Abstract: The present invention is a system for performing communication among a plurality of applications running on a portable terminal device, wherein the portable terminal device includes a token generation unit that generates a token; a publishing unit that sends a publish message including the token and a payload to the server, the publish message being a message to be sent from one app running on the portable terminal device to another app; and a subscription unit that sends a subscribe message including the token to the server, the subscribe message indicating that the other app can receive data sent from the publishing unit, and wherein the server, when the publish message is received, compares the token included in the publish message with the token included in the subscribe message, and sends the payload to the other app in the case where the result of the comparison satisfies a predetermined condition.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for blockchain-based cross-entity authentication are provided. One of the methods includes: obtaining an authentication request by a first entity for authenticating a user, wherein the authentication request comprises a decentralized identifier (DID) of the user; in response to determining that the first entity is permitted to access authentication information of the user endorsed by a second entity, generating a blockchain transaction for obtaining an authentication result of the user by the second entity, wherein the authentication result is associated with the DID; and transmitting the blockchain transaction to a blockchain node for adding to a blockchain.

Abstract: A user profile information providing method for a messaging server that provides an instant messaging service to provide user profile information, includes: receiving private profile information set in a terminal of a user who uses the instant messaging service for a targeted friend; storing the private profile information corresponding to the targeted friend; and transmitting the private profile information to a terminal of the targeted friend. The private profile information is displayed differently from default profile information of the user, and is displayed as a profile of the user only in the terminal of the targeted friend. The default profile information is displayed as a profile of the user in terminals of friends, in which the private profile information is not set, among friends of the user.

Abstract: Systems and methods of real time notification of activities that occur in a web-based collaboration environment are disclosed. In one aspect, embodiments of the present disclosure include a method, which may be implemented on a system, for selecting a recipient of a notification an activity according to criteria determined based on a workspace in which the activity was performed in the online collaboration platform and/or sending the notification of the activity to the recipient such that the recipient is notified in real time or near real time to when the activity occurred.

Abstract: A system and method is provided for accessing data across networks and from mobile devices for providing fraud detection and risk management and that maintains anonymity of users. More particularly, a system and method implemented inside a payment server is provided that can access data across networks and from mobile devices, including encoded personally identifiable information (PII) data, and aggregate and analyze such data from multiple payment networks to generate a risk score that is sent to one or more payment networks for fraud detection and risk management, while maintaining anonymity of users.

Abstract: Systems and methods for warning a user that media assets associated with another user depict the user with an undesired expression are provided. A plurality of media assets associated with a first user and depicting a second user may be identified. A set of expressions of the second user that the second user has indicated as undesirable may be retrieved. The depictions of the second user in the plurality of media assets and the expressions that the second user has indicated are undesirable may be compared. If it is determined that one or more of the media assets depict the second user with an undesirable expression, a notification may be generated to the second user indicating that one or more media assets of the first user depict the second user with an expression that the second user has indicated as undesirable.

Abstract: A messaging server system receives a message creation input from a first client device that is associated with a first user registered with the messaging server system. The messaging server system determines, based on an entity graph representing connections between a plurality of users registered with the messaging server system, that the first user is within a threshold degree of connection with a second that initiated a group story in relation to a specified event. The messaging server system determines, based on location data received from the first client device, that the first client device was located within a geo-fence surrounding a geographic location of the specified event during a predetermined event window, the geo-fence and event window having been designated by the second user, and causes the first client device to present a user interface element that enables the first user to submit content to the group story.

Abstract: A first Session Initiation Protocol (SIP) INVITE message is received to establish a communication session where a communication application, in a first communication endpoint that is used to establish the communication session has been suspended or is not running. A first message is sent that causes the communication application to become active. A second message is received from that indicates that the communication application is active. Various processes are then used to establish the communication session with the previously suspended or not running communication application.

Abstract: A computer system for secure data access control, according to some examples, may perform operations including: receiving first data from a first client associated with a first user; using a first data access agent to store the first data in a first data store, the first data access agent having access to the first data store and not having access to a second data store; receiving second data from a second client associated with a second user; and using a second data access agent to store the second data in the second data store, the second data access agent having access to the second data store and not having access to the first data store.

Abstract: The present disclosure involves systems, software, and computer implemented methods for sending payment requests to one or more persons or entities based on images in which the persons or entities appear. In one example, the process may include identifying an image associated with a payment request, the identified image containing at least one recipient associated with the payment request, and wherein the payment request includes a value, analyzing the identified image to identify the at least one potential recipient of the payment request, identifying contact information associated with the at least one identified recipient of the payment request, and sending the payment request to the at least one identified recipient of the payment request via a destination associated with the identified contact information.

Abstract: The present invention relates to computer systems, computer implemented methods and computer executable code configured to provide secure PC solutions based on a virtual desktop infrastructure (VDI) including IPTV via VDI to secure locations such as prison cells. The invention is embodied in a networked system that provides a plurality of virtual machines that are hosted in a Virtual Environment, with data stored in a shared Storage Area Network (SAN). Secure application streaming technology is applied as a broker to deliver a secure user experience to the end users. The solution is based on providing a complete end-to-end solution delivering published apps to users on in-cell devices. The system is configured to provide functionalities including: (i) streaming of TV services to the cells via IPTV; and (ii) eLearning via the VDI environment.

Abstract: A communication system includes a management device of Internet of Thing (IoT) devices and an agent communicatively coupled between the management device of IoT devices and plural cloud servers. The agent receives identification information corresponding to a first IoT device, and obtains a key hash corresponding to the first IoT device from one of the cloud servers that corresponds to the first IoT device according to the identification information, and transmits the key hash to the management device of IoT devices. The management device of IoT devices encrypts management information by utilizing the key hash and transmits the encrypted management information to the first IoT device. The management information includes a control hash. The first IoT device decrypts the management information to obtain the control hash, and encrypts a message by utilizing the control hash, and transmits the encrypted message to the management device of IoT devices.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for blockchain-based cross-entity authentication are provided. One of the methods includes: obtaining an authentication request by a first entity for authenticating a user, wherein the authentication request comprises a decentralized identifier (DID) of the user; in response to determining that the first entity is permitted to access authentication information of the user endorsed by a second entity, generating a blockchain transaction for obtaining an authentication result of the user by the second entity, wherein the authentication result is associated with the DID; and transmitting the blockchain transaction to a blockchain node for adding to a blockchain.

Abstract: Systems and methods are described herein for token-based access to an intelligent electronic device (IED) resource in a power delivery system. A token server and an IED resource may be communicatively connected via a communication network. The token server may generate a token associated with access privileges to one or more IED resources. The token server associates an access duration time with the generated token. The user presents the IED resource with the token as part of an access attempt. The IED resource grants access at a first time defined with reference to the device uptime of the IED resource until a second time defined with reference to the device up time. The difference between the first time and the second time corresponds to the access duration time of the token.

Abstract: A user engagement computer system for enhancing user engagement via video chats and methods of using same are disclosed. The system includes one or more modules that provide enhanced video chat features such as one of the following: detecting user presence at the user devices, automating the establishment and/or scheduling of video chat sessions based on user presence, controlling the available functionality of the video chat application during a video chat session based on user presence, providing a kids mode with safeguards for children who video chat, providing visualization of storytelling, providing shared digital interactions via a shared interactive digital screen overlaid onto the video chat display, providing user controls via unspoken words, motions and gestures, actively measuring user engagement during a video chat session, and utilizing state machines to dynamically change between system states.

Abstract: A proxy server receives a synchronization request from an application program resident on a user device. The proxy server determines that the user device requires removal of application program data and synchronizes the application program resident on the user device with a null account that is associated with application program.

Abstract: In one embodiment, a computer-implemented method is provided, comprising: creating at least a portion of an instant messaging application that is configured to cooperate with an apparatus, the instant messaging application, when executed, configured to cause a device to: display an instant messaging interface including a communicant message user interface element for receiving a text portion of a message and a send user interface element for sending the text portion of the message in response to a user selection thereof, and receive, from the apparatus and utilizing a communications agent on the device configured to receive incoming messages addressed to a communicant identifier associated with a user of the instant messaging application, a notification including a constraint that identifies a plurality of user interface elements includable in a form presentable via the instant messaging interface for constraining a generation of one or more data object requests in response to a selection on one or more of th

Abstract: Methods, systems, and devices for voice-activated medical assistance are described. The method may include receiving an indication of an audio request from a user and determining whether a response to the audio request includes medical information associated with a patient. After determining whether the response includes medical information, the medical assistance server may identify an access class of the medical information and a permission level associated with accessing the access class of the medical information. The method may further include determining whether the user is authorized to access the access class based on the permission level and transmitting an indication of the response to the audio request based on determining whether the user is authorized.

Abstract: Methods and systems for managing and/or processing a blockchain to maintain data security for confidential and/or personal data are provided. According to certain aspects, the disclosed data security techniques may enable access sharing functionality utilizing the blockchain. For example, access sharing may be utilized to file documents, share policy information, and/or comply with an audit. The data security techniques disclosed herein also enable the use of smart contracts to transfer funds associated with payment obligations and/or other forms of blockchain based payments, comply with anti-money laundering requirements, report industry data, validate interest payments and/or maintain agent sales data. Data security may be achieved through the use of public key/private key encryption techniques.

Abstract: A personalized integrated video user experience enables a user to view full screen streaming content utilizing an overlaid user interface to navigate throughout the experience. Included in the experience is scrubber branding as well as embedded unlockable contextual content that is presented to the user at specified times. The embedded unlockable or promotion of either digital contextual content or physical contextual goods is related to the content being streamed and enhances the user experience by enabling the user to perform additional actions such as purchasing items and acquiring additional information. An NFC-enabled or Bluetooth® device is able to be used to authenticate the experience as well as navigate content and interact with the streaming experience for an educational experience.

Abstract: A data security and protection system that provides monitoring, diagnostics, and analytics within an enterprise network to identify potentially sensitive data is disclosed. The system may provide one or more data stores to store and manage personal data within a network. The system may also provide one or more servers to facilitate operations using information from the one or more data stores. The system may also provide an analytics system with processing components that determines uniqueness of personal data. The system may receive personal data and population attribute data via a data access interface. The analytics system may compare the data received to determine a fraction assignment, which when further processed using at least a combination or correlation technique, may yield a detailed uniqueness factor classification and analysis of the personal data to indicate its relative sensitivity.

Abstract: A system and apparatus for enabling individuals to control the sharing and disclosure of their bioinformatic data, including whole genome sequence data over a network. In combination with a privacy preference repository and policy repository for expressing legal and institutional criteria for accessing such bioinformatic information, a private access bureau enables such privacy and policy requirements to be applied while simultaneously enabling sharing of such bioinformatics data by properly authorized parties or applications. Through the use of various forms of metadata, encryption, and unique IDs that accompany such data elements, discrete segments of said bioinformatic data can be queried; and where permissible discovered, analyzed and linked with other health data based on pertinent privacy laws, institutional policies, and the individual's preferences that are associated with, and dynamically controlled through, an intuitive user interface.

Abstract: In one embodiment, a method includes displaying a feed of an online social network on a client computing device of a user, the feed comprising a plurality of media items; receiving a first indication the user is viewing a first media item, wherein the first media item is located at a first location in the feed; sending a first sponsored content item for playing at the first location; receiving a second indication the user is transitioning from the first location to a second location in the feed; and pausing the first sponsored content item from playing in response to receiving the second indication.

Abstract: Apparatuses, systems and methods for tracking network connected devices includes the steps of determining whether a device is associated with an identifier. If the device does have an identifier, determining whether the identifier is associated with the device and if the device does not already have an identifier, associating an identifier with the device. Next, an amount of tokens is assigned to the device and its associated identifier. The last step determines an accounting of the tokens associated with the device. Other steps that may be included are the steps of determining whether an event has occurred and adjusting the value of the tokens associated with the device based on that event. Other steps determine the status of a device, for example an on or off status of the device or the physical location of the device.

Abstract: An approval request for a recurring workflow instance is received, that requests the execution of an instance of a recurring workflow. An authorization token is generated based upon the content of the particular workflow to be executed, the location where the workflow is to be executed, and a time period during which the workflow is to be executed. The authorization token is sent, along with a representation of a workflow to be executed, to a target machine for authorization and execution.

Abstract: A data processing central consent repository system may be configured to, for example: (1) identify a form used to collect one or more pieces of personal data, (2) determine a data asset of a plurality of data assets of the organization where input data of the form is transmitted, (3) add the data asset to the third-party data repository with an electronic link to the form, (4) in response to a user submitting the form, create a unique subject identifier to submit to the third-party data repository and, along with the form data provided by the user in the form, to the data asset, (5) submit the unique subject identifier and the form data provided by the user to the third-party data repository and the data asset, and (6) digitally store the unique subject identifier and the form data in the third-party data repository and the data asset.

Abstract: A method for processing an attempted payment made using a mobile device includes receiving information about the attempted payment, receiving data indicative of a behavior of a user of the mobile device at the time of the attempted payment, computing a likelihood that the attempted payment is fraudulent, based on a comparison of the behavior of the user to an historical behavior pattern of the user, and sending an instruction indicating how to proceed with the attempted payment, based on the likelihood.

Abstract: Systems and methods provide media content events to media devices. An exemplary system receives a request for a media content event from a first media device; communicates the media content event to an edge server that is communicatively coupled to the first media device based on an identifier of the requesting media device; identifies a second media device based on preferred media content event characteristics associated with the second media device, wherein at least one media content event characteristic of the requested media content event corresponds to at least one of the preferred media content event characteristics of the second media device, and wherein the second media device is able to communicatively couple to the edge server; and in response to identifying the second media device, communicates an identifier of the second media device to the edge server, wherein the requested media content event is communicated to the second media device.

Abstract: Disclosed are a document providing method and apparatus. The method comprises: receiving an access request to a target document that is sent by a user; determining whether an access link used by the user is valid; if the access link is invalid, further determining whether the user identifies the access link before the access link is invalid; and if yes, providing the target document for the user. According to this application, by providing a document providing method and apparatus, when the access link is invalid, it is further determined whether the user identifies the access link before the access link is invalid, and if yes, the target document is provided for the user, so that a user that obtains the document provided by the access link when the access link is valid can obtain the document provided by the access link again after the access link is invalid, thereby providing convenience for the user to obtain the document.

Abstract: Techniques for providing secured, automatic log-in and authentication of a user to a website via a browser executing at the user's personal electronic device (PED) include generating a token based on an identifier of the PED and a user identifier, and storing the token at the user's PED for use in validating and authenticating the user and device credentials against those stored at back-end system and/or in another memory location at the device. Based on the persisted token (and optionally on a user preference), the user may be automatically logged in as the user navigates across restricted and unrestricted portions of the website, and/or to other websites (e.g., without the user's knowledge). At least these features enable automatic log-in and authentication to be performed on an as-needed basis, and/or on a per-device basis, thereby providing significantly more secure access as compared to known techniques.

Abstract: A user input interface on a mobile device may employ a set of routines to control computing functions on a computer. Computing functions may be associated with elements of the user input interface, such that the elements may be used to control the associated computing functions. The associations of computing functions and user input interface elements may be stored in a database.

Abstract: Systems are provided for facilitating the disclosed methods for performing event storage and diagnostic processing within a hybrid cloud environment. Event records are gathered and batched at an on-premises server. The event records are also appended with correlation vector data that enables the event records to be correlated with other events. The batch of event record batches are signed with a security key associated with a cloud storage container and the on-premises server is restricted to writing the batch of event records to the container. In some instances, the size of the batch is based on a duration of time for collecting records, which can be adjusted to accommodate for missing data.

Abstract: Disclosed herein is a method and apparatus for managing license information for playing secure high definition content. The method includes receiving a certificate revision list (CRL) from a license server, receiving encrypted license information allowing a playback of the content through a first session established between a storage device and the license server wherein the first session is identified by session identification information, and playing the content based on the license information.

Abstract: An electronic control unit configured to permit a vehicle to travel in an automated driving mode. The electronic control unit is configured to detect unauthorized access from an outside to an in-vehicle Local Area Network during the automated driving mode. The electronic control unit is configured to perform control to fix a gear position of an automatic transmission when the electronic control unit determines that unauthorized access from the outside occurs during the automated driving mode.

Abstract: Various embodiments of the present disclosure provide a system and method for detecting network connections having a plurality of interconnected network nodes; a connection-based behavioral anomaly detection device (“CBAD”) connected to one of the plurality of network nodes such that the CBAD may observe data traffic flowing through at least one node of the plurality of network nodes; an application loaded onto a first node of the plurality of network nodes, the application initializing a connection from the first node to a second node of the plurality of network nodes; and a computer-readable storage device communicatively connected to the CBAD; wherein the application transmits a plurality of data packets from the first node to the second node of the plurality of network nodes; the CBAD observes at least one of the plurality of data packets exchanged between the first node and the second node; the CBAD extrapolates packet information from at least one of the plurality of data packets observed; and the extra

Abstract: A cloud-based security system enforcing application-based control of network resources includes a plurality of nodes communicatively coupled to the Internet; and one or more authority nodes communicatively coupled to the plurality of nodes; wherein a node of the plurality of nodes is communicatively coupled to a user device via the Internet, and wherein the node is configured to receive a request from a user device for network resources on the Internet or in an external network, to evaluate the request to determine an application on the user device associated with the request, and to provide application-based control of the request based on the determined application and the network resources.

Abstract: A method of processing a query on a genome to produce a report is disclosed. The method comprises receiving a first secret, a second secret and a query request over a communications network during a first communications session and storing a proxy value associated with the query request in a database. The first secret is used to determine a genome key enabling access to genome data stored in the database and associated with the first secret. The proxy value and a query key are associated using the second secret such that the query key can only be found using both the proxy value and the second secret. An association is stored between the genome key and the query key in the database and the first and second secrets are deleted subsequent to determining the genome key and associating the proxy value and query key, during or at the end of the first communications session, to ensure anonymity.

Abstract: A method may comprise monitoring files (files, folders, documents of any type) to be sent to a remote storage to identify those that belong to selected file types and extracting metadata from those that belong to the selected file type(s), which may then be transcoded. Identifiers of the transcoded files and corresponding extracted metadata may be sent to a storage database. The transcoded files may be sent to be stored in the remote storage such that, upon receiving a file request and at least one criterion, the remote storage searches the database to find identifier(s) of the transcoded file(s) whose extracted metadata satisfies the criterion. Responsive to the received file request, one or more transcoded files may be made available whose identifier(s) were found during the search of the database. Alternatively or in addition, links to the transcoded files that correspond to found identifier(s) may be made available.

Abstract: One embodiment provides a method for monitoring context-dependent quality of service in a shared computing environment that includes detecting, by a processor, a change in context. Service classes are dynamically assigned to individual users and respective applications within shared computing environment customers based on the change in context. Service level agreement (SLA) statistics for each assigned service class are aggregated and collected.

Abstract: An apparatus and method for device security, wherein a fingerprint image is acquired on a touchscreen, and an authentication process is performed based on the first fingerprint image. Thereafter, a second fingerprint image is acquired and a difference between a characteristic of the first and second fingerprint images is determined, and based upon whether this difference is greater than a threshold, a second authentication process is performed.

Abstract: Various methods and systems are provided for autonomous secrets management for a temporary shared access signature (“SAS”) service. Input for a temporary access request for an account resource, is received from a client. The temporary access request is validated, based on communicating a validation request to the secrets management service (“SMS”) that can be utilized to store, renew and distribute secrets in a distributed computing environment. Validating the temporary access request is based on determining a storage account location path for SAS keys that provide temporary access to account resources. An access policy associated with the temporary access request is accessed. An SAS key request, associated with temporary access request, is communicated to the SMS. The SAS key request includes at least a portion of the access policy. An SAS key is received from the SMS. The SAS key, for access to the account resource, is communicated to the client.

Abstract: Embodiments described herein may be directed to systems, methods, apparatuses, devices, computer program products, computer-executable instructions, and/or applications for securely and anonymously accessing web resources and customizable attribution of identity. In accordance with the present disclosure, a user may inspect and analyze a webpage as well as the underlying source code from an “arm's length” using a secure analysis application to prevent exposure on the user's local machine. The secure analysis application may provide increased flexibility in masking and/or modifying the user's digital persona to external websites. Additionally, the secure analysis application may be integrated with a translation service to translate textual web content without the web content provider being alerted that a translation is taking place.

Abstract: Devices and techniques for NAND temperature data management are disclosed herein. A command to write data to a NAND component in the NAND device is received at a NAND controller of the NAND device. A temperature corresponding to the NAND component is obtained in response to receiving the command. The command is then executed to write data to the NAND component and to write a representation of the temperature. The data is written to a user portion and the representation of the temperature is written to a management portion that is accessible only to the controller and segregated from the user portion.

Abstract: Concepts and technologies are disclosed herein for separating sensitive data from mobile devices for theft prevention. According to one aspect, a system includes a data security platform and a mobile device platform. The mobile device platform can detect that the data security platform is connected. The mobile device platform can determine whether the data security platform is part of an authenticated pair with the mobile device platform. In response to determining that the data security platform is part of an authenticated pair with the mobile device platform, the mobile device platform can access at least a portion of sensitive data that is stored in a memory component of the data security platform. If the data security platform is disconnected from the mobile device platform, the mobile device platform cannot function or can provide limited functionality, such as a function to communication with a 9-1-1 service.

Abstract: A technique for network authentication interoperability involves initiating an authentication procedure on a first network, authenticating on a second network, and allowing access at the first network. The technique can include filtering access to a network, thereby restricting access to users with acceptable credentials. Offering a service that incorporates these techniques can enable incorporation of the techniques into an existing system with minimal impact to network configuration.

Abstract: This is generally directed to identifying unauthorized users of an electronic device. In some embodiments, an unauthorized user of the electronic device can be detected by identifying particular activities that may indicate suspicious behavior. In some embodiments, an unauthorized user can be detected by comparing the identity of the current user to the identity of the owner of the electronic device. When an unauthorized user is detected, various safety measures can be taken. For example, information related to the identity of the unauthorized user, the unauthorized user's operation of the electronic device, or the current location of the electronic device can be gathered. As another example, functions of the electronic device can be restricted. In some embodiments, the owner of the electronic device can be notified of the unauthorized user by sending an alert notification through any suitable medium, such as, for example, a voice mail, e-mail, or text message.

Abstract: A first set of electronic information is logged to a remotely located data store, including a user identifier, primary content, secondary content, and user interaction with the primary content and the secondary content. A second set of electronic information is received from a data source other than the user device, the second set of electronic information being related to the same user identifier as the user identifier of the first set of electronic information. Behavioral data is created for the user identifier based on at least the logged first set of electronic information and the second set of electronic information. A subsequently displayed container is controlled or modified based on the behavioral data.

Abstract: A communication apparatus displays an image on a display unit, transmits a display image displayed on the display unit to another communication apparatus by wireless communication, transmits a confirmation image for confirming a transmission destination of the display image to the another communication apparatus by wireless communication to display the confirmation image on the another communication apparatus, selects, by a user operation, whether to transmit the display image to the another communication apparatus, after transmission of the confirmation image and before transmission of the display image, and transmits the display image to the another communication apparatus if it is selected in the selecting to transmit the display image.

Abstract: Embodiments regard security descriptors for record access queries. An embodiment of a method includes: receiving a record access query, the query regarding records for a certain one or more users at a certain access level; searching one or more sharing tables of entities in a computing environment for security descriptors, each security descriptor being associated with a set of one or more users having access to one or more records of a set of records at an access level; identifying any security descriptors in the one or more sharing tables that relate to the certain one or more users with at least the certain access level; and searching the one or more records associated with each of the identified security descriptors according to the record access query.

Abstract: A system for providing an ingest proxy and query rewriter for secure data is described. In an example implementation, the system may include a proxy configured to obfuscate data, generate maps of the obfuscated data to the original data, and send the obfuscated data to an analysis server. The analysis server may be configured to generate analysis data relevant to the obfuscated data and the original data by analyzing the obfuscated data. The analysis server may send the analysis data and an identification of the obfuscated data to a user device in response to a request from the user device. The user device may be configured to detect the identification of the obfuscated data in the signal received from the analysis server and retrieve the analysis data from a client device via the proxy.