Abstract: A database platform receives an object identifier from a client in association with a database session. The client is associated with a customer account of the database platform, and the database session is associated with the client. The customer account includes multiple disjoint account-level namespaces, each of which represents a distinct context for resolution of object identifiers, such that matching object identifiers in different account-level namespaces in the customer account do not collide with respect to object-identifier resolution. The database platform determines that the object identifier does not specify an account-level namespace, and responsively resolves the object identifier with reference to a current account-level namespace of the database session by identifying an object corresponding to the object identifier in the customer account.

Abstract: Systems and techniques for an adaptive authentication system are described herein. In an example, an adaptive authentication system is adapted to receive a request at a first entity from a second entity for secure data of a user, where the second entity is remote from the first entity. The adaptive authentication system may be further adapted to transmit a prompt to a user device associated with the user for authentication of the user and authentication of the request. The adaptive authentication system may be further adapted to receive a response to the prompt and authenticate the user and the request based on the response. The adaptive authentication system may be further adapted to transmit the secure data of the user to the second entity.

Abstract: Network equipment (16A) is configured for use in a wireless communication network. The network equipment (16A) is configured to detect one or more conditions under which non-access stratum (NAS) keys (26A) that protect NAS communication between the network equipment (16A) and a wireless device (12) are to be refreshed. Responsive to detecting the one or more conditions, the network equipment (16A) is configured to derive, from a base key (24A) on which the NAS keys (26A) were derived, a new base key (24B) on which fresh NAS keys (26B) are to be derived. The network equipment (16A) is also configured to activate the new base key (24B).

Abstract: Some embodiments are directed to a circuit compiling device for compiling a function into a binary circuit and a function evaluation device for evaluating a function using such a binary circuit. The binary circuit comprises conjunction subcircuits each computing a conjunction of function input bits and XOR subcircuits each computing a function output bit. Each function output bit may be represented as a sum of interpolation terms, the plurality of function input bits and the interpolation terms of the one or more function output bits together forming a plurality of interpolation terms. A conjunction subcircuit computes an interpolation term as a conjunction of two interpolation terms. A XOR subcircuit computes a function output bit as a XOR of interpolation terms. Thereby, the first interpolation term and second interpolation term are also used in XOR subcircuits, hence the binary circuit has a smaller number or likelihood of ineffective faults.

Abstract: Methods, terminal and a data center gateway are provided for allowing efficient debugging and troubleshooting of data session encrypted with Perfect Forward Secrecy (PFS) encryption techniques such as for example the Transport Layer Security (TLS) protocol version 1.3. Embodiments of the invention allow the user terminal to authorize a data center gateway to persistently store one or more encryption keys associated with the data session for use to access the recorded data session and troubleshooting it after the session ended, when faults are detected. When a fault is detected, the user terminal provides authorization to the gateway to persistently store the data session along with one or more encryption key(s). With this, the gateway allows for the data session to be later decrypted and faults to be investigated despite the data session being encrypted with PFS techniques.

Abstract: A device may receive an image and may process the image, with a first model or a second model, to convert the image into a binary image. The device may generate an identifier that identifies the first model, or identifies the second model and a color removed from the image, and may utilize clustering to cluster pixels of the binary image and to generate a segmented image with a quantity of segments. The device may generate a particular number of segments to select, and may select the particular number of segments, as selected segments, from the quantity of segments. The device may mask the selected segments to generate a protected image with masked segments, and may associate the protected image with the identifier and with original pixel data of the masked segments. The device may store the protected image, the identifier, and the original pixel data in a data structure.

Abstract: Systems and methods for managing hardware privacy configuration in modern workspaces are described. In an embodiment, an Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution, cause the IHS to: receive, at a workspace privacy agent, a first hardware privacy request from a first application executed within a first workspace instantiated by a local management agent; and execute the first hardware privacy request.

Abstract: The technology disclosed includes a system to efficiently classify sensitivity of document generated by and downloaded from cloud-based provider services. The system monitors network traffic at a document-generation initiating endpoint and receives a web page identifying the document generated. The system parses the network traffic that selects the document for download, based on the user selecting a link, and intercepts a document handle in an API parameter string used to download the document. The system interprets the document handle to analyze sensitivity of the document to assign a sensitive classification to the document. The sensitivity classification is encoded into the document header metadata. The encoded sensitivity classification can be used to enhance security, for example, preventing data exfiltration.

Abstract: Systems and methods are described herein for graphically representing an information management system based on the characteristics of within the system. The systems and methods interface with various components of the system (e.g., administrative components, index components, and so on) to identify data having certain characteristics (e.g., personal data), and generate or render information (e.g., a heat map or other visual display) that represents areas or locations within the system storing the data. Thus, the systems and methods, in some embodiments, generate or create a data-specific view into the information management system.

Abstract: A microprocessor for mitigating side channel attacks includes a memory subsystem that receives a load operation that specifies a load address. The memory subsystem includes a virtually-indexed, virtually-tagged data cache memory (VIVTDCM) comprising entries that hold translation information. The memory subsystem also includes a data translation lookaside buffer (DTLB) comprising entries that hold physical address translations and translation information. The processor performs speculative execution of instructions and executes instructions out of program order. The memory system allows non-inclusion with respect to translation information between the VIVTDCM and the DTLB such that, for instances in time, translation information associated with the load address is present in the VIVTDCM and absent in the DTLB.

Abstract: The present invention relates to a communication apparatus including a first execution unit, a second execution unit, and a selection unit. The selection unit selects a first process of setting a wireless parameter in another communication apparatus or a second process of setting a wireless parameter that is set in another communication apparatus in the communication apparatus.

Abstract: Methods, computer-readable media, software, and apparatuses may calculate and inform a consumer of company privacy scores corresponding to companies with which the consumer has a corresponding account, or for a company associated with a website that a consumer may visit. A consumer privacy score may also be determined, based on the company privacy scores. The company privacy scores may be based on a calculation including elements of a privacy practice of the corresponding company and elements of a privacy policy of the corresponding company.

Abstract: A microprocessor for mitigating side channel attacks includes a memory subsystem that receives a load operation that specifies a load address. The memory subsystem includes a virtually-indexed, virtually-tagged data cache memory (VIVTDCM) comprising entries that hold translation information. The memory subsystem also includes a data translation lookaside buffer (DTLB) comprising entries that hold physical address translations and translation information. The processor performs speculative execution of instructions and executes instructions out of program order. The memory system allows non-inclusion with respect to translation information between the VIVTDCM and the DTLB such that, for instances in time, translation information associated with the load address is present in the VIVTDCM and absent in the DTLB.

Abstract: A method performed by one or more processors, and an apparatus is disclosed. The method may comprise identifying a request from a custom computer program within a sandbox to perform an operation not permitted within the sandbox, and receiving a first indication of security privileges associated with a provider of the custom computer program. The method may also comprise selectively causing the operation to be performed based on the first indication of security privileges.

Abstract: A secure element of a mobile device receives a first authentication token, which may have an encrypted portion and a non-encrypted portion, from a network gateway device to which the mobile device is connected. The secure element determines whether the first authentication token is valid based on a sequence number included in the first authentication token. If the secure element determines that the first authentication token is valid, the secure element generates a second authentication token that indicates a result of an authentication operation performed by the secure element. The second authentication token is sent to the network gateway device. The secure element derives a pre-shared key using a key derivation function, where the pre-shared key is usable to establish a secure communication channel with the network gateway device.

Abstract: Systems, methods, articles of manufacture for authentication of payment cards. A server may assign, in a database, an expected card identifier to a contactless card, the contactless card associated with an account. The server may receive, from a client device, a request comprising a uniform resource locator (URL), a parameter of the URL comprising a card identifier, wherein the URL is transmitted by the contactless card to the client device. The server may extract the card identifier from the URL and compare the extracted card identifier to the expected card identifier in the database. The server may determine, based on the comparison, that the extracted card identifier matches the expected card identifier. The server may authenticate the request based on the extracted card identifier matching the expected card identifier, and transmit, to the client device, an indication specifying that the request was authenticated.

Abstract: Various methods and systems are provided for autonomous orchestration of secrets renewal and distribution. A secrets management service (“SMS”) can be utilized to store, renew and distribute secrets in a distributed computing environment. The secrets are initially deployed, after which, SMS can automatically renew the secrets according to a specified rollover policy, and polling agents can fetch updates from SMS. In various embodiments, SMS can autonomously rollover client certificates for authentication of users who access a security critical service, autonomously rollover storage account keys, track delivery of updated secrets to secrets recipients, deliver secrets using a secure blob, and/or facilitate autonomous rollover using secrets staging. In some embodiments, a service is pinned to the path where the service's secrets are stored. In this manner, secrets can be automatically renewed without any manual orchestration and/or the need to redeploy services.

Abstract: A microprocessor for mitigating side channel attacks includes a memory subsystem that receives a load operation that specifies a load address. The memory subsystem includes a virtually-indexed, virtually-tagged data cache memory (VIVTDCM) comprising entries that hold translation information. The memory subsystem also includes a data translation lookaside buffer (DTLB) comprising entries that hold physical address translations and translation information. The processor performs speculative execution of instructions and executes instructions out of program order. The memory system allows non-inclusion with respect to translation information between the VIVTDCM and the DTLB such that, for instances in time, translation information associated with the load address is present in the VIVTDCM and absent in the DTLB.

Abstract: A target authentication device includes an electrode to detect an electrical signal associated with a user of the device. The electrical signal represents an authentication code for the device. An authentication receiver module is coupled to the electrode. The module receives the electrical signal from the electrode and determines whether the electrical signal matches a predetermined criterion to authenticate the identity of the user based on the electrical signal. An authentication module is also disclosed. The authentication module includes one electrode to couple an electrical signal associated with a user to a user of a target authentication device, the electrical signal represents an authentication code for the device. An authentication transmission module is coupled to the electrode. The authentication transmission module transmits the electrical signal from the electrode. A method of authenticating the identity of a user of a target authentication device also is disclosed.

Abstract: Methods and systems are provided to efficiently update account profiles based on a predicted likelihood of use, including by ranking the account profiles according to the likelihood of use. The disclosed system can considerably improve the processing time to update account profiles with the most recent information available, including new access requests. An authentication platform receives a plurality of new access requests, including request data and account identifiers associated with account profiles. The request data is transmitted to a prediction engine that determines a ranking of the account identifiers based on a predicted likelihood of use during a next time interval. A profile batch scheduler retrieves a first set of access requests based on the ranking. The system updates a first set of account profiles based on the ranking, and stores the updated account profiles for use by the authentication platform.