Abstract: A method of identifying primitives for implementing a physical unclonable function providing a response representative of a device comprising a plurality of primitives coupled in pairs, said primitives being configured for being one-time programmable through application of a burning energy to said primitives, by selecting a subset of the pairs, assessing a difference between electrical characteristics values provided by primitives belonging to each pair of said subset, qualifying all pairs of primitives for which the assessed difference is higher than a reference threshold, and identifying said qualified pairs of primitives comprising programming at least one primitive of each pair of primitives for which the assessed difference is lower than said reference threshold, by applying a burning energy to said at least one primitive so as to differentiate qualified pairs of primitives from those that are not qualified.

Abstract: A method and a computer system is provided for executing the method for providing a registration data directory service (RDDS). The method includes obtaining, at a RDDS, a RDDS query comprising a location assertion from a RDDS client from a RDDS client; providing, by the RDDS, a request for personally identifying information (PII) for the RDDS query from a privacy provider, wherein the request comprises the location assertion; obtaining, by the RDDS, the PII for the RDDS query; and providing, by the RDDS, a response to the RDDS query to the RDDS client, wherein the response comprises PII.

Abstract: A computer-implemented method for authentication of a queried device having an electrical circuit exhibiting physically unclonable functions (PUFs). The method includes: at the queried device, generating a first random number based on an initial first counter value; matching the first random number against a first value of a record stored in a database of a querying device, the record including second (shuffled) and third values; at the queried device, generating a second random number based on a once incremented first counter value, deterministically generating a de-shuffled second value based on an initial second counter value, determining that the second random number matches the de-shuffled second value, and submitting sub-challenges corresponding to the second random number to the electrical circuit to generate a response; and, at the querying device, determining that the response matches the third value of the record to complete a first authentication of the queried device.

Abstract: Provided is an intrusion detection technique configured to: obtain kernel-filter criteria indicative of which network traffic is to be deemed potentially malicious, determine that a network packet is resident in a networking stack, access at least part of the network packet, apply the kernel-filter criteria to the at least part of the network packet and, based on applying the kernel-filter criteria, determining that the network packet is potentially malicious, associate the network packet with an identifier of an application executing in userspace of the operating system and to which or from which the network packet is sent, and report the network packet in association with the identifier of the application to an intrusion-detection agent executing in userspace of the operating system of the host computing device, the intrusion-detection agent being different from the application to which or from which the network packet is sent.

Abstract: An illustrative method includes a data protection system directing a storage system to generate recovery datasets over time in accordance with a data protection parameter set, the recovery datasets usable to restore data maintained by the storage system to a state corresponding to a selectable point in time, determining that the storage system is possibly being targeted by a security threat, and modifying, in response to the determining that the storage system is possibly being targeted by the security threat, the data protection parameter set for one or more of the recovery datasets.

Abstract: There is provided a requestor device for digital signing of a message, comprising: at least one hardware processor executing a code for: transmitting the message for signing thereof, in a single request session over the network to each one of a plurality of validator devices, wherein a beacon device computes and transmits over a network to each one of a plurality of validator devices a signature-data value computed and signed by the beacon device, receiving in a single response session from each one of the plurality of validator devices, a respective partial-open decrypted value computed for the signature-data value and the message, and aggregating the partial-opens decrypted values received from the plurality of validator devices to compute the digital signature of the message.

Abstract: A method may include, receiving, at a server device and from a requesting computing device associated with a requesting user, a request for a data item. The data item configured may be configured as a data structure and include an encrypted data payload; metadata identifying a source of the payload and when the data payload was captured; and a token identifying an owner of the data item and access rights to the data item. The method may include parsing he token to identify the owner of the data item; transmitting the request for the data item to a computing device associated with the owner; receiving a response from the computing device. The response may indicate the requesting user may access the data item, and in response, transmit a decryption key to the requesting computing device for the encrypted data payload. The method may include updating the token.

Abstract: A system for configuring an information handling system based on a multi-user state change. An intelligent sensor hub communicates with sensors to detect the number of persons in a field of view of the information handling system. When the intelligent sensor hub determines there is a change in the number of persons, the information is sent out-of-band to an embedded controller (EC) independent of a host operating system. The EC makes a change to the configuration of the information handling system if needed.

Abstract: A system addresses a security vulnerability in sending commands to a vehicle tracking device via SMS text messaging. The system provides a single-use credential value for authenticating the SMS communication link before it can be used to command the vehicle tracking device. The single-use credential value, also referred to herein as a One-Time Personal Identification Number (OTPIN), is preferably time-based so that it can be used only once.

Abstract: One example method includes inserting a signal layer in an image, the signal layer indicating that a sensitive layer in the image is a candidate for encryption, creating a single layer archive file that includes the sensitive layer, encrypting the single layer archive file to create an encrypted layer, constructing a new image that includes the encrypted layer, inserting, in the new image, a decryptor layer that is operable to decrypt the encrypted layer, and designating the decryptor layer as an entry point of the new image.

Abstract: An illustrative method includes a data protection system determining a first compressibility metric associated with write traffic processed by a storage system, the first compressibility metric indicating an amount of storage space saved if the write traffic is compressed; determining a second compressibility metric associated with read traffic processed by a storage system, the second compressibility metric indicating an amount of storage space saved if the read traffic is compressed; determining, based on a comparison of the first compressibility metric with the second compressibility metric, that the write traffic is less compressible than the read traffic; determining, based on the write traffic being less compressible than the read traffic, that the storage system is possibly being targeted by a security threat; and performing, based on the determining that the storage system is possibly being targeted by the security threat, a remedial action with respect to the storage system.

Abstract: An illustrative method includes a data protection system determining a delta metric between a first recovery dataset generated by a storage system at a first time and a second recovery dataset generated by the storage system at a second time subsequent to the first time and determining, based on the delta metric, whether data maintained by the storage system is possibly being targeted by a security threat.

Abstract: A consent block is a type of block that may be stored in a blockchain. Each consent block has an owner and may store an owner consent contract, i.e., a smart contract containing owner-specified access rules that determine who may access data assets that are stored in other blocks of the blockchain and owned by the same owner. The consent block may alternatively store a global consent contract containing global access rules that supersede owner-specified access rules. The consent block also stores a hash value determined from the consent contract and a previous hash value of the block immediately preceding the consent block. The consent contract and the position of the consent block in the blockchain are verifiable from the hash value. Each consent block, once added to the blockchain, becomes part of the immutable record of data stored in the blockchain, and therefore leaves an auditable trail.

Abstract: Aspects of the invention include generating a cryptographic key to restrict access to a resource. The cryptographic key being defined by a key token. An exemplary method includes designating a storage field in metadata of the key token, in metadata of a cryptographic key data set record that includes the key token, or in a resource access control database that controls use of the cryptographic key for inclusion of an indicator that the cryptographic key may or may not be deleted or modified. The indicator in the designated storage field is set to indicate whether or not the cryptographic key may be deleted or modified.

Abstract: An illustrative method includes a storage system receiving attribute data representative of one or more attributes of a known attack against data maintained by a target system other than the storage system, updating an extensible attack monitoring process executed by the storage system with the attribute data, and monitoring, using the extensible attack monitoring process updated with the attribute data, storage operation requests of the storage system for one or more attributes that match the one or more attributes of the known attack.

Abstract: An illustrative method includes a data protection system detecting, for a storage system, a potential data corruption in the storage system, analyzing, in response to the detecting of the potential data corruption, one or more metrics of the storage system, and determining, based on the analyzing of the one or more metrics of the storage system, a corruption-free recovery point for potential use to recover from the potential data corruption.

Abstract: A method is disclosed. A node in a plurality of nodes can perform an identity set generation process. The node can then determine a leader node. The node may diffuse an identity set from each node of the plurality of nodes to the plurality of nodes. The node can then determine a majority set including identities occurring in at least one half of the identity sets, wherein the leader node diffuses the majority set of the leader node to the plurality of nodes. The node can verify the majority set of the leader node. The node may then update the identity set based on the majority set of the leader node.

Abstract: A cloud-native global file system, in which one or more filers are associated with a volume of a versioned files system in a private, public or hybrid cloud object store, is augmented to include a rapid ransomware recovery service. Upon detecting a ransomware attack associated with one or more files or directories of the volume, read and write access to the volume is restricted. A recovery filer is then activated or designated in the cloud. A restore operation is then initiated at the recovery filter. Following completion of the restore operation, a new clean (healthy) snapshot of the volume is then created using the recovery filer For any filer other than the recovery filer, a determination is made whether the filer has completed a merge operation with respect to the new clean snapshot. If so, read and write access to the volume is re-enabled from that filer.

Abstract: An illustrative method includes a data protection system detecting a request to perform an operation with respect to a storage system, identifying one or more attributes of the request, determining, based on the one or more attributes, that the request is possibly related to a security threat against the storage system, and throttling, based on the determining that the request is possibly related to the security threat against the storage system, a performance of the operation.

Abstract: An illustrative method includes a data protection system performing, for a storage system, a first security threat detection process, determining, based on the performing of the first security threat detection process, that the storage system is possibly being targeted by a security threat, and performing a second security threat detection process, the second security threat detection process providing higher confidence threat detection than the first security threat detection process.