Abstract: An apparatus comprises a plurality of hardware security modules, at least a first hardware security module in the plurality of hardware security modules comprising processing circuitry to generate a first plurality of pairs of cryptographic key pairs comprising a first plurality of private keys and a first plurality of public keys, forward the first plurality of public keys to a remote computing device, receive, from the remote computing device, a first plurality of ciphertexts, wherein each ciphertext in the plurality of ciphertexts represents an encryption of a cryptographic seed with a public key selected from the plurality of public keys, receive, from a subset of hardware security modules in the plurality of hardware security modules, a subset of private keys.

Abstract: A method for hyper security encoding includes receiving data to be encrypted, and padding the data to be encrypted with padding data to avoid un-obfuscated bits after encryption. The method also includes encrypting, with a Mojette Transform, the data to be encrypted after the data to be encrypted is padded with the padding data, and outputting a result of the encryption as encrypted data.

Abstract: A method of setting a surveillance camera includes the steps of recognizing a readable object in an image captured by the surveillance camera, updating a set value of one or more set items of the surveillance camera associated with the readable object, and transmitting the set value of an at least one set item to an external device in response to receiving a request therefrom.

Abstract: Plural Internet of Things (IoT) gateways detect, secure against and remediate malicious code with an autonomous communication of tokens between the IoT gateways on a time schedule. Detection of an invalid token or a token communication outside of a scheduled time indicates that malicious code may have interfered with token generation or communication. Once malicious code is verified on an IoT gateway, the failed gateway is remediated to an operational state, such as with a re-imaging by another IoT gateway through an in band communication or a re-imaging by a server information handling system through an out of band communication.

Abstract: Assessing a consumer's risk of harms related to a data breach includes determining, for the particular data breach, a data breach score, referred to as a Breach Clarity™ (BC) score, indicative of the risk of harm related to the particular breach. A data structure pairs a breached information element with at least one potential harm. Algorithms assign a harm risk score to the harm, determine an element risk score for the information element-harm pair, and determine a BC score using the harm risk and element risk scores, and an exposure rating. The BC score can be modified by a scaling algorithm to generate a relative BC score. The system identifies and rank orders mitigation actions for the breach and outputs these with the BC score to the consumer. A consumer's demographic and/or behavioral characteristics can be factored into the exposure rating and ranking of the mitigation actions.

Abstract: Cloud storage provides for accessible interfaces, near-instant elasticity and scalability, multi-tenancy, and metered resources within a framework of distributed resources acting to provide highly fault tolerant solutions with high data durability. However, cloud storage also has drawbacks and limitations with information uploading and how information is subsequently accessed. To date the lack of automated tools for managing tens, hundreds and thousands of users and/or documents within enterprises and organizations means that for most migrating is a massive undertaking. Accordingly, knowledge workers require a human interface to the data ingested from third-party systems that manages the data in original folder contexts/locations for each knowledge worker within the interfaces.

Abstract: The disclosure relates to a method and a system for sequencing asset segments of privacy policy using optimization techniques. The asset segments are sequenced based on several constraints associated with preferences of a source entity and a target entity. Further the disclosure also determines a target entity violation factor that represents a conflict between the preferences associated with the source entity and the target entity. In an embodiment the disclosed method and system optimally sequences the plurality of asset segments using several optimization techniques that include a basic sequence generation technique, a source entity sequence optimizing technique and a target entity sequence optimizing technique considering constraints. Hence the disclosure bridges a communication gap between several stakeholders by optimally displaying the most relevant privacy policy (mapped to the asset segments) considering the constraints or preferences associated with both the source entity and the target entity.

Abstract: Remote subscription management of an eUICC comprising a private key and a public certificate, the public certificate comprising information allowing a subscription manager server to decide if it can agree to manage the eUICC.

Abstract: Various embodiments of systems and methods to track tainting information via non-intrusive bytecode instrumentation are described herein. The described techniques include, at one aspect, defining a taint-aware class to shadow an original data class. The taint-aware class includes a payload field to store objects of the original data class, a metadata field to store tainting information corresponding to the objects of the original data class, and a method proxying a corresponding method of the original data class. In another aspect, the instances of the original data class are replaced with corresponding instances of the taint-aware class in an application bytecode. Further, in a yet another aspect, when executing the application in a runtime environment, the method propagates the content of the metadata filed and calls the corresponding method of the original data class to manage the content of the payload field.

Abstract: A computer-implemented method for creating a classified token database usable for dynamically redacting confidential information from communications includes performing natural language processing on training input and determining whether a confidentiality level is present in the training input. The method includes, in response to determining that the confidentiality level is present, adding at least one classified token associated with the training input to a classified token database.

Abstract: A rule engine receives data flows. The data flows are between a network and an application. The rule engine determines data flow information and in dependence on the information performs an action with respect to said flow. A controller provides control information to the rule engine to define one or more actions. The communications between said rule engine and said controller are secure.

Abstract: A system for data recording across a network includes a session border controller connecting incoming data from the network to an endpoint recorder. A load balancer is connected to the network between the session border controller and the endpoint and receives the incoming data from the session border controller, wherein the load balancer comprises computer memory and a processor configured to parse the incoming data into video data and audio data according to identification protocols accessible by the processor from the computer memory. A recording apparatus includes recording memory that receives the incoming data from the load balancer, stores a duplicate version of the incoming data in the recording memory, and connects the incoming data to the endpoint.

Abstract: Techniques, for secure processing of encrypted data on public resources, include receiving first data indicating a sequence of reversible q-bit gates including a first segment for decrypting, a second segment for operating on the decrypted data, and a third segment for encrypting the resulting data. Second data indicates rules for replacing a first sequence of two gates operating on at least one shared bit of an input N-bit word with a different second sequence of one or more gates that produce the same output N-bit word. The second data is used to propagate: a gate from the first segment a distance into the second segment or beyond; and, a gate from the third segment a distance into the second segment or before. This produces an obfuscated sequence of reversible gates. Obfuscated instructions based on the obfuscated sequence of gates are sent to the public resources.

Abstract: Systems and methods for processing tokenization requests to facilitate safe storage of tokens. An epoch is identified as a current epoch based on a current system time of a node. A seed value is computed by the node based on a start time of the epoch and a secret. A plurality of ephemeral tokens is generated by a randomization service of the node for a set of sensitive data based on the seed value. Each ephemeral token of the plurality of ephemeral tokens has a usable life defined by the epoch. Each sensitive data instance in the set of sensitive data is associated with a particular ephemeral token of the plurality of ephemeral tokens to create a mapping structure in a main memory of the node. A tokenization service of the node is configured to process tokenization requests using the mapping structure.

Abstract: Methods, apparatus, systems and articles of manufacture manage credentials in hyper-converged infrastructure s are disclosed. An example method includes establishing, by executing an instruction with at least one processor, a communication between a software defined data center manager of the hyper-converged infrastructure and a component of the hyper-converged infrastructure using first credentials included in a known hosts file. The example method also includes generating, by executing an instruction with the at least one processor, second credentials at the component in response to a power-on event detected by the software defined data center manager. The example method also includes recording, by executing an instruction with the at least one processor, the second credentials at the known host file.

Abstract: A system for controlling accesses to network enabled devices includes a network interface over which a hub communicates with network enabled devices, a processor, and a multilayer access control layer. The access control layer includes instructions that, when executed by the processor, cause the processor to detect, at the hub, a request representing an attempt by an application executing on a remote host device to access a network enabled device communicatively coupled to the hub, characterize the request according to a user of the remote host device, the application making the attempt, and the network enabled device, and determine whether to allow or deny the request based upon the characterization and a plurality of rules. The rules may include definitions of access rights, with respect to the network enabled device, for users, applications, commands or queries made by applications, remote host devices, and network domains.

Abstract: A method of configuring a multimedia device connected to an interconnection device and to at least one terminal is disclosed. The multimedia device includes a service interface to the interconnection device and a terminal interface to said terminal. The method includes an initialization phase including receiving, through the service interface, a first request to obtain an identification parameter authorizing access to a configuration module for the multimedia device, and transmitting, through the service interface, a message destined for the terminal comprising the identification parameter requested.

Abstract: Change fingerprinting is applied to a text file, database table, or data feed to determine the timeframe in which an identified “wild file” was generated, even when its file creation meta-data is missing. Each row in the data contains information on a single object. At least one column in the data contains an age for each object at the time the file was created. The age data can be used to determine the date the file was created, such as by using recognition processing or by looking at data that has been added or dropped from the file based on age. By identifying the timeframe in which the wild file was created, the data owner may greatly reduce the computational burden needed to determine if the wild file contains stolen data because it greatly reduces the universe of files that must be compared to the wild file.

Abstract: Aspects of the subject disclosure may include, for example, identifying, during a CPU's execution of a first program, a branching instruction of the first program that redirects execution to a second program. Responsive to the identifying of the branching instruction, a return address of a next instruction of the first program is encrypted. The encrypted return address is transferred to the second program without the CPU retaining a record of the return address. The encrypted return address is received from the second program responsive to its completion of execution. The received encrypted return address is decrypted to obtain the return address enabling a resumption of execution of the first program from the next instruction. Other embodiments are disclosed.

Abstract: Use of a trusted execution environment (TEE) as a safe build environment. A build task is initiated in a TEE of a compute instance. The build task generates a first software component.