Abstract: An automated security assessment service of a service provider network may identify, and notify a customer of, misconfigured VM instances that can be access (e.g., via the Internet). A scanner tool may call an automated reasoning service to identify any VM instances of a customer that can be accessed, and may receive information from the automated reasoning service that is usable to exchange packets with those identified instances. The scanner tool can use the information to send requests to the identified instances. After receiving responses from the identified instances, the scanner tool can store, in storage of a network-based storage service, and in association with a customer account of the customer, encrypted data about the results of the scan (e.g., any VM instances that are vulnerable to attackers), and this encrypted data is thereby accessible to the customer with proper decrypt permissions.

Abstract: A disclosed method includes a data distribution computer receiving a data packet comprising a plurality of data values in response to an interaction between a resource provider and a user. The data distribution computer can then determine a data item for each data value of the plurality of data values and associate each data value to a processing computer using the data item for each data value. The data distribution computer can generate a plurality of authorization request messages comprising at least one data value. The data distribution computer can then transmit the plurality of authorization request messages to a plurality of processing computers adapted to process the data values in the respective authorization request messages, wherein the plurality of processing computers process the data values in the respective authorization request messages. The plurality of authorization request messages are subsequently forwarded to the authorization computer.

Abstract: A method for a smart device management resource picker includes receiving an authorization request from a third party. The authorization request requests access to a user resource managed by the device manager. The device manager manages access controls associated with a plurality of user devises, the access controls are configured by a user. The method also includes determining whether the third party is authorized to access the user resource managed by the device manager. When the third party is authorized to access the user resource managed by the device manager, the method includes determining whether the user has configured access controls at the device manager that governs the user resource subject to the authorization request. When the user has configured a respective access control that governs the user resource subject to the authorization request, the method includes communicating a response to the authorization request based on the respective access control.

Abstract: Methods, systems, and computer programs are presented for a packages policy object to enable customers to create and apply packages policies provided by third-party package managers. A user-defined function (UDF) is received by a cloud data platform. The UDF includes code related to at least one operation to be performed. The cloud data platform receives a package policy including at least one allowlist and at least one blocklist and compares the at least one allowlist and the at least one blocklist to the at least one package specification. The cloud data platform computes a difference set based on the comparison. The difference set includes metadata associated with one or more packages to remove. The cloud data platform determines whether the UDF is permitted based at least in part on the difference set.

Abstract: Disclosed is a neural network enabled interface server and blockchain interface establishing a blockchain network implementing event detection, tracking and management for rule based compliance, with significant implications for anomaly detection, resolution and safety and compliance reporting.

Abstract: Aspects and examples are disclosed for improving multi-factor authentication techniques to control access to secured electronic resources. In one example, a decisioning computer system evaluates, based on a passive-dimension decision process, an access request, received from a user device, for a secured electronic resource. The passive-dimension decision process can evaluate dimensions associated with the access request, such as identity or device characteristics, to determine whether the dimensions of the access request are outside of norms for the user. Based on the passive-dimension decision model, the decisioning computing device may communicate to the user device an access decision, the access decision describing one or more of an access authorization, a denial of access, or a supplemental authentication challenge.

Abstract: Systems and methods for managing data security are described. In an embodiment, the method comprises receiving a data access request from a first application that runs in a first operating environment of a mobile device, wherein the authentication request contains credentials of the first application, communicating with a second application that runs in a second operating environment in parallel to the first environment of the mobile device, wherein the second application is a trusted application that runs in a secure environment, and wherein the communicating includes transferring the credentials of the first application to the second application, and receiving data from the trusted application responsive to the data access request, based on the credentials of the first application.

Abstract: Disclosed are a data protection method and apparatus, and a server and a medium. A particular embodiment of the method comprises: acquiring gradient associated information, which respectively corresponds to a target sample that belongs to a binary classification sample set with unbalanced distribution and a reference sample that belongs to the same batch as the target sample; generating information of data noise to be added; according to the information of said data noise, correcting an initial gradient transfer value corresponding to the target sample, such that corrected gradient transfer information corresponding to samples in the sample set that belong to different types is consistent; and sending the gradient transfer information to a passive party of a joint training model. By means of the embodiment, there is no significant difference between corrected gradient transfer information corresponding to positive and negative samples, thereby effectively protecting the security of data.

Abstract: Message authenticators for quantum-secured communications facilitate low-latency authentication with assurances of security. Low-latency message authenticators are especially valuable in infrastructure systems where security and latency constraints are difficult to satisfy with conventional non-quantum cryptography. For example, a message transmitter receives a message and derives an authentication tag for the message based at least in part on an authenticator that uses one or more quantum keys. The message transmitter outputs the message and its authentication tag. A message receiver receives a message and authentication tag for the message. The message receiver derives a comparison tag for the message based at least in part on an authenticator that uses one or more quantum keys. The message receiver checks whether the message is authentic based on a comparison of the authentication tag and the comparison tag. In example implementations, the authenticator uses stream-wise cyclic redundancy code operations.

Abstract: One example method includes receiving authorization from a human user to collect data concerning an interaction of the human user with a computing element, interacting with the human user, collecting data concerning the interaction, analyzing the collected data, generating trust and confidence information, concerning the human user, based on analysis of the collected data, and storing the trust and confidence information.

Abstract: Methods and apparatus relating to Organic Light Emitting Diode (OLED) compensation based on protected content are described. In an embodiment, secure memory stores data that is only accessible by trusted logic. Display controller logic circuitry updates pixel values to be stored in the secure memory based on a plurality of frames. The display controller logic circuitry allows access by untrusted software to the updated pixel values after a first number of updates to the pixel values stored in the secure memory. Other embodiments are also disclosed and claimed.

Abstract: A data using device includes: a data storage part storing pieces of data used for the predetermined process; a user storage part storing a first user identification information; an authentication data acquisition part; a user acquisition part acquiring a second user identification information from the external apparatus; a user determination part; an authentication storage processing part storing the authentication data such that the authentication data is available for the predetermined process when the user determination part determines that the first and second user identification information match each other or when the first user identification information is not stored; a user deletion part deleting or instructing a user to delete the first user identification information when the first and second user identification information do not match each other; and a data use prohibition part prohibiting use of the authentication data when the first user identification information is deleted.

Abstract: The present disclosure involves systems, software, and computer implemented methods for automatically controlling access and limiting functionality of a computer workstation based on which user is currently logged in. In some implementations, an overwatch application is installed on the workstations to be controlled and monitored. If an authorized, but limited, user logs in, the overwatch application can initiate a lockdown process on the workstation. In some instances, the lockdown process is managed by a dedicated lockdown application, which is initiated or notified from the overwatch application, and which can initiate a lockdown of particular applications, functionality, and allowed interactions on the workstation until the limited user has completed their task and a new user logs in.

Abstract: Systems and methods for securely deploying a collective workspace across multiple local management agents are described. In some embodiments, an Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution, cause the IHS to: receive, at a workspace orchestration service from a first local management agent, first context information and a first split key; receive, at the workspace orchestration service from a second local management agent, second context information and a second split key; determining, by the workspace orchestration service, that the first and second context information match a collaborative workspace policy; in response to the determination, authenticate the first and second split keys; and in response to the authentication, transmit a collaborative workspace definition to the first and second local management agents.

Abstract: The present disclosure pertains to validation of runtime objects for a software deployment using a certificate. After creating the runtime objects during a build process, a certificate may be generated based on the runtime objects. The certificate may include a fingerprint of the runtime objects that may be used before deployment to determine whether the runtime objects have been changed. Before deployment, the runtime objects and the certificate may be obtained and the certificate may be validated. In addition, the runtime objects may be validated using the fingerprint included in the certificate. For instance, the fingerprint may be re-generating based on the runtime objects for deployment. The runtime objects may be validated by comparing the re-generated fingerprint to the fingerprint in the certificate. The runtime objects may be deployed if the certificate and the runtime objects are valid.

Abstract: An interaction method includes receiving a service request from a client application (CA) installed on a terminal and that runs in a rich execution environment (REE), determining a trusted user interface (TUI) identifier, sending a TUI call instruction carrying the TUI identifier to a trusted execution environment (TEE) to instruct to draw an image based on the TUI template or the TUI function component to call a TUI to display the drawn image, receiving response information from the TEE, and executing a corresponding service procedure based on the response information.

Abstract: Simulating user interactions during dynamic analysis of a sample is disclosed. A sample is received for analysis. Prior to execution of the sample, a baseline screenshot of a system folder is generated by accessing frame buffer data stored on a graphics card. The sample is caused to execute, at least in part using one or more hypervisor instructions to move a pointing device to an icon associated with the sample. A current screenshot of the system folder is generated by accessing current frame buffer data stored on the graphics card.

Abstract: An information processing apparatus includes a processor configured to receive a device ID for identifying a processing request transmission device and a processing request from the processing request transmission device, and specify a related user related to the processing request based on the device ID and then execute processing according to the processing request.

Abstract: A programmable integrated circuit device includes a programmable core, a boot device configured to boot up the programmable core, and a one-time programmable memory module controlling life cycle states of the programmable integrated circuit device, including (i) an operational state during which programming resources of the programmable device are locked, and (ii) an inspection state in which the programming resources of the programmable device are accessible. The one-time programmable memory module is configured to allow unidirectional advance from the operational state to the inspection state, when authorized by a lock control circuit responsive to control signals from the boot device to authorize the unidirectional advance from the operational state to the inspection state. Authorization of the unidirectional advance may be limited to a time interval during a boot cycle of the programmable device. The unidirectional advance may be based on receipt of an authenticated request from a requester.

Abstract: An apparatus for sharing location information of a vehicle may include: a communication circuit configured to communicate with a server, and a processor electrically connected with the communication circuit. The processor may be configured to receive, via the communication circuit, authentication information for sharing the location information of the vehicle from the server; transmit, via the communication circuit, the authentication information to an external device, which is a target for sharing the authentication information, such that the external device receives the location information from the server; and acquire the location information from the server using the authentication information.