Abstract: An apparatus includes a processor coupled to a memory. The processor calls a second function from a first function by coloring with an inaccessible color value a first memory area associated with the first function, branching to the second function, coloring with a second color value a second memory area associated with the second function, operating on the second memory area, and coloring with the inaccessible color value the second memory area. The processor then returns control to the first function, and colors with a first color value the first memory area. The coloring step includes branching to a coloring routine that includes a basic block beginning with a single branch target instruction, identifying and authorizing the calling routine, coloring with a hardcoded color value a memory area associated with the calling routine, and returning to the calling routine.

Abstract: Technologies are disclosed for a computing system that allows users to control the disclosure of their identities during communication sessions. Users can control the disclosure of their identities with respect to certain types of shared content. In one mode of operation, a user can share content anonymously. In another mode of operation, identity may be revealed when certain conditions are met or revealed to only certain other users. For example, the identity of a user who shared a comment anonymously may be revealed if multiple other users agree with that comment. In another mode of operation, the user's identity is revealed to all other users such as in a live video stream. The computing system can control display of users' identities based on user instructions or based on triggering conditions. A user interface (UI) can show content items that identify a user together with content items that are shared anonymously.

Abstract: A plurality of scanned backup snapshots are generated. A backup snapshot among a plurality of backup snapshots is selected. At least a portion of the selected backup snapshot is restored in a temporary environment to create a restored instance of at least the portion of the selected backup snapshot. A vulnerability scan of the restored instance of at least the portion of the selected backup snapshot is performed. One or more vulnerabilities of the scanned portion of the selected backup snapshot are tracked. A request associated with identifying a scanned backup snapshot to restore from the plurality of scanned backup snapshots is received. In response to the request, at least a predetermined identification of the one or more vulnerabilities of the selected backup snapshot is provided.

Abstract: Provided is a method of a host device managing at least one external device connected to the host device through a management server. The method includes: obtaining measurement information measured by the at least one external device; requesting authorization by the management server; transmitting the obtained measurement information to the management server when the authentication succeeds; receiving management information for managing the at least one external device, where the management information is generated based on the measurement information by the management server; and managing the at least one external device based on the received management information.

Abstract: An avatar management system includes an avatar registration unit configured to register an available avatar by having a storage unit to store the avatar available in a network service provided to an end user on a network, an authentication information assignment unit configured to assign authentication information to a registration target avatar registered in the avatar registration unit, and an authenticity confirmation unit configured to confirm authenticity of a designated avatar based on an assignment condition of the authentication information to the designated avatar, in accordance with an authenticity confirmation inquiry made by designating the avatar used in the network service.

Abstract: System, apparatus, device, method and/or computer program product are disclosed for detecting the authenticity of an image file transferred from a device to a server based on an image authenticity detection configuration determined by a server application. A device application is operated by a device, and a server application is operated by a server. The device application sends, to the server application, user data, device data, or environment data. The server application determines an image authenticity detection configuration to indicate one or more parameters to be used by the device to generate a first image file, and authorized changes to be made to the first image file to generate a second image file. The device application sends the second image file to the server application. The server application detects whether the received second image file contains changes matching authorized changes indicated by the image authenticity detection configuration.

Abstract: Systems and methods for determining a user's presence on a network of an enterprise are provided. Traffic is collected to a network from devices and, over a period of time, login and logoff information from a user is determined from the collected network traffic. Network sessions are determined from a user's login and logoff information and timetable is generated specific to the user that contains the network sessions. The time table identifies when the user was active and when the user was not active based on the login and logoff information and, therefore, present at a particular location over a period of time.

Abstract: An approach is provided in which the approach receives a request to upload a file at a server system that includes metadata encoded with a non-invertible key. The metadata includes contact information corresponding to an owner of the file. The approach establishes both a photon channel and a classical channel between the server system and a client system, which are both secured using one or more shared secret keys. The approach interfaces with the client system over the photon channel and the classical channel to decode the contact information at the server system, and sends an upload request from the server system to the owner of the file using the contact information. The approach authorizes the upload request at the server system in response to receiving an upload approval from the owner.

Abstract: Described embodiments provide systems and methods for remapping connections to tunnels selected based on a security level of the communications. A first network device may be in communication with a second network device via a plurality of communication tunnels. The plurality of communication tunnels may include an encrypted communication tunnel and an unencrypted communication tunnel. The first network device may receive a packet, the packet including header information and a payload. The first network device may determine whether the received packet is encrypted to meet a threshold level of security. The first network device may, responsive to determining that the packet is to meet the threshold level of security, communicate an identifier of the payload and the header information to the second network device via the encrypted communication tunnel, and communicate the payload to the second network device via the unencrypted communication tunnel.

Abstract: Techniques are described for an anomaly detection service for metric data collected by a data monitoring service of a service provider network. The anomaly detection service provides various graphical user interfaces (GUIs), public application programming interfaces (APIs), and other interfaces that enable users to specify metric data of interest to the user and for which the user desires the service to detect occurrences of anomalies. The selected metric data generally can correspond to any type of time series data collected by the data monitoring service and to which a user has access. Example types of metric data that can be monitored by an anomaly detection service include, but are not limited to, operational data generated by various components of a computer system, business data generated by various types of applications, and the like.

Abstract: Techniques are described for providing a computer-implemented hybrid asset management platform and related system components used to manage transactions involving “hybrid” assets comprising both digital and physical components. The hybrid asset management platform provides continual synchronization between digital asset certificates of legal ownership (e.g., data structures managed off-chain in one or more private data stores) with corresponding asset non-fungible tokens (NFTs) that are tradeable on a blockchain or other type of decentralized ledger. Among other benefits, the described hybrid asset management platform provides for efficient and secure transactions involving possibly several different types of users, thereby improving the ability for metaverses, gaming platforms, virtual and real-world marketplaces, and other entities to facilitate transactions involving hybrid assets.

Abstract: A processor system includes a processor and a first memory area storing a boot program code. The boot program code starts execution of an operating system when executed by the processor, and performs a cryptographic operation when the processor executes the boot program code. A second memory area stores one or more cryptographic keys and is only accessible to the boot program code. A third memory area stores the operating system. The processor retrieves the boot program code from the first memory area and executes the boot program code to start the execution of the operating system. The processor re-executes the boot program code to cryptographically encrypt data upon the basis of the cryptographic keys stored in the second memory area.

Abstract: A cloud-based system for making user data available on any platform device in a platform is provided. The cloud-based system comprises a cloud storage, and at least one user profile comprising the user data. In this context, the user data comprises data with respect to at least one measurement device and/or measurement site. Additionally, the at least one user profile is saved on the cloud storage.

Abstract: A method of processing browser sessions in a telecommunications network is provided. The method includes receiving, from a subscriber client device in a plurality of subscriber devices each having an associated subscriber and a browser session request. The method includes, at the entity in the service provider network: transmitting the browser session request to a server entity located inside or outside the service provider network, receiving, from the server entity, a browser session response in relation to the transmitted browser session request, transmitting the browser session response to the subscriber client device, performing a lookup in the subscriber profile database for the subscriber client device in the plurality or the associated subscriber, and modifying, prior to the respective transmittal, at least one of the browser session request and the browser session response according to the results of the lookup. An apparatus and computer software are also provided.

Abstract: Systems and methods for implementing a voucher to identify ownership rights of a computing component, within robust supply chain and owner domains, are disclosed. In an example, a computing device configuration includes a hardware component, trusted hardware circuitry to provide an embedded voucher for the hardware component, and storage memory to provide a voucher for validation of the hardware component. The embedded voucher includes an identifier for the hardware component and the identifier is generated on behalf of an original entity authorized to issue the identifier. The voucher includes a second identifier provided on behalf of a subsequent entity and the second identifier is generated based on the identifier for the hardware component included in the embedded voucher. The voucher may be used to the identify ownership rights in the hardware component for the original entity and the subsequent entity, to enable subsequent actions (such as onboarding, updates, etc.

Abstract: Apparatuses, methods, systems, and program products are disclosed for secure file distribution. An apparatus includes a processor and a memory that stores code executable by the processor. The code is executable by the processor to divide a file that is intended for a recipient into a plurality of portions. The code is executable by the processor to associate each of the plurality of portions with a different one of the recipient's electronic devices. The code is executable by the processor to assemble the plurality of portions of the file for the recipient in response to authenticating the recipient on each of the recipient's electronic devices that is associated with a portion of the plurality of portions of the file.

Abstract: Provided is a system and method which perform an antivirus scan of incoming files via a file management application of a file system. Infected files can be prevented from being stored to the file system. In one example, the method may include receiving, via a first application contained in a first data container, a data file that is uploaded for storage to a file system, storing the data file in a temporary storage, transmitting a location of the data file in the temporary storage to a second application contained in a second data container, and receiving, via the first application contained in the first data container, a response from the second application contained in the second container, indicating results of a security scan performed on the data file.

Abstract: A customer of a computing resource provider configures a virtual computer system in a virtual private network with a web service application. The web service application comprises a web service interface that executes instructions provided by the customer to cause one or more hardware security modules (HSMs) to perform cryptographic operations on data on behalf of the customer without the need to generate programmatic code.

Abstract: An unauthorized connection detection apparatus includes: a connected device count determination unit that determines the number of devices connected to a bus line on the basis of a measured waveform that is a voltage fluctuation waveform representing a change over time in a voltage value of the bus line or an impedance fluctuation waveform representing a change over time in an impedance value of the bus line; and an unauthorized connection determination unit that determines whether or not an unauthorized device is connected to the bus line on the basis of: a result of the determination of the number of devices by the connected device count determination unit; and information indicating the number of valid devices connected to the bus line.

Abstract: Embodiments of the disclosure provide systems and methods for providing random access to segmented and encrypted or compressed data stored in a repository. Retrieving at least a portion of a file stored in a repository can comprise storing a plurality of files in the repository. A request to retrieve at least a portion of one of the plurality of files can be received and object metadata for the requested one of the plurality of files can be obtained. A determination can be made based on the obtained metadata as to whether the requested one of the plurality of files is a multipart file. In response to determining the requested one of the plurality of files is not a multipart file, a single file retrieval process performing and in response to determining the requested one or the plurality of files is a multipart file, a multipart retrieval process can be performed.