Abstract: A system and method for media content management include creating, via a digital vault, a container file comprising media content submitted by a user and content metadata; verifying, via the digital vault, a completeness of the content metadata associated with the media content in the container file; classifying, via the digital vault, the container file based on the completeness of the media content; and capturing, via the digital vault, event metadata when a second user gains access to the container file, the event metadata comprising identification of the second user, an activation timestamp, a duration of access, portions of the container file accessed, and changes to the container file.

Abstract: A method includes sending, by a trusted application (TA) entity, a certificate of the TA entity and a private key signature of the TA entity to a target security domain (SD). The certificate and the private key signature enable the target SD to perform trust verification via a server, obtaining, by the TA entity, a first key of the target SD when the trust verification of the TA entity succeeds, and establishing, by the TA entity, a trust relationship with the target SD.

Abstract: Examples of account-specific security in an email client are disclosed. A master key can be generated by the email client. The master key can be used to encrypt account specific account keys. Email data in the email database accessed by the email client can be encrypted by the account keys.

Abstract: A security operations system may receive an alarm in response to a detected threat. The alarm may include characteristics of the threat. The system may then generate a record in response to the alarm and populate a form with the characteristics of the threat. The form may be associated with the record and selected in response to a type of the threat. The system may further generate a workflow including at least one but potentially multiple actions. The system also receives security contextual information in response to a request including the characteristics of the threat or associated indicators of the threat and then updates the form to include the security contextual information. The security operations system can evaluate contextual information and request additional information, as well as leverage workflow to take iterative changes to rulesets and configurations, to provide additional security protection or garner additional information on a threat.

Abstract: The apparatus receives a first PDU and a first CRC that is based on the first PDU. The first PDU is encrypted based on a first nonce. The apparatus decrypts the first PDU to obtain a first payload and a first cipher stream. The apparatus soft combines the decrypted first payload with a decrypted set of payloads. The set of payloads have been encrypted based on at least one nonce different than the first nonce. The apparatus generates a second CRC based on the soft combined decrypted payloads and based on the first cipher stream. The apparatus determines whether the generated second CRC for the soft combined decrypted payloads passes a CRC check against the first CRC.

Abstract: Many customers have difficulty setting up a new extender device in the customer premises environment to improve their multimedia service. Some embodiments include configuring an extender device based on existing WiFi network credentials to minimize errors. Some embodiments include an application for mobile devices that may enable the transfer of network credentials from existing multimedia devices on the WiFi network to configure a new extender device in real time. For example, the configuration may be based on a customer account, a corresponding environment, and corresponding multimedia devices associated with the customer account. The extender device may be configured with the network credentials (e.g., a WiFi service set identifier (SSID) and password) that is common to the corresponding multimedia devices associated with the customer account.

Abstract: Aspects of the disclosure relate to cloud computing architectures. A system may include a plurality of clouds. One or more of the clouds may transfer data to another one or more of the clouds. A data integration platform may control the data transfer. The transfer may be securely routed through the data integration platform. The transfer may be logged, and the log may be transmitted to an administrative network.

Abstract: Examples of the present disclosure describe systems and methods for malicious software detection based on API trust. In an example, a set of software instructions executed by a computing device may call an API. A hook may be generated on the API, such that a threat processor may receive an indication when the API is called. Accordingly, the threat processor may generate a trust metric based on the execution of the set of software instructions, which may be used to determine whether the set of software instructions poses a potential threat. For example, one or more call stack frames may be evaluated to determine whether a return address is preceded by a call instruction, whether the return address is associated with a set of software instructions or memory associated with a set of software instructions, and/or whether the set of software instructions satisfies a variety of security criteria.

Abstract: Some embodiments are directed to a hash tree computation device. The hash tree computation device computes a top hash of a hash tree. A hash preimage of a leaf node of the hash tree comprises a type of the leaf node. A hash preimage of an internal node of the hash tree comprises a type count comprising a number of descendants of the internal node having a given type. The hash tree computation device computes the top hash by computing hashes of a current node and of its ancestors, where a hash of an ancestor is computed based on its type count, the type count being computed from types or type counts of its descendants.

Abstract: Systems and methods are provided that may be implemented to use compute capabilities of a network interface controller (NIC) to broker a secure connection across a network between a target information handling system (e.g., such as a server) and one or more other entities (e.g., such as other information handling systems implementing a cloud service or private network, and/or that are providing other remote service/s across the network). This secure connection may be brokered by the NIC at a hardware level in a manner that is separate from a host programmable integrated circuit of the same target information handling system, and in a way that is agnostic and independent of any host operating system or other logic that is executing on the host programmable integrated circuit of the target information handling system.

Abstract: The disclosed embodiments provide a system for managing data conflation. During operation, the system generates matches between a first set of entities in a first dataset from a first data provider and a second set of entities in a second dataset from a second data provider based on comparisons of fields in the first and second datasets. Next, the system modifies a join query for joining the first and second datasets to include operators representing compliance rules for the first or second datasets. The system executes the modified join query to produce a joined dataset that adheres to the compliance rules and stores data related to the joined dataset within a platform that logically isolates the data from additional datasets. During processing of queries of the data, the system modifies the queries to include additional operators that enforce access control policies for the data.

Abstract: Methods, non-transitory computer readable media, and network traffic manager apparatus that assists with protecting a CPU during a DDOS attack includes monitoring network traffic data from plurality of client devices. Each of the plurality of client devices are classified as a valid device or a potential attacker device based on the monitoring. Next a determination of when CPU utilization of a network traffic manager apparatus is greater than a stored threshold value is made. The CPU utilization of the network traffic manager increases as a number of the plurality of client devices classified as the potential attacker device increases. One or more network actions are performed on the plurality of client devices classified as the potential attacker device to protect the CPU when the determination indicates the CPU utilization is greater than the stored threshold value.

Abstract: A method and apparatus for providing user key material from a server to a client is disclosed. The method comprises receiving a first message from the client in a server, the first message having a user key material request, an access token and an identifier of a transport key (TrK-ID), validating the user key material request according to the access token, generating a response having user key material responsive to the user key material request, encrypting the response according to the transport key (TrK), and transmitting a second message comprising the response from the server to the client. The client decrypts the second message according to the transport key (TrK) and validates the second message using the identifier of the transport key (TrK-ID).

Abstract: A processing system may obtain an operations set associated with database sources of a database system from a client entity, the operations set including a statement, the statement including a query, identify data sets from the operations set, transmit, a request to a first owner to permit access to a first data set, and a request to a second owner to permit access to a second data set, and receive approvals from the first and second owners. The processing system may retrieve a first portion of data stored in the first data set and a second portion of data stored in the second data set in accordance with the approvals, execute the operations set in accordance with the first portion of data and the second portion of data to generate a result set, and provide the client entity access to the result set.

Abstract: A system, device and method for enforcing privacy during a communication session with a voice assistant are disclosed. In response to a determination that an environment of a first voice assistant device is not private, a first secure communication session between the first voice assistant device and an application server is suspended. In response a determination that one or more other voice assistant devices have been authorized for communication with the application server is made and input to transfer the first secure communication session, a second secure communication session between a second voice assistant device and the application server is initiated. The first secure communication session between the first voice assistant device and the application server is terminated in response to successful initiation of the second secure communication session.

Abstract: A system and method for media content management include creating, via a digital vault, a container file comprising media content submitted by a user and content metadata; verifying, via the digital vault, a completeness of the content metadata associated with the media content in the container file; classifying, via the digital vault, the container file based on the completeness of the media content; and capturing, via the digital vault, event metadata when a second user gains access to the container file, the event metadata comprising identification of the second user, an activation timestamp, a duration of access, portions of the container file accessed, and changes to the container file.

Abstract: A method for wrapped keys with access control predicates includes obtaining a cryptographic key for content. The method also includes encrypting the content using the cryptographic key and generating an encryption request. The encryption request requests that a third party cryptography service encrypts an encapsulation of the cryptographic key and an access control condition governing access to the content. The method also includes communicating the encryption request to the third party cryptography service. The encryption request includes the cryptographic key.

Abstract: A system, device and method for enforcing privacy during a communication session with a voice assistant are disclosed. In response to a determination that an environment of a first voice assistant device is not private, a first secure communication session between the first voice assistant device and an application server is suspended. In response a determination that one or more other voice assistant devices have been authorized for communication with the application server is made and input to transfer the first secure communication session, a second secure communication session between a second voice assistant device and the application server is initiated. The first secure communication session between the first voice assistant device and the application server is terminated in response to successful initiation of the second secure communication session.

Abstract: Systems, methods, and devices for generating a secure join of database data are disclosed. A method creates a secure view of datapoints of a consumer account and processes, using a secure user defined function (UDF), the datapoints of the consumer account and datapoints of a provider account to generate a secure join key. The datapoints of the consumer account are provided to the secure UDF using the secure view. The method further performs, by a processor, an analysis of the datapoints of the consumer account and the datapoints of the provider account of the secure join key. The analysis returns a count value of overlapping datapoints between the consumer account and the provider account. The method further adjusts the count value of overlapping datapoints based on a number of distinct rows associated with the provider account, and provides the adjusted count value of overlapping datapoints to the consumer account.

Abstract: The disclosed computer-implemented method for protecting user privacy may include (i) detecting that a website indicates a user account identifier, (ii) detecting whether a third-party script has access to the user account identifier, and (iii) performing, based at least in part on detecting that the third-party script has access to the user account identifier, a security action to protect user privacy such that the security action facilitates an attempt to prevent the third-party script from actually accessing the user account identifier. Various other methods, systems, and computer-readable media are also disclosed.