Abstract: Apparatus and associated methods relate to provide transient access rights to entities for creating, accessing, and/or sharing digital health content (DHC). In an illustrative example, a health content distribution system (HCDS) may generate a time-limited access token (TLAT) for authenticated users to access DHC. The TLAT, for example, may be generated based on a predetermined association of a corresponding DHC with a patient, a predetermined association of a requestor with the patient, a predetermined role of the requestor with relation to the patient, and a predetermined association between the requestor and a creator of the content. The TLAT may be further generated based on a predetermined association between the requestor and an organization associated with the patient. The HCDS may, for example, upon receiving the TLAT, transmit the corresponding DHC to be displayed at the requestor's device. Various embodiments may advantageously provide a secure on-demand health content access system.

Abstract: Multifactor authentication of secure transmission of data, including, receiving, from a first computing device associated with a first user, identifying information associated with a second user; transmitting, based on the identifying information, a request for data; receiving the data from a second computing device associated with the second user; dynamically generating a textual statement, at least a portion of the textual statement based on at least a first portion of the data; receiving, via a first communication channel, a first communication that includes a media recording reciting the dynamically generated textual statement; receiving, via a second communication channel, a second communication indicating a second portion of the data; verifying, based on the first communication and the second communication, an authenticity of the second user; and transmitting the data to the first computing device in response to the verification.

Abstract: Embodiments of this application provide a data processing method performed by a computer device, where the method includes: obtaining, in response to a login trigger event for a target application at a terminal device, an environment identification parameter used for identifying a running environment of the target application at the terminal device; obtaining, according to the environment identification parameter, a login entry information set related to the target application from an application server, the login entry information set including login entry information of login platforms of at least two operating systems; rendering login entry options of the login platforms of the at least two operating systems according to login entry information in the login entry information set; and returning the rendered login entry options to the terminal device for display in a user interface at the terminal device.

Abstract: A distributed private ledger function of a server of a first consortium member receives data representing an alias for one of its customers from the customer and also receives data that represents an alias for a customer of a second member replicated by a distributed private ledger function of a server of the second member to all members of the consortium. Thereafter, the distributed private ledger function of the first member's server identifies a recipient account of the second member's customer based on an account pointer associated with the alias of the second member's customer and initiates a transfer of funds from a source account of the first member's customer corresponding to an account pointer associated with the alias for the first member's customer to the identified recipient account of the second member's customer.

Abstract: The present disclosure provides a method, system, and device for verifying a software release. To illustrate, as software (e.g., one or more files or artifacts) completes one or more stages of a development process, one or more digital signatures are generated. The one or more digital signatures are generated using private keys that correspond to the stage of the development process that is completed. The one or more digital signatures, and one or more public keys corresponding to the private keys, are sent to a node device. Upon receipt of the one or more digital signatures and the public keys (e.g., as part of a software release), the node device verifies the digital signatures before processing the software.

Abstract: A secure user authentication system, operable over a client-server communications network to authenticate a system user. The system includes an application server which includes a site which is able to be enabled, and an authentication server, which is able to enable the application server site. The authentication server includes a core database, and receives and stores user authentication-enabling data in the core database. The system further includes a client, and a client program which is able to be actuated in the client. The client program includes the user authentication-enabling data. Upon actuation, the client program automatically directly connects to the authentication server, and sends the client authentication-enabling data to the authentication server, for secure user authentication by the authentication server.

Abstract: Techniques are provided for detection of anomalous backup files using known anomalous file fingerprints (or other file-dependent values such as hash values, signatures and/or digest values). One method comprises obtaining first file-dependent values corresponding to respective known anomalous files; obtaining a second file-dependent value for a stored backup file; comparing the second file-dependent value to the first file-dependent values; and performing an automated remedial action in response to a result of the comparing. The second file-dependent value for the stored backup file may be determined by a backup server in response to a source file corresponding to the stored backup file being backed up by the backup server, and may be stored as part of metadata associated with the stored backup file.

Abstract: The present disclosure involves systems, software, and computer implemented methods for automatically extending a partially-editable dataset copy. One example method includes identifying, for a data set, extension filter criteria that extends a current filter that defines an editable portion of the data set. An extended filter is automatically generated for the data set based on the extension filter criteria and the current filter. Additional data is copied into the partially-editable copy of the data set based on the extended filter and the current filter to generate an updated partially-editable copy of the data set. The current filter is replaced with the extended filter to create a new current filter. An updated exposed view is generated using the new current filter that exposes the updated partially-editable copy of the data set and an updated non-editable portion of the data set.

Abstract: The current embodiments include systems and techniques for sharing information between vendors where the information is siloed due organizational constraints. Vendors that provide services for one entity of an organization may be unknown to another entity within the same organization. The systems and techniques provided herein facilitate sharing of this information of the vendor across various entities in the organization.

Abstract: A multifunction peripheral (MFP) includes user selectable functions that call home applications on the device that direct it to work cooperatively with cloud service providers. To avoid requiring users to login to each cloud service each time they use it, they are registered with an authorization server to establish and grant identity and authorization tokens. When a user logs in to an MFP, they are redirected to login to the authorization server which then sends tokens to the MFP identifying the user and their permissions and licenses. Home applications associated by the tokens are displayed for selection. Each time a home application using a cloud service is selected, a background application sends the user's session tokens with a service request to an associated cloud service resource server. The resource servers processes authenticated requests and return the result to the MFP which completes the selected home application function.

Abstract: The disclosed methods may receive a first request for access to a first system memory from a new user and a first justification, the first request includes first role information and first current access information of the new user, determine whether the first request is within a request cluster based on first role history information and current access history information. When the first request is within the request cluster, generate a matrix from the first role information and the first current access information, and determine using a first neural network, whether to grant the first request based on the matrix. When the first request is granted by the first neural network, determine, using a second neural network, whether the first justification is similar to first justification history information. When the first justification is similar to the first justification history information, grant the new user access to the first system memory.

Abstract: According to some embodiments, systems and methods are provided for revoking one or more of a plurality of entities in a vehicular public-key infrastructure. The systems and methods balance privacy and efficiency by distributing activation codes according to various approaches, including a direct request approach, a fixed-size subset approach, and a variable-size subset approach.

Abstract: Methods and systems for analyzing data and electronic identity security are described. In one embodiment, an electronic identity security method comprises a processor receiving a request for identity verification from a device, accessing data associated with the individual seeking identity verification stored in a storage device, inferring derived facts about the individual by determining associations between known facts stored in the storage device using an intelligence algorithm or data mining operation, generating at least one identity verification question based on the known facts or the derived facts, evaluating at least one received answer to the at least one identity verification question to determine whether the individual answered the at least one identity verification question correctly, and verifying the individual's identity based on at least one received answer to the at least one identity verification question.

Abstract: An electronic device for managing secured data containers, the electronic device comprising at least one network interface, at least one memory storing executable instructions, and at least one processor coupled to the at least one network interface and the at least one memory. Execution of the executable instructions by the at least one processor causes the electronic device to receive a request for data container creation, retrieve data related to the request for data container creation, retrieve one or more parameters constraining use of the data, encrypt the data using a public encryption key, encode the encrypted data into a data storage area of a data container, encode the one or more parameters constraining use of the data into a machine readable parameter storage area of the data container, and assign a UUID to the data container.

Abstract: A payment service system receives contextual information regarding an interaction between the payment service and a user device associated with a user. A propensity metric for the user is determined based at least in part on inputting the contextual information into a machine learning (ML) model. Based on the propensity metric, a user interface is dynamically configured to comprise user interface elements arranged in a layout personalized for the user, where a user interface element represents content particular to a service offered by the payment service. Based on receiving an interaction with the user interface element, a booklet is launched corresponding to the service with which the user interface element is associated.

Abstract: An exercise machine has a lock mode and an unlock mode associated with a screen lock function. A computing device coupled to the exercise machine includes a display, memory, and a processor coupled to the memory. The computing device is configured to detect a user interaction with the computing device or the exercise machine while the exercise machine is in the lock mode, render a screen lock interface on the display in response to the user interaction, receive an input code from the screen lock interface, determine that the input code matches a goal code, and adjust the exercise machine from the lock mode to the unlock mode in response to determining that the input code matches the goal code.

Abstract: A printing apparatus receives designation of a use purpose via a user interface of the printing apparatus, controls execution of a job, and transmits a job log regarding the execution of the job to a server, wherein the job log includes information about the designated use purpose.

Abstract: An electronic device may obtain a security rule for supporting split tunneling, check a condition for executing a first operation related to bypassing the VPN tunnel by comparing a first value to information based on a first offset in a first element of the packet based on the security rule, check a condition for performing a second operation related to bypassing the VPN tunnel by comparing a second value to information based on a second offset in a second element of the packet when the condition for executing the first operation is satisfied and the first operation instructs that the second element of the packet be inspected, encapsulate the packet while not including the packet in the VPN tunnel and transmit the encapsulated packet to a packet forwarding server, and include the packet in the VPN tunnel and transmit the packet to the packet forwarding server.

Abstract: A method and an apparatus for privacy protection biometric authentication and an electronic device. The method comprises the following steps: constructing a corresponding a biological data template according to a biological information data set input by a user when registering; generating a pair of public key and private key by asymmetric cryptography technology; generating encrypted biological data by a secret sharing solution and OKVS technology according to the biological data template and the private key; sending the public key and the encrypted biological data to a server; recovering the private key by OKVS technology according to the biological data input by the user during authentication and the encrypted biological data; constructing a signature according to the recovered private key and the corresponding public key; sending the signature to the server, so that the server verifies the user according to the public key and the signature.

Abstract: Presented herein are systems and methods for enabling a secure browsing session. Embodiments may include a computing device that executes software routines to receive a first indication to enter a secure browsing mode of a session; present data associated with a user for display on the display of the electronic device; cause the display to obscure one or more personally identifiable information of the data on the display of the electronic device; receive a second indication to reveal the one or more personally identifiable information; present the one or more personally identifiable information for display on the display of the electronic device.

Abstract: A computer system includes memory hardware configured to store computer-executable instructions and processor hardware configured to execute instructions. The instructions include receiving, from a user device, a user verification request. The user verification request includes user identity credentials, a login context describing a login event, and a request for access to a computer system object. The instructions include determining whether the user identity credentials are verified. The instructions include, in response to determining that the user identity credentials are verified, requesting a user token based on the user identity credentials and the login context. The user token specifies entitlements associated with the user identity credentials. The instructions include determining whether the user token specifies entitlements sufficient to access the computer system object.

Abstract: Systems, methods, and apparatuses for providing a central location to manage permissions provided to third-parties and devices to access and use user data and to manage accounts at multiple entities. A central portal may allow a user to manage all access to account data and personal information as well as usability and functionality of accounts. The user need not log into multiple third-party systems or customer devices to manage previously provided access to the information, provision new access to the information, and to manage financial or other accounts. A user is able to have user data and third-party accounts of the user deleted from devices, applications, and third-party systems via a central portal. The user is able to impose restrictions on how user data is used by devices, applications, and third-party systems, and control such features as recurring payments and use of rewards, via a central portal.

Abstract: The present disclosure involves systems, software, and computer implemented methods for automatically controlling access and limiting functionality of a computer workstation based on which user is currently logged in. In some implementations, an overwatch application is installed on the workstations to be controlled and monitored. If an authorized, but limited, user logs in, the overwatch application can initiate a lockdown process on the workstation. In some instances, the lockdown process is managed by a dedicated lockdown application, which is initiated or notified from the overwatch application, and which can initiate a lockdown of particular applications, functionality, and allowed interactions on the workstation until the limited user has completed their task and a new user logs in.

Abstract: Methods, systems, devices, and apparatuses for passkey authentication at an identity management platform are described. In accordance with the described techniques, an administrator of the identity management platform may enable passkey authentication for clients of the identity management platform. Once the passkey authentication is enabled, the identity management platform may display a passkey login option to users associated with the clients of the identity management platform. If a user associated with a client of the identity management platform selects the passkey login option, a device associated with the user may generate a passkey that includes a private key and a public key. The device may store the private key and transmit an indication of the public key to the identity management platform. The identity management platform may use the public key to verify the identity of the user in subsequent login attempts.

Abstract: A system described herein may provide a technique for using modeling techniques to identify events, trends, etc. in a set of data, such as streaming video or audio content. The system may perform lightweight pre-processing operations on a different set of data, such as object position data, to identify timeframes at which an event may potentially have occurred, and the modeling techniques may be performed at portions of the streaming content that correspond to such timeframes. The system may forgo performing such modeling techniques at other portions of the streaming content, thus conserving processing resources.

Abstract: Certain aspects of the present disclosure provide techniques and systems for screening chat attachments. A chat attachment screening system monitors a chat window of a first computing device associated with a first user during an interaction session between the first user and a second user. An upload of an attachment is detected based on the monitoring. Access to the attachment from a second computing device associated with the second user is blocked, in response to detecting the upload. Content from the attachment is identified and extracted. A type of the attachment is determined based on the content. A determination is made as to whether the second user is authorized to access the type of the attachment. An indication of the determination is presented on at least one of the first computing device or the second computing device during the interaction session.

Abstract: A method, at a terminal in a digital communications network, comprising: establishing direct or indirect communication access and linkage between the user-operated terminal and at least one remote computer(s) on which are stored, or by which access is available to prevent legible display of, stored user account object data; displaying indicia, or broadcasting data, representative of or indicating one or more predetermined criteria for selecting a subset of the stored user account object data; collecting data, representative of, or indicating, only the subset of the stored user account object data; and transmitting instructions to prevent legible display of the subset of the stored user account object data, according to the collected data representative of, or indicating, the one or more predetermined criteria for selecting the subset of the stored user account object data, from the terminal to the at least one remote computer(s). A terminal, system, and computer readable medium are also disclosed.

Abstract: The present disclosure relates generally to data access control solutions. In particular, techniques are provided to implement a secure and distributed file storage scheme and in particular, a managed access system using a blockchain. In some aspects, a process of the disclosed technology includes operations for associating a first key share with a first copy of a file, wherein the first copy of the file is stored by a first party, associating a second key share with a second copy of the file, and recording versioning information corresponding with the file on a distributed ledger accessible by the first party and the second party. In some aspects, the process can further include operations for managing access to the file using the first key share and the second key share. Systems and machine-readable media are also provided.

Abstract: In some examples, a system receives vehicle-associated information from a data source associated with a vehicle, and restricts access to the vehicle-associated information based on at least one privacy criterion selected from among a machine learning use criterion relating to use of the vehicle-associated information by a machine learning model, a vehicle motion criterion relating to a movement status of the vehicle, or a person identity criterion relating to an identity of a person in the vehicle.

Abstract: Structured access to volunteered private data disclosed. Access can be based on security and privacy constraint information (SPCI) that can be selected by the party volunteering the private data. The volunteered data can be stored in a protected portion of a public network. The SPCI can be correlated to the volunteered data. In response to receiving a request for access to the volunteered data, an attribute of the request can be determined to satisfy one or more rules related to the SPCI prior to facilitating access to a version of a portion of the volunteered data. The version of the portion of the volunteered data can be a redaction of the portion of the volunteered data. The version of the portion of the volunteered data can be aggregated with other portions of other volunteered data determined to satisfy corresponding SPCI related rules.

Abstract: A provenance information based trust evaluation method of a trust evaluation apparatus for selecting a cooperation object of a self-adaptive system includes transmitting a cooperation request signal to a communicable neighbor, receiving a response including provenance information from the neighbor, evaluating a final trust based on the provenance information included in the response of each cooperation candidate object by considering a neighbor which transmits the response as a cooperation candidate object, and selecting a cooperation object based on the final trust of each of the cooperation candidate object, and the final trust is calculated based on a provenance trust of each of the cooperation candidate objects and the influence of the cooperation pattern.

Abstract: An autonomous compute storage device system includes an autonomous compute storage device signature/application provisioning system coupled to a storage device. The storage device retrieves an autonomous compute signature from the autonomous compute storage device signature/application provisioning system and, as part of a storage operation being performed in a storage subsystem in the storage device, stores data in a memory subsystem that is accessible to the storage device. If the storage device determines that the autonomous compute signature matches the data that was stored in the memory subsystem, it retrieves an autonomous compute application from the autonomous compute storage device signature/application provisioning system, and executes the autonomous compute application to perform compute operations that are associated with the data that was stored in the memory subsystem and generate at least one compute operation result.

Abstract: Embodiments of the present disclosure provide methods, systems, apparatuses, and computer program products that provide for an improved, more efficient, and more stable system of networked computing devices. The embodiments disclose an apparatus and system that enable client devices to selectively grant to third party applications permissions to access group-based communication objects of a group-based communication system. The apparatus and system further enable client devices to selectively grant to third party applications permissions to take specific actions with regards to the group-based communication objects within the system. To accomplish the improvements, the disclosed systems, apparatuses, and computing devices maintain a record of the permissions granted to third party applications in a permissions table stored in a computer storage device.

Abstract: An illustrative method includes an access control list (ACL) management system generating an ACL file containing an ACL that describes one or more access permissions in a file system, storing the ACL file within an ACL directory structure, the ACL file uniquely representing the ACL in the ACL directory structure, generating an ACL identifier for the ACL file, and mapping, using the ACL identifier, the ACL file to one or more data files in the file system to apply the ACL in the ACL file to the one or more data files.

Abstract: A cloud infrastructure is configured and deployed for managing services executed on a cloud platform. The cloud infrastructure includes a control datacenter configured to communicate with one or more service datacenters. The service datacenter deploys one or more application programming interfaces (API's) associated with a service. The service datacenter also deploys an administration agent. The control datacenter hosts an engine that receives requests from users to perform administration operations by invoking the administration API's. In this manner, the control datacenter functions as a centralized control mechanism that effectively distributes administration operation requests as they are received from users to service datacenters that can service the requests. The cloud infrastructure provides an auditable, compliant and secure management system for administering services for distributed systems running in the cloud.

Abstract: The disclosure relates to methods and systems of providing secure remote health data routing for diagnostics, treatment, monitoring, and/or other health data. The system may use an anonymized identification (ID) token that may protect privacy and ensure security. The ID token may be attached with additional data such as electronic medical record (EMR) data. As such, the system may digitize and securely transmit EMR data to appropriate constituents. The system may apply routing rules and routing tables to identify the appropriate constituents. The system may also route the EMR data for storage at a user's personal device, which may include a chip card or a user device. As such, the user's personal device may store an EMR based on the EMR data, including proof of health, such as vaccination, and other health data relating to the user.

Abstract: An autonomous compute storage device system includes a computing device and a storage device that is coupled to the computing device. The storage device identifies a storage operation for a storage subsystem that is included in the storage device and, in response, performs the storage operation and stores data in a memory subsystem that is accessible to the storage device as part of the performance of the storage operation. If the storage device determines that an autonomous compute signature matches the data that was stored in the memory subsystem, it executes an autonomous compute application to perform compute operations that are associated with the data that was stored in the memory subsystem and generate at least one compute operation result.

Abstract: A system for data encryption includes any or all of: a set of items, a set of keys, and a server. A method for data encryption includes any or all of: encrypting items, sharing items, and reading items. The method can optionally additionally or alternatively include any or all of: performing a registration process, creating items, restricting access of users and/or supplementary systems to items, and/or any other suitable processes.

Abstract: The described financial institution computing system provides services to customers through an application programming interface (“API”). The services include user identification services to customers. The user identification services allow the customers to verify the identity of users as non-fraudulent users. Further the user identification services allow the financial institution to provide known user information to the customers for purposes of prepopulating registration forms, completing transactions, and the like. Further services, such as user account validation services, payment services, and the like are also possible through the financial institution APIs. In some situations, users are registered with the financial institution. For example, a user may also be an account holder with the financial institution. In other situations, the users are not registered with the financial institution.

Abstract: Systems, apparatuses, and methods for managing privacy of data are provided. The method includes providing at least one database containing user data, at least one processor in communication with the at least one database, a memory device including readable instructions, and at least one user device in communication with the at least one processor via a network connection; receiving at least one preference related to the user data; storing the at least one preference in the at least one database; and using the at least one preference to selectively control at least one non-verbal interaction with the at least one user device.

Abstract: Systems and methods are described for managing personal data on a client computer, in which personal data associated with the client computer is identified by a policy management module. An analysis may be performed for the client computer by a server using fake personal data. To identify applications which may attempt to access the personal data, the fake personal data is tracked for access on the client computer. A policy is then created that disallows access of the personal data by any applications identified by the analysis of the client computer as accessing the fake personal data. The policy is then assigned to the client computer.

Abstract: Aspects of the disclosure relate to information masking. A user device may receive a request to access information that includes personal identifiable information (PII) and retrieve source data comprising the PII. The user device may mask, within the source data and based on a data management policy, the PII, resulting in masked information. The user device may display the masked information. The user device may receive a request to unmask the masked information and unmask the PII, resulting in unmasked PII. The user device may display the unmasked PII and send unmasking event information to a PII footprint modeling platform, which may cause the PIT footprint modeling platform to: log the request to unmask the masked information in an unmasking event log, 2) apply a machine learning model to the unmasking event log to identify malicious events, and 3) trigger remediation actions based on identification of the malicious events.

Abstract: The present disclosure relates to systems, methods, and non-transitory computer-readable media that dynamically capture, organize, and utilize digital media clips. For example, in one or more implementations, the disclosed systems can capture and generate digital media clips of content items that include both content metadata of the content items as well as contextual metadata of contextual signals surrounding the content item. Additionally, in some implementations, the disclosed systems analyze contextual metadata to search, retrieve, discover, and organize new and existing digital media clips. Further, in various implementations, the disclosed systems facilitate generating digital media clip libraries as well as the creation of digital media collections, where different types of digital media clips can be combined in a cohesive interactive graphical user interface.

Abstract: Systems, methods, and corresponding non-transitory computer readable media describe a proposed system adapted as a platform governing the loading of data in a multiparty secure computing environment. In the multiparty secure computing environment described herein, multiple parties are able to load their secure information into a data warehouse having specific secure processing adaptations that limit both access and interactions with data stored thereon.

Abstract: One example method includes receiving, by a client computing device, a request to open a superfile stored in a memory device at the client computing device, the superfile comprising encrypted content, the request comprising user credential information; in response to receiving the request to open the superfile, communicating, by the client computing device, a request to a remote server to access the superfile, the request including a credential associated with the user account; receiving, from the remote server, cryptographic information; decrypting, using the cryptographic information, the encrypted content; accessing and presenting the decrypted content; and maintaining communications with the remote server while the decrypted content is accessed.

Abstract: Techniques for managing an application token may include providing, by a first service provider application on a communication device to a first service provider computer, a first request for a first application token, receiving, by an account management application on the communication device from a token service computer in communication with the first service provider computer, the first application token, and storing the first application token in a token container in the account management application.

Abstract: Data processing systems and methods according to various embodiments are adapted for automatically detecting and documenting privacy-related aspects of computer software. Particular embodiments are adapted for: (1) automatically scanning source code to determine whether the source code include instructions for collecting personal data; and (2) facilitating the documentation of the portions of the code that collect the personal data. For example, the system may automatically prompt a user for comments regarding the code. The comments may be used, for example, to populate: (A) a privacy impact assessment; (B) system documentation; and/or (C) a privacy-related data map. The system may comprise, for example, a privacy comment plugin for use in conjunction with a code repository.

Abstract: Arrangements for providing multi-party exchange functions are provided. In some aspects, a request for exchange may be received by a computing platform. The request for exchange may include identification of parties involved in the exchange, identification of goods, services, property, or the like, involved in the exchange, and the like. In some examples, the computing platform may determine a value of property, goods, or services associated with the exchange. The computing platform may request additional exchange data from one or more other parties. For instance, data associated with the exchange and another party to the exchange may be requested and received. In some examples, unique exchange identifiers may be generated linking each party to the exchange to the goods, services or property being exchange, a value, or the like. An indication of acceptance may be received and one or more exchange processing functions may be executed.

Abstract: Database query processing may be scaled using additional processing clusters. A database query is received at a processing cluster. A determination is made as to whether additional processing clusters will be used to process the database query. Operations to cause compute nodes of the processing cluster to instruct operations at the additional processing clusters are included in a plan generated to perform database queries determined to use additional processing clusters. The plan is executed to be perform the database query causing compute nodes of the processing cluster to send instructions to corresponding additional processing clusters in order to generate and return a response to the database query.

Abstract: In a privacy information generation method, a terminal device displays on a display an interactive element of a privacy settings page for a target application. The terminal device responds to a first gesture operation performed by a user on the interactive element of the privacy settings page, and determines a privacy precision for the target application according to the first gesture operation. The terminal device then generates privacy information based on the privacy precision for the target application when the target application requests the privacy information from the terminal device.