Abstract: A method for sharing a digital key associated with a vehicle by a cascaded key delegation system includes issuing, by a requestor device, a public key certificate to an initial delegator device that is part of a cloud delegation service. The public key certificate enables the initial delegator device to grant delegation rights the vehicle. The method also includes issuing, by the initial delegator, an intermediate public key certificate to a subsequent delegator that is part of the cloud delegation service. The intermediate public key certificate grants the delegation rights to the subsequent delegator.

Abstract: A cloud-based, secure, integrated communication system for patient care delivery system can provide a platform that is device-agnostic and can adapt to the technology chosen by users of the system. The system can allow for asynchronous and/or real-time communication among all participants. Patients can create and manage their own specific health issues. Patients can assign their own caregivers and/or approve new care providers. Patients can also control whether to include certain members of the family and/or friends in discussions regarding the patients' health issues. Physicians can engage other healthcare providers, advanced practitioners, and/or consultants with specific patient issues. The system can also assist with billing for eligible e-visits for insurers providing such reimbursable services.

Abstract: A method for issuance of a personalized user device includes initializing a user device to provide an initialized user device, providing device initialization data to an issuer system, wherein the device initialization data comprises a public device key and a public issuer authentication key, calculating a user private key, encrypting the user private key and the public device authentication key with the public device key to provide encrypted data, digitally signing the encrypted data using a private issuer key to provide signed encrypted data, the issuer system providing the encrypted data and the signed encrypted data, injecting said data into the initialized user device to provide the personalized user device, and the personalized user device, conditional on successfully validating the signed encrypted data, decrypting the encrypted data to retrieve the user private key and the public device authentication key.

Abstract: A mobile terminal apparatus includes: an evaluator configured to, based on pre-purchase information relating to activities of a user during a pre-purchase period before purchase of an electronic ticket and post-purchase information relating to activities of a user during a post-purchase period after the purchase of the electronic ticket, evaluate identicalness of the user during the post-purchase period and a person who purchased the electronic ticket; and a setter configured to set a state relating to validity of the electronic ticket based on a result of the evaluation by evaluator.

Abstract: Proposed is a decentralized identity technique, and more specifically, are a hierarchical universal resolver system for a decentralized identifier environment and a method thereof, which can control access to connected decentralized ledger information and prevent exposure and leakage of the information by hierarchically managing a universal resolver (UR) in an identity verification system based on self-sovereign decentralized identifiers (DID). According to an embodiment, accessibility to private information in a blockchain network in which decentralized ledgers are stored, as well as privacy of certificate or identification information based on decentralized identifiers, may be complemented.

Abstract: A non-transitory machine-readable storage medium stores instructions that, when executed by the machine, cause the machine to provide a firewall interface between a plurality of registers of a controller and a host interface of the controller. Providing the firewall interface includes programming the firewall interface with a plurality of firewall rules. The registers are to control functions that are performed by the controller; and the plurality of firewall rules control whether requests to access the plurality of registers are denied, allowed or modified based on features of the request.

Abstract: Approaches are provided for a prediction model determining a prediction indicative of the authorized user being associated with at least one anomaly event. In one example, a computer system may receive data from different sources. For example, the system may receive data associated with use of one or more monitored units of an automated storage and retrieval location. The system may also receive request data associated with a request for execution of the monitored controlled unit by an authorized user to a target user. The prediction model of the system may utilize the received data to determine the prediction that the authorized user is associated with at least one anomaly event associated with a diversion of a monitored unit away from the target user. The system may then provide the prediction for presentation.

Abstract: Parental control of child's web-based digital content experience, which can be applied to other contexts such as education, the workplace or other organizations. Trust relationships authorize specified users or organizations to permit access to content or resources by other users. Collection curation including content reputation and age appropriate ratings disclosed.

Abstract: Systems and methods for anonymizing data are provided herein. A network node can receive privacy constraints from a data owner and utility requirements from at least one data processor. An anonymization mechanism can be selected for each data attribute in a data set, based on its specified privacy constraint and/or utility requirement, from the available anonymization mechanism(s) appropriate for its associated attribute type.

Abstract: A system for managing a financial account in a low cash mode. The system may include a memory storing instructions, and a processor configured to execute the instructions to perform operations. The operations may include providing an interface; providing a notification to a user when a balance in the first account is deemed to be in low cash mode; presenting, when the first account balance is deemed to be in low cash mode, an option for a transfer request; receiving, a selection of the option for the transfer request to connect the first account with a second account; transferring funds from the second account to the first account; notifying the user that funds have been transferred from the second account to the first account; and further notifying the user that the balance in the first account is greater than the threshold value.

Abstract: A system includes a memory and a processor coupled to the memory. The processor is configured to receive a first user credential associated with a user and authorize an avatar of the user to enter a virtual environment. The processor receives a second user credential associated with the user and authorizes the first avatar to access a virtual entity in the virtual environment. The processor receives a request from the user to authenticate the virtual entity and, in response, retrieves user data associated with the user and presents it to the user in the virtual environment. The processor receives an indication from the user that the virtual entity is authentic. The processor then receives a request from the user to perform a virtual data interaction with the virtual entity and initiates the requested data interaction.

Abstract: Systems and methods for violation processing. In some embodiments, in response to detecting a policy violation, tag processing hardware may enter a violation processing mode, and may cause a host processor to begin executing violation processing code. The tag processing hardware may continue checking one or more instructions in an instruction queue. In response to encountering, in the instruction queue, an instruction of the violation processing code, the tag processing hardware may exit the violation processing mode.

Abstract: A source of a login attempt to a user account can be classified using machine learning. For example, a computing system can input user activity observations associated with one or more login attempts to one or more user accounts into a trained machine learning model. One or more distinguishing factors for the one or more login attempts can be received from the trained machine learning model. The computing system can determine a source of a current login attempt by applying a clustering algorithm to current values of the one or more distinguishing factors. The current values may be derived from current user activity observations associated with the current login attempt. The computing system can determine an authentication level for the current login attempt to the user account based on the source of the current login attempt.

Abstract: A method for execution by a processing system of a storage network includes: generating encoded data slices based on a dispersed error encoding of at least one data object; receiving an access policy associated with the at least one data object; determining a timestamp corresponding to a current time; and storing the encoded data slices, an indicator of the time stamp and an indicator of the access policy in a storage unit of the storage network.

Abstract: Methods and apparatus to detect proximity of objects to computing devices using near ultrasonic sound waves are disclosed. An example apparatus includes a frequency analyzer to determine power levels of noise in different frequency bands associated with sound waves sensed by a microphone of a computing device. The example apparatus further includes a signal generator to cause a speaker to produce a series of acoustic pulses. A central frequency of the pulses is defined based on the power levels of noise in the different frequency bands. The sound waves are sensed by the microphone to include the pulses and echoes of the pulses reflected off objects in a vicinity of the computing device. The example apparatus also includes an object detection analyzer to determine whether a first object is within an activation region associated with the computing device based on the pulses and the echoes sensed by the microphone.

Abstract: Method, system, and programs provide automatic anonymization of protected data items when a request is associated with authentication via a ticket. Ticket authentication includes sending a ticket to a recipient address. The ticket is included in a request for information. Responsive to receiving a request with a ticket, an example system may determine if the ticket is still valid and, if so, generate mock identifiers for any identifiers in information provided back to the requestor, replace the identifiers with their corresponding mock identifiers, as well as delete any protected information from the information provided back to the requestor. The system may store a mapping of the identifiers with their mock identifiers by session id. These mappings may be deleted after a predetermined time, so that the mapping is valid only for a particular session for a limited time.

Abstract: A server kernel processing system receives an input/output (I/O) request from a user mode computing environment. The I/O request is analyzed to determine whether it is a modification request to modify data in a target volume. If so, target analysis logic determines whether the request is for a target volume that is within a first or second protected volume. If the request is to modify data stored in the first protected volume, the request is blocked. If the request is to modify data in a second protected volume, then a whitelist is examined to determine whether the requesting process and user are on the whitelist. If not, the request is also blocked.

Abstract: A data broker platform may store one or more data sharing preference settings of a subscriber for the subscriber data of the subscriber in a corresponding subscriber preference record of a subscriber preference blockchain ledger. The platform may further store one more access policy settings with respect to the subscriber data in a corresponding access configuration record of an access configuration blockchain ledger. The platform may receive a data request from a computing device of a third-party entity to access a set of subscriber data of the subscriber. Accordingly, the platform may provide the computing device of the third-party entity with access to the set of subscriber data when the platform determines using records in the subscriber preference blockchain ledger and the access configuration blockchain ledger that the third-party entity is permitted to access the set of subscriber data.

Abstract: A first authenticator payload is obtained that includes a first authenticator random value. A first authenticator encrypted file is generated with an authenticator public key that is related to a client authenticator application. The first authenticator encrypted file is generated based on a first cryptographic algorithm. The first authenticator encrypted file includes the first authenticator payload. A first target payload is obtained that includes a first target random value. A first target encrypted file is generated with the first authenticator random value. The first target encrypted file is generated based on a second cryptographic algorithm. The first target encrypted file includes the first target payload.

Abstract: A system comprises a data storage service includes a web service interface operating as a proxy to the data storage service. Data obtained at the data storage service is analyzed by one or more criteria of a data loss prevention policy, the data is encrypted by a key that is inaccessible to a remote service, and then the encrypted data is transmitted to the remote service.

Abstract: An authentication and applications access system provides access to a plurality of backend applications via a social media application installed on a user device. Metadata associated with a request to access one of the plurality of backend applications is initially extracted. The metadata is used to authenticate the request via a plurality of validation steps. Upon authentication, the information from the request is provided to the backend application to receive the results responsive to the request. Any sensitive data included in the results is suppressed via data substitution steps from the transmission to the user device. The output from the applications access system with the sensitive data occluded is provided for display on a social media user interface (UI) on a user device.

Abstract: Embodiments of the present disclosure provide systems and methods for using inherited grants to grant privileges to objects in a container. An inherited grant may be generated that specifies a permission on a first type of object in a container and a grant of the permission to a role. The inherited grant may be attached to the container, wherein the container includes a set of objects of the first type. In response to a first object of the set of objects being referenced via the role, a virtual implied grant may be created based on the inherited grant. Authorization of utilization of the permission on the first object is performed using the virtual implied grant, wherein the virtual implied grant is transient and exists in-memory only for the purpose of authorizing the utilization of the permission on the first object.

Abstract: A system and method for creating a virtual digital object comprising a plurality of components includes receiving from a user selections of a plurality of components for use in creating the virtual digital object. Each component has a cost designated in cryptocurrency that is presented for acceptance by the user. Upon acceptance, a cost tally for the virtual digital object is updated. Upon completion, the virtual digital object is minted by subtracting a total cost tally in cryptocurrency from a digital wallet of the user and by interacting with a smart contract including the virtual digital object and metadata relating to at least one of valuation of the virtual digital object, creation of the virtual digital object, and rules governing use and ownership of the virtual digital object. The minted virtual digital object is added to the user's digital wallet and optionally uploaded to an online gallery for purchase.

Abstract: Aspects of the present disclosure involve implementations that may be used to protect neural network models against adversarial attacks by obfuscating neural network operations and architecture. Obfuscation techniques include obfuscating weights and biases of neural network nodes, obfuscating activation functions used by neural networks, as well as obfuscating neural network architecture by introducing dummy operations, dummy nodes, and dummy layers into the neural networks.

Abstract: A storage appliance arranges snapshot data and snapshot metadata into different structures, and arranges the snapshot metadata to facilitate efficient snapshot manipulation, which may be for snapshot management or snapshot restore. The storage appliance receives snapshots according to a forever incremental configuration and arranges snapshot metadata into different types of records. The storage appliance stores these records in key-value stores maintained for each defined data collection (e.g., volume). The storage appliance arranges the snapshot metadata into records for inode information, records for directory information, and records that map source descriptors of data blocks to snapshot file descriptors. The storage appliance uses a locally generated snapshot identifier as a key prefix for the records to conform to a sort constrain of the key-value store, which allows the efficiency of the key-value store to be leveraged.

Abstract: A method for browsing an application folder includes detecting a first touch operation on a touchscreen of an electronic device, in response to the first touch operation, displaying a first user interface, where the first user interface is a setting screen of a first application program, where the first user interface includes a folder control, detecting a second touch operation on the folder control, and in response to the second touch operation, displaying a second user interface on the touchscreen, where the second user interface is a content details screen of the folder corresponding to the first application program.

Abstract: Implementations of the subject matter described herein provide a method of managing user identity authentication data, a method of authorizing a query, a management device, an authentication device, a terminal, a non-transitory computer readable storage medium and a computer program product.

Abstract: Embodiments are directed to managing media licenses. Recognition models may be employed to determine media content that includes protected content. Compliance models may be employed to evaluate the media content based on licensing rules for the protected content. Results of the evaluation may be employed to perform further actions, including: identifying portions of the protected content for the media content that may be non-compliant with the licensing rules such that information associated with the non-compliance of the media content maybe provided to a creator or a rights holder of the media content; retraining the compliance models based on metrics associated with interactions by the creator or the rights holder with the media content or the results of the evaluation; employing the retrained compliance models to reevaluate the media content for compliance such that the reevaluated media content that is compliant is granted a media license.

Abstract: Peer device protection enables a first device comprising a digital security agent to remedy security issues on (or associated with) a set of devices visible to the first device. In aspects, a first device comprising a digital security agent may identify a set of devices visible to the first device. The first device may monitor the set of devices to collect data, such as types of communications and data points of interest. The digital security agent may apply threat detection to the collected data to identify anomalous network behavior. When anomalous network behavior is detected, the first device may cause an indicator of compromise (IOC) to be generated. Based on the IOC, the first device may facilitate remediation of the anomalous network behavior and/or apply security to one or more devices in the set of devices.

Abstract: Method of determining authenticity of an item using an elliptic curve E defined over a finite field Fq, where q is an integer, the method comprising: generating a random integer j, where the random integer j is in the interval of one to the integer q; calculating a point T=j·S, where point S is a point on elliptic curve E(Fq); calculating a binary value k which is equal to the binary random integer j with a bitmask m applied thereto; sending point T and binary value k to the item; and the item iteratively calculating point U=n·S for different values of integer n, where for each iterative calculation integer n takes different values, wherein for each iteration: the bits of binary integer n corresponding to the unmasked bits of bitmask m are the same as the corresponding bits of binary random integer j; and the bits of binary integer n corresponding to the masked bits of bitmask m are varied in each iteration.

Abstract: A system, apparatus, and method for processing payment transactions that are conducted using a mobile payment device that includes a contactless element, such as an integrated circuit chip. The invention enables one or more of the operations of activation of a payment application, transfer of transaction data, updating of account records, setting or re-setting of a payment application counter or register, or transfer or processing of a script, command, or instruction, with these functions being performed with minimal impact on a consumer. This is accomplished by introducing a pre-tap and/or two-tap operation prior to, or as part of, the transaction flow.

Abstract: A computerized method is disclosed that includes operations of detecting movement of a first network device at a speed above a predetermined threshold and the presence of a transceiver, obtaining a network device identifier-RSSI value pairing from the transceiver that includes a listing of a pairing of a network device identifier for each of a plurality of network devices detected by the transceiver, and a RSSI value corresponding to a transmission received by the transceiver from each of the plurality of network devices. The method may further include an operation of implementing a set of policies on the first network device based on a result of a comparison between when RSSI value of the first network device and a predetermined RSSI threshold. The set of policies may be implemented on a plurality of network devices based on results of threshold comparisons using RSSI values of the plurality of network devices.

Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed to dynamically monitor and control compute device identities during operations. Disclosed is an apparatus comprising interface circuitry, machine readable instructions, and processor circuitry to at least one of instantiate or execute the machine readable instructions to generate a unique label for a node from a data plane, the unique label to identify the node, perform an operation on the node, the operation to be performed on the node by identifying the node associated with the unique label, and maintain the unique label until the operation on the node is successful.

Abstract: Authentication of an Internet-of-Things (IoT) device comprises receiving, by a proxy application executing on a mobile device during a registration process, a device identifier associated with the IoT device. The proxy application transmits the device identifier to a router of the wireless network. The proxy application receives the device identifier from the router in response to the router receiving an authorization request with no network password from the IoT device for access to the wireless network, where the router forwards the device identifier to the proxy application. The proxy application prompts the user of the mobile device to enter the password, and transmits the entered network password to the router, such that the router validates the password and grants the IoT device access to the wireless network, the IoT device transmits the IoT device identifier to the router for subsequent network connection without a need for the mobile device.

Abstract: A method of processing web requests directed to a website, the method including: (i) receiving a plurality of web requests directed to the website; (ii) for each of the plurality of web requests, identifying a source from which the web request has originated; (iii) for at least one web request identified as having originated from a given source: determining whether the source is a bot or a non-bot based on the at least one web request; if the source is determined to be a bot, using a machine learning engine to assign one of a plurality of predetermined bot categories to the source based on the at least one web request.

Abstract: A server system to onboard an endpoint having a host system connected to a host interface of a memory device for a cloud service without prior customization of the endpoint to identify an account for accessing the cloud service. For example, after receiving a request associated with the service and containing identity data generated by the memory device, the server system determines authenticity of the memory device and the endpoint based on a secret of the memory device and the identity data. In response to the request, the server system further identifies, based on the identity data, a subscriber among a plurality of subscribers based on ownership data of the endpoint. As a result of the identifying of the subscriber based on the identity data, the server system determines an account of the subscriber to provide the service to the endpoint based on the account.

Abstract: Systems and methods for securely pairing a transmitting device with a receiving device are described. The systems and methods may communicate with a first device via a first communication method over a wireless communication network. The systems and methods may transmit, to the first device via a second communication method, a first sensory pattern representing a first key. In addition, the system and methods may communicate with the first device via the first communication method using the first key.

Abstract: Systems and methods for deploying and running webassembly workloads on compute nodes using a webassembly unikernel. A computing device having a processor generates, using a container engine, a container runtime. The computing device generates, using the container runtime, a unikernel configured to run a plurality of webassembly applications, thereby resulting in a webassembly unikernel. The computing device may receive a request to run an application. A container image corresponding to the application may be retrieved, via the container engine, from a container registry. A webassembly payload may be stored for the application from the container image. Furthermore, the computing device may cause the webassembly unikernel to run the webassembly payload for the application.

Abstract: A computer-implemented method for presenting advertisements based on user data is disclosed. The method may comprise extracting a mobile phone number associated with an internet user; generating an anonymous and unique identifier for the user based on the mobile phone number, wherein the identifier complies with a privacy rule; analyzing the user's behavior and/or interests to assign behavioral attributes to the identifier; receiving an input to select an advertiser based on a category of the advertisement; transmitting the identifier to the advertiser to generate an advertisement for the user based on the identifier; and receiving the advertisement from the advertiser and presenting the advertisement to the user.

Abstract: A system and method for medical communications is disclosed. The system and method may operate to receive, from a user communication node, an electronic signal comprising a communication request including a request description; select, from the list of network entities corresponding to third parties, one or more network entities based at least in part on (i) a parameter profile associated with a third party, and (ii) criteria extracted from the communication request including the request description; transmit an electronic signal, to one or more network entities, the communication request including the request description; receive an action from one of the selected network entities corresponding to third parties in response to the communication request; and provide an interactive communication panel to the user communication node and the one of the selected network entities to facilitate the real-time communication session.

Abstract: Gradated access to services based on identity verification (IDV) is described herein. In an example, a computing device can receive identifying information of a user and can select, from a plurality of IDV paths and based at least in part on the identifying information of the user, an IDV path for verifying an identity of the user using one or more factors. Based at least in part on the one or more factors, the computing device can determine a score indicative of whether the identifying information provided by the user accurately identifies the user. The score can be used for the benefit of one or more service providers to verify an identity of the user and/or determine gradated access to one or more services of the one or more service providers.

Abstract: A household appliance networking method is provided. Pursuant to the method, in a household appliance networking mode, a wireless access point name and a password input by a user are obtained. Whether the wireless access point name and the password are correct is verified. Based on a verification that the wireless access point name and the password are correct, a configuration key value input by the user is obtained. Based on a determination that a networking verification according to the configuration key value fails, a target configuration key value in a preset mode is determined and the same is inputted, so as to enable successful household appliance networking. An apparatus, an electronic device, and a storage medium embodying the method are also provided.

Abstract: Centralized privileged access is managed by receiving a request for privileged access to a device connected to a network, the request including a device identifier and a first user identifier, determining a role risk associated with the request based on a requested privilege level included in the request, determining an impact risk associated with the request based on potentially impacted devices other than the device, determining a risk level associated with the request based on the role risk and the impact risk, identifying a second user to control authorization of the device based on the risk level, and scheduling, in response to receiving authorization from the second user, a process to modify an entry in a permissions database to associate the first user identifier and the device identifier with the requested privilege level for the duration.

Abstract: In aspects of recorded content managed for restricted screen recording, a wireless device displays digital image content, and a screen recording session captures the digital image content and audio data. The wireless device implements a content control module that determines a device application restricts the screen recording session from capturing the media content. The content control module can then pause the screen recording session for a time duration that the device application restricts the screen recording session, and then resume the screen recording session after a determination that the screen recording session is no longer being restricted. As an alternative to pausing the screen recording session, the content control module can add a start delimiter to indicate a beginning section of the screen recording session being restricted by the device application, and add an end delimiter to indicate an end section of the screen recording session being restricted.

Abstract: A system allows an end-user to locate and gain access to an access-controlled facility or resource, such as a restroom, phone charging station, or Wi-Fi hot spot. Some implementations of the system monitor the formation and concentration of individuals into crowds that may place a higher demand on facilities and resources located near the crowd. The system may distribute mobile facilities to areas that offer convenient access to potential developing crowds, and when the system determines that there is a disparity between available resources and crowd demand reaches a certain level it may deploy one or more mobile facilities to positions proximate to that crowd. A mobile facility may also be requested on demand by a user or organizer, and some implementations provide cost sharing mechanisms and other user benefits related to requesting and accessing the facility.

Abstract: Device-implemented methodology for enabling and/or performing crypto-erase via internal action and external action. In one illustrative aspect, a request to read data is received at a device configured to perform data operations on a storage medium, the data being stored on the storage medium in encrypted form. In one approach, a first key stored within the device is accessed. In another approach, a first key stored on and/or with the storage medium is retrieved. A second key is received from an external source. A media encryption key is generated using the first and second keys. The encrypted form of the data is read from the storage medium. The encrypted form of the data is decrypted using the media encryption key. The decrypted data is output. Methodology for writing encrypted data is also presented.

Abstract: A messaging server system receives a message creation input from a first client device that is associated with a first user registered with the messaging server system. The messaging server system determines, based on an entity graph representing connections between a plurality of users registered with the messaging server system, that the first user is within a threshold degree of connection with a second that initiated a group story in relation to a specified event. The messaging server system determines, based on location data received from the first client device, that the first client device was located within a geo-fence surrounding a geographic location of the specified event during a predetermined event window, the geo-fence and event window having been designated by the second user, and causes the first client device to present a user interface element, that enables the first user to submit content to the group story.

Abstract: The present disclosure is related to a system that may include a first computing device and a second computing device. The first computing device may send a request for identification data corresponding to one or more health properties associated with a user. The second computing device may receive the request for the identification data. In response to receiving the request, the second computing device may retrieve health data acquired by one or more sensors for monitoring the one or more health properties that correspond to the user and stored in a memory. The first computing device may receive the health data sent from the second computing device and authenticate an identity of the user based on the health data.

Abstract: Some embodiments provide a method for mobile device based user authentication. The method includes registering a session between a browser and a web application. The method also includes receiving a data object associated with the session and receiving a QR code from a mobile device that is captured from the browser. The method also provides for identifying the data object and sending the data object to the mobile device to retrieve user credentials. The method then receives an encrypted message comprising the user credentials from the mobile device. The encrypted message is then forwarded to the web application for authentication.

Abstract: In an example, the eyewear includes an optical element, electronic components, and a support structure configured to support the optical element and the electronic components. The support structure defines a region for receiving at least a portion of a head of a user. The eyewear also includes a biometric sensor coupled to the electronic components and supported by the support structure. The biometric sensor is attached to the support structure and positioned to detect, in the region, a biometric signal representative of a biometric of the user for processing by the electronic components.