Abstract: Systems and methods of improving the operation of a transaction network and transaction network devices are disclosed. An online purchase autofill plugin includes various modules and engines. The fields of online forms may be identified and the fields of online forms may be automatically filled. The user experience may be improved, and data security enhanced so that the transaction network more properly functions according to approved parameters, such as protecting the integrity of sensitive data.

Abstract: There are provided measures for enabling resource-efficient remote malware scanning capable of static and dynamic file analysis. Such measures could exemplarily comprise include, at a local entity, comparing file items of an electronic file to be scanned for malware with the file items of previously scanned electronic files, generating a recipe of the electronic file to be scanned, sending the generated recipe of the electronic file to be scanned for malware to a remote entity for enabling reconstructing the electronic file by assembling its file items on the basis of the obtained recipe and executing a dynamic malware analysis on a runtime behavior of the reconstructed electronic file.

Abstract: A system for autonomous issuance and management of insurance policies for computer and information technology related risks, including but not limited to business losses due to system availability, cloud computing failures, current and past data breaches, and data integrity issues. The system will use a variety of current risk information to assess the likelihood of business interruption or loss due to both accidental issues and malicious activity. Based on these assessments, the system will be able to autonomously issue policies, adjust premium pricing, process claims, and seek re-insurance opportunities with a minimum of human input.

Abstract: In an embodiment, a computer-implemented method comprising: posting, by a broker computing device, device control data to a distributed datastore including distributed ledger and blockchain, wherein the device control data is collected at a plurality of directory services in a federation; receiving, at a computing hardware device, the device control data from the distributed datastore; using, by the computing hardware device, the device control data received from the distributed datastore, remotely managing user accounts and access control and security policies on at least one networked device.

Abstract: Computing apparatus includes a host processor, which runs a virtual machine monitor (VMM), which supports a plurality of virtual machines and includes a cryptographic security software module. A network interface controller (NIC) links the host processor to a network so as to transmit and receive data packets from and to the virtual machines and includes a cryptographic security hardware logic module, which when invoked by the VMM, applies the cryptographic security protocol to the data packets while maintaining a state context of the protocol with respect to each of the virtual machines. Upon encountering an exception in applying the cryptographic security protocol, the NIC transfers the data packet, together with the state context of the cryptographic security protocol with respect to the given virtual machine, to the cryptographic security software module for processing.

Abstract: A context-aware biometric access control policy is provided. A request to access a protected resource received from a client device is identified. A resource hierarchy associates each of a plurality of protected resources with one or more respective confidence levels of authentication. A confidence level that is associated with the protected resource is identified based on the resource hierarchy. Instructions to capture a biometric token via the client device are generated based on a set of one or more confidence level parameters that is associated with the identified confidence level. The generated instructions are sent to the client device. A biometric token received from the client device is determined to authenticate the user of the client device and, in response, the request to access the protected resource is approved.

Abstract: A context-aware biometric access control policy is provided. A request to access a protected resource received from a client device is identified. A resource hierarchy associates each of a plurality of protected resources with one or more respective confidence levels of authentication. A confidence level that is associated with the protected resource is identified based on the resource hierarchy. Instructions to capture a biometric token via the client device are generated based on a set of one or more confidence level parameters that is associated with the identified confidence level. The generated instructions are sent to the client device. A biometric token received from the client device is determined to authenticate the user of the client device and, in response, the request to access the protected resource is approved.

Abstract: A security device includes a secure processor, a mail box, a cryptographic intellectual property (IP), a secure direct memory access (DMA) circuit, and an internal memory. The secure processor provides an isolated execution environment. The mail box transfers a request from a CPU to the secure processor. The cryptographic IP performs one or more secure operations, including a signature certification operation, an encryption/decryption operation, and an integrity verification operation, on secure data within the isolated execution environment and without intervention of the CPU. The secure DMA circuit controls the one or more secure operations within the isolated execution environment, wherein only the secure processor is configured to control the secure DMA circuit. The internal memory stores the secure data on which the one or more secure operations are performed. The cryptographic IP includes a DMA circuit configured to control data access to an external storage.

Abstract: A social network system that includes tools and technologies to keep the identities of the users of the system anonymous is provided. The system requires that some users use usernames that are not associated in any way with their legal names. In addition, other identifying content such as photographs are disallowed in certain circumstances. The system includes the tools to review and remove disallowed content from being published on the social network. The system also provides tools for its users to express themselves while engaging in creative endeavors such as creating artwork, creating music, creating videos, singing, journaling and creative writing, acting, inventing, interviewing and hosting and other endeavors. In this way, the system provides a social platform that promotes creativity, unity, inclusion, self-growth, support and healing.

Abstract: Dedicating hardware devices to virtual machines includes dedicating, by a hypervisor executing on a computer system, a set of hardware devices of the computer system to a first virtual machine of the hypervisor, the first virtual machine executing a guest operating system, and the set of hardware devices for use by the guest operating system in execution of the guest operating system, and dedicating network device hardware of the computer system to a second virtual machine of the hypervisor, the second virtual machine being a different virtual machine than the first virtual machine, wherein network communication between the guest operating system and a network to which the computer system is connected via the network device hardware occurs via the second virtual machine.

Abstract: A system for de-identifying data determines one or more identifiers that identify an entity of a dataset. One or more data de-identification processes are identified and associated with the determined one or more identifiers. Each data de-identification process is associated with one or more sets of configuration options indicating information to preserve in the dataset. The identified data de-identification processes are executed on the dataset in accordance with the associated sets of configuration options to generate datasets with varying preserved information. The generated datasets are evaluated for privacy vulnerabilities and a data de-identification process and an associated set of configuration options are selected based on the evaluation. The selected data de-identification process is executed on the dataset according to the associated set of configuration options to produce a resulting de-identified data set.

Abstract: Disclosed is an operating method of a storage device, which includes detecting virus/malware, performing an authentication operation with a host device when the virus/malware is detected, and entering a recovery mode when the authentication operation indicates that authentication is successful.

Abstract: Techniques for verifying message authenticity is provided. In some implementations, a verification request to verify authenticity of a first message is received from a user computing device. The verification request includes a first user identifier and verification information. A delivery message record is obtained. The delivery message record includes a plurality of entries associated with one or more messages sent to one or more user computing devices. Each entry includes a user identifier and feature information of a respective message of the one or more messages. At least one entry that has a second user identifier matching the first user identifier is identified. In response to determining that the feature information of the identified at least one entry matches the verification information from the verification request, a verification message is provided to the user computing device. The verification message indicates that authenticity of the first message is verified.

Abstract: A content management system for collecting files from one or more submitters in a collection folder. A collector, who generates the collection folder, can invite one or more submitters to submit one or more files to the collection folder. The submitted files are scanned for malicious content. The one or more submitters have limited rights to the collection folder. The limited rights can include uploading rights and prohibiting a submitter from viewing files that other submitters associated with the collection folder submitted. Thus, the collection folder is able to store files from the one or more submitters, but prevent them from viewing other's submissions.

Abstract: A method for controlling a terminal is provided. The terminal includes a capturing apparatus and at least one processor. An image is acquired by the capturing apparatus. A motion parameter of the terminal is obtained. Image processing on the acquired image is controlled to be performed based on the motion parameter being equal to or less than a preset parameter threshold, and skipped based on the motion parameter being greater than the preset parameter threshold.

Abstract: Systems, methods, and non-transitory computer-readable media can receive a notification of a user request to securely process a first set of data. A time estimate is calculated, wherein the time estimate is indicative of an expected amount of time for a secure data processing application to process the first set of data. An actual utilization time required for a first instance of the secure data processing application to process the first set of data is measured. A determination is made as to whether the secure data processing application may be compromised based on a comparison of the time estimate and the actual utilization time. In various embodiments, a re-cryptor process is used to change the cryptographic keys accessed by the secure data processing application. In various embodiments, a re-credentialer is used to change the database access credentials the secure data processing application used to access the encrypted data.

Abstract: Techniques are disclosed for securing data in a cloud storage. Plaintext files are stored as secured, encrypted files in the cloud. The ciphering scheme employs per-block authenticated encryption and decryption. A unique file-key is used to encrypt each file. The file-key is wrapped by authenticated encryption in a wrapping-key that may be shared between files. A centralized security policy contains policy definitions which determine which files will share the wrapping-key. Wrapping-keys are stored in a KMIP compliant key manager which may be backed by a hardware security module (HSM). File metadata is protected by a keyed-hash message authentication code (HMAC). A policy engine along with administrative tools enforce the security policy which also remains encrypted in the system. Various embodiments support blocks of fixed as well as variable sizes read/written from/to the cloud storage.

Abstract: In accordance with embodiments of the present disclosure, an information handling system may include a processor and a program of instructions embodied in computer-readable media and configured to, when read and executed by the processor: responsive to administrator input associated with the information handling system or a second information handling system managed by the information handling system, set user permissions for one or more users with respect to basic input/output system (BIOS) settings of the information handling system or the second information handling system; and in accordance with the user permissions, create keys for securing BIOS settings of the information handling system or the second information handling system.

Abstract: This application relates to the field of communications technologies, and discloses a network authentication triggering system, method and a related device. The method includes: receiving a first message from a terminal, where the first message carries first identity information and identifier information, the first identity information is encrypted identity information, and the identifier information is used to identify an encryption manner of the first identity information; and sending a second message to a first security function entity, where the second message is used to trigger authentication for the terminal, and the second message carries the identifier information. This application provides a solution of triggering an authentication process when identity information is encrypted.

Abstract: A method of preserving privacy for usage of a lightweight blockchain client in a blockchain network includes using, in a full blockchain node of the blockchain network, a secure software guard extensions (SGX) enclave. A request is received from the lightweight blockchain client for a setup of a secure network connection. A client unique ID is received from the lightweight blockchain client, and is acknowledged following a successful attestation by the lightweight blockchain client. A request is received from the lightweight blockchain client for transaction(s)/address(es) of the lightweight blockchain client. The SGX enclave loads and searches unspent transaction outputs (UTXO) from a memory of the full blockchain node and sends a response to the request from the lightweight blockchain client for the transaction(s)/address(es) based on a match from the searching the UTXO. The secure communication is then terminated with the lightweight blockchain client.