Abstract: An automatic file encryption method and device for automatically encrypting a file. A processor identifies a characteristic associated with likely sensitive content based on a usage pattern of encrypting files having the characteristic. Creation of a new file is detected and the newly-created file is analyzed to determine whether the file contains sensitive content based upon it having the characteristic. If the file is found to have the characteristic, then the file is automatically encrypted.

Abstract: This disclosure relates to personalized and dynamic server-side searching techniques for encrypted data. Current so-called ‘zero-knowledge’ privacy systems (i.e., systems where the server has ‘zero-knowledge’ about the client data that it is storing) utilize servers that hold encrypted data without the decryption keys necessary to decrypt, index, and/or re-encrypt the data. As such, the servers are not able to perform any kind of meaningful server-side search process, as it would require access to the underlying decrypted data. Therefore, such prior art ‘zero-knowledge’ privacy systems provide a limited ability for a user to search through a large dataset of encrypted documents to find critical information.

Abstract: Electronic network include multiple users. Each user operates Wallet software application on his/her endpoint devices (special purpose, computer or smartphone). Each Wallet integrates with Cloud-based Identification-as-a-Service(s) (IDaaS) In context of present invention—IDaaS provides real-time, multi-factor, malware-resilient, context-sensitive Strong Identification-as-a-Service of the user and enables Cryptographic Keys Management of the Wallet. Each Wallet provides various Cryptographic functionalities. Each Wallet may be connected with multiple centralized Marketplace software applications, thus allowing these Cryptographic functionalities to interact with specific Marketplace software application. Each Wallet may be connected with multiple decentralized peer-to-peer software applications, thus allowing these Cryptographic functionalities to interact with specific peer-to-peer software application.

Abstract: A method of electronic communication via a virtual network function (NFV) implementation of a core network. The method comprises receiving a hypertext transfer protocol (HTTP) content request from a user equipment (UE), wherein the HTTP content request comprises an identification of a content source and determining by an orchestrator service that insufficient NFV processing capacity is available to perform the HTTP content request, where the orchestrator service is an application that executes on a first physical host. The method further comprises dynamically increasing the NFV processing capacity by the orchestrator service, performing the HTTP content request using the increased NFV processing capacity, and returning a HTTP content response to the UE, wherein the HTTP content response does not comprise identification of the content source.

Abstract: The application discloses a data analysis system and a data analysis method. The data analysis system includes a data provider host and a data analysis host. The data provider host is configured to perform a stream cipher algorithm based on raw data to obtain first data. The data analysis host is configured to perform a data analysis based on the first data to obtain an analysis result. The data provider host or the data analysis host is further configured to perform a block cipher algorithm based on the analysis result to obtain second data, and send the second data to an external device. The data provider host is further configured to calculate an attribute-value correspondence between the raw data and the second data, and send the attribute-value correspondence to the external device.

Abstract: A method and an apparatus for processing a screen by using a device are provided. The method includes obtaining, at the second device, a display screen displayed on the first device and information related to the display screen according to a screen display request regarding the first device, determining, at the second device, an additional screen based on the display screen on the first device and the information related to the display screen, and displaying the additional screen near the display screen on the first device.

Abstract: A system and method for returning security policy requirements data based on user input that identifies a cloud environments, a service model, first or third party responsibilities, and/or code deployment information. A user provides answers to straightforward, generally non-expert questions directed to the user's cloud environment, first or third party responsibilities, and/or code deployment information for the user's scenario, e.g., technical workload. The answers result in determining which architecture layers apply (are in-scope architecture layers) relevant to the user's scenario. The in-scope architecture layers map to security requirements maintained in a security policy data store. The security requirements are returned (e.g., as a list) in response to the user's answers.

Abstract: A method, non-transitory computer readable medium, and device that assists with managing storage in a distributed deduplication system includes receiving an object to be stored from a client computing device. The received object is divided into a plurality of fragments. A plaintext hash value and a ciphertext hash value is determined for each of the plurality of fragments, wherein each of the plurality of fragments is renamed with the corresponding determined ciphertext hash value. Each of the renamed plurality of fragments are stored in a plurality of storage repositories.

Abstract: Methods and devices for secure data sharing with granular access control are described. A modified attribute-based encryption (ABE) scheme is used to perform cryptographically-enforced ABE using attributes of a file access policy. A sender sends to a receiver a file encrypted using a file encryption key, the file encryption key encrypted using ABE based on a file access policy set by the sender, and a set of private ABE keys decryptable using a key stored in a trusted execution environment (TEE) of the receiver. The private ABE keys are decrypted by the receiver TEE when the file is accessed, decrypting a file encryption key only when the attributes of the receiver access action satisfy the file access policy. The decrypted file encryption key grants access to the file contents via a trusted viewer application. A user password may also be required and cryptographically enforced as part of the ABE decryption.

Abstract: The invention proposes a method for registering data from an individual's identity document (1), the method being characterized in that it comprises implementing by data processing means (21) of a server (2) the following steps: (A) Receipt of a photograph of said individual visible on said identity document (1), an optical reading data element of the identity document (1), and at least one personal data element of said individual; (B) Extraction by analysis of said photograph from reference information representative of the appearance of said photograph; (C) Generation of a random string, calculation of an encoded data element by applying an encoding procedure to said reference information representative of the appearance of said photograph and said random string; (D) Storage on the server (2) data storage means (22) of: Said encoded data element; A cryptographic imprint of a first concatenation of the optical reading data element of the identity document (1) and the random string; An encryption with a c

Abstract: An embodiment of the present invention is directed to delivering an entitlements model that scales to both mid-frequency and low-latency use cases. The innovative solution may be distributed in nature and able to operate in low priority threads alongside the main logic of the software. An embodiment of the present invention may be implemented as a software module with APIs for ease of adoption.

Abstract: In an example, there is disclosed a computing apparatus, having: a data interface to communicatively couple to a storage pool having a plurality of disks; a virtual machine manager including a processor; and a storage coprocessor (SCP) to: create a read queue and write queue for the disks in the storage pool; receive an input/output (IO) operation from a virtual machine, the IO operation directed to a storage address located on a disk in the storage pool; and add the IO operation to the queue for the disk.

Abstract: An approach is disclosed for moving personal and sensitive data from a source filesystem to a destination filesystem while enforcing a source privacy legal framework. A request to copy information from a file residing in the source filesystem enabled to enforce the privacy and control legal framework to a destination filesystem is received. Access to the filesystem is enforced by an Operating System (OS) that provides a privacy legal framework where the OS enforces controlled access to the source filesystem based on user consent metadata. The user consent metadata associated with the file and the request is analyzed to determine a copying policy. The copying policy is applied to the contents of the file to ensure compliance with the privacy and control legal framework of the source filesystem.

Abstract: Methods, systems, and media for protecting computer systems from user-created objects are provided.

Abstract: A method of monitoring execution in an execution environment of an operation, for example a cryptographic operation, comprising a sequence of instructions, is disclosed. Instructions sent in the sequence from a main processor to one or more auxiliary processors, for example cryptographic processors, to execute the operation are monitored and the sequence of instructions is verified using verification information. The method comprises enabling output from the execution environment of a result of the operation in response to a successful verification of the sequence, or generating a verification failure signal in response to a failed verification of the sequence.

Abstract: System and methods are provided to facilitate the exchange of user data between two parties, but limit the exchange of user data to users that are known to both parties. According to an embodiment, encrypted first user data is transmitted from a first device to a second device. The second device then transmits intersection data to the first device, where the intersection data is based on the encrypted first user data and second user data. The intersection data may be decrypted by the first device and the first device may determine, based on the decrypted intersection data, that one or more users are common to the both the first device and the second device. The first and second devices may then exchange data pertaining to the common users.

Abstract: Methods, systems, and devices for data retention handling are described. In some data storage systems, data objects are stored in a non-relational database schema. The system may support configurable data retention policies for different tenants, users, or applications. For example, a data store may receive retention requests, where the retention requests may specify deletion or exportation actions to perform on records contained within data objects. The data store may determine retention rules based on these retention requests, and may periodically or aperiodically evaluate the rules to determine active actions to perform. To improve the efficiency of the system, the data store may aggregate the active actions (e.g., according to the dataset to perform the actions on), and may generate work items corresponding to the aggregate actions. A work processor may retrieve these work items and may efficiently perform the data retention actions on datasets stored in the data object store.

Abstract: An example hardware accelerator for a computer system includes a programmable device and further includes kernel logic configured in a first programmable fabric of the programmable device, a shell circuit configured in a second programmable fabric of the programmable device, the shell circuit configured to provide an interface between a computer system and the kernel logic, and an intellectual property (IP) checker circuit in the kernel logic The IP checker circuit is configured to obtain a device identifier (ID) from the first programmable fabric and a signed whitelist, the signed whitelist including a list of device IDs and a signature, verify the signature of the signed whitelist, compare the device ID against the list of device IDs, and selectively assert or deassert an enable of the kernel logic in response to presence or absence, respectively, of the device ID in the list of device IDs and verification of the signature.

Abstract: Confidential, secret data may be shared via one or more blockchains. Mortgage applications, medical records, financial records, and other electronic documents often contain social security numbers, names, addresses, account information, and other personal data. A secret sharing algorithm is applied to any secret data to generate shares. The shares may then be integrated or written to one or more blockchains for distribution.

Abstract: An electronic apparatus is disclosed. The electronic apparatus includes a display, and a processor configured to, based on a user command for setting unlocking information being input, display a screen including a word on the display, and store information on an object drawn on the screen by a user's gesture as the unlocking information, wherein the word is configured to induce an object related to the word to be drawn on the screen.

Abstract: A method for evaluating security of third-party application is disclosed. The method includes: receiving, from a first application, a request to obtain first account data for a user account associated with a protected data resource; generating fake data for at least a portion of the requested first account data; providing, to the first application, a first data set in response to the request, the first data set including at least the generated fake data; monitoring use of the first data set by the first application; detecting a trigger condition indicating misuse of account data based on monitoring use of the first data set by the first application; in response to detecting the trigger condition, generating a notification identifying the misuse of account data; and transmitting the notification to a computing device associated with an application user.

Abstract: A cybersecurity server receives an executable file that has bytecode and metadata of the bytecode. Strings are extracted from the metadata, sorted, and merged into data streams. The data streams are merged to form a combined data stream. A digest of the combined data stream is calculated using a fuzzy hashing algorithm. The similarity of the digest to another digest is determined to detect whether or not the executable file is malware or a member of a malware family.

Abstract: A method of authenticating an account is provided. A resource access request requesting for accessing, by a first account, a target resource in a cloud storage system is received by a server from a first client, the first account logging in to the first client. In response to the resource access request, a first access right of the first account is determined by the server based on right configuration information corresponding to the target resource, the right configuration information indicating an association relationship between an account and an access right of the account to the target resource. The first account is allowed by the server to access the target resource through the first client based on the first access right indicating that the first account is allowed to access the target resource.

Abstract: A method by a network device for detecting data in a data stream. The method includes receiving the data stream, where the data stream includes a sequence of original characters, generating a sequence of type-mapped characters corresponding to the sequence of original characters, converging each of two or more consecutive occurrences of a first character in the sequence of type-mapped characters into a single occurrence of the first character, inserting beginning/ending of segment indicators in the sequence of type-mapped characters, searching for occurrences of one or more predefined sequences of characters in the sequence of type-mapped characters, and responsive to finding an occurrence of any of the one or more predefined sequences of characters, extracting a sequence of characters in the sequence of original characters corresponding to the predefined sequence of characters found in the sequence of type-mapped characters.

Abstract: A method of performing ordered statistics between at least two parties is disclosed which includes identifying a first dataset (xA) by a first node (A), identifying a second dataset (xB) by a second node (B), wherein xB is unknown to A and xA is unknown to B, and wherein A is in communication with B, and wherein A and B are in communication with a server (S), A and B each additively splitting each member of their respective datasets into corresponding shares, sharing the corresponding shares with one another, arranging the corresponding shares according to a mutually agreed predetermined order into corresponding ordered shares, shuffling the ordered shares into shuffled shares, re-splitting the shuffled shares into re-split shuffled shares, and performing an ordered statistical operation on the re-split shuffled shares, wherein the steps of shuffle and re-split is based on additions, subtractions but not multiplication and division.

Abstract: A microcoded processor instruction may invoke a number of microinstructions to perform a round of a SHA3 operation using a circuit that includes a first stage circuit to perform a set of first bitwise XOR operations on a set of five input blocks to yield first intermediate output blocks; perform a set of second bitwise XOR operations on a first intermediate block and a rotation of another first intermediate block to yield second intermediate blocks; and perform a set of third bitwise XOR operations on a second intermediate block and an input block to yield third intermediate blocks. The circuit further includes a second stage circuit to rotate bits within each of the third intermediate blocks to yield a set of fourth intermediate blocks, and a third stage circuit to perform an affine mapping on bits within each of the fourth intermediate blocks to yield a set of output blocks.

Abstract: Disclosed are systems, methods, and non-transitory computer-readable storage media for managing content item collections. For example, in embodiment, a client device may receive first user input selecting a content item collection. The client device may generate a graphical user interface for presenting the content item collection. The content item collection may include one or more tiles. Each tile may correspond to a content item embedded into the content item collection and stored by a content management system. The client device may present the content item collection including the one or more tiles. The client device may present, within each of the one or more tiles, an image representing the corresponding content item.

Abstract: Examples associated with credentialed encryption are described. One example method includes receiving an encryption request from a local process via a secure channel. The encryption request includes a credential associated with the local process. Whether the local process is authorized to access an encryption function is verified using the credential. The encryption function specified in the encryption request is performed using a security key unique to a system performing the method. A result of the encryption function is provided to the local process.

Abstract: Techniques for reducing compromise of sensitive data in a virtual machine are described. During initiation of a secure string instance of a program module in memory allocated to the virtual machine, the program module can receive sensitive data in plaintext and retrieves parameters sourced from outside the allocated memory. During the execution of the program module, the sensitive data can be encrypted using a key based on the parameters to obtain encrypted data. The program module can overwrite the sensitive data with the encrypted data. The program module can receive a trigger to send a message that is generated using the sensitive data. The encrypted data can be decrypted using the key based on the parameters to obtain the sensitive data. After encryption and decryption, the program module can generate the message using the sensitive data and overwrite the sensitive data and the parameters used to encrypt the sensitive data.

Abstract: Techniques that facilitate multiple sentinels for securing communications are provided. In one example, a system communicates with at least one multi-purpose device configured to communicate with one or more sources, at least one computing device configured to communicate with a defined source that is different than the one or more sources, and at least one security sentinel that manages one or more security processes for a communication network associated with the at least one multi-purpose device and the at least one computing device. The system also manages one or more other security processes for the communication network associated with the at least one multi-purpose device and the at least one computing device.

Abstract: In embodiments, a computer program may be stored on a storage medium for securely inserting portions of content maintained on external web servers into an online community web page. The computer program may comprise a set of instructions operable to cause a computer to receive a request to render a web page maintained within a social platform, the web page including embedded settings that refer to content on one or more remote servers. The computer program may further cause the computer to retrieve, at a rendering time of the web page, based at least in part on the embedded settings, content from the one or more remote servers, process the retrieved content in a secured environment according to one or more security protocols and insert it into the web page. In embodiments, the computer program may further cause the computer to render the web page in a main window and the inserted content in an isolated custom window. Related methods and apparatus are also presented.

Abstract: Technology for decrypting and using a security module in a processor cache in a secure mode such that dynamic address translation prevents access to portions of the volatile memory outside of a secret store in a volatile memory.

Abstract: A tokenization system tokenizes sensitive data to prevent unauthorized entities from accessing the sensitive data. The tokenization system accesses sensitive data, and retrieves an initialization vector (IV) from an IV table using a first portion of the sensitive data. A second portion of the sensitive data is modified using the accessed initialization vector. A token table is selected from a set of token tables using a third portion of the sensitive data. The modified second portion of data is used to query the selected token table, and a token associated with the value of the modified second portion of data is accessed. The second portion of the sensitive data is replaced with the accessed token to form tokenized data.

Abstract: A system and a method for accessing data in a secure manner are provided, in which the data comprises a number of data sets and each of the data sets is assigned to a user. The data sets are stored in a database in an encrypted manner, and are decryptable by means of a first decryption key assigned to the particular entity. The first decryption keys are stored in a volatile memory unit, and each of the first decryption keys are encrypted separately using a first and at least a second encryption key assigned to the particular entity, and the encrypted first decryption keys are stored in a permanent memory unit. After the volatile memory unit is erased, the encrypted first decryption keys are copied from the permanent memory unit into the volatile memory unit, and the encrypted first decryption keys are decrypted in the volatile memory unit.

Abstract: A method and apparatus for creating and using a password card and a password hint. The invention allows the user to avoid revealing their password and because of that, the invention provides a better secure way of managing passwords. The user is still able to retrieve their password using the password hint and the password card generated by the system. The invention also allow to encrypt and decrypt the password hint to an external API and this add an extra layer of security protection.

Abstract: A method for remote private key security is described. The method may include generating a private key and may further include generating encrypted data by encrypting data using an encryption algorithm, wherein the data is stored at a first location and the private key is for the encrypted data. The method may also include transmitting the private key to a remote private key deposit at a second location. The method may additionally include transmitting the encrypted data to a remote data center at a third location. Moreover, the method may include permitting access to the private key at the remote private key deposit to an individual at the second location in response to confirming an identity of the individual present at the second location.

Abstract: Responding to a data subject access request includes receiving the request and identifying the requestor and source. In response to identifying the requestor and source, a computer processor determines whether the data subject access request is subject to fulfillment constraints, including whether the requestor or source is malicious. If so, then the computer processor denies the request or requests a processing fee prior to fulfillment. If not, then the computer processor fulfills the request.

Abstract: In certain embodiments, resource allocation related to records may be facilitated by generating and using modified instances of such records. In some embodiments, a set of records associated with a user may be stored in a memory area, where each such record includes a record identifier. In response to obtaining one or more commands related to a resource transfer from a user device associated with the user, a new set of records associated with the user may be generated such that each record of the new set is (i) a modified instance of a corresponding record of the record set and (ii) includes a record identifier different from the record identifier of the corresponding record. In one use case, the new records and its data may then be utilized to perform operations related to the user commands. In another use case, the new records may replace its older corresponding records.

Abstract: A registration terminal registers a set of a key and a ciphertext in which an access range is set and in which the key K is encrypted in a key server, and registers a tag for searching generated from the key and a keyword for searching in a search server. A search terminal acquires a ciphertext in which an access range whose range for permitting access includes an attribute is set, and decrypts the ciphertext with a decryption key in which the attribute is set, so as to generate a key. The search terminal generates a trapdoor for searching from the key and a keyword for searching, and transmits the trapdoor to the search server to acquire data corresponding to the keyword.

Abstract: The disclosure provides a method and an apparatus for acquiring an electronic file. The method for acquiring an electronic file includes: generating a first encryption key according to login information of a user of a terminal device at the time of logging in to a platform server and a first identifier corresponding to an information providing server that provides the electronic file; sending a first request message for acquiring the electronic file to the platform server; receiving the electronic file encrypted using a second encryption key and returned by the platform server according to the login information and the first request message; and generating a first decryption key according to the first encryption key, and decrypting, using the first decryption key, the electronic file encrypted using the second encryption key, so as to obtain the decrypted electronic file. By means of the disclosed embodiments, private information concerning a user in an electronic file is not leaked by a platform server.

Abstract: An embodiment of a semiconductor apparatus may include technology to receive data with a unique identifier, and bypass encryption logic of a media controller based on the unique identifier. Other embodiments are disclosed and claimed.

Abstract: The present invention provides a program, an information processing apparatus, and an information processing method which can effectively prevent malware attacks. A predetermined process is judged as a ransomware, when a first condition that a file read function for reading a file included in a same file path as a file path written by a file write function called from the predetermined process has been already called from the predetermined process; and a second condition that the file write function rewrites a header of a file of the file path: are satisfied. A predetermined process is judged as a ransomware, when a first condition that an actual file on a disk is mapped as a virtual file on a memory by the predetermined process; a second condition that the virtual file is unmapped by the predetermined process; and a third condition that a file structure of the actual file or the virtual file when unmapping is rewritten to inappropriate status: are satisfied.

Abstract: A system and method of providing a secure inter-domain data management platform based on blockchain technology allows a user to access files of one or more organizations based on the credentials of the user. The system includes at least one remote server and a network of computing nodes. The remote server is used to manage at least one group. The at least one group may be one or more intelligence or government organizations. The at least one group includes a plurality of member accounts. Each member account includes a member access level. The network of computing nodes is used to manage a blockchain system and to store a plurality of files. Each file includes a file access level. A user with a member account can access a file in accordance to the member access level of the member account and the file access level of the file.

Abstract: A static information pipeline is configured to generate formatted static data recording information about malware generated during static analyses of malware. A dynamic information pipeline is configured to generate formatted dynamic data recording information about malware generated during dynamic analyses of malware performed within a network to be protected by the system. A datastore is configured to receive and store the formatted static data; receive and store the formatted dynamic data; generate indices that link stored formatted static data and stored formatted dynamic data that share similar properties; and respond to queries using the indices.

Abstract: Example methods and systems disclosed herein facilitate the introduction and use of client-specified object encryption within a computing environment using remote third-party storage systems, where data objects stored on the remote third-party storage systems were previously either stored in unencrypted form or encrypted with a single key tied to an account that owns the data. In some embodiments, the encryption is introduced into the system in gradual stages, so as to minimize or entirely eliminate data availability downtime. In some embodiments, the introduction of client-specified object encryption involves registration of a user function on the third-party storage system, where the user function handles object decryption in response to requests of content consumers for data objects stored by the third-party storage system.

Abstract: A method for delegating access rights to a secured object includes generating a first-order data packet in a trusted central management device. The data packet contains a first identifier, a first data set having access rights to a secured device and a first data secret key for encryption and signature. A second-order data packet is signed via the first data secret key and is created in the first mobile communication device and contains a unique identifier, reference data, a second data set having access rights, a second data secret key for encryption and a first data container. The first data container is encrypted via the first data secret key and contains the first identifier and the second data secret key. The signed second-order data packet is transmitted to a second mobile communication device of a second user.

Abstract: A management system and method for usage data from usage logs of works of authorship is characterized by the comparison of data components from the usage logs to similar data components for works of authorship stored in a database. The usage data is normalized and cleaned prior to comparison, and additional information from the usage data can be extracted for later use in the comparison. False positive matches are eliminated from the comparison so that incompatible potential candidate matches are eliminated. In addition, the best match from a group of multiple matches is determined for a particular work from a usage log.

Abstract: A method of presenting information on a terminal, includes: acquiring first information in a clipboard when an operation interface of the terminal switches to a specified interface; and generating and presenting second information based on content of the first information when the first information has not been presented before and meets a presentation condition.

Abstract: The present invention provides a method and system for securing sensitive data from unauthorized access or use. The method and system of the present invention is useful in a wide variety of settings, including commercial settings generally available to the public which may be extremely large or small with respect to the number of users. The method and system of the present invention is also useful in a more private setting, such as with a corporation or governmental agency, as well as between corporation, governmental agencies or any other entity.

Abstract: Systems and methods for managing data transfers between a secure location and a less secure location. A data transfer checker operating on a mobile device determines whether an attempted data transfer between two locations is permitted. If it is not permitted, then the data transfer is prevented and the user may be notified of the data transfer prevention.