Abstract: In some implementations, tokens that are representative of sensitive data may be used in place of the sensitive data to maintain the security of the sensitive data. For example, data may be separated into sensitive data and nonsensitive data, and at least the sensitive data is securely delivered to a data storage service. The data storage service generates a token that is representative of the sensitive data and stores the sensitive data as secure data. The data storage service may deliver the token to an entity that also receives the nonsensitive data, and the entity may use the token in place of the sensitive data. In some implementations, different tokens are generated each time the same piece of sensitive data is submitted for storage as secure data. Further, in some implementations, An expiration time may be assigned to sensitive data, and expired data and associated tokens may be deleted.

Abstract: Methods and systems are disclosed herein for a media guidance application that provides content recommendations based on recent activity. For example, the media guidance application determines that the user has stopped using the first device and is using the second device. In response, the media guidance application retrieves, from memory, a length of time that the user has consumed media on the first device. The media guidance application then determines the time interval when the user was consuming media on the first device. Next, media content is determined that the user consumed on the first device during the time interval. The media guidance application then determines a characteristic of the consumed media content and recommends media content on a second device based on the characteristic.

Abstract: A system for simulating a dataset based on sample statistics, and generating pipeline instructions for a database using the simulated dataset, is disclosed. The system may be a cloud-based platform. The system can provide improved performance and security while designing and deploying Extract-Transform-Load (ETL) database pipelines to manage on-premises data. The system receives, from a remote client, sample statistics characterizing a distribution of data corresponding to a column of a database table. The system can generate, based on the received sample statistics, a simulated dataset representing the column of the database table. The simulated dataset may be generated using pseudo-random data values from a distribution with statistics matching the sample statistics. The system can build a simulated database relation based at least in part on the simulated dataset. The system can generate and deploy pipeline instructions using the simulated database relation.

Abstract: The present application discloses a method for data aggregation, the method includes: acquiring original data to be aggregated and dividing the original data into at least one first data set; determining whether each of the at least one first data set has a corresponding historical aggregation record; when there is at least one second data set with a historical aggregation record in the at least one first data set, acquiring a historical aggregation result corresponding to each second data set to obtain at least one first aggregation result; performing aggregation on each third data set without a historical aggregation record to obtain at least one second aggregation result; and determining a third aggregation result of the original data according to the at least one first aggregation result and the at least one second aggregation result, and determining a data tag of the original data according to the third aggregation result.

Abstract: Provided is a platform user management method using a badge system performed by a computing device. The method comprises granting a badge generation permission to a first user account, generating a first badge according to a request for using the badge generation permission of the first user account, granting the first badge to the second user account and activating a first permission to a second user account when the first badge is equipped to the second user account.

Abstract: Methods and systems for removing sensitive information from a digital image. An instruction to share a digital image is received. It is then determined that the digital image contains a depiction of a corporate display medium that is classified as sensitive based on a policy and, based on the determination that the digital image contains the depiction of the corporate display medium that is classified as sensitive based on the policy, the digital image is processed to modify the depiction. The digital image is shared.

Abstract: An information processing system includes: one or more internal devices that are connected to an internal network, the internal network being connected to an external network through a firewall; and an intermediation device that can communicate with the internal network and the external network; each of the internal devices including: a storage unit that stores one or more documents and metadata of each of the documents; and a request acceptance unit that accepts, from a user, a request for processing by an external server on the external network as to one of the documents stored in the storage unit, and transmits the accepted request to the intermediation device; the intermediation device including: a request transmission unit as defined herein.

Abstract: Disclosed are a storage system, and a method and an apparatus for allocating storage resources. In the storage system, a target management node allocates a target storage node to a monitoring device according to a first storage request; the target storage node allocates a target storage volume to the monitoring device according to a second storage request, allocates a target block group from the target storage volume to the monitoring device, acquires monitoring data in the form of a data stream from the monitoring device, and stores the monitoring data in the target block group. The storage system may select a management node from a management cluster to allocate a storage node to a monitoring device, and the storage node may allocate a storage position to the monitoring device. The storage position that is allocated to monitoring data can be determined by the management node and the storage node hierarchically.

Abstract: The described features generally relate to receiving one or more positioning signals at a satellite terminal during installation of the satellite terminal at a customer premises, and providing position-based access to a satellite communications system based on a satellite terminal installation position determined from the received positioning signals. The determined installation position of the satellite terminal may then be employed for various network access techniques, such as providing access to the satellite communications system, providing position-based content, or restricting content via the satellite communications system based on the determined installation position.

Abstract: Generally described, one or more aspects of the present application relate to a public snapshot service for creating and managing block-level snapshots on a cloud provider network. Storage locations for each block that comprise the snapshot can be enumerated on a snapshot manifest. Identification of storage location for a requested snapshot block can be improved using a manifest index.

Abstract: Methods, media, and systems for a changing a private channel in a channel-based communication system from an “invited-members” mode to a “whitelisted groups” mode. When in a whitelisted-groups mode, the channel administrator can whitelist one or more groups for channel membership. The whitelisted groups may be external groups managed by an identity provider. Based on the whitelisted groups, users cannot be added to the private channel without being a member of one of the whitelisted groups. Users are also automatically removed from the channel if they are no longer in one of the whitelisted groups for any reason.

Abstract: Embodiments of the present disclosure provide methods and systems that configured to, generally, and in no particular order, perform one or more of the following functions: distinguish and identify secured assets that are permitted to an end-point to employ within a shared computing environment; monitor the end-point for certain triggering events, such as data creation, reception, manipulation, storage, or extraction associated with a secured asset; upon detection of a triggering event, monitor at least one unsecured container in order to determine if at least a portion of the secured asset has been otherwise transferred to an unsecured container; and encrypt the unsecured container in order to secure the otherwise unsecured asset.

Abstract: The invention relates to a method for managing the reputation level of a first communication device (100), said reputation level (103) being stored into a first secure enclave (102) embedded in said first communication device (100). The method comprises the steps of: receiving from the first communication device (100) by a second communication device (110) an information message; verifying that the information message is consistent with data obtained from a sensor embedded in the second communication device (110); generating a feedback message by the second communication device (110) to be transmitted to the first communication device (100) indicating if the information message is consistent for the secure enclave (102) of the first communication device (100) to update its reputation level.

Abstract: The disclosed computer-implemented method for managing a need-to-know domain name system may include (i) intercepting, by an agent of the computing device, network traffic received on the computing device, (ii) generating, by the agent, a one-time password based on a unique identifier of the agent of the computing device, (iii) wrapping, by the agent, the network traffic with the one-time password, and (iv) pushing, by the agent, the wrapped network traffic to a cloud server using a local domain name system (DNS) of the agent of the computing device, wherein the local DNS comprises a private domain name unpublished in a global DNS. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Respective memory devices are assigned to respective processor devices in a disaggregated computing system, the disaggregated computing system having at least a pool of the memory devices and a pool of the processor devices. An iterative learning algorithm is used to define data boundaries of a dataset for performing an analytic function on the dataset simultaneous to a primary compute task, unrelated to the analytic function, being performed on the dataset in the pool of memory devices using memory bandwidth not currently committed to the primary compute task, thereby efficiently employing the unused memory bandwidth to prevent underutilization of the pool of memory devices.

Abstract: An approach is provided for providing digital rights management within a connected service and content ecosystem. The approach involves receiving a request for content for use at at least one device, wherein the request originates from at least one companion device. The approach also involves causing at least in part, a packaging of the content according to at least one digital rights management format based, at least in part, on identification information associated with at least one of: the at least one device; the at least one companion device; at least one user associated with the at least one device, the at least one companion device, or a combination thereof; and the content. The approach further involves causing, at least in part, a transmission of the packaged content, at least one link to the packaged content, or a combination thereof to the at least one device, the at least one companion device, or a combination thereof.

Abstract: A star topology network comprises a user device, a central gateway, and one or more sensor nodes added to the existing network. A communication between the user device and the central gateway is secured either based on public-key cryptography, symmetric-key cryptography, or by the use of a secure channel such as a wired communication. A request from the user device to the central gateway can be transmitted over the internet.

Abstract: Embodiments provide a computer implemented method of enforcing password uniqueness for different user accounts of a particular user. The method includes: receiving a first new password from a first user account of the particular user, wherein the first user account is associated with a first system/object referenced by a first Password Relationship Object (PRO); evaluating a uniqueness policy to determine whether password uniqueness is required by one or more other PROs, wherein each system/object referenced by the one or more other PROs has a different user account of the particular user; if the password uniqueness is required by the one or more other PROs, evaluating a matching policy to determine whether the first new password matches any password of each different user account associated with one or more systems/objects referenced by the one or more other PROs; if there is a match, enforcing an enforcement policy.

Abstract: Methods for providing provable access to a distributed ledger with a tokenized instruction set are disclosed. A method may include accessing a distributed ledger including an instruction set, tokenizing the instruction set, interpreting an instruction set access request, and in response to the instruction set access request, providing a provable access to the instruction set.

Abstract: In one embodiment, a method performed by a system that includes at least one processor, the method comprising: obtaining subscriber data of a plurality of subscribers, wherein said subscriber data comprises at least one of: consumption data relating to subscribed content consumption by said plurality of subscribers, or network data relating to data transmittal via one or more computer networks by the plurality of subscribers; detecting anomalous data by comparing subscriber data of different subscribers in the plurality of subscribers; identifying one or more suspected subscribers out of the plurality of subscribers as being suspected of unauthorized subscribed content distribution, the one of more suspected subscribers being associated with the anomalous data; and providing a respective identity for the one or more suspected subscribers.

Abstract: Secure cloud-based storage system management that includes: establishing, within a cloud-based services provider and based on one or more user credentials, a cloud-based user session to execute one or more commands on a remote storage system that includes physical storage devices; determining one or more data storage operations corresponding to the physical storage devices to implement the one or more commands on the storage system; and extending, based on using an access token based on the one or more user credentials to securely issue the one or more data storage operations to the remote storage system, the cloud-based user session to the remote storage system.

Abstract: The present invention relates to a method and a system for authentication of a user for granting access to a service, the method comprising: receiving, by a vehicle control unit comprised in a vehicle, an authentication token based on a request for authentication for access to the service, the vehicle being in communicative connection with a remote server. A token sequence is sent by flashing with a light-emitting device comprised in the vehicle, the token sequence is based on the authentication token. The token sequence is received by a light detecting device. The token is compared by the server with the authentication token. When the token sequence is determined to match the authentication token, access is granted to the service. The invention also relates to a vehicle implementing the method.

Abstract: A server device includes: a request receiving section configured to receive a request to obtain a content from a user; a request retaining section configured to retain the request to obtain the content in association with an account of the user; a sign-in managing section configured to permit the user to sign in from a terminal device by using the account of the user; and a transmission control section configured to give an instruction to transmit the content requested to be obtained to the terminal device. The transmission control section decides to transmit the content to the terminal device in a case where the signed-in user satisfies a predetermined condition in relation to the terminal device.

Abstract: Aspects of the disclosure relate to controlling access to secure information resources using rotational datasets and dynamically configurable data containers. A computing platform may receive, from a first reader-writer system, a first data access request. Based on receiving the first data access request, the computing platform may authenticate the first reader-writer system using a first data container object. After authenticating the first reader-writer system, the computing platform may rotate a first data track comprising a plurality of datasets to align a first dataset of the plurality of datasets with the first data container object. After rotating the first data track, the computing platform may retrieve first information from the first dataset using the first data container object. Subsequently, the computing platform may send, to the first reader-writer system, the first information retrieved from the first dataset using the first data container object.

Abstract: A web browser may output a form comprising a payment field. A URL may be received from a communications interface of a contactless card, the URL comprising encrypted data generated by the contactless card based on a private key stored in a memory of the contactless card. An application may transmit the encrypted data to an authentication server, which may decrypt the encrypted data based on the private key. The application may receive, from a virtual account number server, a virtual account number. The application may receive an expiration date and a CVV. The application may copy the virtual account number to a clipboard of an OS. The OS may paste the virtual account number from the clipboard to the payment field of the form in the web browser. The OS may output a notification comprising the expiration date and the CVV associated with the virtual account number.

Abstract: Managing content delivery and content usage for client devices can include receiving, using computer hardware, HyperText Markup Language (HTML) code from a content server, wherein the HTML code is sent in response to a request originating from a client device, sending to an HTML licensing server, using the computer hardware, a query specifying the content server and a list including an HTML construct detected in the HTML code, receiving from the HTML licensing server, using the computer hardware, HTML license information specifying a validity status for the HTML construct on the list and a period of time for which the validity status is active, and determining, using the computer hardware, that the HTML code is invalid based on a current time, the validity status of the HTML construct, and the period of time.

Abstract: A method, computer system, and a computer program product for verified data transfer is provided. The present invention may include determining a first data type of a copy field including a copied data. The present invention may then include determining a second data type of a paste field intended for receiving the copied data. The present invention may further include, in response to identifying a mismatch between the first determined data type of the copy field including the copied data and the second determined data type of the paste field, preventing an input of the copied data into the paste field.

Abstract: An example operation may include providing a value to a transport based on sensor data associated the transport.

Abstract: A system is described herein comprising at least one application configured to run on one or more processors of a computing device for providing a data sanitization application, wherein the data sanitization application comprises identifying the device type and data capacity of a storage component. The data sanitization application comprises determining a health status of the storage component. The data sanitization application comprises initiating a data wipe of the storage component when the health status comprises a first state, wherein the data wipe comprises wiping data of the storage component using at least one data wipe method. The data sanitization application comprises auditing the data wipe by detecting data values of the storage component, the auditing including passing the data wipe when the detected data values meet at least one condition.

Abstract: Examples are disclosed related to presenting on a client device configured for a first digital rights management technology (DRM-1) content that is protected by a second digital rights management technology (DRM-2).

Abstract: The present disclosure provides systems and methods for automatically detecting third-party re-identification of anonymized computing devices.

Abstract: A selected system obtains from a selected location software features information relating to another system. Using the software features information obtained from the selected location, a determination is made as to whether a selected license tier has been obtained. Based on determining that the selected license tier has been obtained, the selected system dispatches work of the other system into a container of the selected system.

Abstract: Disclosed is a method of customizing an appliance. The method includes steps of pre-storing a public key in the appliance; connecting the appliance to an external storage device; and booting up the appliance to automatically proceed with the following customization process: obtaining a customization file from the external storage device; authenticating the customization file with the public key; and executing customization with the customization file if the authentication succeeds.

Abstract: The present disclosure provides a method and apparatuses configured for identifying a server instance in communications between an entity and a bootstrapping server. In particular, the method is directed to sending a data communication between the entity and the bootstrapping server, wherein the data include a pointer to the server instance. In addition, the bootstrapping server is configured to set, in at least part of data to be communicated to an entity, a pointer to a security server instance.

Abstract: A system, method, and computer-readable medium are disclosed for reproducing an issue via a remote access controller by providing the remote access controller with a method for allowing a user to take a snapshot (i.e., a representation of the state of all components of an integration environment at a particular point in time) of an integration of the various components administered via a management application suite executing on a remote access controller. In certain embodiments, the management application suite comprises an OpenManage Integration for VMware vCenter. Such a method reduces the time needed to determine a root cause of an issue and assists system managers in properly providing a solution to the issue.

Abstract: Techniques for providing access to scope-delimited sensitive data are disclosed. A user provides sensitive data to a first party associated with a payment service provider. The first party stores the sensitive data with the payment service provider, and the payment service provider provides the first party merchant with an encoding of the payment data. The first party provides a purchasing opportunity to the user for goods offered by a third party also associated with the payment service provider. The first party transmits a sensitive data grant request to the payment service provider. In response, the payment service provides a scope-delimited encoding of the sensitive data. The first party provides the scope-delimited encoding of the payment data to the third party. The third party merchant creates a transaction using the scope-delimited encoding of the sensitive data. At some time later, access to the scope-delimited encoding of the sensitive data is revoked.

Abstract: A method for authenticating control boards in an appliance includes reading a serial number from a memory of a first control board positioned within the appliance, reading a serial number from a memory of a second control board positioned within the appliance and in communication with the first control board, comparing the serial number from the memory of the first control board to the serial number from the memory of the second control board, and authenticating the first and second control boards when the serial number from the memory of the first control board matches the serial number from the memory of the second control board.

Abstract: Methods and apparatus for generating and delivering selected primary content and contextually-related, targeted secondary content to users of a network. In an exemplary embodiment, the network comprises a packet-switched data (e.g., IP) network such as the Internet, and the primary content comprises video or media clips that are user-selectable via a network site or web page. The primary content carries with it descriptive metadata that is accessed by a distribution server and forwarded to a secondary content source. The secondary content source (or its proxy) utilizes the metadata to identify and return contextually-related secondary content such as advertising links. This secondary content is then presented to the user in conjunction with the primary content, such as in a common display window and in a seamless fashion, thereby avoiding distractions to the user associated with generating ancillary windows or other display mechanisms, and providing the user with highly relevant secondary content choices.

Abstract: Embodiments for deploying services to multiple Hadoop clusters and providing user access to these services in a secure manner. A process allows authorized users to select a service, validate its entitlement to the organization and then install distributed components of the service onto multiple hosts on different Hadoop clusters. In order to enable this deployment and secure access of this service, an identity federation mechanism is used to ensure the user identity of the system is propagated to distributed clusters in a secure fashion thereby ensuring authorized access to clusters or services is provided in a seamless fashion.

Abstract: A first block storage server virtual machine to host a first volume using one or more storage devices of a computer system is executed by the computer system. A second virtual machine having access to a virtual block storage device is executed by the computer system. A block storage client is executed by the computer system. A first block storage operation is received by the block storage client from the second virtual machine, the first block storage operation to perform on the virtual block storage device. A message is sent by the block storage client to the first block storage server virtual machine to cause the first block storage server virtual machine to perform the block storage operation with the first volume.

Abstract: A first request to launch a first virtual machine to host a block storage server application is received. At least a portion of a storage capacity of one or more storage devices of a host computer system is provisioned to the first virtual machine as a provisioned storage device. The block storage server application is executed with the first virtual machine. As part of executing the block storage server application, a logical volume is created on the provisioned storage device in response to a second request from a block storage service of a provider network to create the logical volume, a third request to perform an input/output operation is received and performed with the logical volume.

Abstract: A first request to create a first storage volume to store a first portion of a first logical volume is received by a first block storage server instance. A second request to create a second storage volume to store a second portion of the first logical volume is received by a second block storage server instance. A third request is sent to a third block storage server instance to create a third storage volume to store the second portion of the first logical volume. The second portion of the first logical volume is stored by the third block storage server instance to the third storage volume. A data store containing an identification of each block storage server instance hosting a portion of the first logical volume is updated to remove an identification of the second block storage server instance and add an identification of the third block storage server instance.

Abstract: Systems and methods provide remote control of product functionality and software kits allow firmware development of remote control of product functionality. The remote control may be time-based where the product functionality is based upon the expiration date and a current time. The remote control may be location-based where the product functionality is based upon the geographical location of the product. The remote control of the product functionality may be based upon proximity of the product to an authentication device.

Abstract: Systems and methods for enhanced network connection privacy. An example method may comprise: receiving a selection to activate a non-persistent mode for a network manager of a client device, the non-persistent mode preventing tracking of network locations accessed by the client device; activating the non-persistent mode for the network manager; and while the non-persistent mode is activated for the network manager: receiving a request to connect to a network; and performing, via the network manager, a set of operations to establish a connection with the network, the set of operations excluding storing information revealing the network connection in persistent memory of the client device.

Abstract: A method and system for a configurable security and surveillance system are provided. A configurable security and surveillance system may comprise at least one programmable sensor agent and/or at least one programmable content analysis agent. A plurality of processing features may be offered by the configurable security and surveillance system by programming configurable hardware devices in the programmable sensor agents and/or the programmable content analysis agents via a system manager. Device programming files may be utilized to program the configurable hardware devices. The device programming files may be encrypted and decryption keys may be requested to enable the programming of different processing features into the programmable sensor agents and/or the programmable content analysis agents. The device programming files and/or the decryption keys may be received via a network transfer and/or via a machine-readable media from an e-commerce vendor.

Abstract: An apparatus for authorizing file access events includes a processor and a memory that stores code executable by the processor. The code is executable by the processor to record hardware usage patterns prior to a file access event of a file, and correlate the hardware usage patterns with file access events targeting the file. The code is also executable to receive a file access event targeting the file, compare a hardware usage pattern preceding the received file access event targeting the file to the hardware usage patterns correlated with file access events targeting the file, and authorize the received file access event in response to the hardware usage pattern preceding the received file access event targeting the file matching a hardware usage pattern correlated to a file access event targeting the file.

Abstract: A computer automated system and method comprising configuring a single or plurality of mobile devices over a network, validating the configured devices, and communicating contextual information to the configured devices. The devices are authenticated and the authentication is sent to a server over the network, when a contextual service, controlled/offered by the server through a contextual service point in communication with the server, is invoked by the configured mobile device in the vicinity of the contextual service point. The mobile device is then enabled to consume a contextual service, offered by and delivered at the contextual service point, either from within the mobile device or over the network.

Abstract: A method and a system for permanently deleting data from storage. The method includes receiving a wipe command to permanently delete a data segment stored in a storage system. The data segment includes an address to blocks where the data of the data segment is stored. The method also includes sanitizing the data segment, marking the address as sanitized, locating a last journal entry in a journal. The last journal entry includes metadata regarding the data segment. The method also includes sanitizing the last journal entry, traversing the journal, and sanitizing each journal entry of the data segment.

Abstract: Techniques for providing data version comparison between trans-time zone sites. One example method includes target data and a corresponding time stamp is received from each trans-time zone site. Each of the time stamps are based on a respective time zone of a sending trans-time zone site from which the target data and the time stamp were received. Each of the received time stamps are modified based on the respective time zone of the sending trans-time zone site for the time stamp and a time zone of the central server. The received target data is compared from each of the trans-time zone sites to stored target data based on the modified corresponding time stamp. A latest version of the target data is stored by the central server having a modified corresponding time stamp that is greater than each of the other modified corresponding time stamps.

Abstract: An update providing apparatus of a vehicle is provided. The apparatus includes a communication circuit that communicates wirelessly with a server, a battery, and a control circuit. The control circuit is electrically connected to the communication circuit and the battery and obtains update data associated with a target controller mounted within the vehicle, from the server. Accordingly, the control circuit calculates an estimated remaining amount upon completing an update, based on an estimated required time of the update, an estimated required time of a roll-back, and a current remaining amount of the battery and performs the update on the target controller, when the estimated remaining amount satisfies a particular condition.