Abstract: Systems, methods and computer program products for controlling access to data owned by an application subscriber using two-factor access control and user partitioning are disclosed. In one embodiment, applications are executed on a multi-tenant application platform in which user partitions designate associated users and authentication services for those users. Tenants may subscribe to the applications and may allow access to the subscriptions through designated entry points. Users that are authenticated according to the corresponding user partition and access the application through the designated entry point are allowed to access the application through the tenant's subscription.

Abstract: An information processing system includes a first management unit that manages assignment of authority to use a second service to a first user registered for a first service in the individual unit on a user side receiving provision of the first service, and a second management unit that manages a second user having authority to use the second service on a provider side providing the second service, in which the second management unit acquires information regarding the first user not assigned with the authority to use the second service, from the first management unit.

Abstract: A gateway device (10) stores therein a first filtering rule and a second filtering rule for filtering packets which are transmitted from a terminal (20) in a network (2) as a transmission source to a terminal (20) in a network (3) as a destination. The gateway device (10) acquires, on the basis of a packet transmitted from the terminal (20) in the network (3), identification information for identifying the terminal (20). The gateway device (10) notifies a management device (30) of the acquired identification information. The management device (30) generates a management screen on the basis of the notified information, and transmits the management screen to a display device (40). The management device (30) transmits an instruction based on input to the display device (40) to the gateway device (10). The gateway device (10) sets the first filtering rule on the basis of the instruction from the management device (30).

Abstract: A key broker monitors network traffic metadata and determines which decryption keys are required at one or more packet brokers in order to decrypt relevant traffic required by various network monitoring devices. The key broker retrieves the required keys from a secure keystore distributes them, as needed, to the network packet brokers, and dynamically updates the decryption keys stored in the network packet brokers in response to changes in network traffic.

Abstract: The proposed authentication method is based on a secret convention between the service and the user. This convention is defined on the basis of a random choice of elementary algorithmic blocks from a collection of elementary algorithmic blocks during the enrolment phase of the user. During authentication, the user uses the convention by applying it to a challenge presented by the service in order to determine a response. The algorithmic blocks are chosen such that they can be memorised by the user. As a result of the diversity of these bricks and the combinatorics behind the conventions, the number of possible conventions is very high, making it virtually impossible for an attacker to guess the convention.

Abstract: The described financial institution computing system provides services to customers through an application programming interface (“API”). The services include user identification services to customers. The user identification services allow the customers to verify the identity of users as non-fraudulent users. Further the user identification services allow the financial institution to provide known user information to the customers for purposes of prepopulating registration forms, completing transactions, and the like. Further services, such as user account validation services, payment services, and the like are also possible through the financial institution APIs. In some situations, users are registered with the financial institution. For example, a user may also be an account holder with the financial institution. In other situations, the users are not registered with the financial institution.

Abstract: Application programming interfaces (API) are provided for notebook settings, for example, classroom notebook settings. The APIs allow for a teacher or other user of a class notebook to manage permissions to the class notebooks, and particularly allow for fine control over parts of the class notebook through a class notebook application. An API for generating a guest access link is provided. APIs for creating permission groups for a collaboration space are provided. A post permission API is provided that creates or updates the permission for a section group. A get permission API is provided that retrieves permission information of a section group. A delete permission API is provided that removes permission for a user of a section group.

Abstract: An information handling system includes a host processing system, first and second data storage devices having respective first and second data storage capacities, and a license manager. The license manager implements a first license, receives a second license, and implements the second license without rebooting the information handling system. The first license defines a first configuration where the first data storage device is visible and the first data storage capacity is available to the host processing system, and the second data storage device is not visible and the second data storage capacity is not available to the host processing system. The second license defines a second configuration where both data storage devices are and both data storage capacities are available to the host processing system.

Abstract: The present disclosure generally relates to apparatus, software and methods for thwarting radio spoofing techniques by requiring and sending data from multiple radios positioned such that the receiving client can determine that it came from multiple spatially separated radios due to the Angle of Arrival of each radio's signal.

Abstract: Security enhancement herein primarily relate to digital code undergoing a first fortification protocol by which a digital package is prepared, a secure execution environment being configured for use with the package at or via a source facility, and at least some of the package being executed in in the secure execution environment at a destination facility. Such enhanced configurations may arrive to or from a remote facility, for example, without a concomitant loss of performance.

Abstract: Devices, systems, and methods are provided detecting personal information in cloud-based infrastructure configuration. A method may include sending, by a computer-based system, a first request to a first service associated with the computer-based system, the first request associated with first application programming interface (API) call data. The method may include receiving the first API call data from the first service. The method may include determining, based on the first API call data, first data associated with the first service, and determining that the first data includes personal information. The method may include sending a message to a device, the message indicative of the personal information. The method may include receiving a second request to modify the first data, and modifying the first data based on the second request.

Abstract: Technologies for token-based access authorization to an application program interface (API) include an access management server to receive a service request message from an application executed by a remote computing device. The service request message includes a digitally signed license token previously generated by the access management server and distributed to the remote computing device. The service request message also includes a request from the executed application to access data or a service of the resource server via an exposed API. The access management server verifies the digital signature of the digitally signed license token and generates a digitally signed Security Assertion Markup Language (SAML) token. The digitally signed SAML token is transmitted to the resource server for verification and local caching. The resource server receives the service request message and determines whether access to the requested data or service is authorized based on the locally-cached SAML token.

Abstract: Embodiments of the present specification disclose data processing methods, apparatuses, and devices. One method comprises: obtaining an acquisition request for target data of a data owner; determining a trusted application (TAPP) for generating the target data based on decentralized identifier document (DID Doc) information of the data owner in response to the acquisition request; sending, to the TAPP, a target data generation request to use the TAPP to process data of the data owner obtained from a trusted institution; and receiving a processing result from the TAPP in response to the target data generation request.

Abstract: Aspects of the present disclosure provide for systems and methods to automatically load security access files and/or keys on a local digital controller serving subscriber communication equipment, but are not so limited. A disclosed system operates to use a deployment manager as part of auto-loading security access files and/or keys on a local digital controller serving subscriber communication equipment. A disclosed method operates in part to auto-load security access files and/or keys on a local digital controller serving subscriber communication equipment.

Abstract: A lockscreen display control method can be applied to an electronic device and include: when the electronic device has a bright screen in a lockscreen state, a transparent lockscreen window is drawn by using a lockscreen service, and a lockscreen wallpaper process is launched; an activity instance of the lockscreen wallpaper process is created, and an attribute of the activity instance is set to be always on top; a device orientation of the electronic device is monitored by using the activity instance to acquire an orientation parameter; and according to the orientation parameter, a wallpaper displayed under the lockscreen window is adjusted, and the wallpaper is controlled to dynamically display under the lockscreen window.

Abstract: Disclosed are example machine-learning approaches for determining maturity metrics of chatbot users. One or more datasets with words used during past conversations between a chatbot and a set of users with known maturity metrics are generated. A machine learning model is trained by applying machine learning to the one or more datasets such that the machine learning model is trained to output maturity metrics based on words received as inputs. A set of words or phrases spoken or written by the user during a conversation is fed to the machine learning model to determine a maturity metric of the user. A response is identified based on the determined maturity metric, and the response is presented during the conversation with the user. Words and phrases of a user conversing with a chatbot are used to determine the user's age or another maturity metric to generate responses that enhance the user experience.

Abstract: An authenticated data transfer system may include generating, after entry of one or more processors of a transmitting device into a communication field, a link, the link comprising a near field communication data exchange format uniform resource locator including identifier data and user data; transmitting, to a first application comprising instructions for execution on a first device, the link to initiate data transfer; authenticating a user associated with the first device by activating one or more actions based on the link; transmitting one or more requests for confirmation of quantity and recipient data associated with the data transfer; receiving one or more notifications that are based on the one or more requests for confirmation of quantity and recipient data associated with the data transfer; and performing one or more login credentials that are responsive to the one or more notifications so as to complete the data transfer.

Abstract: A system and method for managing a plurality of network-enabled client devices such as networking equipment and Internet of Things (IoT) devices which employs a distributed ledger, or blockchain, to store network configuration information for each client device. Access to the distributed ledger may be provided through a proxy computing system that is configured to exchange control messages with the client devices. Network configuration information is defined in smart contracts stored in the distributed ledger which are executed on registration of the network-enabled client device in the distributed ledger.

Abstract: An example operation may include one or more of transmitting, from a client application, a proposed storage request to a plurality of endorser nodes of a blockchain, receiving a first endorsement of the storage request from a first endorser node, the first endorsement comprising a full-step hash verification of the proposed storage request, receiving a second endorsement of the storage request from a second endorser node, the second endorsement comprising a reduced-step hash verification of the storage request, and transmitting a storage proposal including the full-step hash endorsement and the reduced-step hash endorsement to an ordering node of the blockchain.

Abstract: A technique for performing authentication includes a first device receiving security data from a second device that shares its network connection with the first device. The first device applies the security data received from the second device when requesting authentication to a secured resource on the network. For example, the security data may include a token code or other data that may be used as a token, such as identification information about the second device.

Abstract: A stateful cluster may implement scaling of the stateful cluster while maintaining access to the state of the stateful cluster. A scaling event for a stateful cluster may be detected, and in response the stateful cluster may be adjusted to include a different number of nodes. The state of the cluster may then be logically distributed among the different number of nodes according to a monotone distribution scheme. The adjusted node may then service access requests according to the monotone distribution scheme. Prior to making the adjusted storage cluster available for servicing access requests, the nodes from the original cluster may still service access requests for state.

Abstract: An apparatus comprises a processing device configured to receive, from a given multi-path input-output driver of a given one of a plurality of host devices that utilizes a given piece of software for controlling delivery of input-output operations to a storage system over selected ones of a plurality of paths through a network, an access authorization check request for the given piece of software in response to expiration of a designated access authorization refresh interval, wherein authorization to access software code of the given piece of software is provided by an access authorization server external to the plurality of host devices. The processing device is also configured to determine an access authorization status of the given multi-path input-output driver. The processing device is further configured to provide, to the given multi-path input-output driver, an access authorization check response comprising the access authorization status of the given multi-path input-output driver.

Abstract: One embodiment is a client API module for accessing an endpoint that includes a REST API corresponding to a server. Embodiments initialize an endpoint request and in response receive a URI of the server and a client context. Embodiments provide a get service request to the server based on the URI and the client context and in response receive a service instance and initialize a service context. Embodiments generate, based on the service context, a request including one of a create, a search, an update, a replace, or a delete requests, and a corresponding REST call including one of an HTTP post, an HTTP get, an HTTP patch and HTTP put or an HTTP delete.

Abstract: A vehicle control system, including an in-vehicle bus and a plurality of electronic control units (ECUs) coupled to the in-vehicle bus, wherein at least one ECU of the plurality of ECUs is configured to: receive, at a respective at least one ECU of the plurality of ECUs, a message in a message stream on the in-vehicle bus; evaluate the message to determine at least one of a confidence value of the security classification, a significance value of the message, or a bounds check value of the message; and determine in real-time to allow or deny the message to the vehicle control system based on at least one of the significance value of the message, the bounds check value of the message, or the confidence value of the security classification of the message, to provide a sanitized message stream to the vehicle control system.

Abstract: Systems and methods are described for modifying input and output (I/O) to an object storage service by implementing one or more owner-specified functions to I/O requests. Different data manipulation functions can be placed in different I/O paths depending on the request method or user access level. For example, a user having full access may be returned the unaltered version of the object, whereas a user having modified or reduced access may be returned a modified or redacted version of the object. In this manner, owners of the object collection are provided with greater control over how the object collection is accessed.

Abstract: A wireless communication system is provided including a group of media devices that includes a first media device, a second media device, a third media device, and a fourth media device. The first media device, during a first time period, is designated as an access point media device that is configured to transmit media content to each of the other media devices in the group. The second media device is configured to become the access point media device during a second time period and transmit media content to each of the other media devices in the group based on a determination that the second media device is better suited than the first media device to be the access point media device for the group during the second time period. Each media device is configured to output the media content transmitted by the access point media device in a synchronized manner.

Abstract: Various examples are directed to computer-implemented systems and methods for providing a pseudonymous browsing mode. A method includes receiving, by a processor of a computer, input from a user requesting a level of anonymity for a session on an application or website, where the level of anonymity is between open browsing and completely incognito browsing. The processor programs an avatar configured to provide the level of anonymity to an identity of the user and data generated by the user based on the received input. The processor uses the avatar to control an amount of data shared by the user with the application or website to provide the level of anonymity to an identity of the user and data generated by the user.

Abstract: Systems, methods, and computer media for mitigating cybersecurity vulnerabilities of systems are provided herein. A current cybersecurity maturity of a system can be determined based on maturity criteria. The maturity criteria can be ranked based on importance. Solution candidates for increasing the cybersecurity maturity of the system can be determined based on the ranking. The solution candidates specify cybersecurity levels for the maturity criteria. A present state value reflecting the current cybersecurity maturity of the system can be calculated. For the solution candidates, an implementation state value and a transition state value can be determined. The implementation state value represents implementation of the maturity levels of the solution candidate, and the transition state value represents a transition from the present state value to the implementation state value.

Abstract: Content is shared by rendering the content in a shared session and providing the rendered content to the participating devices. The originating device has access to an original version of the content in a virtual session, which is accessed by logging into cloud content services and downloading the desired content into the virtual session. A rendering engine in a rendered session then renders the content and distributes the rendered content to the participants. Only rendered content is provided to the participants, so that the participants cannot see the credentials of the originating user, cannot see the document source and do not have access to the document itself. The participants can mark up the rendered content, which markups are shared to the other participants.

Abstract: Methods and systems for malicious non-human user detection on computing devices are described. The method includes collecting, by a processing device, raw data corresponding to a user action, converting, by the processing device, the raw data to features, wherein the features represent characteristics of a human user or a malicious code acting as if it were the human user, and comparing, by the processing device, at least one of the features against a corresponding portion of a characteristic model to differentiate the human user from the malicious code acting as if it were the human user.

Abstract: Methods and systems for facilitating authentication of a user with a plurality of applications are described. One method includes authenticating a user with a first secure application based on information received from a smart credential stored on a mobile device via a local wireless connection. The method includes obtaining a remote challenge from a remote authentication service and a mobile challenge, signing the mobile challenge with a private key, and transmitting a signed version of the mobile challenge, the remote challenge, and a public key to the mobile device. The method further includes receiving a signed version of the remote challenge and a certificate indicating validation of the mobile challenge, and transmitting the signed version of the remote challenge to the remote authentication service. Based on receiving an authentication result from the remote authentication service, access is granted to a remote secure application via the browser.

Abstract: A control system for a movable body is mountable on the movable body. The control system includes controllers and a detector. The controllers are configured to control functional systems of the movable body. The detector is configured to detect a movement situation of the movable body. Priorities corresponding to movement situations of the movable body are in advance assigned to each of the plurality of functional systems. When at least one of the plurality of controllers malfunctions, control resources of normal controllers, among the plurality of controllers, which do not malfunction are preferentially distributed to one or more of the functional systems having a high priority according to the movement situation of the movable body at that time.

Abstract: A method for improving security of peripheral devices is described. The method includes displaying, by a processor of a computing device, a code, receiving, by the processor, a user input after displaying the code, comparing, by the processor, the user input to the displayed code, and establishing, by the processor, secure communication between a peripheral device and a software application at the computing device based at least in part on a result of the comparing the user input to the displayed code.

Abstract: Systems and methods for screenless computerized social-media access may include (1) receiving, from a user device, data describing an audible user response to a segment of an audiobook that was transmitted to the user device from an audiobook service, (2) creating a digital response-indicator indicative of the audible user response, and (3) providing the digital response-indicator to an additional user device. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Embodiments are directed to managing cryptographic keys in a multi-tenant cloud based system. Embodiments receive from a client a request for a wrapped data encryption key (“DEK”). Embodiments generate a random key and fetch encryption context that corresponds to the client. Embodiments generate the wrapped DEK including the random key and the encryption context encoded in the wrapped DEK. Embodiments then return the wrapped DEK to the client.

Abstract: Method and systems described herein may provide multifactor mutual authentication. A first server may provide a first party and a second party with at least two authentication components in order for the first party to authenticate the identity of the second party, and vice versa. The first authentication component may include a color-based authentication component, while the second authentication component may include a code-based authentication component. Both factors need to be validated in order for the authentication to be successful. The color-based authentication component, in combination with the code-based authentication component, may improve the speed with which the mutual authentication is performed.

Abstract: Methods, systems, and apparatuses for providing access to records of a database stored on a database server in a cloud database platform are described herein. A data sharing platform may determine a shared view definition for access to the database. The data sharing platform may determine rules that specify criteria that limit access to the records stored by the database. The one or more first rules may be received via a user interface. The data sharing platform may perform, based on the rules, a data access certification process on the records stored by the database to generate a table of certification results. The data sharing platform may generate, based on the table of certification results, and without modifying the records stored by the database, a limited consumer view definition. Based on updates to the records, a new limited consumer view definition may be generated.

Abstract: An illustrative computing system for a dynamic user access control management system classifies users and data resources according to their risk and importance by a user management engine with artificial intelligence, machine learning characteristics. The dynamic user access control management system analyzes the log files of data resources to measure system performance characteristics and user access behavior. This system monitors the device and network by which a data access request to a data resource is made. The dynamic user access control management system validates the leave status of a user initiating a data access request. The dynamic user access control management system automatically determines a user access level for a data resource through intelligent analysis of collected information and defers to a user's manager for an access level determination when the determination to grant an access level is outside of the knowledge base of the user management engine.

Abstract: In accordance with some embodiments, a system facilitates the generation of a customized fundraising campaign on behalf of a third party organization by providing mechanisms via which an organizer of the third party organization can set terms of the fundraising campaign and allow participants of the campaign to create customized avatars for use in promoting the campaign.

Abstract: A system includes at least one hardware processor and a memory storing instructions that, when executed by the at least one hardware processor, cause the at least one hardware processor to perform operations including receiving consumption data associated with a user consuming content on one or more user computing devices, determining a preference associated with content consumption of the user based on the received consumption data, the preference including one or more of a delivery time, a computing device of the one or more user computing devices, and a venue, receiving a new content item, determining one or more of a target delivery time, a target computing device of the one or more user computing devices, and a target venue based on the determined preference, and transmitting the new content item to the target computing device for presentation to the user.

Abstract: Embodiments relate to a computer platform and corresponding process and program code to assess multimedia files with respect to similarity and duplicate media content. Data streams are converted into sequences of events, and object representation within the streams is identified and subject to processing with respect to the event sequences. A similarity assessment is conducted between two or more of the data streams, and a corresponding distance measurement to quantify similarity is produced. Duplicate data is selectively identified in response to the similarity assessment and the produced distance measurement.

Abstract: A method for sharing data in a multi-tenant database includes receiving, by a target account of a multiple tenant database, access rights of a share object in a first account of the multiple tenant database, wherein the share object having access rights to a database object of the first account and wherein access to the database object of the first account by the target account is based on the access rights of the share object. The method also includes receiving, by one or more processors of the target account, access rights to an alias object, wherein the alias object references the database object of the first account.

Abstract: A method of tracking a source display panel from which an illegal copy of an image is captured by a camera is provided. The method includes generating a content image visible to human eyes using a visible light component integrated in an integrated light emitting source; generating a watermark image invisible to the human eyes in real time using an invisible light component integrated in the same integrated light emitting source; and simultaneously displaying the content image and the watermark image on the source display panel. Generating the watermark image includes generating an image of an identifier unique to the source display panel. The method further includes analyzing the image captured by the camera to extract the image of an identifier unique to the source display panel; and identifying the source display panel based on the identifier unique to the source display panel.

Abstract: Embodiments of the present specification disclose trusted hardware-based identity management methods, apparatuses, and devices. One method comprising: determining personal identity information of a user of a trusted hardware; determining hardware identifier information of the trusted hardware; generating a decentralized identifier (DID) binding request based on the personal identity information and the hardware identifier information, wherein the DID binding request is configured to request to establish a corresponding relationship between a DID of the user and the trusted hardware; and sending the DID binding request to a decentralized identity service (DIS).

Abstract: In response to a request by a data furnisher system to add data to that organized by a system, a data coordinating system resolves the identity of counterparties to whom the data is relevant. For each identified counterparty, the coordinating system identifies a corresponding counterparty system, and via communications between smart contracts comprised in the coordinating system, communicates the data provided by the data furnisher system. The counterparty reviews the data and either verifies that it is accurate or disputes the data. The counterparty's response is communicated through the data coordinating system via the relevant smart contracts to the data furnisher system. If the counterparty verified the data, the data coordinating system updates its database to reflect the data has been verified. If the counterparty disputed the data, the data furnisher and counterparty communicate to resolve the dispute. The data is marked as being disputed.

Abstract: Systems and methods provide media content events to media devices. An exemplary system receives a request for a media content event from a first media device; communicates the media content event to an edge server that is communicatively coupled to the first media device based on an identifier of the requesting media device; identifies a second media device based on preferred media content event characteristics associated with the second media device, wherein at least one media content event characteristic of the requested media content event corresponds to at least one of the preferred media content event characteristics of the second media device, and wherein the second media device is able to communicatively couple to the edge server; and in response to identifying the second media device, communicates an identifier of the second media device to the edge server, wherein the requested media content event is communicated to the second media device.

Abstract: Method and apparatus for compressing raw event logs into smaller readable formats are described. An example includes receiving an uncompressed log file including traces of events executed on a computing system. In the uncompressed log file, a number of consecutive events are identified referencing an action performed with different parameters, and the uncompressed log file is modified by replacing the identified consecutive events with a record indicating that an event has been repeated the number of times. In the modified log file, repeated sequences of events are identified, a compressed log file is generated by replacing, in the modified log file, repeated sequences of events with a record referencing an initial repetition of events and a difference between parameters included in the initial repetition of events and a respective repeated sequence, and the generated compressed log file is output.

Abstract: An emotion inference device includes: an obtainer that obtains a second evaluation value group and then a first evaluation value group each including evaluation values corresponding to emotion attributes of classified emotions of a subject; a processor that, when a difference under the same emotion attribute between corresponding evaluation values in the first and second evaluation value groups does not exceed a predetermined criterion, performs a correction process to reduce the evaluation value corresponding to the same emotion attribute in the first evaluation value group, and performs an inference process to infer the emotion of the subject based on the corrected first evaluation value group, in which an emotion attribute having a relatively higher evaluation value is inferred relatively more strongly as the emotion of the subject; and an outputter that outputs a result of the inference process performed by the processor.

Abstract: An electronic device for managing secured data containers, the electronic device comprising at least one network interface, at least one memory storing executable instructions, and at least one processor coupled to the at least one network interface and the at least one memory. Execution of the executable instructions by the at least one processor causes the electronic device to receive a request for data container creation, retrieve data related to the request for data container creation, retrieve one or more parameters constraining use of the data, encrypt the data using a public encryption key, encode the encrypted data into a data storage area of a data container, encode the one or more parameters constraining use of the data into a machine readable parameter storage area of the data container, and assign a UUID to the data container.

Abstract: A vehicle ridesharing system includes a user interface used to interact with rideshare passengers. The interface matches a selected user identifier with a PIN index and sends the PIN index to a vehicle body control module (BCM) of the vehicle through an unsecure communication channel. The BCM uses the PIN index to select a salt value and a nonce associated with a unique user associated with the PIN index, and sends a salt and a nonce back to the interface through the unsecure channel. The user enters a PIN value into the interface to authenticate their identity for the rideshare service. The interface generates a first hash result by hashing the PIN value with the salt and the nonce received from the BCM, and sends the hashed result back to the BCM for authentication.