Abstract: In one embodiment, a processing device receives a first digital fingerprint of a media item along with a first content management rule. The processing device separately receives a second digital fingerprint of the media item along with a second content management rule. The processing device determines that the received digital fingerprints are for the same media item based upon a match between the first digital fingerprint and the second digital fingerprint. The processing device determines that all rights to the media item have been accounted for, and then determines a set of actions to be performed for hosted media items comprising the media item based at least in part upon the first content management rule and the second content management rule. Processing logic may also perform a conflict resolution process for conflicting rights claims to the media item.

Abstract: A data storage device includes a volatile memory device including a first table area storing a first table having a plurality of first unit information, and a nonvolatile memory device including a subtree area and a second table area. The second table area stores sorted string tables (SSTables) of level 0 each including a respective plurality of first unit information. Each first unit information includes a key corresponding to a key-value (KV) command and a namespace identifying a tenant providing that KV command. The second table area and the subtree area form a data structure which can be queried with a key included in a KV command. The subtree area includes a plurality of subtrees respectively corresponding to a plurality of namespaces, each subtree storing an SSTable of level 1 having a plurality of second unit information each having a key related to the corresponding namespace of that subtree.

Abstract: A network address assigned a shared designation by a first client computer is received, in a first data format, automatically, at a host computer from the first client computer. The network address is categorized and published. Publishing the network address includes converting the network address into a second data format, receiving, at the host computer, a subscription request from a second client computer, and sending the network address to the second client computer in response to receiving the subscription request.

Abstract: Systems and method for creating a hidden electronic file system within a non-hidden electronic file system are provided. Files within a non-hidden electronic file system are pre-allocated and populated with a number of payload blocks, a first portion of which include user data to be covertly stored, a second portion of which include directory information pointing to first portion of payload blocks, and a third portion of which is configured for use as free and available space for new or replacement data. Each of a number of cipher blocks comprise random numbers to be used as a cipher for a corresponding one of the number of payload blocks. Each of the payload blocks is encrypted by an associated one of the cipher blocks.

Abstract: An information backup method applied to a communications system including a primary device, a secondary device, and a cloud device, and the method is performed by the primary device. The method includes sending a first identity notification to the cloud device, where the first identity notification is a notification indicating that the primary device has a primary device identity, and uploading obtained first user information to the cloud device when determining that a communication status of the cloud device is normal, where the first user information is stored by the cloud device and provided to the secondary device, and the first user information is to-be-backed-up information of user equipment that gets online from the primary device when the communication status of the cloud device is normal.

Abstract: Methods, systems, and apparatus for determining that a native application limits access to the native application using account credential requirements, the native application generating an application environment for display on a user device within the native application and operating independent of a browser application that can operate on the user device; obtaining a set of account credentials for indexing environment instances of the native application; instantiating the native application with the set of account credentials; and accessing environment instances of the native application, and for each of the environment instances: generating environment instance data describing content of the environment instance, the content described by the environment instance data including text that a user device displays on the environment instance when the user device displays the environment instance; and indexing the environment instance data for the native application in an index that is searchable by a search en

Abstract: Methods and apparatus to validate and restore machine configurations are disclosed herein. An example apparatus includes a context identifier to obtain first context information for a first set of configuration update events occurring on a computing device, a guest agent interface to transmit the first set of configuration update events to a security manager for generation of a policy, the policy including allowable configuration update events and responses to unallowable configuration update events, an event comparator to compare second context information of a subsequent configuration update event obtained by the context identifier to the policy received from the security manager, and an event handler to determine, when the subsequent configuration update event is not included in the policy, that the subsequent configuration update event is to be transmitted to the security manager for generation of an updated policy.

Abstract: A method of dynamically adjusting access privileges of system identities. A set of access logs associated with a system are analyzed in order to generate a restricted access policy for an over privileged system identity. An initial access policy of the system identity is replaced with the restricted access policy and a continuous monitoring and access management (CMAM) service is initiated. Access logs are collected for a monitoring time window and an access denied error can be extracted from the access logs. The access denied error can be compared to an ignore list and/or the access denied error can be added to the ignore list. Authorization checks can be performed to determine if the action associated with the access denied error is authorized. If the action is authorized, the access policy is adjusted to allow for performance of the action.

Abstract: A remote wipe message or notification may be sent from a server computer to one or more target client devices associated with a user. A managed container running on a target client device associated with the user and having a managed cache storing content managed by or through the server computer may, in response to the remote wipe message or notification, deleting the managed content or a portion thereof from its managed cache. The managed container may send back an acknowledgement or message to the server computer that it had completed the remote wipe. The remote wipe functionality can avoid having to deal with individual applications running on the client device and therefore can eliminate the complexity of having to deal with individual applications. Furthermore, the remote wipe can be done independently of the local operating system and without affecting non-managed information/applications on the client device.

Abstract: A method includes retrieving first data from a first data store having a first database topology and second data from a second data store having a second database topology. The first data and the second data are stored in a load data set. The load data set is sorted based on a first identifier field. A first microdatabase is loaded with a first portion of the first data associated with a first value of the first identifier field and a first portion of the second data associated with the first value. A second microdatabase is loaded with a second portion of the first data associated with a second value of the first identifier field and a first portion of the second data associated with the second value. A first key map record for the first microdatabase is generated. A second key map record for the second microdatabase is generated.

Abstract: Demand-based deployment of a font server to an edge device is facilitated by identifying a need for font-related data that is currently unavailable at a user device. The process also includes deploying a font server to an edge device of the computing environment to facilitate distribution of the font-related data to the user device.

Abstract: An example computing system is configured to: (i) apply a first access permission setting that defines whether a party can access a data object associated with a multi-phase construction project during a first phase of the multi-phase construction project; (ii) determine that the multi-phase construction project has transitioned from the first phase to a second phase; and (iii) based at least on the determination that the multi-phase construction project has transitioned from the first phase to the second phase, apply a second access permission setting that defines whether the party can access the data object associated with the multi-phase construction project during the second phase of the multi-phase construction project, where the second access permission setting differs from the first access permission setting.

Abstract: A system and method in accordance with example embodiments for comprehensive sales and service data reporting. Sales and service events that take place at a front end branch of an enterprise may be input into a front end system and transmitted to a backend system where various modules then use the front end system data to generate various data and reports to display various data, such as, for example, sales incentive metrics and key performance indicators.

Abstract: The technology described herein protects the privacy and security of data stored in a knowledge graph (“graph”) by enforcing visibility policies when returning property information in response to a query or other attempt to extract property information from the graph and/or about the graph. The visibility policies may be stored with the object and used to prevent restricted properties from being extracted from the object, let alone the graph. The object-specific visibility policy may be stored in the storage layer of the knowledge-graph object with the object properties and content. Some implementations may include multiple visibility records for a single object. Together the visibility records form the object visibility policy. An object visibility policy may have a single visibility record or multiple visibility records.

Abstract: Methods, systems, and apparatuses for providing access to records of a database stored on a database server in a cloud database platform are described herein. A data sharing platform may determine a shared view definition for access to the database. The data sharing platform may determine rules that specify criteria that limit access to the records stored by the database. The one or more first rules may be received via a user interface. The data sharing platform may perform, based on the rules, a data access certification process on the records stored by the database to generate a table of certification results. The data sharing platform may generate, based on the table of certification results, and without modifying the records stored by the database, a limited consumer view definition. Based on updates to the records, a new limited consumer view definition may be generated.

Abstract: Provided are a server connected to a first terminal operated by an orderer, a second terminal operated by a recipient that accepts an order, and a third terminal operated by a third party. The server includes: a first receiver configured to receive, from the first terminal, an order content indicating a content of the order; a first creating unit configured to create a work order, based on the order content; a first viewing controller configured to display the work order on the second terminal; a second receiver configured to receive, from the second terminal, acknowledgement information indicating acceptance of the order; a second creating unit configured to create a written acknowledgement for the accepted order, based on the acknowledgement information; and a second viewing controller configured to display the written acknowledgement on the third terminal in such a manner that a part of the order content is invisible.

Abstract: Embodiments use a graphical tree to illustrate hierarchical records including a child record having parent field(s) identifying a first parent record and a second parent record of the child record. The graphical tree is generated by determining a first position for the child record and a second position for the first parent record without considering the second parent record. Subsequently, a third position for the second parent record is determined at a same level as the second position. Once the positions are determined, a first shape, a second shape and a third shape are rendered at the first position, the second position and the third position, respectively. The graphical tree is then generated by visually connecting the first shape with the second shape and the third shape, thereby graphically illustrating the plurality of hierarchical records on a target output medium.

Abstract: A system, method, and computer-readable medium, including authoring and consolidating a semantic layer universe and at least one semantic layer extension (e.g., a collection of semantic layer entities) created on top of the objects of the semantic layer universe, the semantic layer universe and the one or more semantic layer extensions being linked via a repository relationship; and dynamically presenting a consolidated view of relevant objects from the semantic layer universe and possibly entities of the at least one semantic layer extension to provide a user with additional querying metadata.

Abstract: Embodiments are directed to techniques for chaining, triggering, and/or enforcing entitlements in a constrained environment. A constrained environment may be provided within with shielded assets are required to exist or execute. An entitlement may be granted on a variety of shielded assets, including datasets, computations scripts, data privacy pipelines, and intermediate datasets generated by an intermediate step of a data privacy pipeline. Thus, a beneficiary may use a granted entitlement as an input into other data privacy pipelines, without the need for the grantor to approve each specific downstream operation. The constrained environment may enforce an entitlement by fulfilling applicable constraints upon accessing the entitlement, restricting the output of the entitlement to the constrained environment, and fulfilling applicable policies when executing downstream operations.

Abstract: A method for dynamic test suite creation from event communications from customers includes receiving an event communication from a customer about an adverse event. The customer receives support for computing equipment over a management network from a support provider and the adverse event is regarding the computing equipment. The method includes analyzing the event communication using natural language processing to identify a potential cause of the adverse event and selecting one or more tests from a test library based on the identified potential cause of the adverse event. Each test of the tests is configured to test a portion of the computing equipment to lead to identification of a cause of the adverse event. The method includes automatically initiating the selected one or more tests through the management network and analyzing test results from execution of the selected one or more tests to identify a cause the adverse event.

Abstract: The terminal device may acquire a first data association instruction for associating a label file and a first database file and acquire a second data association instruction for associating the label file and a second database. The terminal device may, in a case where the first data association instruction and the second data association instruction are acquired, store data association information in a memory. The terminal device may, in a case where a print instruction is acquired under a state where the data association information is stored in the memory, create one or more pieces of print data corresponding to one or more label images using the label file and the third database file associated with the label file, and send the one or more pieces of print data to a label printer.

Abstract: Access to sensitive information in a database can be restricted to improve security and enable efficient auditing. A security engine receives a request from a requesting entity to access data in the database and determines that the requested data includes sensitive information. In response to the requesting entity being authorized to access the data, the security engine retrieves the requested data from the database and modifies the retrieved data by modifying metadata of the retrieved data to include a tag indicating that the retrieved data includes sensitive information. The security engine provides the modified data to the requesting entity and modifies a data access log to identify each attempted access to the modified data. When sensitive data is requested, an interface can include an obscuring element, requiring a user to manually select the element to view the data, enabling the logging of the explicit access request by the user.

Abstract: A method includes sequentially generating fragment records for a user device according to fragment generation rules specifying that each subsequent fragment record be generated for user device events that occur within a defined period of time. Each fragment record includes event data for a series of user device events and includes a fragment ID generated using a non-deterministic ID generation algorithm. The method includes generating an ID-fragment record associating a chain ID with the fragment IDs. The chain ID is associated with device IDs that identify the user device. The method includes removing associations between the chain ID and fragment IDs according to removal parameters indicating that associations be removed based on an age of the fragment records. The method includes generating at least one of search results and advertisements for the user device based on the event data in the fragment records that remain associated with the chain ID.

Abstract: Methods, systems, and computer program products for detection of personally identifiable information (PII). A first detector and a second detector are configured to interoperate. The first detector is different from the second detector and the second detector incurs a greater computational cost than the first detector when processing identical content. Content is presented to the first detector so as to implement a first type of PII detection that is based at least in part on regular expression analysis using regular expressions. The content is presented to the second detector. The second detector performs PII detection based on content analysis that is different from the first detector's regular expression analysis. The second detector causes generation of new regular expressions based on the content analysis and the first detector is updated with such new regular expressions. Performance of the first detector is continually improved as new regular expressions are generated.

Abstract: Techniques and solutions are described for providing flexible access to data during execution of a data access request. Multiple instances of a data artifact are created, where different instances of the data artifact provide access to different data sources having data associated with the data access request. When a data access request is executed, a particular data artifact instance can be used during execution of the data access request. In some cases, switching logic can be used to determine which data artifact instance is to be used in executing the data access request. Also described are technologies for facilitating creation of data artifact instances corresponding to a modelling artifact.

Abstract: Decision support technology is provided for use with patients who may be prone to a cardiovascular condition such as acute coronary syndromes. A mechanism is provided to determine a patient's risk for experiencing a cardiovascular ischemic event at a future time interval based on temporal patterns determined using physiological parameters of the patient such as serum or blood uric acid and/or C-reactive protein (CRP). A forecast or score may be determined indicating whether or not temporal patterns merit intervention to prevent occurrence or reoccurrence of ischemic events, or for determining adherence to or efficacy of treatment or preventive interventions. Based on the forecast or score, appropriate response action such as automatically issuing an alert or notification to a caregiver associated with the patient, may be determined, recommended, or implemented.

Abstract: A computer-implemented system and related method secures the access of a data object in a datastore by a remote system without user-specific credentials. The method comprises using a processor of a data resident operating system for verifying, using a security resource profile for the datastore, which access entity the remote system has access to, but without the user-specific credentials. The method also provides the security resource profile through a security application program interface (API) to the processor to determine whether access to the access entity should be allowed. The method allows the access to the data object by the remote system when the security resource profile exists and permits the access.

Abstract: A method for access control, the method may include (a) receiving, by a file server, an access request for allowing a user to access a file system entity, the user is identified by a first file system protocol (FSP) user identifier, (b) converting the first FSP user identifier to a first access control user identifier (ACUI) of the user, the first ACUI represents a combination of the user and the first FSP, (c) searching, within an access control data structure (ACUI), for a relevant access control rule associated with a member of a multiprotocol set of ACUIs of the user, wherein the multiprotocol set includes the first ACUI of the user and at least one other ACUI of the user that represents at least one combination of the user and at least one other FSP, and (d) responding to the access request based on the relevant access control rule, when finding the relevant access control.

Abstract: Disclosed herein are systems and methods for processing personal data by application of policies. In one aspect, an exemplary method comprises, by the network infrastructure component, analyzing communication protocols between an IoT device and the network infrastructure component, identifying at least one field that contains personal data, for each identified field, analyzing the identified field using personal data processing policies uploaded to the network infrastructure component, and applying the personal data policies for enforcement.

Abstract: Representative embodiments of secure authentication to a resource in accordance with a predefined, electronically stored quorum-based authentication policy include causing electronic interaction among multiple devices that constitute a quorum in accordance with the policy, computationally determining whether the interaction satisfies the policy, and if so, electronically according access to the resource to one or more individuals associated with the interacting device(s).

Abstract: Disclosed herein are embodiments of systems, methods, and products comprises an analytic server, which dynamically predicts future events for web users. The analytic server generates prediction models based on historical click-through analytics data received from the web server. The analytic server captures the current event (e.g., the current operation of the web user) on the web page, and determines the next event by predicting the web user behavior using the prediction models on an event-by-event basis. The analytic server also queries the web user data from a database to better understand the web user's intention, and improve the prediction accuracy. The analytic server modifies the HTML code to display the web page to include a graphical user interface comprising the predicted event. Based on the web users' reactions to the predicted event, the analytic server updates the prediction models.

Abstract: Aspects of the technology described herein relate to techniques for guiding an operator to use an ultrasound device. Thereby, operators with little or no experience operating ultrasound devices may capture medically relevant ultrasound images and/or interpret the contents of the obtained ultrasound images. For example, some of the techniques disclosed herein may be used to identify a particular anatomical view of a subject to image with an ultrasound device, guide an operator of the ultrasound device to capture an ultrasound image of the subject that contains the particular anatomical view, and/or analyze the captured ultrasound image to identify medical information about the subject.

Abstract: Methods and systems of recovering a cryptographic key associated with a blockchain based computer network, including encryption of at least a portion of a cryptographic key of the computer network with a recovery public key, sending of the encrypted at least a portion of the cryptographic key to at least one second computing device, sending of a recovery private key to a recovery escrow service, detection that the at least one first computing device is unavailable, publishing the recovery private key in a public repository, retrieving the recovery private key from the public repository, and decryption of the encrypted at least a portion of the cryptographic key by the at least one second computing device.

Abstract: Systems and methods relate generally to contextually providing a dynamic user interface. In an example method thereof, an apps list is obtained by a dynamic scheduling service for an operating system. The apps list is generated responsive to a query by the operating system responsive to a request by the dynamic scheduling service. Dynamic scheduling data is obtained by the dynamic scheduling service, which includes generating the dynamic scheduling data by an artificial intelligence service including filtering apps on the apps list responsive to a policy. A dynamic user interface is created by the dynamic scheduling service responsive to the dynamic scheduling data, which includes deactivating one or more of the apps on the apps list by the artificial intelligence service responsive to the policy.

Abstract: The present invention is provided with a threat analysis processing unit that, on the basis of an analysis result from the vulnerability analysis unit, analyzes a threat to the system and outputs a threat analysis result; a countermeasure planning unit that, on the basis of the threat analysis result and vulnerability information, plans the countermeasure plan which reduces the impact of the vulnerability; a security test planning unit that plans the security test on the basis of the countermeasure plan; an evaluation calculation unit that performs an evaluation on the basis of the security test, and outputs an evaluation result; and a result processing unit that processes the evaluation result and generates a security countermeasure.

Abstract: Methods and system for creating and managing personalized fonts. Personalized fonts are created by applying personalization parameters to a base font using a style application method or module such as a neural style transformation. The personalized fonts may be transferred to recipients of textual communications to enable the recipient to read messages from a sender in the personalized font of the sender.

Abstract: A computer is provided that includes a search engine. The search engine is configured to receive a search request and conduct a search against a database. Each record within the database includes or is associated with a display criteria or profile that specifies when data from that record can be included into a response to a search.

Abstract: The exemplary embodiments describe, inter alia, an apparatus comprising: a processor configured to (1) generate a plurality of graphical user interfaces (GUIs) for interaction with a user to support configuration of a narrative story generator to automatically generate a narrative story based on input data, wherein at least one of the GUIs presents content blocks comprising a story outline in a hierarchical structure, (2) evaluate configuration elements of the narrative story generated using imported sample data, and (3) generate narrative stories based on the configuration of the narrative story generator and the input data.

Abstract: Quorum-based access control management may be implemented. Quorum controls may be created for determining whether to perform or deny access control operations to perform privileged tasks. When an access control operation is received, approval of the operation may be requested from members for the quorum control. If a policy for the quorum control is satisfied by approval responses, then approval to perform the access control operation may be provided.

Abstract: The present embodiments relate generally to a system and method for creation of a patient account on a medical imaging system during a medical imaging examination. The method may involve operating a processor to: acquire a set of medical imaging data during the medical imaging examination, the set of medical imaging data being acquired in association with a logged-in medical professional account on the medical imaging system; display a new patient account prompt to initiate creation of the patient account; receive a patient identifier to initiate the creation of the patient account; and use the patient identifier to initiate the creation of the patient account, the patient account to be used for accessing at least a portion of the set of medical imaging data acquired during the medical imaging examination.

Abstract: Certain aspects of the present disclosure provide techniques for waveform parameters adaptation. Aspects provide for adapting waveforms to account for impairments that can occur when communicating in a high frequency band. A method that may be performed by a base station (BS) includes detecting one or more impairment conditions. The method includes determining a plurality of waveform parameters to adapt in response to the detected one or more impairment conditions. The method includes signaling the plurality of adapted waveform parameters to a user equipment (UE).

Abstract: The disclosed technology addresses the need in the art for a content management system that can be highly flexible to the needs of its subjects. The present technology permits any object to be shared by providing a robust and flexible access control list mechanism. The present technology utilizes a data structure that is highly efficient that both minimizes the amount of information that needs to be written into any database, but also allows for fast reads and writes of information from authoritative tables that are a source of truth for the content management system, while allowing for maintenance of indexes containing more refined data that allow for efficient retrieval of certain information that would normally need to be calculated when it is needed.

Abstract: A system is described for controlling access to resources using an object model. Users can specify use cases for accessing resources. The user may be granted access if the user satisfies qualifications required for accessing the resource, selected a use case permissible for accessing the resource, and satisfies qualifications required for the use case. Use cases, qualifications, resources, and/or links between them can be implemented using an object model. The system can be used in addition to authentication and authorization.

Abstract: An electronic device is provided that includes a memory storing program instructions, and one or more processors. The one or more processors, when executing the program instructions, are configured to generate an agent public key, and generate a key font based on the agent public key. The one or more processors are also configured to communicate the key font to an operating system, and obtain a key message based on the key font from an application. The one or more processors are also configured to respond to the key message on a bus based on the key message.

Abstract: A computerized system for encryption and transmission of digital information comprising: a set of non-transitory computer readable instructions that, when executed by a processor, preform the steps of: receiving a data set from an instance of a sender browser running on a sender computer device, verifying that a recipient is a subscriber and if the recipient is a subscriber, generating a sender key, encrypting a portion of the data set with the sender key, generating a key pair having a first key and a second key, encrypting the sender key with the first key, encrypting the second key with a master key, and, generating a hyperlink to the portion of the data set that is encrypted.

Abstract: The present disclosure provides systems and methods for creating and updating vehicle listings using crowdsourced images. An exemplary embodiment of the disclosed systems and methods includes at least one processor and at least one non-transitory computer-readable medium containing instructions. The instructions, when executed by the at least one processor, cause the system to perform operations. The operations include communicating with a listing system to create a listing for a vehicle and receiving, from an identification application executing on a mobile device distinct from the listing system, an identifier for the vehicle and an image of the vehicle. The operations further include identifying the listing using the received identifier, determining one or more parameters associated with an image quality for the received image, and updating the listing for the vehicle to include the received image based on the determined one or more parameters for the received image.

Abstract: The present disclosure provides a computer-implemented method for applying access rights to a database comprising a plurality of data units. The method may comprise receiving a request from a user to perform an operation directed to at least a subset of data objects stored in the database. Next, access rights associated with the user may be determined. The access rights may comprise an access permission to a subset of one or more of the data units that is implemented by performing a filter operation. The operation and the filter operation may then be performed concurrently to the at least subset of data objects to obtain a filtered data set.

Abstract: A method for continuous data transfer is provided. Data blocks are generated from a continuous data stream captured via a physiological monitoring device by segmenting data from the continuous data stream into the data blocks. A time at which the data associated with each data block occurs is determined and a sample number is associated with each data block. The data blocks are transmitted from the physiological monitoring device to a server. The data blocks are ordered on the server based on the time and the sample number associated with each data block.

Abstract: Systems and methods for managing data are disclosed. One method can comprise receiving a first request for a service, wherein the first request is associated with a first rights package. The first rights package can be processed to determine access to the service. An evaluation key can be generated, wherein the evaluation key represents the determination of access relating to the processing of the first rights package. A second request for a service can be received, wherein the second request is associated with a second rights package. The second rights package can be processed using the evaluation key.

Abstract: A collaborative matter management and analysis tool is presented. Each matter has its own workspace that is built around a collaborative backbone. Users can provide access to the matter workspace to anyone who they want to collaborate with, including others at their organization and persons outside the organization, such as clients, lawyers, experts, vendors and other third parties. Processing of the document is automatic and based on the content and document type. The document, when uploaded, is OCR'd and based on the content, citations are converted to hyperlinks and the cited documents are linked. Documents and events are associated to enable enhanced productivity tools such as searching and e-brief.