Abstract: A method and apparatus for retrieving data from a memory in which data, an associated message authentication code (MAC) and an associated error correction code (ECC) are stored in a memory such that the data, MAC and ECC can be retrieved together in a single read transaction and written in a single write transaction. Additional read transactions may be used to retrieve counters values that enable the retrieved MAC to be compared with a computed MAC. Still further, node value values of an integrity tree may also be retrieved to enable hash values of the integrity tree to be verified. The MAC and ECC may be stored in a metadata region of a memory module, for example.

Abstract: Systems and methods provide the generation of signed recordings of audio and video calls. The signed recordings include information that may be used to verify the integrity of a purported copy of the recording. The recording may be generated by capturing the audio and/or video from a monitored communication and streaming the captured data to a recording. As the captured data is streamed to the media file used for the recording, a hash value is calculated for each segment of the received data. Information describing the context of the communication may be used to generate another hash value. A digital signature for the recorded call may be generated based on the two combined hash values. Operating in this manner, a signed recording of the communication may be generated while a recording of the communication to a media file is being made, rather than by post-call processing of a stored file.

Abstract: Embodiments include a computing processor control flow enforcement system including a processor, a block cipher encryption circuit, and an exclusive-OR (XOR) circuit. The control flow enforcement system uses a block cipher encryption to authenticate a return address when returning from a call or interrupt. The block cipher encryption circuit executes a block cipher encryption on a first number including an identifier to produce a first encrypted result and executes a block cipher encryption on a second number including a return address and a stack location pointer to produce a second encrypted result. The XOR circuit performs an XOR operation on the first encrypted result and the second encrypted result to produce a message authentication code tag.

Abstract: The disclosed computer-implemented method for remediating computer stability issues may include (i) determining that a device has experienced a computer stability problem, (ii) obtaining, from the device, one or more computer-generated log lines that potentially include information pertaining to a cause of the computer stability problem, (iii) directly analyzing text included within the computer-generated log lines, (iv) identifying information relating to the computer stability problem based on the direct analysis of the text, and (v) remediating the device to resolve the computer stability problem. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A system for providing first and second trusted applications diverse permission to communicate via a secure element. The system comprising first digital identifier and digital token operably associated with the first trusted application; a second digital identifier and digital token operably associated with the second trusted application. The system further includes a card services module that provides an application programming interface to the secure element supported by a secure data table including first and second sets of permissions. The card services module issues one or more commands to the secure element based on a first action requested by the first trusted application in conjunction with the presentation of the first digital token only if the one or more commands will not violate the first set of permissions. A method is also disclosed.

Abstract: A cyber threat attenuation system. The system comprises a cyber threat data store, a plurality of sensor control points (SCPs), wherein at least one SCP is located in each local area network (LAN) segment of an enterprise network, and an analytics correlation system (ACS). Each SCP comprises a plurality of sensor applications that analyze data packets transported by the LAN segment in which the SCP is located and transmits a notification identifying the transmitting sensor, an identity of the source of the data packet, an identity of the destination of the data packet, and a notification reason to the data store. The ACS comprises an application that determines unusual data packet traffic in the enterprise network and transmits a notification comprising information about the unusual data packet traffic and an identity of a host computer associated with the unusual data packet traffic to the data store.

Abstract: The disclosed computer-implemented method for recovering encrypted information may include (i) identifying an untrusted application that uses a known cryptographic function, (ii) hooking the known cryptographic function used by the untrusted application to execute decryption-facilitation code when the untrusted application attempts to encrypt data, where the decryption-facilitation code reduces the difficulty of later decrypting data encrypted by the untrusted application, (iii) detecting encrypted data produced by the untrusted application, and (iv) recovering unencrypted data from the encrypted data produced by the untrusted application using a decryption technique facilitated by having executed the decryption-facilitation code that reduced the difficulty of later decrypting the encrypted data encrypted by the untrusted application. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Systems and methods for controlling access to a dataset management system using quotas are provided. For example, a request to perform an action in a dataset management system may be obtained from an entity, and a quota record associated with the entity may be selected. Further, it may be determined if the entity has sufficient quota to perform the action. In some examples, when the entity has sufficient quota to perform the action, the request may be allowed. In some examples, when the entity has insufficient quota to perform the action, the request may be denied.

Abstract: The present disclosure relates to a computer system for inserting multiple data items in a relation, the relation being stored on a server computer of the computer system, the relation comprising data items, wherein the data items are encrypted with a first encryption method in the relation, wherein the data items form a partially ordered set in the relation, the partial order being formed with respect to the data items in non-encrypted form.

Abstract: In general, one innovative aspect of the subject matter described in this specification may be embodied in methods that may include verifying a digital identification using embedded encrypted user credential data that is not viewable to human eyes within the digital identification. For instance, the embedded encrypted user credential data may be variably encrypted by an encryption key that is designated by a security status assigned to the digital identification. The embedded encrypted user credential data may be extracted using an authorized device and decrypted using a decryption key that is associated with the encryption key designated by the security status. The decrypted user credential data may then be used to verify user information included in the digital identification.

Abstract: Systems and methods provide for data management and governance to enforce proper usage of data. Data is tagged with data governance metadata dictating usage of the data. Standard types of data governance metadata are set forth with each type having predefined options such that applications can share data and understand the associated data governance metadata. When data is to be used by an application, an available action is identified, and a set of data governance rules for that action is accessed. The data governance rules set forth an impact of each type of data governance metadata on the ability to perform that action. As such, the action is allowed or disallowed for the data based on the data governance metadata for the data and on the data governance rules for the action.

Abstract: Systems, methods, and other techniques for improving the operation of computing systems are described. Some implementations include a computer-implemented method. The method can include intercepting, at an intermediary computing system, messages communicated between a web server system and one or more client computing devices. A subset of the intercepted messages can be selected that are determined to commonly relate to a particular web transaction. The method can identify an expression pattern that occurs in the subset of the intercepted messages, and can determine that the identified expression pattern matches a first pre-defined expression pattern from among a plurality of different pre-defined expression patterns. A status of the particular web transaction can be determined based on the first pre-defined expression pattern that matches the identified expression pattern occurring in the subset of the intercepted messages.

Abstract: A method of enabling continuous user authentication, comprising: setting up an authentication server to provide authentication data to an enterprise server in parallel to a remote user session with the enterprise server, when the user is using a touch screen device; extracting samples from a user's behavior, to build a library of user specific parameters; and tracking user behavior to authenticate the user, the tracking comprises initial identification of a user of the touch screen device when starting a session with the enterprise server and continuous authentication of the user during the session with the enterprise server.

Abstract: In accordance with these and other embodiments of the disclosure, an information handling system may include a host system comprising a host system processor, a management controller communicatively coupled to the host system processor and configured to provide management of the information handling system via management traffic communicated between the management controller and a dedicated management network external to the information handling system, and a cryptoprocessor having a first communications interface to the host system and a second communications interface to the management controller and configured to carry out cryptographic operations on data communicated to the cryptoprocessor from the host system and the management controller such that the cryptoprocessor is accessible to the host system and the management controller.

Abstract: A system for authentication and validation of the identity of a person. The person carries a mobile device configured to measure motion as the person walks or stands still, generating a time record of motion data. A security system in a facility which the person seeks to access receives the time record of motion data and compares gait characteristics inferred from the time record with gait characteristics inferred from motion data previously obtained for a person whom the person seeking access purports to be. The security system may instruct the person to pause and stand still, and then to begin walking again, and it may then verify that the received time record of motion data includes an interval with little motion at a point in the time record corresponding to the pause.

Abstract: A test method and system for PLC security defense device are provided. The method including: acquiring by the first test end the information about the device under test, involving the type of communication mode, the type of PLC, the attack type and/or attack rule; after the attack messages to the device under test being generated and sent to the device under test, obtaining by the first test end the assessment results of the PLC security defense device on the basis of the second test end's response message. This is a fast, objective and thorough assessment method to testify security defense function of the device under test.

Abstract: A system and method for authorizing a client device to access a host device based on timestamps including preferably at least two time units. Both devices contain multiple sequence tables that relate an order of time units to the value of one of the time units. Both devices also contain multiple string tables that relate strings to values of the time units within the timestamps. When the client device wants to access the host, it generates a first timestamp and sends the host device the first timestamp and the character strings from host tables related to the value of time units of the first timestamp. The host tables are known to all authorized client devices within the network. The strings are ordered according to a sequence table in the client device and the host device. When received, the host device compares the received characters strings to the character strings within its host string table based on an order determined by its host sequence table.

Abstract: The system, method, and computer program product described herein may provide the capability to handle a variety of types of transactions, not just payment transactions. In addition, system, method, and computer program product described herein may provide the capability for users to be able to control the confidentiality of their transactions, for the system to control access to transactions, for the system to be capable of auditing transactions, and to provide accountability of the validating entities.

Abstract: A method is described for processing of user-specific data in a vehicle; in particular, the processing of user-specific data in control systems of a vehicle, such as a navigation system or an entertainment system, for example. For this purpose, the device for processing user-specific data is expanded by a private operating mode. In this private operating mode, there is no persistent storage of user inputs and/or the resulting processing results. After termination of the newly created private operating mode, the data stored during the private operating mode are deleted immediately.

Abstract: A method for automated authentication of a user VoIP phone supported by a Private Branch eXchange (PBX) configuration server is provided. A VoIP phone or a VoIP supported device is configured for an automated authentication by a vendor. The authentication method does not require manual entry of authentication data by a user. The unique VoIP phone authentication data can be provided by the vendor in a form of a MAC address. Additionally, the vendor can assign a digital certificate (containing public and private encryption keys) signed by the vendor to the VoIP phone. In this case, the VoIP phone vendor serves as a trusted authority. Thus, the VoIP phone automatically connects with the configuration server and the authentication transformation server (ATS) and the address where the VoIP phone sends the authentication data upon connection to the network is determined by the ATS.