Abstract: A specific communication device may send specific identification information for identifying the specific communication device to an external via a communication interface, wherein the external device may display a screen including the specific identification information in a case where the external device receives the specific identification information from the specific communication device; and in a case where a specific condition including that the specific identification information is sent to the external is fulfilled, a state of the display unit may be changed from a first state to a second state, the first state being a state in which the display unit does not display the specific identification information, and the second state being a state in which the display unit displays the specific identification information.

Abstract: Disclosed are various embodiments of a multiuser unified endpoint management (UEM) system. A device check-in can be received from a client device. The device check-in can include a device identifier that uniquely identifies the client device with respect to other client devices and a user identifier that uniquely identifies the user of the client device with respect to other users of the client device. In response, a device channel identifier associated with the device identifier and a user channel identifier associated with both the user identifier and the device identifier can be obtained. Then a first set of entitlements associated with the device channel identifier and a second set of entitlements associated with the user channel identifier can be selected. Both sets of entitlements can be provided to the client device in response to the device check-in.

Abstract: A mode selector permits deactivating a run-time operational mode and activating a privileged operational mode on a remote terminal unit (RTU). One or more functionalities associated with the privileged operational mode are performed via a local and/or a remote computing device communicatively coupled to the RTU. The functionalities include at least one of developing and deploying content for the RTU, loading security certificates for the RTU, enabling Linux root account access to the RTU, and performing system maintenance on the RTU. The mode selector switch returns the RTU to the run-time operational mode after the functionalities are performed.

Abstract: A data sharing system may facilitate sharing of data with third party systems. The data sharing request can be identified as being a potential privacy risk. To reduce the potential privacy risk, in one example, requested user data can be modified prior to sharing. The modified user data can be shared with the third party system rather than sharing unmodified user data.

Abstract: Various approaches for identifying possible unsecured devices on a network as set forth. In some cases, approaches discussed relate to systems and methods for identifying possible unsecured devices based upon a host name for each of the discovered devices.

Abstract: An electronic device according to various embodiments may include: a communication circuit, a memory, and at least one processor functionally connected to the communication circuit and the memory, wherein the at least one processor is configured to: perform wireless communication with an external electronic device through the communication circuit, based on a shared secret key generated by the electronic device in a process of configuring an association with the external electronic device, transmit, to the external electronic device through the communication circuit, a renewal frame for renewing the shared secret key, at a time point at which a lifetime of the shared secret key expires or at a time point a specified time ahead of the time point at which the lifetime of the shared secret key expires, and renew the shared secret key to perform wireless communication with the external electronic device through the communication circuit, based on the renewed shared secret key.

Abstract: A system can maintain respective extended attributes for respective files in a file system, wherein the respective extended attributes comprise respective first-in-first-out (FIFO) queues of user identities that have been determined to have modified the respective files. The system can receive an indication to perform a delete operation on a first portion of the file system, wherein the indication is indicative of a first user identity for which files are to be preserved. The system can, in response to receiving the indication, evaluate the respective files, comprising in response to determining that the first user identity is omitted from a FIFO queue of the respective FIFO queues, delete a file of the respective files that corresponds to the FIFO queue; and in response to determining that the first user identity is identified in the FIFO queue, refrain from deleting the file.

Abstract: Briefly, embodiments are directed to a system, method, and article for receiving an authorization request message for a remote commerce transaction with a particular merchant, where the authorization request message comprises a merchant universal payment identifier (MuPi). The MuPi may be extracted from the authorization request message. Validation information may be determined for the MuPi. A message may be transmitted to a payment network to enable authorization of the remote commerce transaction at least partially in response to the determination of the validation information.

Abstract: Disclosed is an identity authentication system for distributed Internet of vehicles (IoV), including a core cloud, a plurality of edge clouds, a plurality of road side units (RSUs) and a plurality of terminal vehicles. The core cloud stores registration information about the terminal vehicles and the RSUs; the edge cloud performs identity verification on the RSUs according to the registration information, and after the verification is passed, the edge cloud generates a temporary shared session key and sends the same to the RSU and the terminal vehicle, and the RSU and the terminal vehicle establish encrypted communication according to the temporary shared session key, to provide a network communication service for the terminal vehicle. In the present disclosure, a vehicle identity authentication efficiency in a scene with a large traffic density can be effectively improved.

Abstract: Various approaches for securing networks against access from off network devices. In some cases, embodiments discussed relate to systems and methods for identifying potential threats included in a remote network by a network access device prior to requesting access to a known secure network via the remote network.

Abstract: Embodiments of the present disclosure provide systems and methods for managing role hierarchies and assignment of permissions by providing secure roles which are roles where the only user that can grant any privilege to the secure role, is the role that owns the secure role. A set of secure roles that defines a role hierarchy may be generated, wherein only a role that owns the set of secure roles can grant any privilege to each of the secure roles. The role that owns the set of secure roles may grant one or more privileges to a first secure role of the set of secure roles. In response to a user other than the role that owns the set of secure roles attempting to grant a privilege to the first secure role or modify a privilege granted to the first secure role, the attempt may be denied.

Abstract: A system and method for providing external resources through a zero trust environment includes recording a web session of a first user to generate a policy allowing a second user to access the resource used in the web session. The method includes receiving a request to initiate a network session with the zero trust environment, the request including login credentials, wherein the login credentials correspond to an authorizing user account; receiving a request to access a resource in a network environment which is external to the zero trust environment; detecting in the request a domain associated with the resource; and configuring a policy engine of the zero trust environment to generate a policy allowing network traffic between the domain and a designated user account, based on the received request.

Abstract: A health administration method, a health administration apparatus, a health administration system, and a data collection apparatus are provided. The health administration method involves a plurality of objects and a plurality of devices, and includes: generating a device usage record of at least one object based at least on identity information of the at least one object among the plurality of objects and data generated by a device used by the at least one object (S10), and providing the device usage record of the at least one object to a memory associated with a health administration apparatus (S20). The health administration method, the health administration apparatus, the health administration system, and the data collection apparatus can improve work efficiency of medical workers.

Abstract: The techniques disclosed herein detect Cross-Site Request Forgery (CSRF) vulnerabilities in a web application. In some configurations, CSRF vulnerabilities are detected by analyzing the source code of the web application. Specifically, CSRF vulnerabilities are detected by determining if CSRF mitigation features of one or more frameworks are being used incorrectly or inconsistently. Some CSRF mitigation features provided by web frameworks inject capabilities into the web application, e.g. to automatically store an anti-forgery token in a cookie, copy the anti-forgery token from the cookie into an HTML, form or a request header, or determine whether form submissions or request headers include the same anti-forgery token as the cookie. CSRF vulnerabilities may be detected by analyzing the source code to identify when one of these features is omitted or used incorrectly end-to-end. CSRF vulnerabilities are also detected by identifying when CSRF mitigation features of multiple web frameworks are incompatible.

Abstract: Disclosed are methods, systems, and non-transitory computer-readable media for utilizes a collaboration application to provide data beneficial to the authentication of the user. The present application discloses receiving at least one item of personal identifying information for a user from a primary multi-factor authentication device. The present application further discloses receiving at least one item of personal identifying information for a user from a conferencing service in which the user is engaged in a conference. The present application also discloses determining whether to authenticate the user based on the items of personal identifying information from the primary multi-factor authentication device and from the conferencing service.

Abstract: A packet processing method. A protection device receives a first access request packet. The first access request packet includes a packet sent based on a TCP/IP protocol. The protection device extracts a first fingerprint feature from a transport-layer packet header and/or a network-layer packet header of the first access request packet. The first fingerprint feature corresponds to an operating system type of a terminal device that transmits the first access request packet. The protection device recognizes the first fingerprint feature based on a fingerprint feature database to determine whether to allow the first access request packet to access a server. The protection device allows the first access request packet to pass through when the first access request packet is allowed to access the server. The protection device blocks the first access request packet when the first access request packet is not allowed to access the server.

Abstract: Systems and methods are provided for persistent login. Such persistent login may be based on linking user identity across accounts of different entities to allow each entity to maintain control over their respective sets of user data, while providing a streamlined user experience that avoids much of the repetitive need to login to different services with different login credentials (e.g., during periods of heavy use). Such persistent login may utilize a set of tokens issued and exchanged between devices of the partnering entities. Such tokens may include an access token, refresh token, and identity token. When a user associated with a first entity requests access to information secured by a second entity, such request may be associated with the access token. If the access token is determined to be expired, the refresh token may be used to refresh the access token, which may also trigger issuance of a new refresh token.

Abstract: Systems and methods mediate permissions for applications on user devices using predictive models. Data communications are monitored on a user device for permission requests and responses. A predictive model is trained with these permission requests and responses until a threshold is met. Then, a default permission response is provided on behalf of the user device in response to a permission request.

Abstract: A method includes providing a library of hardware-agnostic packet-processing functions. A functional hardware-agnostic specification of a packet-processing pipeline is received from a user. The specification is defined in terms of one or more of the packet-processing functions drawn from the library. A hardware-specific design of the packet-processing pipeline, which is suited to given hardware, is derived from the specification.

Abstract: This disclosure provides a method for controlling a camera, the camera comprising a controllable component and associating with at least one associated client and a reference device, the method comprises: obtaining a first client list of the at least one associated client and a second client list of clients that are currently connected to the same local area network as the camera by connecting with the reference device; comparing the first client list with the second client list; and controlling a state of the controllable component so that the camera is in a first state when one or more of the at least one associated client are connected to the same local area network as the camera via the reference device and is in a second state when no associated client is connected to the same local area network as the camera.

Abstract: A computer-implemented technique is described herein for defining and applying constraints that regulate a supervisee's interaction with applications. In one implementation, the technique provides a user interface presentation to a supervisor that lists a set of applications that run on plural application execution platforms. The user interface presentation also allows the supervisor to set platform-agnostic constraint information for any identified application. The platform-agnostic constraint information, once set for an application, constrains interaction by a supervisee with all versions of that same application. That is, the constraint information is said to be agnostic with respect to platform in the sense that it applies to a variety of application execution platforms that run the application. In one example, the platform-agnostic constraint information specifies a permitted amount of an activity that the supervisee is permitted to perform across all versions of an application.

Abstract: In an embodiment, a method for dynamically generating and using peer groups in an e-procurement system includes creating an entity database with a plurality of attributes associated with entities and an ordered table of matching rules. Each matching rule having a priority value and two or more matching attributes. The method includes receiving a user input specifying a particular entity for generating a current peer group of other entities. The method includes accessing the entity database to retrieve particular attributes of the particular entity and querying the entity database to receive a result set of matching entities as the current peer group of other entities for the particular entity based on the particular attributes of the particular entity and the matching rules. The method further includes appending data for the matching entities in the result set to a peer group data structure associated with the particular entity.

Abstract: Reinstating access to a system of an admin whose certificate is invalid or expired is disclosed. When the admin's certificate is expired, the admin may send a request for reinstatement to tenant admins. The voting operation is based on shares of a secret that have been distributed to validators. When the shares are successfully reconstructed to obtain the secret, the voting operation is affirmed or allowed to proceed. If the vote is successful, access for the admin is restored or reinstated.

Abstract: Disclosed are a method, a device and a computer-readable storage medium for registration and login. The method includes: receiving, on a registration device side, registration information used to register a first object; performing a registration operation corresponding to the first object according to the registration information; sending the registration information to a login device that subscribes to the registration information in advance after the registration operation is successful; receiving, on a login device side, the registration information used to successfully register the first object sent by a registration device; receiving login information used to login a second object; and performing a login operation corresponding to the second object if it is determined that the login information has not been used to register the second object and the login information matches the registration information sent by the registration device.

Abstract: A system includes one or more processors configured to determine that a vehicle is attempting to enter an area designated for off-road travel. The processors are also configured to access use-restrictions stored in a database and associated with the area, the use-restrictions defining at least one vehicle constraint required for the vehicle to travel over one or more locations that are part of the area, the use restrictions defining at least one of vehicle control limiting or vehicle weight maximums. The processors are further configured to determine whether the vehicle meets the use-restrictions based on an assessment of vehicle characteristics compared to the use-restrictions and responsive to determining that the vehicle meets the restrictions, providing the vehicle with a digital access pass to the area.

Abstract: Embodiments of the present disclosure relate to a permission setting method and apparatus, a device, and a medium. The method includes: displaying a permission customization control, in response to a trigger operation on a permission setting object of task information, the permission setting object including a first information object and/or a second information object, the second information object being subordinate to the first information object; displaying a permission editing interface, in response to a trigger operation on the permission customization control, and receiving customization permission information via the permission editing interface; and displaying the customization permission information corresponding to the permission setting object. Therefore, a hierarchy structure based on the task information satisfies a setting need for content-based permission customization, and improves a permission management efficiency.

Abstract: Provided are computer-implemented methods that may include receiving, via a communication network, a request to perform an online action from a user device; retrieving data associated with a number of times the user device performed the online action within at least one time interval; determining whether a dataset associated with a number of times a plurality of user devices have performed the online action within the at least one time interval is normally distributed; and determining a standard deviation associated with the number of times the user device performed the online action within the at least one time interval in response to determining that the dataset is normally distributed, and performing a control operation associated with the request to conduct the online action based on a threshold of standard deviation. Systems and computer program products are also provided.

Abstract: A multi-platform data storage system that facilitates sharing of containers including one or more virtual storage resources. The multi-platform data storage system can, for example, include a storage interface configured to enable access to a plurality of storage platforms that use different storage access and/or management protocols, the plurality of storage platforms storing data objects in physical data storage; and a storage mobility and management layer providing virtual management of virtual storage resources corresponding to one or more data objects stored in the plurality of storage platforms, the storage mobility and management layer including at least a transfer module coupled to at least one network and configured to transfer at least one of the data objects. The transfer module can transfer the at least one of the data objects between the multi-platform data storage system and another data storage system.

Abstract: Systems and methods are described for pre-authentication access request screening. A server computer may receive a request for access to a resource comprising access data. The server computer may transmit, to an authentication computer, an authentication request message comprising at least a subset of the access data and receive an authentication response message comprising authentication data. The server computer may determine an access score based on the authentication data. Alternatively, the server computer may determine the access score based on the access data without using/receiving authorization data. The server computer may generate an access indicator based on the access score. The server computer may prepare and transmit an authorization request message comprising the access indicator to an authorization computer. The authorization computer may approve or decline the access to the resource based on the access indicator.

Abstract: A method of managing file permissions in a remote file storage system includes defining permissions for the remote file storage system and controlling access to objects on the remote file storage system according to the permissions of the remote file storage system. The permissions are transferred to a client file storage system remote from the remote file storage system, and access to objects on the client file storage system is controlled according to the permissions of the remote file storage system. A remote file storage system includes a permissions file generator operative to generate a permissions file, which is transmitted to a client file storage system for enforcement at the client file storage system.

Abstract: Method, apparatus, and systems for hybrid automatic repeat request (HARQ) enhancement in wireless communications are disclosed. In one representative embodiment, a method implemented in a wireless transmit/receive unit (WTRU) for wireless communications includes identifying a codebook process from a set of codebook processes based on a first indication, associating a set of bits of hybrid automatic repeat request (HARQ) feedback with the identified codebook process, maintaining the set of bits associated with the identified codebook process based on a condition, receiving a second indication to transmit the set of bits associated with the identified codebook process, and transmitting the set of bits based on the second indication.

Abstract: Disclosed embodiments and aspects thereof pertain to user authentication. An original image can be selected from an electronic device of a user. Computer-generated images can be based on the original image such that the computer-generated images appear similar but are distinguishable such that the user can recognize them as computer-generated. The original image and one or more computer-generated images can be conveyed to a user device for display and selection. The user can be authenticated based on user input identifying the original image.

Abstract: A base station performs channel access procedures for transmission on the plurality of LAA cells comprising a first cell group and a second cell group. The channel access procedures comprising a first channel access procedure of a first cell of the first cell group. The first channel access procedure is dependent on a second channel access procedure of a second cell of the first cell group and is independent of a third channel access procedure of a third cell of the second cell group.

Abstract: A method, computer system, and computer program product are provided for applying a dynamic security policy to shared content in collaborative applications. A selection of one or more content items is received for sharing in a communication session. A security policy is queried using a key that is associated with each of the one or more content items to determine a security policy for each of the one or more content items. A plurality of users participating in the communication session are identified. Each content item of the one or more content items is selectively presented to a subset of the plurality of users based on an identity of a respective user and the security policy of each content item.

Abstract: A method and apparatus with provider information access authorization are provided. The method includes receiving a single sign-on (SSO) token from a provider apparatus for a validated login request by a client device for a user account, wherein the SSO token is indicative of the provider apparatus having authorized secure protocol access with the provider apparatus to access information at the provider apparatus associated with the user account, retrieving customer information from the provider apparatus using the SSO token, receiving information from the client device, confirming whether, based on the information and the customer information that a user of the user account is eligible to complete a data exchange, and in response to a result of the confirming being that the user of the user account is confirmed eligible to compete the data exchange, cause the provider apparatus to process the data exchange corresponding to the information.

Abstract: The subject matter of this specification can be implemented in, among other things, methods, systems, and computer-readable storage media. A method can include receiving a first request to retrieve an identifier token associated with a user account. The method can further include generating a first alphanumeric sequence associated with the user account and performing a randomization procedure on the first alphanumeric sequence to generate a second alphanumeric sequence. The method can further include generating the identifier token for a subscriber associated with the user account to provide to a second device. The method can further include receiving, from a third device, a second request including a second identifier token having a third alphanumeric sequence, the second request being associated with performing an action using sensitive data associated with the user account. The method can further include sending data including the second request to the third device.

Abstract: An enclave manager of a network enclave obtains a request to retrieve configuration information and state information corresponding to compute devices and network devices comprising a network enclave. The request specifies a set of parameters of the configuration information and the state information usable to generate a response to the request. The enclave manager evaluates the compute devices, the network devices, and network connections among these devices within the network enclave to obtain the configuration information and the state information. Based on the configuration information and the state information, the enclave manager determines whether the network enclave is trustworthy. Based on the parameters of the request, the enclave manager generates a response indicating a summary that is used to identify the trustworthiness of the network enclave.

Abstract: A device implementing a system to associate a user account with a content output device includes at least one processor configured to receive an invitation to access content associated with a first user account on another device associated with a second user account, the other device being connected to a local area network. The at least one processor is further configured to send, to a server, a request for authorization to access the content associated with the first user account on the other device associated with the second user account, the request comprising information included with the invitation, and to receive, from the server, the authorization to access the content. The at least one processor is further configured to access, based at least in part on the authorization, the content associated with the first user account on the other device associated with the second user account.

Abstract: The present disclosure involves systems, software, and computer implemented methods for evaluating machine learning on remote datasets using confidentiality-preserving evaluation data. In response to determining that data of the remote customer dataset is of sufficient quality and quantity, feature data corresponding to a machine learning pipeline is generated. The remote customer dataset into one or more data partitions and for each partition, one or more baseline models and one or more machine learning models are trained using a machine learning library included in the remote customer database. Aggregate evaluation data is generated for each baseline model and each machine learning model that includes model debrief data and customer data statistics. In response to determining that the customer has enabled sharing of the aggregate evaluation data with a software provider who provided the remote customer database, the aggregate evaluation data is provided to the software provider.

Abstract: Examples of the present disclosure describe systems and methods relating to full motion video (FMV) routing in one-way transfer (OWT) systems. The present technology reserves a particular channel for transmission of a video stream, and then transmits the video stream from a low-trust computing environment to a high-trust computing environment along a data path defined by the channel. When the video stream is received on the high-trust side, the channel, on which the video stream is received, is determined and used to query a routing table that returns destination addresses of destination devices to which the video stream is to be transmitted. The video stream is then delivered to the destination devices having the corresponding addresses.

Abstract: Methods and systems are described herein for facilitating installation of cables within datacenters without signals being sent/received from outside the datacenter buildings. In particular, the mechanism for facilitating installation of cables within datacenters may include scanning cable codes (e.g., QR codes, bar codes, near field communication (NFC) codes, radio frequency identification (RFID) codes, etc.) and retrieving path information for scanned cable codes. The mechanism then proceeds to track the installation process by scanning codes located throughout a datacenter to verify that the cable installation is proceeding correctly. In instances where a scanned code does not match a code that is expected, based on an order within the path information, an error message is generated indicating that there may be a problem with the cable installation.

Abstract: This application discloses a communication method, and relates to the communications field. In the method, a fixed mobile interworking function (FMIF) receives an access request message that carries first authentication information of a fixed network device and that is sent by a broadband network gateway (BNG), where the first authentication information is generated by the BNG based on a dial-up packet sent by the fixed network device, and the first authentication information includes an identifier of the fixed network device. The FMIF encapsulates the first authentication message in a message format supported by a control plane interface between the FMIF and a core network device, to obtain a second authentication message; and the FMIF sends the second authentication message to the core network device through the control plane interface. The core network device performs authentication on the fixed network device based on the second authentication message.

Abstract: A computer-implemented method for securing an interaction between users of a computer network. A first digital identity for a first user of the users is created based on an input provided by the first user over a user interface of a first network node. The user input includes a first consent to create the first digital identity and includes a first secret information provided by the first user. The first consent and the first secret information are merged to form a first root string and whereas the first digital identity is created dependent on the first root string and stored in the network in encrypted form. The first user interacts with other users in the network using the first digital identity.

Abstract: Various systems and methods are provided that detect malicious network tunneling. For example, VPN logs and data connection logs may be accessed. The VPN logs may list client IP addresses that have established a VPN connection with an enterprise network. The data connection logs may list client IP addresses that have requested connections external to the enterprise network and remote IP addresses to which connections are requested. The VPN logs and the data connection logs may be parsed to identify IP addresses that are present in the VPN logs as a client IP address and in the data connection logs as a remote IP address. If an IP address is so present, user data and traffic data associated with the IP address may be retrieved to generate a risk score. If the risk score exceeds a threshold, an alert to be displayed in a GUI is generated.

Abstract: A computer-implemented method for facilitating offline transactions includes: receiving, by a first user device, an offline payment request from a merchant payment system via a first local communications connection; providing, by the first user device, a payment approval message to the merchant payment system via the first local communications connection; providing, by the first user device, the offline transaction information to the payment server corresponding to the payment approval message to the payment server when the first user device and the payment server are connected via a network; determining, by the first user device, that an instruction to transfer the offline mode of the first user device to a second user device has been received; and disabling, by the first user device, the offline mode of the first user device.

Abstract: In one embodiment, a device obtains one or more packets of a traffic session in a network. The device determines, for a particular packet of the one or more packets that match a filter, a fingerprint for the particular packet. The device identifies a plurality of traffic sessions whose packets match the fingerprint, wherein each of the plurality of traffic sessions is associated with at least one process. The device updates a process with the traffic session by applying a classifier to the plurality of traffic sessions.

Abstract: Systems and methods for improving the efficiency and accuracy of network operation validation anomaly detection in conglomerate-application-based ecosystems are disclosed. The disclosed anomaly evaluation platform can provide a first network operation to a first software application for generation of a second network operation, as in a flow-based processing system. The platform can generate a communication map that characterizes the architecture and/or performance of the system. In response to providing the communication map and the network operations to a validation model, the anomaly evaluation platform can determine a validation status and execute a corrective action to cure detected anomalies preventing validation of the network operation. As such, the anomaly evaluation platform enables dynamic monitoring, evaluation, and mitigation of detected anomalies in real-time and in a performance-dependent manner.

Abstract: Embodiments of the present disclosure relate to verifying a third-party resource by automatically validating multi-factor message codes associated with the third-party resource to enable access to functionality associated with the third-party resource via a multi-app communication system. An example embodiment includes a multi-app communication system including at least one processor and at least one memory. The embodiment multi-app communication system is configured to receive a sign-in request from a multi-app communication system application executed on a client device, and cause transmission of a multi-factor confirmation message to a verified third-party multi-factor authentication resource. The embodiment multi-app communication system is further configured query the verified third-party multi-factor authentication resource to identify the multi-factor confirmation message, and enable access to the third-party resource.

Abstract: Techniques are described for a computing system to provide security-related information by (a) storing, by the computing system, security-related documents about a service provider; (b) monitoring, by the computing system, services provided by the service provider for a plurality of security-related features, and storing monitoring results; (c) receiving, by the computing system, a request to report security-related information about the service provider; (d) in response to receiving the request, creating a link for accessing the security-related documents and the monitoring results; and (e) in response to a user accessing the link, providing, by the computing system, the user with access to the security-related documents and monitoring results. A system, apparatus, and computer program product for performing this method and similar methods are also described.

Abstract: The present disclosure relates to systems and methods for facilitating trusted handling of genomic and/or other sensitive information. Certain embodiments may use a virtualized execution environment to execute code and/or programs that wish to access and/or otherwise use genomic and/or other sensitive information. In some embodiments, data requests from the code and/or programs may be routed through a transparent data access proxy configured to transform requests and/or associated responses to protect the integrity of the genomic and/or other sensitive information.