Abstract: A data sharing method, server and storage medium including receiving a first part of a first key from a first client, the first key corresponding to encrypted data uploaded to a block of an information sharing system generating a first authorization code corresponding to the encrypted data; transmitting the first authorization code to the first client; based on receiving an access request from a second client for the encrypted data, obtaining a second authorization code and an incomplete key from the access request; based on the second authorization code being the same as the first authorization code and the second authorization code being valid, generating a second key according to the incomplete key and the first part of the first key corresponding to the encrypted data decrypting the encrypted data according to the second key to obtain the plaintext data; and transmitting, to the second client, the decrypted plaintext data.

Abstract: A communication system which includes a terminal, a telecommunications network server able to provide a network service to the terminal; and an application server able to provide application services to the terminal via the network and the network server. The terminal and the network server share and store a same network root key kept secret from the application server and are configured to generate, on the basis of this network root key, a network session key used to sign and verify the integrity of messages exchanged on the network between the terminal and the network server. The terminal and the application server share and store a same application root key kept secret from the network server, and configured to generate, on the basis of this application root key, an application session key used to encrypt and decrypt messages exchanged between the terminal and this application server via the network.

Abstract: The disclosed technology relates to a process for zero touch provisioning to provide cloud enablement of legacy computing devices. Specifically, the disclosed technology provides the ability to automate the process of connecting computing devices that may not originally have the capabilities to connect to the Internet so that the computing devices can be managed by a cloud network or be provided updates by the cloud network. The cloud enablement for computing devices is performed by modifying the computing device with hardware and software that would direct the computing device to establish secure communications with the cloud network without user involvement.

Abstract: A method of secure data transfer and storage using a removable storage device storing encrypted information. The method uses a host that stores and transfers encrypted sensitive information and a customer that desires the information to be securely stored. The customer chooses a unique encryption code to encrypt sensitive information and places the encrypted files on the removable storage device, then physically transfers the information to the host. The encrypted sensitive information travels physically between the host and customer outside of any computer network. The host has a gapped area that remains disconnected from any network. The host takes the sensitive information and copies it to the designated armored storage unit.

Abstract: A method includes receiving a request from a user account to access a base table via a smart table view. The base table includes sensitive columns and non-sensitive columns. Each record in the base table is associated with a respective protection key of a plurality of protection keys. Each protection key represents protection types of a plurality of protection types of sensitive data. The user account is associated with a user protection key. The user protection key represents at least one protection type for which the user account is authorized. The smart table view of the base table is dynamically generated by joining the base table and a custom mask table including a subset of the plurality of protection keys. The smart table view masks the non-sensitive columns of the base table in records of the base table having sensitive data the user account is not authorized to access.

Abstract: A system comprises one or more slice-aggregated cryptographic slices each configured to perform a plurality of operations on an incoming data transfer at a first processing rate by aggregating one or more individual cryptographic slices each configured to perform the plurality of operations on a portion of the incoming data transfer at a second processing rate. Each of the individual cryptographic slices comprises in a serial connection an ingress block configured to take the portion of the incoming data transfer at the second processing rate, a cryptographic engine configured to perform the operations on the portion of the incoming data transfer, an egress block configured to process a signature of the portion and output the portion of the incoming data transfer once the operations have completed. The first processing rate of each slice-aggregated cryptographic slices equals aggregated second processing rates of the individual cryptographic slices in the slice-aggregated cryptographic slice.

Abstract: This disclosure relates to method and system for providing a light weight secure communication for computing devices. In one example, the method includes generating a new encryption key based on a selected encryption key from among a plurality of encrypted keys and a current synchronized hash based on a set of pre-defined rules, generating an updated synchronized hash based on a message to be transmitted and the current synchronized hash using a pre-defined hash algorithm, encrypting the message to be transmitted using the new encryption key to generate an encrypted message, transmitting the encrypted message, and replacing the current synchronized hash with the updated synchronized hash. The set of pre-defined rules and the pre-defined hash algorithm are retrieved from a pre-installed library. Further, the current synchronized hash, the plurality of encryption keys, and the pre-installed library are synchronized between the first computing device and the second computing device.

Abstract: Broadly speaking, the present techniques provide methods, apparatus and systems for monitoring operation of a device. More particularly, the present techniques provide methods for monitoring operation of a device based on a device firmware update that is associated with at least one power profile.

Abstract: An access control method for a restricted resource in a computer system having an operating system providing isolation between software processes executable in the operating system such that a first process executing in the operating system is prevented from accessing resources of a second process executing in the operating system, the method including receiving a software component for execution as an isolated process in the operating system; receiving a baseline profile for the software component defining characteristics of the software component at a runtime for identifying performance of the software component; generating a runtime profile of the software component in execution in the operating system defining characteristics of the component in execution; and permitting access by the software component to the restricted resource based on a comparison of the baseline profile and the runtime profile such that the software component exhibiting undesirable performance is precluded from accessing the restrict

Abstract: A method in a computer system having an operating system providing isolation between software processes executable in the operating system such that a first process executing in the operating system is prevented from accessing resources of a second process executing in the operating system, the method including receiving a software component for execution as an isolated process in the operating system; receiving a baseline profile for the software component defining one or more characteristics of the software component at a runtime for identifying performance of the software component; generating a runtime profile of the software component in execution in the operating system defining characteristics of the component in execution; and flagging the software component in execution based on a comparison of the baseline profile and the runtime profile so as to identify an undesirable performance of the software component.

Abstract: In particular embodiments, in response a data subject submitting a request to delete their personal data from an organization's systems, the system may: (1) automatically determine where the data subject's personal data is stored; (2) in response to determining the location of the data (which may be on multiple computing systems), automatically facilitate the deletion of the data subject's personal data from the various systems; and (3) determine a cause of the request to identify one or more processing activities or other sources that result in a high number of such requests.

Abstract: A computer-implemented method for performing authentication includes: determining, by a database server storing data in a blockchain ledger, a target ledger segment on which time service authentication is to be performed; generating a Merkle tree corresponding to the target ledger segment; determining a root hash of the Merkle tree, the root hash of the Merkle tree being based on a block hash of each data block in a set of one or more data blocks; executing a predetermined time capture process in a trusted execution environment to obtain a trusted time from an interface provided by a trusted time service organization; generating a digital signature for the trusted time and the root hash in the trusted execution environment; and generating a time service certificate including the trusted time, the root hash, and the digital signature.

Abstract: There are provided a method and system for assessing latency of ciphering end point of secure communication channel. The method comprises: generating a test traffic comprising a series of original data packets, wherein, for each original data packet, size of a given packet is uniquely indicative of the packet's place in a sequence of data packets in the series and enables unique correspondence with a size of the given packet upon its encryption; successively transmitting the original packets to the ciphering end point, whilst associating with respective departure time stamps; receiving encrypted packets from the ciphering end point and associating them with respective arrival time stamps; using a size of a given encrypted packet with a timestamp TSa to identify a size of a matching original packet, its place in the sequence of original packets and, thereby, its departure timestamp TSd, thus giving rise to a plurality of timestamp pairs (TSd; TSa).

Abstract: System, method, and computer program product for authenticating a message among a groups of computing devices communicating over an unsecured channel, based on an out-of-band (OOB) authenticated channel which may be used to send a short message to all receivers.

Abstract: A system and method for authentication, authorization, and access management based on personally identifiable information and data sets pertaining to individual identity and its attributes within independent computer systems and digital networks.

Abstract: Techniques are disclosed concerning secure access to data in a computing device. In one embodiment, a computing device includes a communication interface, a memory, a memory controller, and a security processor. The communication interface may communicate with a different computing device. The security processor may generate a host key in response to a successful authentication of the different computing device, and then encrypt a memory key using the host key. The security processor may also send the encrypted memory key to the memory controller, and send the host key to the different computing device. The host key may be included by the different computing device in a subsequent memory request to access data in the memory. The memory controller may, in response to the subsequent memory request, use the included host key to decrypt the encrypted memory key and use the decrypted memory key to access the data.

Abstract: A computing apparatus for protecting software hooks from interference may include a processing device and a memory access monitoring device configured to monitor access to the memory addresses of one or more hooks. When a task T1 attempts to write to a memory address of a monitored hook, the monitoring device may generate a notification (e.g., an interrupt), and the processing device may pause execution of the task T1 and initiate execution of a hook protection task T2. The hook protection task T2 may determine whether to allow task T1 to modify the monitored hook. If task T1 is not a trusted task (e.g., if task T1 is or may be malware), the processing device blocks T1 from modifying the monitored hook. In this manner, some attempts to unhook critical software hooks may be thwarted.

Abstract: A method for protecting a mobile terminal device from cyber security threats, including the steps of: detecting that the mobile terminal device is successfully connected only through one or both of a selected physical serial interface connected to a device for facilitating the testing or a wired network interface, which is connected to an electrical utility device. Prior to executing a test routine by the mobile terminal device, switching the mobile terminal device to a test state by: disabling an internal firewall, disabling one or more remaining network interfaces and serial interfaces, such that existing communications or connections are terminated and new communications and connections are prevented. Enabling communication to one or both of the selected physical serial interface and the wired network interface, performing the testing on the at least one electrical utility device according to the executed test routines under control of the mobile terminal device until completion.

Abstract: An authentication system comprises a browser extension and a password manager application. The browser extension can be configured for execution on a first user device. The browser extension can be configured to display a response code and receive a login credential from a server. The response code can comprise a unique session identifier identifying the browser extension and a user browsing session. The password manager application can be configured for execution on a second user device. The second user device can have a scanner configured to scan the response code. The password manager application can be configured to extract the unique session identifier, parse the unique session identifier into session identifier content, send a portion of the session identifier content to the server, receive an approval from a user of the second user device, and send a notification to the server.

Abstract: A method includes obtaining messages associated with assets in an enterprise system, splitting each of the messages into a set of tokens, determining a count of a number of occurrences of each of the tokens, and assigning weights to the tokens based at least in part on the counts of the number of occurrences of the tokens. The method also includes determining a score for each of the messages based at least in part on a combined sum of the weights for the set of tokens of that message, generating a summary of the messages by selecting a subset of the messages for based at least in part on the scores. The method further includes identifying remedial actions to be applied to assets in the enterprise system based at least in part on the summary of the messages, and implementing at least one of the identified remedial actions.