Abstract: An information handling system includes a provisioning server and a server. The server includes a baseboard management controller (BMC) to determine a first hardware inventory profile for the server. The BMC provides the first hardware inventory profile to the provisioning server. The BMC stores first signed provisioning configuration content that is based on a first ownership certificate for a first owner of the server. The BMC determines a second hardware inventory profile for the server, and provides the second hardware inventory profile to the provisioning server. The BMC stores second signed provisioning configuration content that is based on a second ownership certificate for a second owner of the server. In response to an expiration of the second ownership certificate, the BMC removes the second signed provisioning configuration content, compares a current hardware inventory profile to the first hardware inventory profile, and generates a report to indicate any hardware changes.

Abstract: Baseboard management controller (‘BMC’) group administration includes: receiving, by a member BMC from a leader BMC, a leader certificate and a request to join a group of the leader BMC, where the request is signed by the leader BMC and the leader certificate is signed by a certificate authority; authenticating, by the member BMC, the leader certificate and the request; and sending, by the member BMC, an acknowledgement to the leader BMC to join the leader BMC's group.

Abstract: Systems, methods, and media for obfuscated personal identification number entry on media devices are provided.

Abstract: A corporate information technology (IT) network can protect sensitive data sent to computers located outside of the IT network. For example, a customer of a company may control who can access his or her sensitive personal information by identifying his or her access preference included in an access control list, where the access preference describes a level of access that at least one remote employee or person may have to the customer's sensitive personal information. A data protection server may containerize the sensitive personal information and the access control list of the person in a data protection container. If a remote employee or a person requests access the customer's sensitive personal information, the data protection server may perform data protection related operations to provide the sensitive personal information to the remote employee or person.

Abstract: Method, devices, programs and system for the realization of an encrypted protocol for the transmission of encrypted data packets, called “Transport Encrypted Protocol” (TEP), intended for communication, characterized by a particular methodology of data encrypted encapsulation according to the blockchain paradigm including the following steps: the establishment of a distributed ledger which generate sender and recipient addresses to establish a communication characterized by the encryption of both the content and the transport channels; the verification of the integrity of the message and the correct correspondence of the address by the receiving node (hash), which decrypts each layer of encapsulation and hence decrypting the message itself; and the submission of an encrypted notification of receipt to the sender node and the subsequent preparation of the receiving node to the next state, either the break in communication or the modification of its status from recipient to sender.

Abstract: The present disclosure generally relates to systems and methods for the gradual application of a new digital certificate to a service endpoint or server, with repeated rollbacks to an old digital certificate, whereby the new certificate is applied to a service endpoint and automatically rolled back to the previous certificate after an amount of time. After a period that corresponds to a set amount of time minus the time the new certificate was applied to the endpoint, the process starts again, except with an increased period of time for the new certificate.

Abstract: Systems and methods for obtaining required information prior to initiation of a transaction are described herein. In an embodiment, a system stores entity data defining a plurality of entities and data record requirement data identifying one or more required data record fields for one or more transactions. The system receives a request to initiate a transaction from a first client computing device corresponding to an account of a first entity. The system subsequently receives a request to view or participate in the particular transaction from a second client computing device corresponding to an account of a second entity. The system determines that the second entity has not provided data for the one or more required data record fields and, in response, restricts the second client computing device from viewing or participating in the transaction until the second entity has provided the data for the one or more required data record fields.

Abstract: An apparatus comprises a processing device configured to control delivery of input-output operations from a host device to a storage system over selected ones of a plurality of paths through a network. The processing device is further configured to identify whether operational information of the host device corresponding to a given write input-output operation comprises one or more index nodes, and to analyze the one or more index nodes responsive to a positive identification. The processing device is also configured to determine whether one or more portions of data corresponding to the given write input-output operation comprise file data based on the analysis of the one or more index nodes, to encrypt at least part of the file data responsive to an affirmative determination, and to deliver the given write input-output operation comprising the encrypted file data to the storage system.

Abstract: A method for providing an applet service capability includes: receiving an operation accessing request sent by an applet merchant though an applet management platform, in which the operation accessing request includes an applet token, an applet identifier and an operation accessing type; performing authentication on the operation accessing request through the applet management platform; and providing an applet service capability corresponding to the operation accessing request for the applet merchant when the authentication is passed.

Abstract: An identity profile of a user is tracked using previous message communications of the user. A message identified as potentially from the user is received. The identity profile of the user is identified and obtained. Information is extracted from a header of the received message. A security risk assessment of the received message is determined at least in part by comparing the extracted information with one or more corresponding entries of the identity profile of the user. A security action is performed based on the determined security risk assessment.

Abstract: Disclosed are an electronic device for obfuscating user data and a server for decoding the same. A method for controlling an electronic device according to the present disclosure comprises the steps of: acquiring a security parameter according to data transmitted to an external server; applying an obfuscation algorithm to the data by using the security parameter; and transmitting the data, to which the obfuscation algorithm has been applied, to the external server.

Abstract: The various examples are directed to establishing a secure session between a device and a server. The device and the server may establish a session key. The session key may be used for encrypting data. After authenticating the session key, the server may transmit secure session data to the device, and the device may store the secure session data. The server may transmit information for deriving, based on secure session data, the session key to a different server. The device may transmit the secure session data to the server, or to the different server, to re-establish the secure session. The different server may derive, using the information and based on the secure session data, the session key. The different server may re-establish, using the session key, the secure session.

Abstract: User behavior data of multiple users is acquired, and multiple user eigenvalues of user behavior data of each user under preset multiple user behavior dimensions are extracted. A user eigenvector of each user is determined based on the multiple eigenvalues of this user. Multiple user classes are obtained by clustering the user eigenvectors of multiple users are clustered through a preset clustering algorithm. A central vector of each user class is determined based on the user eigenvectors included in this user class. A difference eigenvector of each user class is determined, wherein a distance between the difference eigenvector and a central vector of an aggregation class to which the difference eigenvector belongs is not within a preset distance range. A user characterized by the difference eigenvector is determined as an abnormal user.

Abstract: A framework is provided in which a querying agency can request (via a query entity) encrypted data through a service provider from a data owning agency that stores encrypted data. The framework uses homomorphic encryption. The data may be gallery entities, and each of the elements in the framework operate on doubly-encrypted information. The service provider compares a representation of an encrypted query entity from the querying agency and representations of encrypted gallery entities from the data owning agency, resulting in doubly-encrypted values of a metric between corresponding compared representations. The querying agency gets result(s), based on the metric, which indicate whether it is probable the service provider has data similar to or the same as query data in the query entity. The elements have to perform communication in order for the querying agency or the data owning agency to get cleartext information corresponding to the query entity.

Abstract: A data sharing control method. The method includes detecting a plurality of images on one or more devices operated by a first user, the one or more devices comprising a particular device. A plurality of tags are determined for the plurality of images, and a plurality of settings are received based on the plurality of tags from a second user. A particular image is detected on the particular device. One or more particular tags of the particular image on the particular device are determined, and a sharing action of the particular image by the particular device is blocked based on the plurality of settings and the one or more particular tags.

Abstract: Briefly, example methods, apparatuses, and/or articles of manufacture are disclosed that may be implemented, in whole or in part, using one or more computing devices to facilitate and/or support one or more operations and/or techniques for creating and/or enhancing hardware obscurity via one or more randomization points, such as implemented in connection with one or more computing and/or communication networks and/or protocols.

Abstract: Examples described herein include systems and methods for dynamically determining enrollment requirements and enrolling a user device into a management system. The systems and methods can differ based on the type and version of operating system executing on the user device. With some operating systems, enrollment can be completed through a single application that performs other functionality, such providing single-sign-on access to enterprise resources. With other operating systems, enrollment can be completed by pausing the first application and requiring installation of an agent application to complete enrollment. The determination of how and when to enroll a user device can be done automatically and can be based on an organizational group to which the user belongs.

Abstract: Systems, methods, and non-transitory computer-readable media can determine a first dataset provided by a first party, wherein the first dataset includes a set of vectors that are each associated with a user identifier. A second dataset provided by a second party can be determined, wherein the second dataset includes a set of vectors that are each associated with a user identifier. One or more vectors in the first dataset can be matched to vectors in the second dataset based on a secure multi-party computation without revealing respective graph information of the first party or the second party. Respective mappings between vectors in the first dataset to a set of shared universal identifiers can be provided to the first party. Respective mappings between vectors in the second dataset to the set of shared universal identifiers can be provided to the second party.

Abstract: In a multi-cloud computing environment comprising a plurality of cloud platforms with each cloud platform comprising one or more nodes, a method maintains a decentralized metadata database framework, wherein each node comprises a decentralized metadata database component operatively coupled to each other decentralized metadata database component of the framework and wherein each of at least two of the decentralized metadata database components stores a set of metadata records corresponding to protected data stored across the plurality of cloud platforms. Further, the method manages one or more access requests directed to the protected data through one or more of the decentralized metadata database components of the framework.

Abstract: In general, techniques are described for an encryption key namespace of a kernel, executed by a host computing device, the encryption key namespace having a configuration file that stores an association of a key identifier and a container identifier by which the host computing device can obtain a data encryption key to use for decrypting/encrypting data for the container identified by the container identifier. In this way, a user may associate a container (or container image) with a unique key identifier. By configuring this association in the encryption key namespace for the container, the container may be identified and automatically associated with a key identifier for the appropriate key for decrypting/encrypting data for the container. The host computing device may then obtain, from a key management service, the key using the key identifier.