Abstract: A method including determining, by a device, an assigned key pair including an assigned public key and an assigned private key; determining, by the device for a folder including encrypted content, a folder access key pair including a folder access public key and a folder access private key; encrypting, by the device, the folder access private key by utilizing the assigned public key; and accessing, by the device, the encrypted content based at least in part on decrypting the folder access private key. Various other aspects are contemplated.

Abstract: According to one aspect of the concepts and technologies disclosed herein, a role-based access control (“RBAC”) system can mark all granular roles in a granular role group as non-tested to create a non-tested granular role set. The RBAC system can randomly select a granular role from the non-tested granular role set. The RBAC system can assign both the non-tested granular role set and a tested-keep granular role set to the granular role group. Each granular role in the tested-keep granular role set has been tested an approved for inclusion in the complete granular role set. The RBAC system can determine whether a user assigned to the granular role group has access to a protected function. In response to determining that the user does not have access to the protected function, the RBAC system can mark the granular role for inclusion in the tested-keep granular role set.

Abstract: A vehicle control device that verifies integrity of a program within a higher-importance region containing a start-up program; and that verifies integrity of a program within a lower-importance region in a state in which the program within the higher-importance region has been started up by the start-up program.

Abstract: An online meeting service is configured to determine whether a prospective meeting participant is among a known group of trusted users (e.g., logged in to a trusted domain). If the prospective meeting participant is validated as a trusted user, they may join a meeting without additional steps. If the prospective meeting participant is not validated as a trusted user, they may consent to have the meeting organizer view them through their camera in order to confirm that they may have meeting access. If the organizer recognizes the prospective participant through the camera image (still or video), the organizer may admit them to the meeting.

Abstract: Security policies may be utilized to grant or deny permissions related to the access of computing resources. Two or more security policies may be compared to determine whether the policies are equivalent, whether one security is more permissive than another, and more. In some cases, it may be possible to identify whether there exists a security permission that is sufficient to determine two security policies lack equivalency. Propositional logics may be utilized in the evaluation of security policies.

Abstract: Methods and integrated circuit architectures for assuring the protection of intellectual property between third party IP providers, system designers (e.g., SoC designers), fabrication entities, and assembly entities are provided. Novel design flows for the prevention of IP overuse, IP piracy, and IC overproduction are also provided. A comprehensive framework for forward trust between 3PIP vendors, SoC design houses, fabrication entities, and assembly entities can be achieved, and the unwanted modification of IP can be prevented.

Abstract: Computerized systems are provided for detecting or receiving a sharing gesture in a communication group and responsively instantiating or updating one or more computer objects that include rich contextual data associated with the sharing gesture. These computer objects can be instantiated or updated based on one or more rules or policies. These computer objects or associated indications can be surfaced back to a user to give the user context regarding the shared resource. It can be determined whether a user has access to (or permission to access) such a computer object and/or an associated computer resource for presentation to the user.

Abstract: A document management system manages documents of an entity. The document management system monitors for entries in a document that are suspicious. Entries in the document are classified by the document management system as a “suspicious entry” or a “non-suspicious entry.” In one embodiment, a suspicious entry is indicative of potentially suspicious activity at the entity.

Abstract: A boot read only memory (ROM) chip unit can perform a secure boot routine based on various operations. A processor device comprises a boot ROM chip with processing circuitry on a system board configured to perform a system board power up according to a read operation in a one-time-programmable OTP memory/non-volatile memory (NVM). The OTP memory/NVM includes a spare area in a portion of the OTP/NVM that can receive a first sequence pattern. The processor determines whether a secure boot indication indicates a secure boot routine, and differentiates one or more read return content of the OTP memory/NVM between a wrongly read return content and a trusted read return content, in response to, or concurrent with, the secure boot indication indicating the secure boot routine.

Abstract: A computer implemented method for access control for a restricted resource in a computer system, the method including receiving a first set of records for the computer system, each record detailing an occurrence in the computer system during a training time period when the resource is accessed in an approved manner; generating a sparse distributed representation of the set of records to form a training set for a hierarchical temporal memory (HTM); training the HTM based on the training set in order that the trained HTM provides a model of the operation of the computer system during the training time period; receiving a second set of records for the computer system, each record detailing an occurrence in the computer system during an operating time period for the computer system in use by a consumer of the resource; generating a sparse distributed representation of the second set of records to form an input set for the trained HTM; executing the trained HTM based on the input set to determine a degree of recog

Abstract: Systems and methods for evaluating security risks using a manufacturer-signed software identification manifest are described. In some embodiments, an Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution, cause the IHS to: receive a request to perform attestation of a client device; retrieve, from an agent executed by the client device, a manifest comprising: (i) a signature portion encrypted with a first key, and (ii) a software identification (SWID) portion encrypted with a second key; retrieve the first key from a manufacturer database; retrieve the second key from a customer database; decrypt the signature and the manifest with the first and second keys; and perform the attestation using the decrypted manifest.

Abstract: An information processing apparatus includes a processor programmed to: detect a request submitted from a terminal to an external server providing a service; and upon a determination that the detected request is submitted from the terminal located in a base, transmit a validation request for validating a certificate of the terminal to a CRL distribution server in which the certificate of the terminal is invalid.

Abstract: A method for recovering a network key of an access point to a network, implemented by a terminal. The network key allows the terminal to be associated with the access point upon a first connection of the terminal to the access point. The network key recovery method includes: receiving, by the terminal, a network key provided by the access point on a server following a request, by the terminal to the server, for the network key of the access point, the request including an identifier of the access point and having been relayed by the server to the access point associated with the identifier of the access point in the request. Thus, as the access point does not transmit the network key directly to the terminal, but to a server on which the terminal will recover it, this limits intrusions into the network linked to the vulnerability of the Wi-Fi network.

Abstract: A method for protecting against exposure to content violating a content policy, the method including receiving a number of content items including a first set of content items associated with a content group, determining a measurement associated with an amount of the first set of content items belonging to a specific content category, assigning one or more of the number of content items to be categorized by at least one of the machine learning algorithm or a manual review process, automatically applying the specific content category to one or more other content items of the content group such that the one or more other content items are not reviewed by the manual review process, and transmitting at least one of the number of content items, wherein the content category of each of the number of content items indicates whether the specific content item violates any content policies.

Abstract: Systems and methods for managing Application Programming Interfaces (APIs) are disclosed. Systems may involve automatically generating a honeypot. For example, the system may include one or more memory units storing instructions and one or more processors configured to execute the instructions to perform operations. The operations may include receiving, from a client device, a call to an API node and classifying the call as unauthorized. The operation may include sending the call to a node-imitating model associated with the API node and receiving, from the node-imitating model, synthetic node output data. The operations may include sending a notification based on the synthetic node output data to the client device.

Abstract: A system for using hardware-secured receptacle devices includes a transfer processing device configured to store transfer method data associated with user on at least a cryptographically secured receptacle device, receive user authentication credentials from a user, authenticate user identity as a function of the user authentication credentials, retrieve a transfer authorization from the at least a cryptographically secured receptacle device as a function of the transfer method data, generate a transfer as a function of the transfer authorization.

Abstract: Techniques are disclosed relating to credential managers. In some embodiments, a computing device maintains a credential manager that stores, in a protected manner, a set of credentials for authenticating a user and metadata about the credentials. The computing device stores an instance of the metadata externally to the credential manager. The computing device uses the externally stored metadata to determine whether the set of credentials includes a particular credential associated with a service and, in response to determining that the set of credentials includes the particular credential, displays an indication of the particular credential. In some embodiments, the computing device receives a selection of the displayed indication by the user and, in response to the selection, sends a request for the particular credential to the credential manager.

Abstract: Methods, systems and computer program products for improving performance of a cryptographic algorithm are described. First, data to be encrypted/decrypted is provided as input to the system. A primary key, or multiple keys (in case of asymmetric cryptography), is generated for the encryption/decryption process. The primary key consists of metadata as well as key blocks containing secondary keys. The metadata contains information explaining how the data will be handled from algorithmic structure to the base cryptographic scheme to be used. Further, the data is split and processed via relevant portions of the key blocks. Finally, the completed encrypted/decrypted data segments are combined in order to complete the process. The used process ensures higher performance as well as higher algorithmic entropy than comparable methods in literature or on the market.

Abstract: In a device including a processor and a memory, the memory includes executable instructions that, when executed by the processor, cause the processor to control the device to perform functions of receiving an access control setting for granting access to an access-controlled resource and a dynamic tag characterizing a member group subject to the access control setting; accessing a data source storing member data including an attribute associated with each member, the attribute including a parameter related to a time or time period. The dynamic tag is mapped to the member data based on (1) the parameter of the attribute and (2) a time or time period associated with the dynamic tag, to identify mapped members forming the member group, wherein the mapped members identified based on a same dynamic tag vary depending on the time or time period associated with the dynamic tag, to identify the member group.

Abstract: An integrated-circuit device comprises a processor, a hardware key-storage system, and a key bus. The hardware key-storage system comprises a non-volatile key storage memory, which includes a key register, for storing a cryptographic key, and an address register, for storing a destination memory address for the cryptographic key. The hardware key-storage system further comprises output logic for sending the cryptographic key over the key bus to the destination memory address, and write-once logic for preventing an address being written to the address register unless the address register is in an erased state.