Abstract: In some examples, a management controller includes a communication interface to communicate with a computing device, where the management controller is separate from a processor of the computing device. The management controller includes a management processor to perform a validation of program codes of virtual entities of the computing device, and in response to the validation of the program codes, unlock access of information in an information store to allow access of the information by the computing device, wherein the information is for use by the virtual entities of the computing device, and wherein the management processor is to block access of the information in the information store prior to the validation.

Abstract: Embodiments relate to a system, program product, and method for protecting cache access in a multi-tenant environment, and, more specifically, for allowing access to specified data, encrypted or unencrypted, in a shared cache to authorized tenants, while denying access to the data for unauthorized tenants. The system includes a server including one or more shared cache and a plurality of tenant devices coupled to the server. The server is configured to run one or more applications thereon, where each tenant has access to one or more authorized instances of the applications. The system also includes a cache proxy coupled to the tenant devices and the shared cache. The cache proxy facilitates enforcing one or more schemes to provide for separation of data for authorized tenants and their users using the shared cache from unauthorized tenants and users.

Abstract: A system and method are disclosed for each party of a group of m parties to be able to learn an Nth smallest value in a combined list of the values in which each party has separate lists of values. A method includes creating, by each party of a group of m parties, m lists of additive shares associated with each party's respective list of data, distributing, from each party to each other party in the group of m parties, m?1 of the lists of additive shares to yield a respective combined list of additive shares Wi obtained by each party of the m parties, receiving from a trusted party a list of additive shares Vi associated with a hot-code vector V, computing, in a shared space by each party, a respective Ri value using a secure multiplication protocol and comparing, in the shared space, by each party and using secure multi-party comparison protocol, the respective Ri to all elements in the respective combined list of additive shares Wi to yield a total number Pi of values in Wi that are smaller than Ri.

Abstract: A method of exchanging information with network devices using web browsers includes executing an application on a client device to implement a local web server on the client device, loading in a web browser on the client device a webpage independent of the web browser and including a script for generating a first request to the local web server, accepting the first request from the web browser by the local web server, and sending requested information to the web browser by the local web server. In some embodiments, the method also includes generating a second request to a remote server by the web browser and using the script, where the second request includes the requested information sent to the web browser.

Abstract: The concepts and technologies disclosed herein are directed to intelligent continuous authentication (“ICA”) for digital rights management (“DRM”). A user device can receive a notification that a media content playback device has requested playback of a media file that is protected by an ICA engine (“ICAE”) instance. The user device can request a unique code from the media content playback device. The user device can provide the unique code to an ICAE central management system associated with a media content provider that provides media content encompassed in the media file. The user device can determine, based upon a result provided by the ICAE central management system, whether the unique code is valid or invalid. The user device can instruct the ICAE instance to enable or disable the media file based upon whether the unique code is valid or invalid.

Abstract: In some embodiments, an electronic device organizes and selectively grants access to its authorization with a primary content provider to applications downloaded on the electronic device for viewing content from secondary content providers. In some embodiments, an electronic device prompts a user to download applications associated with a primary content provider in response to the user authorizing the electronic device with the primary content provider.

Abstract: An information processing apparatus includes a first processor, a second processor, and one or more non-volatile storage devices. The one or more storage devices store a first control program to be executed by the first processor and a second control program to be executed by the second processor. The first processor verifies the second control program stored in the one or more storage devices, and then verifies the first control program stored in the one or more storage devices.

Abstract: Aspects of the present disclosure provide techniques for encrypted data management. Embodiments include determining an encrypted data item in a data store that is related to a request from a data consuming user. Embodiments include determining a data owning user and an encryption key that correspond to the encrypted data item based on a key identifier associated with the encrypted data item. Embodiments include determining one or more additional encrypted data items and one or more additional encryption keys that correspond to the data owning user based on key identifiers associated with the one or more additional encrypted data items. Embodiments include generating a single data access ticket comprising information about the data consuming user, the data owning user, the encryption key, and the one or more additional encryption keys.

Abstract: A method and apparatus for analyzing a URL included in contents and displaying the analyzed result is provided. The method includes detecting a URL from contents, analyzing the URL, and displaying the analyzed result.

Abstract: A computer-implemented method includes receiving, by an application executing on a computing device, a first environment with a first identifier, in response to a first request comprising an authentication code. The method further includes associating, by the application, the first identifier with the authentication code, sending, by the application, a second request comprising the first identifier and the authentication code, and in response to sending the second request, receiving, by the application, a second environment with a second identifier. The second environment is a version snapshot of the first environment.

Abstract: Systems and methods for recording information at a granular level; checking and verifying that data is used and processed is consistent with an entity's internal policies and/or external regulations; and producing reports to authorized users (e.g., individuals and organizations) with information are provided. The system and methods capture required data in an immutable fashion so that users outside of an entity (e.g., public, third parties) can check and audit that internal policies and other regulatory policies and frameworks are followed.

Abstract: A system is provided for enforcing time-based user access levels in a computing infrastructure of an organization. The system includes a processor and a computer readable medium operably coupled thereto, to perform operations which include executing a synchronization of the time-based user access levels, obtaining a first login identifier (ID) of a plurality of login IDs for a group of employees of the organization, identifying a position ID and an employment status ID for the first login ID, determining a current time and a last login timestamp for the first login ID, determining a time-based access rule for the group of employees, determining whether a time period from the last login timestamp to the current time violates the time-based access rule, and setting, for the synchronization of the first login ID, at least a first access level of the first login ID to computing resources.

Abstract: An end-user computing device may utilize an imaging device to capture input from an electronic tag of a physical asset. The end-user computing device may generate supplemental digital data associated with the input. The end-user computing device may transmit the input and the supplemental digital data to an authentication and digital assets server. The authentication and digital assets server may authenticate the physical asset and transmit the authentication results to the end-user computing device, which may display the authentication results. If the authentication of the physical asset is successful, the authentication and digital assets server may select one or more digital assets and transmit the one or more digital assets to the end-user computing device. The end-user computing device may display the one or more digital assets.

Abstract: An authentication system and an authentication method are provided. The electronic device of the authentication system includes a controller, a processor and a key module, wherein the processor performs an application program. In a binding phase, the application device generates a digest file according to key factor information and a selection strategy, and stores the digest file in a digest table of the electronic device. In a checking phase, the application program determines whether the controller corresponds to a binding device according to the digest file and the key factor information. If the controller corresponded to the binding device, in an authentication phase, the controller performs an authentication operation of a U2F service with a server device according to the digest file corresponding to the binding device in response to a pressing of the key module.

Abstract: Described herein are systems and methods for predicting a metric value for an entity associated with a query node in a graph that represents a network. In embodiments, using a user's profile as the query node, a metric about that user may be estimated based, at least in part, as a function of how well connected the query node is to a whitelist of “good” users/nodes in the network, a blacklist of “bad” users/nodes in the network, or both. In embodiments, one or more nodes or edges may be weighted when determining a final score for the query node. In embodiments, the final score regarding the metric may be used to take one or more actions relative to the query node, including accepting it into a network, allowing or rejecting a transaction, assigning a classification to the node, using the final score to compute another estimate for a node, etc.

Abstract: Various embodiments set forth techniques for managing access to a resource at a device. In one aspect, a method includes receiving a request by an application to access a resource, determining that an application permission associated with the application and the resource grants the application access to the resource, where the application permission includes a signature of a permission review entity associated with the resource, and granting the request to access the resource based on the application permission. The permission review entity associated with the resource may be authorized through device permissions specified by an implementer or provider of the device.

Abstract: Some embodiments of the invention provide a system for defining, distributing and enforcing policies for authorizing API (Application Programming Interface) calls to applications executing on one or more sets of associated machines (e.g., virtual machines, containers, computers, etc.) in one or more datacenters. This system has a set of one or more servers that acts as a logically centralized resource for defining and storing policies and parameters for evaluating these policies. The server set in some embodiments also enforces these API-authorizing policies. Conjunctively, or alternatively, the server set in some embodiments distributes the defined policies and parameters to policy-enforcing local agents that execute near the applications that process the API calls. From an associated application, a local agent receives API-authorization requests to determine whether API calls received by the application are authorized.

Abstract: An information handling system includes a provisioning server and a server. The server includes a baseboard management controller (BMC) that configures a first ownership certificate for the server, and provides it to the provisioning server. The first ownership certificate is associated with a first owner. The BMC receives a first signed provisioning configuration content, and stores the first signed provisioning configuration content in an encrypted memory. The BMC configures a second ownership certificate for the server, and provides it to the provisioning server. The second ownership certificate is associated with a second owner. The BMC receives a second signed provisioning configuration content, and stores the second signed provisioning configuration content on top of the first signed provisioning configuration content in the encrypted memory.

Abstract: A financial data secure sharing method, a device and a system based on a cloud server include steps of: logging-in with a terminal through a data access sharing interface provided by the cloud server to obtain a financial data sharing authority for a financial data sharing party; filling-in and uploading financial data according to a data sharing upload format provided by the cloud server; performing a unified format conversion on the financial data, so as to generate unified-format financial data; selecting an encryption method for the unified-format financial data; processing the unified-format financial data with encryption authentication, and obtaining an encryption authentication result; and storing the encryption authentication result in a memory of the cloud server based on a preset storage structure, and providing data sharing to a corresponding user through the data access sharing interface. The financial data can be shared according to the user identity authority.

Abstract: Disclosed techniques relate to storing a key cache within a secure enclave. In some embodiments, a computing system receives, from an application, a request to access a database, where the request is associated with a particular account. The computing system then accesses, using an identifier associated with the particular account, a key cache stored in a secure enclave of a memory of the computing system to determine at least one private key associated with the request, where the key cache stores private keys of a key management system (KMS) for a plurality of accounts. The computing system performs a cryptographic operation for accessing the database within the secure enclave using the at least one private key. In various embodiments, disclosed techniques may improve the security of cryptographic private keys cached for a plurality of tenants.