Abstract: A device for providing side-channel protection to a data processing circuit is provided and includes a chaotic oscillator and a counter. The data processing circuit has an input for receiving an input signal, a power supply terminal, and an output for providing an output signal. The chaotic oscillator circuit has an input coupled to receive a control signal, and an output coupled to provide an output signal for controlling a voltage level of a power supply voltage of the data processing circuit. The counter has an input coupled to receive a clock signal, and an output coupled to control a variable parameter of the chaotic oscillator in response to the clock signal. In another embodiment, a method is provided providing the side-channel protection to the device.

Abstract: A device receives policy information indicating a policy to be implemented for an application hosted by multiple cloud domains, and receives, from the multiple cloud domains, different application resource tags and addresses associated with the application. The device maps the different application resource tags to a generic identifier, and associates the policy with the generic identifier and with the addresses associated with the application. The device provides, based on associating the policy with the generic identifier and with the addresses associated with the application, the policy to the multiple cloud domains to permit the multiple cloud domains to implement the policy.

Abstract: Examples described herein relate to a method for managing data management policies of resources. An example includes detecting a movement of a resource from a first resource group protected by a first data management policy to a second resource group protected by a second data management policy. Further, in response to detection of the movement of the resource, a data management policy of the second resource group may be upgraded if first data management policy provides an enhanced level of copy data management over the second data management policy.

Abstract: Systems and methods for detecting and mitigating attacks that exploit vulnerabilities of a website are provided, according to various embodiments described below and herein. A computing device issues a request for a web page that is stored on a server. The server receives a request and issues a response that includes the requested web page and interceptor code injected into the response. The computing device receives the response, renders the web content and generates an interceptor from the interceptor code. The interceptor intercepts requests, responses to dynamically update the webpage and responses containing a challenge. When a computing device issues a request to the server to dynamically update the webpage, the server issues a response to the computing device that includes a challenge. Once computing device issues a request that includes an answer to the challenge, the server validates the answer and issues a response that dynamically updates the webpage.

Abstract: A packet is received by a hypervisor from a first container, the packet to be provided to a second container, the packet including a header including a first network address associated with the second container. A network policy is identified for the packet in view of the first network address. A second network address corresponding to the second container is determined in view of the network policy. A network address translation is performed by the hypervisor to modify the header of the packet to include the second network address corresponding to the second container.

Abstract: A media device receives a domain key from a service provider. The media device further encrypts media with a media key and encrypts the media key with the domain key to form an encrypted media token: the protected media key is encapsulated in an encrypted media token. The service provider may then receive the encrypted media token and one or more receiving entity identifiers relating to a receiving entity and ascertain whether the receiving entity is entitled to access media from the media device. If the receiving entity is entitled to access media from the media device, the service provider decrypts the cryptographic media token using the domain key to obtain the media key and providing the media key to the receiving entity. As such, an authenticated receiving entity may obtain the media key necessary to decrypt the media.

Abstract: According to an embodiment, an electronic device comprises at least one processor, and a memory that stores instructions configured to cause the at least one processor to obtain first data associated with original data based on random number using a first program, obtain first similarity information between the original data and the first data, obtain second data associated with the original data based on the random number using a second program, obtain second similarity information between the original data and the second data, in response to receiving a request, and provide the first program or the second program based on information included in a request that corresponds to a range that includes at least one of the first similarity information or the second similarity information.

Abstract: A computer device that manages privilege delegation is disclosed. The computing device can insert a custom verb command into a plurality of verb commands corresponding to a file. The computing device can intercept a request to execute the custom verb command on the file by intercepting a request to create a context menu. The computer device can obtain information related to the request to execute the custom verb command by obtaining a file identifier of the file from the request to create the context menu. The computer device can determine whether to execute the custom verb command on the file according to second privileges different from the first privileges based on the information related to the request to execute the custom verb command. The computer device can cause the custom verb command to be executed on the file according to the second privileges.

Abstract: Situational awareness and perimeter protection orchestration determines when network attacks are occurring, or predicts their occurrence, and provides tools and services to mitigate the attacks. The attacks can be denial of service attacks or distributed denial of service attacks or other types of attacks designed to disable and degrade a network. The dashboard can collect intelligence on what is happening on the network, and also streams of information from third parties that can be used to predict imminent network attacks. The dashboard can also determine what tools and services are available to the network operator in order to counteract the attacks.

Abstract: A processor includes a range register to store information that identifies a reserved range of memory associated with a secure arbitration mode (SEAM) and a core coupled to the range register. The core includes security logic to unlock the range register on a logical processor, of the processor core, that is to initiate the SEAM. The logical processor is to, via execution of the security logic, store, in the reserved range, a SEAM module and a manifest associated with the SEAM module, wherein the SEAM module supports execution of one or more trust domains; initialize a SEAM virtual machine control structure (VMCS) within the reserved range of the memory that is to control state transitions between a virtual machine monitor (VMM) and the SEAM module; and authenticate the SEAM module using a manifest signature of the manifest.

Abstract: Implementations of the present application propose a method and apparatus for preventing rollback of firmware of a data processing device, and a data processing device. The method includes: enabling a boot loader (BootLoader) to read a current value of a predetermined bit in a one-time programmable memory (eFuse); determining whether the current value and a legal value written into the one-time programmable memory after the latest updating of the firmware of the data processing device satisfy a preset relationship; in response to determining that the current value and the legal value satisfy the preset relationship, enabling the boot loader to call an operating system kernel of the data processing device, and in response to determining that the current value and the legal value do not satisfy the preset relationship, enabling the boot loader not to call the operating system kernel of the data processing device.

Abstract: The present invention relates in particular to a pairing method between a multimedia unit and one operator having an operator identifier, the multimedia unit having a multimedia unit identifier and receiving conditional access data from said operator, the method being characterized in that: receiving by the multimedia unit a multimedia unit key formed by applying a first cryptographically function to a personalization key and to the multimedia unit identifier; receiving by the operator an operator key formed by applying a second cryptographically function to said personalization key and to the operator identifier; said multimedia unit further having a function of the multimedia unit and said operator further having a function of the operator, these functions being such that the result of the application of the function of the operator to said operator key and to said multimedia unit identifier is equal to the result of the application of the function of the multimedia unit to said multimedia unit key a

Abstract: A method of downloading or opening a file in response to a user input made through an application running in the computer system, includes the steps of detecting by the application that the user input is to download or open a file, issuing a request by the application to a file sanitation server to sanitize the file to remove embedded codes in the file and return the sanitized file, and upon receiving the sanitized file by the application, saving the sanitized file in a folder where the sanitized file can be opened.

Abstract: Databases that reside on a private network behind a firewall may be difficult to access from a cloud platform on the Internet. Techniques disclosed herein allow an Internet system to communicate with multiple different databases behind multiple different firewalls, however. A client-side private computer system, from behind a firewall, transmits a series of database request status inquires to a server system (not behind the firewall). These status inquiries may be sent as HTTP long poll messages. When the server wishes to query a database on the private network, it responds to one of the database request status inquiries. Because the client-side computer initiated communication, the server response is allowed to pass through the firewall when it might otherwise be blocked. Employing such techniques in parallel allows a server to interact with multiple firewalled databases without the difficulties and inconvenience of attempting a VPN connection.

Abstract: Systems and methods for implementing sentiment analysis of computer code are provided. Developers who write source code may include comments or other natural language artifacts in the source code. These artifacts may be illustrative of current or legacy cybersecurity threats. Systems and methods may mine comments, and/or other code artifacts, for the dual purposes of cybersecurity threat detection and mitigation. Advanced code analytics may be leveraged for a deeper understanding of the sentiments expressed by the artifacts. Such sentiment may include negative sentiments expressed in error code selection and/or descriptions. All information retrieved is preferably human identity agnostic in line with personal data regulation compliance.

Abstract: A tool for providing a user configured one-time password. Responsive to receiving a request for a one-time password, the tool sends the one-time password, based at least in part, on a user configured one time password rule. The tool receives a user configured one-time password return value for the one time password. The tool determines whether the user configured one-time password return value satisfies the user configured one-time password rule when applied to the one-time password. Responsive to a determination that the user configured one-time password return value satisfies the user configured one time password rule, the tool accepts the user configured one-time password return value and granting access to the application.

Abstract: Motion pictures or other digital media content can be encoded with visible, yet obscured, digital codes that can be optically detected by a camera or other automated image processing device. If a code is recognized in captured media content, further capture, playback and/or distribution can be halted, as desired. Because the code is visible (albeit hidden) in the digital imagery itself, capture by another camera or other optical device will not typically negate the usefulness of the code. That is, the code is visibly present within the imagery itself, so subsequent capture of the video imagery will also capture the code, thereby allowing for detection and/or prevention.

Abstract: A method and system to facilitate session continuity where a user-plane function (UPF) serves user-equipment devices (UEs) and communicates with a transport network by default through a first firewall. As each of various ones of the UEs establishes a respective TCP session via the first firewall, the UPF determines if the UE is likely to engage in latency-sensitive communication, such as if the UE is a Ultra-Reliable Low-Latency Communication (URLLC) device and if so causes the first firewall to record the UE's TCP session 5-tuple to a centralized data storage. Thereafter when the UPF switches to use a second firewall instead of the first firewall (e.g., because the first firewall goes out of service), the UPF causes the second firewall to get from the centralized data store the TCP session 5-tuple of each such UE, for access-control use by the second firewall, to help provide session continuity.

Abstract: A cloud-based system for securely storing data, the system having a processor which obtains a source data file; splits it into at least three fragments; and uses an encryption key associated with the fragments to encrypt the fragments and distributes the encrypted fragments among at least three cloud storage providers, creates a pointer file containing information for retrieving the encrypted fragments. When a system user requests access to the data, the system uses the information stored in the pointer file to retrieve the stored encrypted fragments from the plurality of clouds; decrypts the fragments and reconstructs the data, and provides data access to the system user.

Abstract: Providing an isolation system that allows analysts to analyze suspicious information in a way that aids in preventing harmful information from spreading to other applications and systems on a network. A plurality of virtual containers may be used by analysts to analyze suspicious information. The analyst may set the virtual environment configurations (e.g., applications, programs, settings, etc.) of the virtual container. The analyst may determine how the suspicious information effects the virtual environment configuration and/or use tools to analyze the suspicious information. When harmful information is identified the virtual container may be discarded (e.g., folded up and deleted), and a new virtual container may be provided to the analyst to continue to analyze the suspicious information and/or new suspicious information.