Abstract: Systems, methods, and computer-readable media for computer-implemented authentication platforms are described herein. In an example approach, a user is enrolled in a computer-implemented authentication platform. The enrollment process includes digitally encrypting an image of a user, storing the digitally encrypted image of the user in a blockchain as part of a user profile of the user, generating (using the digitally encrypted image of the user) an identifier of the user, and storing the identifier of the user in the blockchain as part of the user profile of the user. Subsequently, the user is authenticated. The authentication process includes retrieving the digitally encrypted image of the user from the blockchain (using the identifier of the user to retrieve the digitally encrypted image of the user) and decrypting the digitally encrypted image of the user using a decryption token.

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for uploading, by a verified party, verified-party content to a media platform, receiving requests by a client device for store content, and displaying the uploaded verified-party content along with store content on the client device.

Abstract: The present disclosure generally relates to interfaces and techniques for media playback on one or more devices. In accordance with some embodiments, an electronic device includes a display, one or more processors, and memory. The electronic device receives user input and, in response to receiving the user input, displays, on the display, a multi-device interface that includes: one or more indicators associated with a plurality of available playback devices that are connected to the device and available to initiate playback of media from the device, and a media playback status of the plurality of available playback devices.

Abstract: An access control system for enabling access of an attendant to a customer account on a cloud application hosted on a cloud computing system includes a vision sensor coupled with the cloud computing system. The cloud computing system stores customer accounts, an access factorization rule, location-based endpoints, and a supervisor identifier. The system determines that the customer and attendant are at a first endpoint and determines a particular interaction between the attendant and the customer, then factorizes an access indicator and either permits access or denies access of the attendant to the customer account, and may form and send a message comprising a denial of access semantic to the supervisor.

Abstract: The subject technology serializes, by at least one hardware processor, non-primary key data of column-organized data into compressed serialized value data that is in a row-organized sequence, the compressed serialized value data compressed using at least one bitmap, the non-primary key data comprising a schema identifier, the column-organized data being stored in a columnar database system, the column-organized data comprising primary key data and the non-primary key data. The subject technology stores the compressed serialized value data in a key-value data store of a key-value database system, the key-value database system processing key-value data in a key-value format. The subject technology receives a query by the columnar database system. The subject technology deserializes a portion of the compressed serialized value data that corresponds to the query. The subject technology processes the query using the columnar database system.

Abstract: In some implementations, an onboarding device may enable an onboarding application running on a platform. The onboarding device may receive configuration data for a desired device to determine compatibility with a network. The onboarding device may determine, based on a comparison between configuration data and a configuration criteria for the network, whether a compatibility threshold has been satisfied. The onboarding device may determine, when the compatibility threshold has been satisfied, whether the desired device is compatible with the particular network.

Abstract: Disclosed herein are systems and method for securely providing access to data. In one exemplary aspect, a method may comprise receiving a request to access data on a computing device of a user and identifying a location of the computing device. The method may comprise determining whether access to the data is allowed in the location based on a location-based rule of a plurality of location-based rule. The method may comprise, in response to determining that access to the data is allowed in the location, detecting, via sensors of the computing device, (1) at least one other person different from the user or (2) a surveillance device in the location, and determining whether the at least one other person or the surveillance device can view the data without direct access to the computing device. If not, the method may comprise providing access to the data on the computing device.

Abstract: A device may not trust another device with which it is in communication. To establish trust, a first device may send a second device an indication of signed code that is stored in a protected memory of the first device. Based on determining that the first device is a trusted device, the second device may send the first device an encrypted content asset, a decryption key associated with the content asset, and/or an encryption key associated with the content asset.

Abstract: The present disclosure provides systems and methods for automatically detecting third-party re-identification of anonymized computing devices.

Abstract: Novel tools and techniques are provided for implementing customer resource telemetry and use as a service. In various embodiments, a computing system might receive, from a user, a request to access at least one network-accessible resource associated with a customer of a service provider, the user being unassociated and unrelated with the customer; might identify at least one of a user identification, a company, or a class of user associated with the user; might determine whether at least one resource record associated with the customer indicates that the user has permission to access the at least one network-accessible resource, based on the identification. If so, the computing system might provide the user with access to the at least one network-accessible resource associated with the customer. If not, the computing system might deny, to the user, access to the at least one network-accessible resource associated with the customer.

Abstract: Data processing systems and methods, according to various embodiments, are adapted for mapping various questions regarding a data breach from a master questionnaire to a plurality of territory-specific data breach disclosure questionnaires. The answers to the questions in the master questionnaire are used to populate the territory-specific data breach disclosure questionnaires and determine whether disclosure is required in territory. The system can automatically notify the appropriate regulatory bodies for each territory where it is determined that data breach disclosure is required.

Abstract: Systems and methods that allow examination of response data collected from content providers and provide for classification and routing according to the classification. The process of classification employs an unsupervised, or partially unsupervised, Machine Learning classifier model for identifying data collection responses that contains no data, mangled data, or a block, for assigning a classification correspondingly and for feeding the classification decision back to a data collection platform.

Abstract: Methods for operating a device and for managing bootstrapping of devices are disclosed. The method (100) for operating a device comprises computing (102) a derivative of a secret shared between the device and a server entity of a network, generating (104) a temporary bootstrap URI by combining at least a part of the computed derivative with a static bootstrap URI for the network, and sending (106) a bootstrap request to the temporary bootstrap URI. The method for managing bootstrapping of devices comprises generating temporary bootstrap URIs corresponding to devices operable to connect to a network, and updating a network DNS registry to map the generated temporary bootstrap URIs to the IP address of at least one of a bootstrap server instance reachable via the network and/or a bootstrap load balancer. Also disclosed are a device, a bootstrap load balancer, a bootstrap server, and a computer program.

Abstract: A display method comprises a first device projecting a first window interface to a second device after receiving a screen projection instruction entered by a user. The first device receives an instruction for running a second window interface, and may send a task identity of the second window interface and a security protection instruction to the second device after determining that the second window interface includes a security flag bit. Further, the second device displays the first window interface and a security interface, where the security interface is a projected interface of the second window interface.

Abstract: Existing data residency compliance techniques suffer from inherent drawbacks to discover the spread of data, understanding the data residency regulations and semantics behind them and most importantly placement of data in cloud datacenters such that it is data residency compliant. Embodiments herein provide a method and system for optimizing placement of data to a cloud datacenter complying data residency regulations. The system selects one serving cloud datacenter for a user center. The selection considers three conflicting objectives such as minimum data placement cost, provide good quality of service (i.e. latency) and to comply with data residency regulations. The system essentially covers data residency compliance problem in three phases namely, violation detection, decision support and recommendation. Herein, the system trades-offs latency with data placement cost.

Abstract: The described features generally relate to receiving one or more positioning signals at a satellite terminal during installation of the satellite terminal at a customer premises, and providing position-based access to a satellite communications system based on a satellite terminal installation position determined from the received positioning signals. The determined installation position of the satellite terminal may then be employed for various network access techniques, such as providing access to the satellite communications system, providing position-based content, or restricting content via the satellite communications system based on the determined installation position.

Abstract: A secure computer is disclosed comprising a general-purpose domain, a secure domain, and a security module. The general-purpose domain is configured to provide general-purpose computing and comprises a host processor, a non-volatile storage system, and at least one networking device. The secure domain is configured to provide secure computing and comprises a secure processor. The security module is configured to facilitate data transmission between the general-purpose domain and the secure domain.

Abstract: Embodiments of the disclosure provide application management capabilities to enterprises. A computing device of a user, associated with the enterprise, receives an enrollment token signed with a certificate. The enrollment token includes an enterprise identifier associated with the enterprise. The computing device receives a package containing one or more applications. The package also includes an enterprise identifier. Installation and execution of one or more applications from the received package is accepted or rejected based on a comparison of the enterprise identifier from the enrollment token with the enterprise identifier from the received package or application. A web service provides validation services by monitoring the installation and execution of applications on the computing devices associated with the enterprise.

Abstract: Systems and methods for location-based online content sharing using unique identifiers are provided. A server and a plurality of clients may be connected to one or more networks. A first client may send a shared content to the server. The first client may also send a first location of the first client as well as a unique identifier for the shared content. The server may store the shared content. A second client may request the shared content, and the request may include the unique identifier and a second location of the second client. The server may determine that the second location is within a predefined distance from the first location. Upon such determination, the server may send the shared content to the second client.

Abstract: Embodiments of the invention are directed to a system, method, or computer program product for cross-channel network security with tiered adaptive mitigation operations. In this regard, the invention is structured for dynamic detection of security events associated with network devices and resources, and triggering real-time mitigation operations across a plurality of resource channels. The invention provides a novel method for employing activity data to construct and implement mitigation actions for de-escalating authorization tiers that are adapted to the specific attributes of the activity data, in order to prevent security exposure associated with the activity. Another aspect of the invention is directed to determining whether to continue the tiered adaptive mitigation actions and/or trigger a security proceed signal.

Abstract: A computer implemented method for providing a communication path is provided. The method includes to determine, with a receiving device, a shared secret based on a receiving device private key and an electronic device public key communicated to the receiving device over a network, and determine, with the electronic device, the shared secret based on an electronic device private key and a receiving device public key communicated to the electronic device over the network. The method also includes to determine, with the receiving device, an identifier of the receiving device based on the shared secret, and determine, with the electronic device, a time-based one-time password (TOTP) based on the shared secret. The method also includes to obtain a token based on the TOTP, communicate the token from the electronic device to the receiving device based on the identifier, and provide a communication path between the receiving device and electronic device based on the token.

Abstract: A method is disclosed for conducting a transaction between a computing device and an access device. A server computer may be utilized to facilitate data exchanges between the computing device and the access device. These data exchanges may utilize high-frequency sound signals. The server computer may encrypt at least some portion of data that is then transmitted to the access device via the computing device. The server computer may verify data received from the access device prior to generating and transmitting an authorization request message for the transaction.

Abstract: A control device having a surface that is hidden after installation of the control device. The control device includes an optical code disposed on the surface. The optical code encodes a device identifier of the control device and a secret code. The control device includes a wireless transceiver configured to communicate with a user device during a provisioning sequence of events that is initiated based on the user device scanning the optical code to obtain the device identifier and the secret code.

Abstract: According to some embodiments, a method includes receiving, from a graphical user interface, an indication that a user has purchased licenses associated with a CNF. The method further includes sending, to a second computing system of a CNF, first instructions regarding the licenses purchased by the user. The method further includes receiving an indication that the user wishes to deploy a particular router in the CNF with a particular data connection and retrieving, from the second computing system of the CNF, a list of licenses previously purchased by the user. The method further includes automatically determining, from the list of licenses, appropriate licenses for the particular router that the user wishes to deploy in the CNF. The method further includes sending second instructions that are operable to deploy the particular router in the CNF with the particular data connection and apply the determined licenses to the deployed particular router.

Abstract: An off-road mobile work machine data capture system includes a robustly-identifiable sensor module having a task sensor that provides a task sensor signal indicative of a task. The system also includes a processor coupled to the robustly-identifiable sensor module that is configured to issue a challenge to the robustly-identifiable sensor module and compare a response from the robustly-identifiable sensor module to an expected response to authenticate the robustly-identifiable sensor module. The processor is further configured to generate an indication of authentication failure if the response from the robustly-identifiable sensor module does not match the expected response.

Abstract: Novel tools and techniques are provided for implementing customer resource telemetry and use as a service. In various embodiments, a computing system might receive, from a user, a request to access at least one network-accessible resource associated with a customer of a service provider, the user being unassociated and unrelated with the customer; might identify at least one of a user identification, a company, or a class of user associated with the user; might determine whether at least one resource record associated with the customer indicates that the user has permission to access the at least one network-accessible resource, based on the identification. If so, the computing system might provide the user with access to the at least one network-accessible resource associated with the customer. If not, the computing system might deny, to the user, access to the at least one network-accessible resource associated with the customer.

Abstract: Systems and associated methods are described for providing content recommendations. The system selects, using a multi-armed bandit solution model, a first plurality of content categories based on a reward score of each content category. The categories are displayed. When a user selects an item from the displayed categories, the system finds all categories that include the selected item, but rewards only the category with the highest score. The system selects, using the multi-armed bandit solution model, the second plurality of content categories based on the updated reward score of each content category. The categories are then displayed. The system may also repeat the steps to refine the multi-armed bandit solution model.

Abstract: A method of and server for ranking documents in response to a query are provided. The method includes determining a target resource hosting a document, and generating a first and a second randomly-selected value for the document. During a first time interval, the method includes acquiring a query and generating a first ranked list of documents to the query based on the first randomly-selected value. The first ranked list includes the document at a promoted-rank position. During the second time interval, the method includes acquiring a query and generating a second ranked list of documents to the query based on the second randomly-selected value. The second ranked list includes the document at a demoted-rank position. The promoted-rank position in the first ranked list is above the demoted-rank position in the second ranked list for increasing a gap in user traffic to the document between the first and second time intervals.

Abstract: The present disclosure provides systems and methods for automatically detecting third-party re-identification of anonymized computing devices.

Abstract: Provided is a method, system, and computer program product for storing images across multiple distributed computing systems according to image sensitivity. The method comprises identifying an image and analyzing the image to identify sensitive information in the image. The method further comprises splitting the image into a sensitive portion and a non-sensitive portion. The method further comprises storing the sensitive portion of the image in a first distributed computing system and storing the non-sensitive portion of the image in a second distributed computing system.

Abstract: An electronic device is disclosed. An electronic device comprises: a first memory in which an operating system and an application program executed on the operating system are stored; a second memory; a processor for loading at least some codes among codes corresponding to an application program from the first memory to the second memory, and when access information of the codes loaded in the second memory is received from a kernel of an operating system, accessing an area in which the loaded codes are stored, on the basis of the received information and executing the application program; and a snoop for monitoring access to an area in which a preset code, the access of which has been limited, from among codes loaded in the second memory is stored.

Abstract: Systems and methods that allow examination of response data collected from content providers and provide for classification and routing according to the classification. The process of classification employs an unsupervised, or partially unsupervised, Machine Learning classifier model for identifying data collection responses that contains no data, mangled data, or a block, for assigning a classification correspondingly and for feeding the classification decision back to a data collection platform.

Abstract: A machine learning system includes encoder and decoder networks. The machine learning system is configured to obtain input data, which includes sensor data and a radius of an p norm ball of admissible perturbations. Input bounding data is generated based on the input data. First bounding data and second bounding data are generated by respectively propagating the input bounding data on first and second outputs of the encoder network. Third bounding data is generated in association with a latent variable based on the first bounding data and the second bounding data. Fourth bounding data is generated by propagating the third bounding data on an output of the decoder network. A robustness certificate is established with respect to the input data by generating a lower bound of an evidence lower bound based on the first, second, third, and fourth bounding data.

Abstract: A data structure for a decentralized ledger interchange object includes: a first data field containing an identifier for an item; a set of second data fields linked to the first data field, each second field containing one of a set of time periods; a set of third data fields, each third data field linked to a corresponding second data field, each third data fields containing a requested quantity of the item for a corresponding time period; and a set of fourth data fields, each fourth data field linked to the corresponding second data field, each fourth data field containing a committed quantity of the item for the corresponding time period. The decentralized ledger interchange object can used in a computer system, a computerized method for time-based manufacturing, a computerized method for time-based pricing and other systems, devices and methods.

Abstract: Systems and methods are described for seamlessly connecting devices based on relationships between the users of the respective devices. A media guidance application may determine that a first user has entered an environment (e.g., his/her mother's home) and may determine a frequency with which the first user enters the environment (e.g., daily). In response to determining that the first user visits frequently, the media guidance application may identify a second device in the environment (e.g., a smart TV) that a second user (e.g., the first user's mother) is authorized to grant access rights for. The media guidance application may determine a likelihood that the second user will grant the access rights for the second device to the first user, based on interaction data between the first user and the second user. In response to determining a high likelihood, the media guidance application may transmit the access rights.

Abstract: A method for setting a display panel dynamically and an electronic device are provided. In a booting stage of the electronic device, a display driver is executed, wherein a motherboard of the electronic device includes at least one specified pin, a storage device and a processor. A predetermined pin value is set in the at least one specified pin and read from the at least one specified pin of the motherboard through the display driver. A database is queried through the display driver and includes multiple reference pin values corresponding to multiple sets of parameter values. The set of parameter values corresponding to the predetermined pin value is obtained according to the reference pin values; and the display panel is initialized through the display driver using the set of parameter values corresponding to the predetermined pin value.

Abstract: The present disclosure provides systems and methods for parameterized application installation. A client device may provide authentication credentials of a user to an authentication server, which may store an association between the user and a content item linking to an application and identifying a parameter for use by the application. The client device may download and install the application via an application server or application store. Once installed, the application may re-provide the authentication credentials to the authentication server, which may retrieve the association, and provide the parameter for use by the application. Thus, the application server or application store may continue to discard referrer information or parameters for the application, but the application may still receive and utilize the parameters without further user intervention.

Abstract: A web browser may output a form comprising a payment field. A URL may be received from a communications interface of a contactless card, the URL comprising encrypted data generated by the contactless card based on a private key stored in a memory of the contactless card. An application may transmit the encrypted data to an authentication server, which may decrypt the encrypted data based on the private key. The application may receive, from a virtual account number server, a virtual account number. The application may receive an expiration date and a CVV. The application may copy the virtual account number to a clipboard of an OS. The OS may paste the virtual account number from the clipboard to the payment field of the form in the web browser. The OS may output a notification comprising the expiration date and the CVV associated with the virtual account number.

Abstract: A method for use by a system computer for granting access to a network resource includes receiving, in a first session, a first request for accessing the network resource, the first request including authorization information of a user of an access computer, initiating, while in the first session and using the first authorization information, a first authorization process with one or more authorization computers, and determining a failure relating to the first authorization process initiated with the one or more authorization computers. The method further includes, upon determining the failure, sending a second request indicating a temporary access token is to be delivered to the access computer in response to an access computer executing a session refresh for initiating a second session.

Abstract: An authentication system includes an authentication module and a user history database storing order information that includes, for each of multiple logins of the first user to a web property, at least one of: an indication of an order of hypertext transfer protocol (HTTP) headers that were previously received at the authentication module during the login, and an indication of an order of navigator object properties that were previously returned to the authentication module during the login. The authentication module is configured to: receive, from a web browser of a first entity attempting to log in to the web property, credentials of the first user; determine order information of the first entity's web browser; perform a comparison operation based on the order information of the first user and that of the first entity, and determine whether to allow the first entity to log in based on the comparison operation.

Abstract: An information processing apparatus includes: a processor configured to: when existence of predetermined information is detected, inquire a user whether to display contents of the information before the contents of the information are displayed as an augmented-reality image in front of a user's field of view; and control the displaying of the contents of the information by the augmented-reality image according to a user's instruction in response to the inquiry.

Abstract: Mechanisms for enhancing multiplayer games are provided.

Abstract: Novel tools and techniques are provided for implementing customer resource telemetry and use as a service. In various embodiments, a computing system might receive, from a user, a request to access at least one network-accessible resource associated with a customer of a service provider, the user being unassociated and unrelated with the customer; might identify at least one of a user identification, a company, or a class of user associated with the user; might determine whether at least one resource record associated with the customer indicates that the user has permission to access the at least one network-accessible resource, based on the identification. If so, the computing system might provide the user with access to the at least one network-accessible resource associated with the customer. If not, the computing system might deny, to the user, access to the at least one network-accessible resource associated with the customer.

Abstract: An enhanced authentication system is described. One embodiment of the invention is directed to a method comprising: receiving, by a token service computer and from an initiating computer, a first authentication request message including verification method data and a token; transmitting, by the token service computer, a second authentication request message comprising the token and the verification method data to an access control server; receiving, by the token service computer from the access control server, an authentication response message comprising the token and a user authentication verification value; and transmitting, by the token service computer to the initiating computer, the authentication response message comprising the token, the user authentication verification value, and a token authentication verification value.

Abstract: In some implementations, tokens that are representative of sensitive data may be used in place of the sensitive data to maintain the security of the sensitive data. For example, data may be separated into sensitive data and nonsensitive data, and at least the sensitive data is securely delivered to a data storage service. The data storage service generates a token that is representative of the sensitive data and stores the sensitive data as secure data. The data storage service may deliver the token to an entity that also receives the nonsensitive data, and the entity may use the token in place of the sensitive data. In some implementations, different tokens are generated each time the same piece of sensitive data is submitted for storage as secure data. Further, in some implementations, An expiration time may be assigned to sensitive data, and expired data and associated tokens may be deleted.

Abstract: A system for simulating a dataset based on sample statistics, and generating pipeline instructions for a database using the simulated dataset, is disclosed. The system may be a cloud-based platform. The system can provide improved performance and security while designing and deploying Extract-Transform-Load (ETL) database pipelines to manage on-premises data. The system receives, from a remote client, sample statistics characterizing a distribution of data corresponding to a column of a database table. The system can generate, based on the received sample statistics, a simulated dataset representing the column of the database table. The simulated dataset may be generated using pseudo-random data values from a distribution with statistics matching the sample statistics. The system can build a simulated database relation based at least in part on the simulated dataset. The system can generate and deploy pipeline instructions using the simulated database relation.

Abstract: Methods and systems are disclosed herein for a media guidance application that provides content recommendations based on recent activity. For example, the media guidance application determines that the user has stopped using the first device and is using the second device. In response, the media guidance application retrieves, from memory, a length of time that the user has consumed media on the first device. The media guidance application then determines the time interval when the user was consuming media on the first device. Next, media content is determined that the user consumed on the first device during the time interval. The media guidance application then determines a characteristic of the consumed media content and recommends media content on a second device based on the characteristic.

Abstract: The present application discloses a method for data aggregation, the method includes: acquiring original data to be aggregated and dividing the original data into at least one first data set; determining whether each of the at least one first data set has a corresponding historical aggregation record; when there is at least one second data set with a historical aggregation record in the at least one first data set, acquiring a historical aggregation result corresponding to each second data set to obtain at least one first aggregation result; performing aggregation on each third data set without a historical aggregation record to obtain at least one second aggregation result; and determining a third aggregation result of the original data according to the at least one first aggregation result and the at least one second aggregation result, and determining a data tag of the original data according to the third aggregation result.

Abstract: Provided is a platform user management method using a badge system performed by a computing device. The method comprises granting a badge generation permission to a first user account, generating a first badge according to a request for using the badge generation permission of the first user account, granting the first badge to the second user account and activating a first permission to a second user account when the first badge is equipped to the second user account.

Abstract: An information processing system includes: one or more internal devices that are connected to an internal network, the internal network being connected to an external network through a firewall; and an intermediation device that can communicate with the internal network and the external network; each of the internal devices including: a storage unit that stores one or more documents and metadata of each of the documents; and a request acceptance unit that accepts, from a user, a request for processing by an external server on the external network as to one of the documents stored in the storage unit, and transmits the accepted request to the intermediation device; the intermediation device including: a request transmission unit as defined herein.