Abstract: Database query processing may be scaled using additional processing clusters. A database query is received at a processing cluster. A determination is made as to whether additional processing clusters will be used to process the database query. Operations to cause compute nodes of the processing cluster to instruct operations at the additional processing clusters are included in a plan generated to perform database queries determined to use additional processing clusters. The plan is executed to be perform the database query causing compute nodes of the processing cluster to send instructions to corresponding additional processing clusters in order to generate and return a response to the database query.

Abstract: Systems, methods, and apparatuses for providing a customer a central location to manage permissions provided to third-parties and devices to access and use customer information maintained by a financial institution are described. The central location serves as a central portal where a customer of the financial institution can manage all access to account information and personal information stored at the financial institution. Accordingly, the customer does not need to log into each individual third-party system or customer device to manage previously provided access to the customer information or to provision new access to the customer information. A user additionally is able to have user data and third-party accounts of the user deleted from devices, applications, and third-party systems via a central portal. Restrictions on how user data is used by devices, applications, and third-party systems can be imposed via a central portal.

Abstract: The present disclosure provides a communication method comprising registering a public key for a vehicle, generating a pseudonym ID, transmitting the pseudonym ID, verifying whether the vehicle is registered, and storing a first transaction. Registration of the public key for the vehicle comprises receiving a service with a service provider. The pseudonym ID is generated based on the public key. The pseudonym ID and vehicle data are transmitted to a road side unit. Verification as to whether the vehicle is registered with the service provider is performed based on the transmitted pseudonym ID. A transaction including the pseudonym ID and the vehicle data is then stored in a database of the service provider according to a result of the verification.

Abstract: The present disclosure relates to a method for providing a service for security of a web-browser-based content which increases security of an original content by inserting garbage characters into a text constituting an HTML-based original content, which can be opened through a web browser, to secure the original content, and by enabling only authenticated functions to be executed when calling functions for removing the garbage characters and performing functions related to the original content. The present disclosure, without installing a specific program linked to the web browser, can easily prevent a user who does not have the right to open an original content on a web browser from abnormally accessing the original content by constructing a certain function which is not authenticated. Thereby a copyrighted product infringement for a web browser-based original content can be prevented.

Abstract: A method of configuring a controller 14 for controlling access to a memory 12 is provided. The controller 14 has a display 18 configured to selectively display a plurality of different input screens, wherein each input screen has a unique code associated therewith and the input screens are for receiving user credentials from a user.

Abstract: A method of operating a vehicle to anything, V2X, application enabler, VAE, server is provided according to some embodiments disclosed herein. The method includes receiving a registration request message from a V2X application specific server. The method further includes transmitting a registration response message to the V2X application specific server responsive to receiving the registration request message.

Abstract: Disclosed herein is a data storage device. A data port transmits data between a host computer system and the data storage device. A non-volatile storage medium stores encrypted user content data and a cryptography engine connected between the data port and the storage medium uses a cryptographic key to decrypt the encrypted user content data. The access controller generates authorization request data indicative of multiple devices to be authorized, and stores the authorization request data on non-volatile configuration memory of the data storage device. Upon approval of the authorization request data by a manager device that is registered with the access controller as a manager device, the access controller locates the authorization request data of one of the multiple devices to be authorized and registers the one of the multiple devices to be authorized as an authorized device.

Abstract: Techniques and apparatus for providing peer-based management of user accounts are described. In one embodiment, for example, an apparatus may include at least one memory and logic coupled to the at least one memory. The logic may be configured to receive a request from at least one first user account to unlock a second user account locked responsive to a fraud event, determine a safe authentication value for the fraud event, and unlock the second user account responsive to the at least one first user account being a safe authentication account and the safe authentication value being over a safe authentication threshold value. Other embodiments are described.

Abstract: Methods, apparatuses, and computer-program products are disclosed. The method may include deploying a runtime agent onto a private compute architecture for running one or more federated application programming interfaces (APIs) on the private compute architecture. The method may include receiving, via a user interface of a federation management service, user input to manage an operation of the one or more federated APIs, where the federation management service is hosted on public cloud-based resources. The method may include communicating, based on the user input, control signaling between the runtime agent and a runtime manager that is hosted on a control plane of the federation management service in the public cloud-based resources.

Abstract: A system, process, and computer-readable medium for securely transferring user personal identification information (PII) across platforms, based on specific permissions, are described. One or more aspects provide greater control, to a user, of when that user's PII may be released from a secure storage in a first platform and securely provided to a second platform. The timing of those releases of the PII may be controlled by specific authorizations from the user via one or more processes. Also, in addition to improving the security associated with the PII transferred between platforms, one or more aspects improve users' experiences by permitting controlled reuse of users' PII to simplify how users provide their PII to separate processes being performed on separate platforms.

Abstract: According to the present invention, the convenience of a utilization management technology for a usage target object is enhanced and the security risk is reduced. This utilization control device (1) is capable of communicating only in a near field communication (63) and stores a first public key that is paired with a first secret key stored in a management device (2). When hole data is received with a first signature from a provider terminal (3), the first signature is verified by means of the first key, and when the signature verification is established, the hole data is set to an own device (1). The hole data includes a second public key that is paired with a second secret key stored in the management device (2). When a utilization permit card is received with a second signature from a user terminal (4), the second signature is verified with the second public key, and when the signature verification is validated, transaction information included in the utilization permit card is acquired.

Abstract: Disclosed are systems and methods for secure selection of a user profile in a shared context. For example, a method may include: determining, by one or more processors, an association between a user device and a shared user profile; determining, by the one or more processors, that the user device is within a predetermined proximity of a multiuser device; determining, by the one or more processors, the shared user profile associated with the user device as a result of determining that the user device is within the predetermined proximity of the multiuser device; receiving, by the one or more processors, biometric verification from the first user; and activating, by the one or more processors, the first specific user profile associated with the first user on the multiuser device as a result of determining that the first user has successfully provided biometric verification.

Abstract: Systems and methods for automated visual trigger profiling and detection within virtual environments are provided. A visual trigger profile may be stored in memory that includes a set of visual trigger characteristics associated with a type of visual sensitivity. Buffered frames of an audiovisual stream that have not yet been displayed may be monitored to identify when a buffered frame includes a threshold level of the visual trigger characteristics associated with the visual sensitivity. A frame modification that decreases the level of the detected visual trigger characteristics associated with the visual sensitivity may be identified and applied to the identified frames. The modified frames may thereafter be presented during the audiovisual stream in place of the original (unmodified) identified frames.

Abstract: The present disclosure describes an architecture and design of Unauthorized-Blocking-Role (UAB). UAB is a mechanism which prevents higher privileged users of cloud-hosted software from performing unauthorized activities on protected objects, such as management objects. UAB works by periodically monitoring the permissions of customer users on key management objects in an object hierarchy in management software. If a customer user is detected to have privileges higher than the user should have on those objects, UAB applies restrictive role-based access controls (RBACs) on the user. Similarly, UAB also monitors protected principals and protected roles to ensure that their privileges are not modified by a customer user.

Abstract: Example embodiments of systems and methods for application verification are provided. An application may generate a cryptographic key, and encrypt the cryptographic key with a predefined public key. A server, in data communication with the application, may include a predefined private key. The application may transmit the cryptographic key to the server. The server may receive, from the application, the cryptographic key; decrypt the cryptographic key using the predefined private key; encrypt an authorization token using the decrypted key; and transmit, to the client application, the authorization token via an out-of-band channel. The application may receive, from the server, the authorization token via the out-of-band channel; and decrypt the authorization token to obtain access to one or more services associated with the server.

Abstract: Access control management to shared resources in a common resource directory between different users of cloud data centers can be implemented as computer-readable methods, media and systems. A resource managing service receives a request to access resources of a resource directory managed by the resource managing service. The request includes a token for identity authentication. The resource managing service determined a container membership associated with the token, where the container membership is associated with a container from a set of containers for the resource directory. The container includes one or more resources in a tree data structure of the resource directory. The resource managing service filters access rights defined in authorization primitives associated with the container membership based on container policy rules for the set of containers in the resource directory. The resource managing service provides access to a set of resources from the resource directory.

Abstract: Examples of the disclosure enable a user to be authenticated and/or a financial transaction to be authorized. In some examples, one or more identifiers associated with one or more detected devices in an area proximate to the detection device are received. It is determined whether at least one identifier of the one or more identifiers corresponds with one or more target identifiers, and whether a device presence of at least one device associated with the at least one identifier satisfies a predetermined threshold. The user is authenticated upon determining that the device presence satisfies the predetermined threshold. Aspects of the disclosure provide for a processing system to authenticate a user and/or authorize a financial transaction in an environment including a plurality of devices.

Abstract: A method for sharing a digital key associated with a vehicle by a cascaded key delegation system includes issuing, by a requestor device, a public key certificate to an initial delegator device that is part of a cloud delegation service. The public key certificate enables the initial delegator device to grant delegation rights the vehicle. The method also includes issuing, by the initial delegator, an intermediate public key certificate to a subsequent delegator that is part of the cloud delegation service. The intermediate public key certificate grants the delegation rights to the subsequent delegator.

Abstract: A cloud-based, secure, integrated communication system for patient care delivery system can provide a platform that is device-agnostic and can adapt to the technology chosen by users of the system. The system can allow for asynchronous and/or real-time communication among all participants. Patients can create and manage their own specific health issues. Patients can assign their own caregivers and/or approve new care providers. Patients can also control whether to include certain members of the family and/or friends in discussions regarding the patients' health issues. Physicians can engage other healthcare providers, advanced practitioners, and/or consultants with specific patient issues. The system can also assist with billing for eligible e-visits for insurers providing such reimbursable services.

Abstract: A non-transitory machine-readable storage medium stores instructions that, when executed by the machine, cause the machine to provide a firewall interface between a plurality of registers of a controller and a host interface of the controller. Providing the firewall interface includes programming the firewall interface with a plurality of firewall rules. The registers are to control functions that are performed by the controller; and the plurality of firewall rules control whether requests to access the plurality of registers are denied, allowed or modified based on features of the request.

Abstract: A mobile terminal apparatus includes: an evaluator configured to, based on pre-purchase information relating to activities of a user during a pre-purchase period before purchase of an electronic ticket and post-purchase information relating to activities of a user during a post-purchase period after the purchase of the electronic ticket, evaluate identicalness of the user during the post-purchase period and a person who purchased the electronic ticket; and a setter configured to set a state relating to validity of the electronic ticket based on a result of the evaluation by evaluator.

Abstract: Approaches are provided for a prediction model determining a prediction indicative of the authorized user being associated with at least one anomaly event. In one example, a computer system may receive data from different sources. For example, the system may receive data associated with use of one or more monitored units of an automated storage and retrieval location. The system may also receive request data associated with a request for execution of the monitored controlled unit by an authorized user to a target user. The prediction model of the system may utilize the received data to determine the prediction that the authorized user is associated with at least one anomaly event associated with a diversion of a monitored unit away from the target user. The system may then provide the prediction for presentation.

Abstract: Proposed is a decentralized identity technique, and more specifically, are a hierarchical universal resolver system for a decentralized identifier environment and a method thereof, which can control access to connected decentralized ledger information and prevent exposure and leakage of the information by hierarchically managing a universal resolver (UR) in an identity verification system based on self-sovereign decentralized identifiers (DID). According to an embodiment, accessibility to private information in a blockchain network in which decentralized ledgers are stored, as well as privacy of certificate or identification information based on decentralized identifiers, may be complemented.

Abstract: Parental control of child's web-based digital content experience, which can be applied to other contexts such as education, the workplace or other organizations. Trust relationships authorize specified users or organizations to permit access to content or resources by other users. Collection curation including content reputation and age appropriate ratings disclosed.

Abstract: A method for issuance of a personalized user device includes initializing a user device to provide an initialized user device, providing device initialization data to an issuer system, wherein the device initialization data comprises a public device key and a public issuer authentication key, calculating a user private key, encrypting the user private key and the public device authentication key with the public device key to provide encrypted data, digitally signing the encrypted data using a private issuer key to provide signed encrypted data, the issuer system providing the encrypted data and the signed encrypted data, injecting said data into the initialized user device to provide the personalized user device, and the personalized user device, conditional on successfully validating the signed encrypted data, decrypting the encrypted data to retrieve the user private key and the public device authentication key.

Abstract: A system for managing a financial account in a low cash mode. The system may include a memory storing instructions, and a processor configured to execute the instructions to perform operations. The operations may include providing an interface; providing a notification to a user when a balance in the first account is deemed to be in low cash mode; presenting, when the first account balance is deemed to be in low cash mode, an option for a transfer request; receiving, a selection of the option for the transfer request to connect the first account with a second account; transferring funds from the second account to the first account; notifying the user that funds have been transferred from the second account to the first account; and further notifying the user that the balance in the first account is greater than the threshold value.

Abstract: A system includes a memory and a processor coupled to the memory. The processor is configured to receive a first user credential associated with a user and authorize an avatar of the user to enter a virtual environment. The processor receives a second user credential associated with the user and authorizes the first avatar to access a virtual entity in the virtual environment. The processor receives a request from the user to authenticate the virtual entity and, in response, retrieves user data associated with the user and presents it to the user in the virtual environment. The processor receives an indication from the user that the virtual entity is authentic. The processor then receives a request from the user to perform a virtual data interaction with the virtual entity and initiates the requested data interaction.

Abstract: Systems and methods for violation processing. In some embodiments, in response to detecting a policy violation, tag processing hardware may enter a violation processing mode, and may cause a host processor to begin executing violation processing code. The tag processing hardware may continue checking one or more instructions in an instruction queue. In response to encountering, in the instruction queue, an instruction of the violation processing code, the tag processing hardware may exit the violation processing mode.

Abstract: Systems and methods for anonymizing data are provided herein. A network node can receive privacy constraints from a data owner and utility requirements from at least one data processor. An anonymization mechanism can be selected for each data attribute in a data set, based on its specified privacy constraint and/or utility requirement, from the available anonymization mechanism(s) appropriate for its associated attribute type.

Abstract: A source of a login attempt to a user account can be classified using machine learning. For example, a computing system can input user activity observations associated with one or more login attempts to one or more user accounts into a trained machine learning model. One or more distinguishing factors for the one or more login attempts can be received from the trained machine learning model. The computing system can determine a source of a current login attempt by applying a clustering algorithm to current values of the one or more distinguishing factors. The current values may be derived from current user activity observations associated with the current login attempt. The computing system can determine an authentication level for the current login attempt to the user account based on the source of the current login attempt.

Abstract: A method for execution by a processing system of a storage network includes: generating encoded data slices based on a dispersed error encoding of at least one data object; receiving an access policy associated with the at least one data object; determining a timestamp corresponding to a current time; and storing the encoded data slices, an indicator of the time stamp and an indicator of the access policy in a storage unit of the storage network.

Abstract: Methods and apparatus to detect proximity of objects to computing devices using near ultrasonic sound waves are disclosed. An example apparatus includes a frequency analyzer to determine power levels of noise in different frequency bands associated with sound waves sensed by a microphone of a computing device. The example apparatus further includes a signal generator to cause a speaker to produce a series of acoustic pulses. A central frequency of the pulses is defined based on the power levels of noise in the different frequency bands. The sound waves are sensed by the microphone to include the pulses and echoes of the pulses reflected off objects in a vicinity of the computing device. The example apparatus also includes an object detection analyzer to determine whether a first object is within an activation region associated with the computing device based on the pulses and the echoes sensed by the microphone.

Abstract: Method, system, and programs provide automatic anonymization of protected data items when a request is associated with authentication via a ticket. Ticket authentication includes sending a ticket to a recipient address. The ticket is included in a request for information. Responsive to receiving a request with a ticket, an example system may determine if the ticket is still valid and, if so, generate mock identifiers for any identifiers in information provided back to the requestor, replace the identifiers with their corresponding mock identifiers, as well as delete any protected information from the information provided back to the requestor. The system may store a mapping of the identifiers with their mock identifiers by session id. These mappings may be deleted after a predetermined time, so that the mapping is valid only for a particular session for a limited time.

Abstract: A server kernel processing system receives an input/output (I/O) request from a user mode computing environment. The I/O request is analyzed to determine whether it is a modification request to modify data in a target volume. If so, target analysis logic determines whether the request is for a target volume that is within a first or second protected volume. If the request is to modify data stored in the first protected volume, the request is blocked. If the request is to modify data in a second protected volume, then a whitelist is examined to determine whether the requesting process and user are on the whitelist. If not, the request is also blocked.

Abstract: A data broker platform may store one or more data sharing preference settings of a subscriber for the subscriber data of the subscriber in a corresponding subscriber preference record of a subscriber preference blockchain ledger. The platform may further store one more access policy settings with respect to the subscriber data in a corresponding access configuration record of an access configuration blockchain ledger. The platform may receive a data request from a computing device of a third-party entity to access a set of subscriber data of the subscriber. Accordingly, the platform may provide the computing device of the third-party entity with access to the set of subscriber data when the platform determines using records in the subscriber preference blockchain ledger and the access configuration blockchain ledger that the third-party entity is permitted to access the set of subscriber data.

Abstract: Embodiments of the present disclosure provide systems and methods for using inherited grants to grant privileges to objects in a container. An inherited grant may be generated that specifies a permission on a first type of object in a container and a grant of the permission to a role. The inherited grant may be attached to the container, wherein the container includes a set of objects of the first type. In response to a first object of the set of objects being referenced via the role, a virtual implied grant may be created based on the inherited grant. Authorization of utilization of the permission on the first object is performed using the virtual implied grant, wherein the virtual implied grant is transient and exists in-memory only for the purpose of authorizing the utilization of the permission on the first object.

Abstract: A first authenticator payload is obtained that includes a first authenticator random value. A first authenticator encrypted file is generated with an authenticator public key that is related to a client authenticator application. The first authenticator encrypted file is generated based on a first cryptographic algorithm. The first authenticator encrypted file includes the first authenticator payload. A first target payload is obtained that includes a first target random value. A first target encrypted file is generated with the first authenticator random value. The first target encrypted file is generated based on a second cryptographic algorithm. The first target encrypted file includes the first target payload.

Abstract: A system comprises a data storage service includes a web service interface operating as a proxy to the data storage service. Data obtained at the data storage service is analyzed by one or more criteria of a data loss prevention policy, the data is encrypted by a key that is inaccessible to a remote service, and then the encrypted data is transmitted to the remote service.

Abstract: An authentication and applications access system provides access to a plurality of backend applications via a social media application installed on a user device. Metadata associated with a request to access one of the plurality of backend applications is initially extracted. The metadata is used to authenticate the request via a plurality of validation steps. Upon authentication, the information from the request is provided to the backend application to receive the results responsive to the request. Any sensitive data included in the results is suppressed via data substitution steps from the transmission to the user device. The output from the applications access system with the sensitive data occluded is provided for display on a social media user interface (UI) on a user device.

Abstract: A system and method for creating a virtual digital object comprising a plurality of components includes receiving from a user selections of a plurality of components for use in creating the virtual digital object. Each component has a cost designated in cryptocurrency that is presented for acceptance by the user. Upon acceptance, a cost tally for the virtual digital object is updated. Upon completion, the virtual digital object is minted by subtracting a total cost tally in cryptocurrency from a digital wallet of the user and by interacting with a smart contract including the virtual digital object and metadata relating to at least one of valuation of the virtual digital object, creation of the virtual digital object, and rules governing use and ownership of the virtual digital object. The minted virtual digital object is added to the user's digital wallet and optionally uploaded to an online gallery for purchase.

Abstract: Aspects of the present disclosure involve implementations that may be used to protect neural network models against adversarial attacks by obfuscating neural network operations and architecture. Obfuscation techniques include obfuscating weights and biases of neural network nodes, obfuscating activation functions used by neural networks, as well as obfuscating neural network architecture by introducing dummy operations, dummy nodes, and dummy layers into the neural networks.

Abstract: A method for browsing an application folder includes detecting a first touch operation on a touchscreen of an electronic device, in response to the first touch operation, displaying a first user interface, where the first user interface is a setting screen of a first application program, where the first user interface includes a folder control, detecting a second touch operation on the folder control, and in response to the second touch operation, displaying a second user interface on the touchscreen, where the second user interface is a content details screen of the folder corresponding to the first application program.

Abstract: A storage appliance arranges snapshot data and snapshot metadata into different structures, and arranges the snapshot metadata to facilitate efficient snapshot manipulation, which may be for snapshot management or snapshot restore. The storage appliance receives snapshots according to a forever incremental configuration and arranges snapshot metadata into different types of records. The storage appliance stores these records in key-value stores maintained for each defined data collection (e.g., volume). The storage appliance arranges the snapshot metadata into records for inode information, records for directory information, and records that map source descriptors of data blocks to snapshot file descriptors. The storage appliance uses a locally generated snapshot identifier as a key prefix for the records to conform to a sort constrain of the key-value store, which allows the efficiency of the key-value store to be leveraged.

Abstract: Peer device protection enables a first device comprising a digital security agent to remedy security issues on (or associated with) a set of devices visible to the first device. In aspects, a first device comprising a digital security agent may identify a set of devices visible to the first device. The first device may monitor the set of devices to collect data, such as types of communications and data points of interest. The digital security agent may apply threat detection to the collected data to identify anomalous network behavior. When anomalous network behavior is detected, the first device may cause an indicator of compromise (IOC) to be generated. Based on the IOC, the first device may facilitate remediation of the anomalous network behavior and/or apply security to one or more devices in the set of devices.

Abstract: Implementations of the subject matter described herein provide a method of managing user identity authentication data, a method of authorizing a query, a management device, an authentication device, a terminal, a non-transitory computer readable storage medium and a computer program product.

Abstract: Embodiments are directed to managing media licenses. Recognition models may be employed to determine media content that includes protected content. Compliance models may be employed to evaluate the media content based on licensing rules for the protected content. Results of the evaluation may be employed to perform further actions, including: identifying portions of the protected content for the media content that may be non-compliant with the licensing rules such that information associated with the non-compliance of the media content maybe provided to a creator or a rights holder of the media content; retraining the compliance models based on metrics associated with interactions by the creator or the rights holder with the media content or the results of the evaluation; employing the retrained compliance models to reevaluate the media content for compliance such that the reevaluated media content that is compliant is granted a media license.

Abstract: Method of determining authenticity of an item using an elliptic curve E defined over a finite field Fq, where q is an integer, the method comprising: generating a random integer j, where the random integer j is in the interval of one to the integer q; calculating a point T=j·S, where point S is a point on elliptic curve E(Fq); calculating a binary value k which is equal to the binary random integer j with a bitmask m applied thereto; sending point T and binary value k to the item; and the item iteratively calculating point U=n·S for different values of integer n, where for each iterative calculation integer n takes different values, wherein for each iteration: the bits of binary integer n corresponding to the unmasked bits of bitmask m are the same as the corresponding bits of binary random integer j; and the bits of binary integer n corresponding to the masked bits of bitmask m are varied in each iteration.

Abstract: A system, apparatus, and method for processing payment transactions that are conducted using a mobile payment device that includes a contactless element, such as an integrated circuit chip. The invention enables one or more of the operations of activation of a payment application, transfer of transaction data, updating of account records, setting or re-setting of a payment application counter or register, or transfer or processing of a script, command, or instruction, with these functions being performed with minimal impact on a consumer. This is accomplished by introducing a pre-tap and/or two-tap operation prior to, or as part of, the transaction flow.

Abstract: A computerized method is disclosed that includes operations of detecting movement of a first network device at a speed above a predetermined threshold and the presence of a transceiver, obtaining a network device identifier-RSSI value pairing from the transceiver that includes a listing of a pairing of a network device identifier for each of a plurality of network devices detected by the transceiver, and a RSSI value corresponding to a transmission received by the transceiver from each of the plurality of network devices. The method may further include an operation of implementing a set of policies on the first network device based on a result of a comparison between when RSSI value of the first network device and a predetermined RSSI threshold. The set of policies may be implemented on a plurality of network devices based on results of threshold comparisons using RSSI values of the plurality of network devices.

Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed to dynamically monitor and control compute device identities during operations. Disclosed is an apparatus comprising interface circuitry, machine readable instructions, and processor circuitry to at least one of instantiate or execute the machine readable instructions to generate a unique label for a node from a data plane, the unique label to identify the node, perform an operation on the node, the operation to be performed on the node by identifying the node associated with the unique label, and maintain the unique label until the operation on the node is successful.