Abstract: An example apparatus can include a memory device and a controller coupled to the memory device configured to receive a command including command information to access a register from a host device. The controller can grant access to the register in response to the controller determining the command is valid and/or deny access to the register in response to the controller determining the command is invalid. The controller can determine the command is valid by calculating an answer using a seed from the command in a formula and verifying the calculated answer matches an answer from the command. The command, once verified as valid, can allow the host device to access configuration registers and/or data registers.

Abstract: A quantum key distribution system may include a transceiver including a state randomizer to impart a random state transformation to one or more qubits of a generated faint pulse and a quantum bit encoder to reflect the faint pulse back to the transceiver with one or more encoded bits. The transceiver may receive a return pulse through the communication channel, where the state randomizer reverses the random state transformation. The transceiver may include three or more detectors to measure the return pulse at time-gated timeslots associated with possible paths of the return pulse. Reception of the faint pulse from the quantum bit encoder as the return pulse triggers a detector in a first known subset of the detectors, while reception of a faked-state pulse from a third party as the return pulse results in a non-zero probability of triggering of a detector in a second known subset of the detectors.

Abstract: An example system includes a processor to receive a graph-based masking policy and a composite payload containing a data object to be masked. The processor is to instantiate a masking engine based on the graph-based masking policy. The processor is to execute the masking engine on the composite payload to generate a masked payload comprising a masked data object. The data object to be masked is masked in place such that the resulting composite payload type is maintained. The processor is to output the masked payload.

Abstract: Systems, computer program products, and methods are described herein for dynamic communication channel switching based on preconfigured network security protocols.

Abstract: The invention is directed to a computer readable medium storing a display control program for causing a computer to execute: a setting procedure of setting display control information of protected content to be protected based on authentication information; and a determination procedure of determining whether to permit display of the protected content and whether to cancel an authenticated state of the protected content based on the display control information set by the setting procedure.

Abstract: A computerized method for restricting communications between virtual private cloud networks comprises creating a plurality of security domains. Each of the plurality of security domains identifies gateways associated with one or more virtual private cloud networks. Also, the method features generating transit routing data stores in accordance with each of the plurality of security domains; determining whether a connection policy exists between at least a first security domain and a second security domain of the plurality of security domains; and precluding communications between gateways associated with the first security domain and gateways associated with the second security domain in response to determining that no connection policy exists between the first security domain and the second security domain.

Abstract: Participants as requestors using a requesting network element request one or more tokenization processors to generate tokens that represent a sanitized version of data such that the resultant tokens are amenable to comparison across participants. As circumstances warrant, one or more such tokens can be submitted to the tokenization processor(s) to privately retrieve the original data. Role-based access control scope parameters and tokenization processor-specific tokenization processor secrets can be embedded into reversible tokens that remain invariant under updating of the tokenization processor secrets across tokenization processors.

Abstract: Methods, systems, and computer programs are presented for enabling any sandboxed user-defined function code to securely access the Internet via a cloud data platform. A remote procedure call is received by a cloud data platform from a user-defined function (UDF) executing within a sandbox process. The UDF includes code related to at least one operation to be performed. The cloud data platform provides an overlay network to establish a secure egress path for UDF external access. The cloud data platform enables the UDF executing in the sandbox process to initiate a network call.

Abstract: Mechanisms for authorizing requests to access a resource are provided, the methods comprising: receiving a request to access the resource at a hardware processor from an Internet Protocol (IP) address; determining whether a rule applies to the request to access the resource; in response to determining that a rule does not apply to the request to access the resource, sending a request for authorization; receiving a response to the request for authorization; and in response to the response to the request for authorization indicating that access is authorized, providing a connection to the resource.

Abstract: Embodiments of systems and methods for platform framework policy management are described. A platform framework may receive, from an application of an IHS (Information Handling System), a registration as a user of a platform policy that is used to operate one or more of the hardware devices of the IHS. A platform framework of the IHS provides the application with a reference to the platform policy. In response to notifications of updates to the platform policy, the platform framework identifies the application as a registered user of the platform policy and provides the application with a reference to the updated platform policy. The platform policy may include a communication handle by which the policy is retrieved, where the handle may include a token that validates the authenticity of the platform policy.

Abstract: A system for access policy management of a plurality of valid entities communicating over a network comprising a server executing an application programming interface for registration and authentication of said entities directly or via an edge router, one or more encrypted tunnels between entities and one or more gateways. Wherein said server assigns a private IP address to each authenticated entities and propagates said IP address and associated access policies to each of said one or more gateway; and said one or more gateway processing and routing a plurality of packets received from each entity and enforcing one or more access policies associated with the private IP address assigned to the authenticated entity; and said one or more gateways manage routes based on the propagated private IP addresses of each authenticated entities and routes packets to reach one or more remote entities via one or more tunnels to one or more other gateways creating a network overlay between authenticated entities.

Abstract: Techniques managing access rules are provided. Access rules and their associated profiles are determined for evaluation. A triggering rate or a triggering percentage can be used to indicate efficacy of the rule. Recommendations can be provided based on a triggering percentage difference of the rule during a predetermined period of time. The recommendations can be provided in an interactive user interface.

Abstract: A user of a client device accesses a service provided by a server computer. The server computer gathers data about the user. The data gathered may be kept private by the server computer, shared only with other computers and users owned by the same entity, shared with selected third parties, or made public. The server computer provides a privacy policy document that describes how the data gathered is used. A privacy server analyzes the privacy policy document and, based on the analysis, generates a privacy score. The privacy score or an informational message selected based on the privacy score are provided to the client device. In response, the client device presents the privacy score or the informational message to the user. In this way, the user is informed of privacy risks that result from accessing the server computer.

Abstract: A method, system, and apparatus comprising: automatically identifying a login session to a first software system in a Graphical User Interface (GUI) of a user device; automatically extracting user credentials from the login session; automatically manipulating at least a portion of the user credentials to obtain manipulated credentials; automatically verifying that the login session is authentic by: encrypting the user credentials, providing the encrypted credentials to a separate environment, and reconstructing the login session at the separate environment; and automatically adding the manipulated credentials to an account of the user in a second software system that is independent from the separate environment.

Abstract: A method, system, and apparatus comprising: automatically identifying a login session to a first software system in a Graphical User Interface (GUI) of a user device; automatically extracting user credentials from the login session; automatically manipulating at least a portion of the user credentials to obtain manipulated credentials; automatically verifying that the login session is authentic by: encrypting the user credentials, providing the encrypted credentials to a separate environment, and reconstructing the login session at the separate environment; and automatically adding the manipulated credentials to an account of the user in a second software system that is independent from the separate environment.

Abstract: Techniques for providing innocent until proven guilty (IUPG) solutions for building and using adversary resistant and false positive resistant deep learning models are disclosed. In some embodiments, a system, process, and/or computer program product includes storing a set comprising one or more innocent until proven guilty (IUPG) models for static analysis of a sample; performing a static analysis of content associated with the sample, wherein performing the static analysis includes using at least one stored IUPG model; and determining that the sample is malicious based at least in part on the static analysis of the content associated with the sample, and in response to determining that the sample is malicious, performing an action based on a security policy.

Abstract: Techniques are described herein that are capable of dynamically failing over authentication traffic to a backup authentication system by a proxy system. An authentication request, which requests authentication of a principal, is received at the proxy system. The authentication request is directed to a primary authentication system. A determination is made, by the proxy system, that the primary authentication system is incapable of providing a valid response to the authentication request. The backup authentication system is caused, by the proxy system, to authenticate the principal using an authentication package received from the primary authentication system by dynamically routing the authentication request to the backup authentication system as a result of the primary authentication system being incapable of providing a valid response to the authentication request.

Abstract: This application relates to a graph data processing method performed by a distributed computer node cluster including a plurality of computer devices, each computer device distributed on a respective computing node of the distributed computer node cluster, the method including: obtaining subgraph data divided from to-be-processed graph data; performing a computation task on the subgraph data to obtain corresponding global data and local data; writing the global data to a blockchain network, the global data of the blockchain network being updated by the distributed computing node cluster; obtaining latest global data from the blockchain network; and iteratively performing, according to the obtained latest global data and the local data, the computation task on the subgraph data without obtaining a computation result until an iteration stopping condition is met.

Abstract: Security policies are made dependent on location of a device and the location of a device is determined and the appropriate security policy applied without providing the device's location to a server. A device determine its location and identifies a security policy identifier mapped to a zone including the location. The device requests the security policy corresponding to the identifier from a server and implements it. The device may also store a database of the security policies and implement them according to its location. Devices registered for a user evaluate whether locations detected for the devices correspond to impossible travel by the user. Objects encoding geolocation data of a device may be encrypted with a private key of the device and the public key of another to prevent access by an intermediary server.

Abstract: The technology disclosed relates to a DHCP relay-based steering logic for policy enforcement on IoT devices. In particular, the technology disclosed provides a steering logic that is interposed between a plurality of special-purpose devices on a network segment of a network and a DHCP server on the network segment. The steering logic is configured to intercept DHCP requests broadcasted to the DHCP server by special-purpose devices in the plurality of special-purpose devices, forward the intercepted DHCP requests to the DHCP sever 522, receive, from the DHCP server, DHCP responses to the intercepted DHCP requests, receive, from a device classification logic, a positive determination that the special-purpose devices are special-purpose devices and not general-purpose devices, modify the received DHCP responses by replacing the default gateway with an inline secure forwarder on the network segment, and send the modified DHCP responses to the special-purpose devices.