, alarm systems and video surveillance from attackers who somehow gain access to the computing facility.

Abstract: A super-shield system for protecting a computer from malicious software uses a whitelist to determine is a program is safe to run. As new malicious software are created, inadvertent attempts at execution of executables including such malicious software is prevented being that the new malicious software are not listed in the whitelist. When attempts are made to run unknown software, the executable is forwarded to a server where further analysis is performed to determine if the executable contains suspect code (e.g., malicious software).

Abstract: In general, the subject matter described in the specification can be embodied in methods, systems and program products for a verified participant database system that verifies information on potential participants for surveys and promotions that require numerous participants with certain characteristics. Among other features, the verified participant database system aggregates and preferably verifies information, for example, the demographic and purchasing information, of potential participants by receiving permission to obtain information from third-party sources.

Abstract: An inventory of Internet-facing assets related to a target domain is generated using network data gathered from network data sources. Using data sources of known threats, such as malware, phishing attempts, scam pages, blacklisted sites, and so on, a network analytic system generates analytical information about domains, sub-domains, and components that are owned, managed, and/or controlled by a target entity. A measure of domain identity threat is generated based on a classification model using the analytical information.

Abstract: A method, computer program product, and computing system for receiving content from a third-party. The content may be processed to predict the disclosure of sensitive information. The sensitive information may be obscured from a platform user, where the third-party may be a customer and the platform user may be a customer service representative.

Abstract: A computer-based investigative analysis system is disclosed in which a user can share results of an investigation with other users in a way that allows the sharing user to visualize how the results will be shared before they are shared. The results are shared in the form of a visual graph having nodes, edges, and other presentation elements. The nodes represent data objects that are the subject of the investigation and the edges represent connections between the data objects. The graph is shared in the form of an automatically generated redacted graph omitting nodes, edges, and presentation elements for which the other users do not have permission to view. Before sharing the graph, the sharing user is presented with a visualization of the automatically generated redacted graph providing the user an opportunity to confirm that sharing the redacted graph will not constitute an unauthorized information leakage.

Abstract: A method and a related system for a protection against unauthorized file encryption in a file system may be provided. The method may comprise providing an anti-ransomware file access unit, determining, by the anti-ransomware file access unit, an entropy value for a portion of a file to be written to the file system, and upon determining that the entropy value is equal or above a threshold value, performing a copy-on-write process to the file to be written, whereby the file is written to a copy-on-write storage area.

Abstract: An image forming apparatus includes a display device that displays information and an image forming device that forms an image on a sheet. The image forming apparatus can cause the image forming device to form an image on the basis of a file acquired from an external system that manages files in a directory having a hierarchical structure. The image forming apparatus includes at least one controller that functions as a unit that acquires information which is information of a printable file of files managed by the external system and which includes at least storage directory information of the printable file, a unit that causes the display device to display a folder tree screen based on the storage directory information, and a unit that causes the image forming device to perform image formation based on a file selected on the folder tree screen.

Abstract: Systems, methods, and computer-readable storage media are provided for securely storing and accessing content within a public cloud. A processor manufacturer provides processors having secure enclave capability to a cloud provider. The provider makes available a listing of processor identifiers (CPUIDs) for processors available for storing content and having secure enclave capability. A content owner provides CPUIDs for desired processors from the listing to the manufacturer which provides the content owner with a processor-specific public code encryption key (CEK) for encrypting content to be stored on each processor identified. Each processor is constructed such that content encrypted with the public CEK may only be decrypted within a secure enclave thereof. The content owner encrypts the desired content with the public CEK and returns the encrypted content and the CPUID for the appropriate processor to the cloud provider. The cloud provider then stores the encrypted content on the particular processor.

Abstract: The technology disclosed relates to identifying and notifying a user of nearby attendees at a mega attendance event who are in user's social graph by comparing the user's social graph to a list of event attendees. The identified attendees can be stratified into social graph tags that annotate, categorize and prioritize other users in the user's social graph. The technology disclosed also relates to identifying and notifying the user of nearby attendees of sessions at the event who meet introduction preferences of the user by finding matches between introduction preference attributes specified by the user and attributes of the attendees provided by the list of event attendees.

Abstract: A method for authenticating an object, comprising determining a physical dispersion pattern of a set of elements, determining a physical characteristic of the set of elements which is distinct from a physical characteristic producible by a transfer printing technology, determining a digital code associated with the object defining the physical dispersion pattern, and authenticating the object by verifying a correspondence of the digital code with the physical dispersion pattern, and verifying the physical characteristic.

Abstract: A network monitoring “sensor” is built on initial startup by checking the integrity of the bootstrap system and, if it passes, downloading information from which it builds the full system including an encrypted and an unencrypted portion. Later, the sensor sends hashes of files, configurations, and other local information to a data center, which compares the hashes to hashes of known-good versions. If they match, the data center returns information (e.g., a key) that the sensor can use to access the encrypted storage. If they don't, the data center returns information to help remediate the problem, a command to restore some or all of the sensor's programming and data, or a command to wipe the encrypted storage. The encrypted storage stores algorithms and other data for processing information captured from a network, plus the captured/processed data itself.

Abstract: Provided is a sharing method for an augmented reality apparatus, including sending an unlocking request to a server, wherein the unlocking request comprises an augmented reality device identifier and a user identifier; receiving a sharing unlocking instruction, wherein the sharing unlocking instruction is sent by the server when the unlocking request passes a verification; and performing system unlocking on the augmented reality apparatus.

Abstract: Methods that can protect sensitive data are provided. One method includes determining, by a processor, whether a user is focusing on an obscured set of sensitive data displayed on a computing device, clarifying the obscurity of a portion of the displayed set of sensitive data in response to determining that the user focusing on the portion of the displayed set of sensitive data, and maintaining the obscurity of one or more other portions of the displayed set of sensitive data in response to determining that the user not focusing on the one or more other portions of the displayed set of sensitive data. Apparatus and computer program products that can include, perform, and/or implement the methods are also provided.

Abstract: To share snips of content, content access metadata of a content file is parsed to identify an accessible range of the content file and an inaccessible range of the content file with reference to content access rules for a user. A user can identify a selection of a snip of the accessible range of the content file in a user interface. Once the selection is identified, a copy of the snip of the content file, a link to the snip of the content file, or both can be generated and forwarded to the user. The link can include an argument that identifies a start and an end of the snip. The link can also include other arguments, such as copy snip, access rule, or expiration arguments. The copy of the snip can also be limited by the start and end of the snip.

Abstract: A method, system and computer-usable medium are disclosed for using a context dependency graph to automate the generation of an incorrect answer to a question suitable for a multiple choice exam. A reference corpus is used to generate a concept dependency graph that contains reference keywords and concepts associated with the subject domain of an input corpus. Relationships between the reference keywords and concepts within the concept dependency graph are identified. Once identified, they are used to process a set of input keywords and concepts extracted from the input corpus, and the reference keywords and concepts, to generate a set of distractor words. The resulting set of distractor words is then processed with a set of QA pairs associated with the input corpus to generate a set of multiple choice question-answers that include various distractor answers.

Abstract: The disclosed computer-implemented method for preventing sensitive data sharing may include a computing device determining that a content item is to be shared with an application. The content idem may be intercepted before the content item is shared with the application. The data of the content item may be analyzed. In response to analyzing the data of the content item, a security action may be performed to protect the computing device from computer malware or prevent sharing of sensitive data of the computing device. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: This disclosure generally relates to a word counting device. Specifically, this disclosure generally relates to a wearable word counter device. The word counter device includes a microphone to receive speech input. The word counter device further includes a light sensor to receive data representative of an amount of light in an environment of the word counter device. The word counter device also includes an accelerometer to receive data representative of an amount of movement of the word counter device or the wearer of the word counter device.

Abstract: A method, system and device for allowing the secure collection of sensitive information is provided. The device includes a display, and a user interface capable of receiving at least one user-generated interrupt in response to a stimulus generated in response to content received by the device, wherein the action taken upon receiving the user-generated interrupt depends on a classification of the content, the classification identifying the content as trusted or not trusted. The method includes detecting a request for sensitive information in content, determining if an interrupt is generated, determining if the content is trusted, allowing the collection of the sensitive information if the interrupt is generated and the content is trusted, and performing an alternative action if the interrupt is generated and the content is not trusted. The method may include instructions stored on a computer readable medium.

Abstract: A file decompression method to increase speed of display applied in a foldable electronic device includes receiving an image file, compressed into a much smaller form, from a peripheral device, and displaying the received file at least on the second display area, and transmitting a first control signal to an image sensor. The first control signal controls the image sensor to scan the image file on the second display area to identify image and compression data therein and information as to such data is obtained from the image sensor. If the data permits decompression and decompression is performed, the image is displayed as a match of the original uncompressed file.

Abstract: An information processing system including at least one information processing apparatus that includes an administration unit configured to administer whether a service is provided to a service use apparatus using an organization, a license, and a user, and an account registration unit configured to receive a subscription for a trial use of the service from the service use apparatus and perform an account registration for the administration unit so that the trial use from the service use apparatus is enabled.