Abstract: Digitally distributing media content using a distribution backbone system, including: receiving a request for media content from a client, the request including a client profile; performing inventory and analysis of source assets by iteratively progressing through the client profile to create output; performing a capability mapping in which a series of rules that allow the source assets to be mapped to the client profile; and planning a manufacturing process, which determines work items and execution steps from capabilities mapped in response to the request for media content from the client.

Abstract: A method, performed by a user equipment (UE), of controlling a profile is provided. The method includes receiving a remote profile management command regarding a target profile from a profile server, determining whether an enabled profile exists, verifying whether profile owner information of the target profile corresponds to profile owner information or sub-owner information of the enabled profile, based a result of the determination, and selectively executing the remote profile management command based on a result of the verification.

Abstract: A description is given of a method for securing a multi-access edge computing network, where provision is made for a hardware security device designed to be connected to a host module of the network. The method, implemented by the hardware security device, includes upon reception of a presence request from the host module in the network, verifying whether the presence request comprises data representative of an identifier of the host module, and, if so, sending a presence response to the host module, comprising a signature of the hardware security device.

Abstract: Systems and methods control access to resources in a zero-trust computing environment. Requests for access to resources are tracked, including tracking determinations to grant or deny requested access. Based on the tracked requests, an identity tenant trust score is calculated based on users that request access to a resource and based on a number of such requests that are granted and denied. A hardware tenant trust score is calculated based on hardware that requests access to the resource and based on a number of such requests that are granted and denied. A software tenant trust score is calculated based on software applications that request access to the first resource and further and based on a number of such requests that are granted and denied. The identity tenant trust score, hardware tenant trust score and software tenant trust score are aggregated to generate a trust score for the resource.

Abstract: Methods and systems for provisioning transferable access tokens are disclosed. An access device associated with a resource provider can communicate with a first communication device as part of an interaction between a first user and the resource provider. The access device can generate an authorization request message comprising a first access token and an interaction value. The access device can transmit the authorization request message to an authorization computer. The authorization computer can authorize the interaction and generate an authorization response message. After authorizing the interaction, the authorization computer can provide a transferable access token to the first communication device. The first communication device can transmit the transferable access token to a second communication device, so that a second user can use the transferable access token in an interaction.

Abstract: System and methods provide a visualization for use in configuring controlled access to resources in a zero-trust computing environment. A request from a user for access to a resource of the zero-trust environment is received. When visualization of the request is enabled, a visualization of the request is initiated. An identity tenant trust score for the resource is calculated based on a record of users requesting access to the first resource. A hardware tenant trust score is calculated based on a record of hardware requesting access to the resource. A software tenant trust score is calculated based on a record of software requesting access to the resource. The visualization that is generated displays the identity tenant trust score, the hardware tenant trust score and the software tenant trust score associated with the request.

Abstract: Systems and methods for generating account permissions for an account on a computing system are provided. In some embodiments, application programming interface (API) interactions involving an external application and the computing system are used to generate a corresponding set of account permissions for the account. API permissions for the external application may also or instead be used to generate the set of account permissions for the account. The set of account permissions may enable the account to access the same resources on the computing system as the external application, which may avoid granting the account overly broad access to the computing system.

Abstract: Disclosed herein are system, method, and computer program product embodiments for role-based access control in multi-tenancy environments using cloud-native objects. An embodiment operates by executing an application in a cluster. The embodiment creates roles corresponding to a user or group of users. The embodiment defines a set of permissions for the roles. The embodiment binds the roles to native objects in a cloud orchestrator based on the set of permissions for the roles. The embodiment receives a first request from a user to log in. The embodiment transmits a request to authenticate the user. The embodiment receives a list of a set of permissions for the user. The embodiment causes a display of system assets on a user interface of a client device based on the list of the set of permissions for the user.

Abstract: A messaging server system receives a message creation input from a first client device that is associated with a first user registered with the messaging server system. The messaging server system determines, based on an entity graph representing connections between a plurality of users registered with the messaging server system, that the first user is within a threshold degree of connection with a second that initiated a group story in relation to a specified event. The messaging server system determines, based on location data received from the first client device, that the first client device was located within a geo-fence surrounding a geographic location of the specified event during a predetermined event window, the geo-fence and event window having been designated by the second user, and causes the first client device to present a user interface element that enables the first user to submit content to the group story.

Abstract: In some implementations, a device may monitor user activity in a computing system. The device may detect, based on monitoring the user activity, modification of a resource of the computing system by a user. The device may determine, using a machine learning model and based on detecting the modification of the resource, a set of access rules for the resource based on one or more characteristics associated with the user and one or more characteristics associated with the resource. The device may control access to the resource based on the set of access rules.

Abstract: According to some embodiments, a system and method are provided to prevent data on a data device from being compromised. The method comprises receive a password associated with an emergency situation. In response to the received password, destroying original data files in one or more of the plurality of partitions based on the received password.

Abstract: A method may include receiving, via a processor, a request to access data stored in a storage component and determining an identity of a user requesting access to the data based on user device data. The method may also involve monitoring one or more activities performed by the user on the data, determining whether the one or more activities correspond to one or more expected activities for the user accessing the data based on a model, and modifying the one or more access rights of the user to the data in response to determining that the one or more activities do not correspond to the one or more expected activities.

Abstract: A method and system for uploading a media file container from a first device to a second device are described herein, including receiving an instruction to upload the media file container and in response, reading a metadata box of the media file container to locate a track box containing information about audio data, including a size and a location of the audio data, in a media data box of the media file container, identifying the audio data in the media data box using the information from the track box, packaging the identified audio data from the media data box into an audio byte stream separate from the media data box, and uploading the audio byte stream to the second device prior to completing upload of the media file container.

Abstract: Methods and systems for managing access and control of data are disclosed. To manage access and control, data management system may require registration and verification of devices associated with an individual or other individuals to which control over access may be granted. Data management system may vest control over access to data to the device associated with the individual for which data is stored and progressively vest control over access to data to other devices associated with other individuals as an increasing amount of information indicating the lack of capacity of the individual to authorize access to data.

Abstract: An embodiment includes software that causes a third node to perform operations comprising: in response to receiving a first identifier for a first node that includes at least one processor, authenticate a first user of the first node via a first authentication service; in response to receiving a second identifier for a second node that includes at least one processor, authenticate a second user of the second node via a second authentication service that is unequal to the first authentication service; in response to authenticating the first user of the first node, communicate a first list of media assets to the first computing node; in response to authenticating the second user of the second node, communicate a second list of media assets to the second computing node. Other embodiments are described herein.

Abstract: Systems and methods of the present disclosure enable virtual tokens for dynamically mapping virtual account numbers to actual accounts. The systems and methods include receiving an electronic data modification instruction of a virtual record modification to cause at least one data modification to at least one attribute of a virtual record data structure associated with the actual account. A user record associated with the virtual record is determined, and a record modification preference associated with the user record is determined based on the modification condition. An authorization instruction is generated to authorize the electronic data modification instruction to cause the modification by instructing at least one database management system to modify the user record according to the record-specific modification.

Abstract: A system is described for associating a media file with an identifier. An identifier may be encoded as a physical and/or virtual label which may be affixed to a physical object and/or incorporated into an electronic document. When a request is received which comprises the identifier, a response in the form of a media file may be delivered. Access privileges associated with a request may be determined based on criteria such as elements of the label, membership in a group of labels, a target object type, geographic data and/or sensor data included in a request.

Abstract: Methods and system for managing partial private keys for cryptography-based, storage applications used in blockchain operations and/or facilitating secure authentication when conducting blockchain operations using cryptography-based, storage applications. For example, the methods and system may perform a plurality of blockchain operations for digital assets stored in a first cryptography-based, storage application, wherein the first cryptography-based, storage application corresponds to a first partial private key, and wherein the first partial private key is stored on a first user device, and wherein the second partial private key is not accessible to platform service facilitating the first cryptography-based, storage application.

Abstract: One example method includes receiving, by a client computing device, a request to open a superfile stored in a memory device at the client computing device, the superfile comprising encrypted content, the request comprising user credential information; in response to receiving the request to open the superfile, communicating, by the client computing device, a request to a remote server to access the superfile, the request including a credential associated with the user account; receiving, from the remote server, cryptographic information; decrypting, using the cryptographic information, the encrypted content; accessing and presenting the decrypted content; and maintaining communications with the remote server while the decrypted content is accessed.

Abstract: The present disclosure provides a system for secure compute using artificial intelligence agents. The system includes a hardware execution environment with one or more computerized processors and electronic storage media. The processors are configured to establish a secure agent comprising a secure state management module, an encrypted state transition management module, a threshold cryptography implementation, and a digital signature verification module. The system also includes a plurality of atomic agents, each configured to perform a composite task and comprising a task-specific execution module, a state management interface, and a communication module. An orchestrator agent coordinates secure execution of the atomic agents and includes a task distribution module, a result aggregation module, a workflow management module, and a security policy enforcement module.

Abstract: Systems, apparatuses, and methods are described for converting digital rights management (DRM) data in a specific protocol to standardized DRM data. The standardized DRM data may be used to secure content delivered to user devices through a content delivery network. If a user device decides to record a content item, a request for authenticating entitlement to the content item may be sent to a network device and the network device may reply with an authentication receipt if appropriate. If the user device later decides to access the content item, the user device may send the authentication receipt back to the network server so that the network server may reply with a decryption key for decrypting the content item.

Abstract: Disclosed is a method for authenticating requestors and granting access to a permissioned blockchain network shared among enterprise entities. A decentralized registry of credentialled users, in which credentialled users guard their own access information by keeping a private key of a public-private keypair enables systems to avoid keeping information of a large number of users in large, vulnerable containers. A further method removes authenticated users seeking to be forgotten from the registry of users and deletes any personally identifiable information of the withdrawing users.

Abstract: Multifactor authentication of secure transmission of data, including, receiving, from a first computing device associated with a first user, identifying information associated with a second user; transmitting, based on the identifying information, a request for data; receiving the data from a second computing device associated with the second user; dynamically generating a textual statement, at least a portion of the textual statement based on at least a first portion of the data; receiving, via a first communication channel, a first communication that includes a media recording reciting the dynamically generated textual statement; receiving, via a second communication channel, a second communication indicating a second portion of the data; verifying, based on the first communication and the second communication, an authenticity of the second user; and transmitting the data to the first computing device in response to the verification.

Abstract: Apparatus and associated methods relate to provide transient access rights to entities for creating, accessing, and/or sharing digital health content (DHC). In an illustrative example, a health content distribution system (HCDS) may generate a time-limited access token (TLAT) for authenticated users to access DHC. The TLAT, for example, may be generated based on a predetermined association of a corresponding DHC with a patient, a predetermined association of a requestor with the patient, a predetermined role of the requestor with relation to the patient, and a predetermined association between the requestor and a creator of the content. The TLAT may be further generated based on a predetermined association between the requestor and an organization associated with the patient. The HCDS may, for example, upon receiving the TLAT, transmit the corresponding DHC to be displayed at the requestor's device. Various embodiments may advantageously provide a secure on-demand health content access system.

Abstract: A distributed private ledger function of a server of a first consortium member receives data representing an alias for one of its customers from the customer and also receives data that represents an alias for a customer of a second member replicated by a distributed private ledger function of a server of the second member to all members of the consortium. Thereafter, the distributed private ledger function of the first member's server identifies a recipient account of the second member's customer based on an account pointer associated with the alias of the second member's customer and initiates a transfer of funds from a source account of the first member's customer corresponding to an account pointer associated with the alias for the first member's customer to the identified recipient account of the second member's customer.

Abstract: Embodiments of this application provide a data processing method performed by a computer device, where the method includes: obtaining, in response to a login trigger event for a target application at a terminal device, an environment identification parameter used for identifying a running environment of the target application at the terminal device; obtaining, according to the environment identification parameter, a login entry information set related to the target application from an application server, the login entry information set including login entry information of login platforms of at least two operating systems; rendering login entry options of the login platforms of the at least two operating systems according to login entry information in the login entry information set; and returning the rendered login entry options to the terminal device for display in a user interface at the terminal device.

Abstract: A secure user authentication system, operable over a client-server communications network to authenticate a system user. The system includes an application server which includes a site which is able to be enabled, and an authentication server, which is able to enable the application server site. The authentication server includes a core database, and receives and stores user authentication-enabling data in the core database. The system further includes a client, and a client program which is able to be actuated in the client. The client program includes the user authentication-enabling data. Upon actuation, the client program automatically directly connects to the authentication server, and sends the client authentication-enabling data to the authentication server, for secure user authentication by the authentication server.

Abstract: The present disclosure provides a method, system, and device for verifying a software release. To illustrate, as software (e.g., one or more files or artifacts) completes one or more stages of a development process, one or more digital signatures are generated. The one or more digital signatures are generated using private keys that correspond to the stage of the development process that is completed. The one or more digital signatures, and one or more public keys corresponding to the private keys, are sent to a node device. Upon receipt of the one or more digital signatures and the public keys (e.g., as part of a software release), the node device verifies the digital signatures before processing the software.

Abstract: The disclosed methods may receive a first request for access to a first system memory from a new user and a first justification, the first request includes first role information and first current access information of the new user, determine whether the first request is within a request cluster based on first role history information and current access history information. When the first request is within the request cluster, generate a matrix from the first role information and the first current access information, and determine using a first neural network, whether to grant the first request based on the matrix. When the first request is granted by the first neural network, determine, using a second neural network, whether the first justification is similar to first justification history information. When the first justification is similar to the first justification history information, grant the new user access to the first system memory.

Abstract: The present disclosure involves systems, software, and computer implemented methods for automatically extending a partially-editable dataset copy. One example method includes identifying, for a data set, extension filter criteria that extends a current filter that defines an editable portion of the data set. An extended filter is automatically generated for the data set based on the extension filter criteria and the current filter. Additional data is copied into the partially-editable copy of the data set based on the extended filter and the current filter to generate an updated partially-editable copy of the data set. The current filter is replaced with the extended filter to create a new current filter. An updated exposed view is generated using the new current filter that exposes the updated partially-editable copy of the data set and an updated non-editable portion of the data set.

Abstract: According to some embodiments, systems and methods are provided for revoking one or more of a plurality of entities in a vehicular public-key infrastructure. The systems and methods balance privacy and efficiency by distributing activation codes according to various approaches, including a direct request approach, a fixed-size subset approach, and a variable-size subset approach.

Abstract: A multifunction peripheral (MFP) includes user selectable functions that call home applications on the device that direct it to work cooperatively with cloud service providers. To avoid requiring users to login to each cloud service each time they use it, they are registered with an authorization server to establish and grant identity and authorization tokens. When a user logs in to an MFP, they are redirected to login to the authorization server which then sends tokens to the MFP identifying the user and their permissions and licenses. Home applications associated by the tokens are displayed for selection. Each time a home application using a cloud service is selected, a background application sends the user's session tokens with a service request to an associated cloud service resource server. The resource servers processes authenticated requests and return the result to the MFP which completes the selected home application function.

Abstract: The current embodiments include systems and techniques for sharing information between vendors where the information is siloed due organizational constraints. Vendors that provide services for one entity of an organization may be unknown to another entity within the same organization. The systems and techniques provided herein facilitate sharing of this information of the vendor across various entities in the organization.

Abstract: Techniques are provided for detection of anomalous backup files using known anomalous file fingerprints (or other file-dependent values such as hash values, signatures and/or digest values). One method comprises obtaining first file-dependent values corresponding to respective known anomalous files; obtaining a second file-dependent value for a stored backup file; comparing the second file-dependent value to the first file-dependent values; and performing an automated remedial action in response to a result of the comparing. The second file-dependent value for the stored backup file may be determined by a backup server in response to a source file corresponding to the stored backup file being backed up by the backup server, and may be stored as part of metadata associated with the stored backup file.

Abstract: Methods and systems for analyzing data and electronic identity security are described. In one embodiment, an electronic identity security method comprises a processor receiving a request for identity verification from a device, accessing data associated with the individual seeking identity verification stored in a storage device, inferring derived facts about the individual by determining associations between known facts stored in the storage device using an intelligence algorithm or data mining operation, generating at least one identity verification question based on the known facts or the derived facts, evaluating at least one received answer to the at least one identity verification question to determine whether the individual answered the at least one identity verification question correctly, and verifying the individual's identity based on at least one received answer to the at least one identity verification question.

Abstract: An electronic device for managing secured data containers, the electronic device comprising at least one network interface, at least one memory storing executable instructions, and at least one processor coupled to the at least one network interface and the at least one memory. Execution of the executable instructions by the at least one processor causes the electronic device to receive a request for data container creation, retrieve data related to the request for data container creation, retrieve one or more parameters constraining use of the data, encrypt the data using a public encryption key, encode the encrypted data into a data storage area of a data container, encode the one or more parameters constraining use of the data into a machine readable parameter storage area of the data container, and assign a UUID to the data container.

Abstract: An exercise machine has a lock mode and an unlock mode associated with a screen lock function. A computing device coupled to the exercise machine includes a display, memory, and a processor coupled to the memory. The computing device is configured to detect a user interaction with the computing device or the exercise machine while the exercise machine is in the lock mode, render a screen lock interface on the display in response to the user interaction, receive an input code from the screen lock interface, determine that the input code matches a goal code, and adjust the exercise machine from the lock mode to the unlock mode in response to determining that the input code matches the goal code.

Abstract: A payment service system receives contextual information regarding an interaction between the payment service and a user device associated with a user. A propensity metric for the user is determined based at least in part on inputting the contextual information into a machine learning (ML) model. Based on the propensity metric, a user interface is dynamically configured to comprise user interface elements arranged in a layout personalized for the user, where a user interface element represents content particular to a service offered by the payment service. Based on receiving an interaction with the user interface element, a booklet is launched corresponding to the service with which the user interface element is associated.

Abstract: A printing apparatus receives designation of a use purpose via a user interface of the printing apparatus, controls execution of a job, and transmits a job log regarding the execution of the job to a server, wherein the job log includes information about the designated use purpose.

Abstract: An electronic device may obtain a security rule for supporting split tunneling, check a condition for executing a first operation related to bypassing the VPN tunnel by comparing a first value to information based on a first offset in a first element of the packet based on the security rule, check a condition for performing a second operation related to bypassing the VPN tunnel by comparing a second value to information based on a second offset in a second element of the packet when the condition for executing the first operation is satisfied and the first operation instructs that the second element of the packet be inspected, encapsulate the packet while not including the packet in the VPN tunnel and transmit the encapsulated packet to a packet forwarding server, and include the packet in the VPN tunnel and transmit the packet to the packet forwarding server.

Abstract: A method and an apparatus for privacy protection biometric authentication and an electronic device. The method comprises the following steps: constructing a corresponding a biological data template according to a biological information data set input by a user when registering; generating a pair of public key and private key by asymmetric cryptography technology; generating encrypted biological data by a secret sharing solution and OKVS technology according to the biological data template and the private key; sending the public key and the encrypted biological data to a server; recovering the private key by OKVS technology according to the biological data input by the user during authentication and the encrypted biological data; constructing a signature according to the recovered private key and the corresponding public key; sending the signature to the server, so that the server verifies the user according to the public key and the signature.

Abstract: Systems, methods, and apparatuses for providing a central location to manage permissions provided to third-parties and devices to access and use user data and to manage accounts at multiple entities. A central portal may allow a user to manage all access to account data and personal information as well as usability and functionality of accounts. The user need not log into multiple third-party systems or customer devices to manage previously provided access to the information, provision new access to the information, and to manage financial or other accounts. A user is able to have user data and third-party accounts of the user deleted from devices, applications, and third-party systems via a central portal. The user is able to impose restrictions on how user data is used by devices, applications, and third-party systems, and control such features as recurring payments and use of rewards, via a central portal.

Abstract: The present disclosure involves systems, software, and computer implemented methods for automatically controlling access and limiting functionality of a computer workstation based on which user is currently logged in. In some implementations, an overwatch application is installed on the workstations to be controlled and monitored. If an authorized, but limited, user logs in, the overwatch application can initiate a lockdown process on the workstation. In some instances, the lockdown process is managed by a dedicated lockdown application, which is initiated or notified from the overwatch application, and which can initiate a lockdown of particular applications, functionality, and allowed interactions on the workstation until the limited user has completed their task and a new user logs in.

Abstract: Presented herein are systems and methods for enabling a secure browsing session. Embodiments may include a computing device that executes software routines to receive a first indication to enter a secure browsing mode of a session; present data associated with a user for display on the display of the electronic device; cause the display to obscure one or more personally identifiable information of the data on the display of the electronic device; receive a second indication to reveal the one or more personally identifiable information; present the one or more personally identifiable information for display on the display of the electronic device.

Abstract: A system described herein may provide a technique for using modeling techniques to identify events, trends, etc. in a set of data, such as streaming video or audio content. The system may perform lightweight pre-processing operations on a different set of data, such as object position data, to identify timeframes at which an event may potentially have occurred, and the modeling techniques may be performed at portions of the streaming content that correspond to such timeframes. The system may forgo performing such modeling techniques at other portions of the streaming content, thus conserving processing resources.

Abstract: Methods, systems, devices, and apparatuses for passkey authentication at an identity management platform are described. In accordance with the described techniques, an administrator of the identity management platform may enable passkey authentication for clients of the identity management platform. Once the passkey authentication is enabled, the identity management platform may display a passkey login option to users associated with the clients of the identity management platform. If a user associated with a client of the identity management platform selects the passkey login option, a device associated with the user may generate a passkey that includes a private key and a public key. The device may store the private key and transmit an indication of the public key to the identity management platform. The identity management platform may use the public key to verify the identity of the user in subsequent login attempts.

Abstract: A method, at a terminal in a digital communications network, comprising: establishing direct or indirect communication access and linkage between the user-operated terminal and at least one remote computer(s) on which are stored, or by which access is available to prevent legible display of, stored user account object data; displaying indicia, or broadcasting data, representative of or indicating one or more predetermined criteria for selecting a subset of the stored user account object data; collecting data, representative of, or indicating, only the subset of the stored user account object data; and transmitting instructions to prevent legible display of the subset of the stored user account object data, according to the collected data representative of, or indicating, the one or more predetermined criteria for selecting the subset of the stored user account object data, from the terminal to the at least one remote computer(s). A terminal, system, and computer readable medium are also disclosed.

Abstract: Certain aspects of the present disclosure provide techniques and systems for screening chat attachments. A chat attachment screening system monitors a chat window of a first computing device associated with a first user during an interaction session between the first user and a second user. An upload of an attachment is detected based on the monitoring. Access to the attachment from a second computing device associated with the second user is blocked, in response to detecting the upload. Content from the attachment is identified and extracted. A type of the attachment is determined based on the content. A determination is made as to whether the second user is authorized to access the type of the attachment. An indication of the determination is presented on at least one of the first computing device or the second computing device during the interaction session.

Abstract: A computer system includes memory hardware configured to store computer-executable instructions and processor hardware configured to execute instructions. The instructions include receiving, from a user device, a user verification request. The user verification request includes user identity credentials, a login context describing a login event, and a request for access to a computer system object. The instructions include determining whether the user identity credentials are verified. The instructions include, in response to determining that the user identity credentials are verified, requesting a user token based on the user identity credentials and the login context. The user token specifies entitlements associated with the user identity credentials. The instructions include determining whether the user token specifies entitlements sufficient to access the computer system object.

Abstract: In some examples, a system receives vehicle-associated information from a data source associated with a vehicle, and restricts access to the vehicle-associated information based on at least one privacy criterion selected from among a machine learning use criterion relating to use of the vehicle-associated information by a machine learning model, a vehicle motion criterion relating to a movement status of the vehicle, or a person identity criterion relating to an identity of a person in the vehicle.