Abstract: A tracking device can use a permanent encryption key pair to encrypt one or more temporary encryption key pairs, which can then be provided to a central tracking system. When a community mobile device subsequently detects the tracking device, the central tracking system provides an encrypted temporary encryption key pair to the community mobile device. The community mobile device uses the encrypted temporary encryption key pair to encrypt location data representative of a location of the community mobile device, and provides the encrypted location data to the central tracking system. When a user subsequently requests a location of the tracking device from the central tracking system, the central tracking system provides the encrypted location data, and a device of the user can decrypt the encrypted temporary encryption key pair using the permanent encryption key pair, and can decrypt the location data using the decrypted temporary encryption key pair.

Abstract: Systems and methods are provided for validating components of an Information Handling System (IHS). During factory provisioning of the IHS, an owner certificate is stored that specifies an identity of a motherboard installed during manufacture of the IHS. The owner certificate is signed by a certificate authority of an owner of the IHS that retains capabilities for specifying the use of boot code provided by successive renters of the IHS. A renter certificate is also stored that specifies an identity of a chassis to which the motherboard is installed during manufacture of the IHS. Upon a transfer of control or ownership of the IHS, boot code operations by the security processor identify a motherboard and chassis in use by the IHS and utilize the motherboard and chassis certificates to validate that the identified motherboard and chassis are the same motherboard and chassis installed during manufacture of the IHS.

Abstract: This disclosure describes techniques for controlling group access to a collaboration technology. The techniques include generating a shared encryption key among authorized producers of content associated with a collaboration technology. The techniques include receiving, by the authorized producers and from authenticated consumers, requests to access the content. The requests may be received in a partitioned manner, such that individual producers are serving a particular subset of the authenticated consumers. In response to receiving the requests, the techniques include sending the shared encryption key from the individual producers to the corresponding subset of authenticated consumers. The techniques include using the shared encryption key to encrypt content by the authorized producers, which may then be decrypted by the authenticated consumers using the shared encryption key, achieving end-to-end encryption of event content.

Abstract: System and methods are disclosed for the management and security of data variations in an electronic spreadsheet. Keeping all relevant information in a single document, with granular controls to protect and secure access based on each individual or their role within an organization, eliminates the need for workarounds, and simplifies the management of the contained data. Tracking data as it is being entered, also allows the system to notify the user when protected information is detected, and appropriate action to be taken to ensure compliance with any requirements.

Abstract: Verifying that a user is using a device at a pre-specified location between a start time and an end time, including: calculating a challenge and an answer that is a function of the challenge; generating and storing in a blockchain, a commitment including an identity of the user, an identity of the device, the pre-specified location associated with the user, the start time of usage of the device, the end time of usage of the device, and the calculated challenge; generating a visual code of the device to carry the answer; encrypting the generated visual code with a public key of the device, wherein the encrypted visual code may only be decrypted with a private key of the device; and storing the encrypted visual code in the blockchain.

Abstract: Cryptographic method for verifying data method, implemented by at least one apparatus, for comparing a first dataset and a second dataset, in particular with a view to determining whether these two datasets are identical, this method not requiring the presence of these two datasets in the apparatus, and comprising the following steps: a) mixing a number, called the mixer number, with the first dataset, using a mixing function in order to obtain mixed data, b) hashing the mixed data using a hash function, and c) comparing the hash thus obtained in step b) with a third dataset assumed to be the hash of the second dataset mixed with the same mixer number as that used in step a) and with the same mixing function.

Abstract: Disclosed are methods, systems, devices, media, circuits, and other implementations, including a method that includes generating for a code block of a process executing on a controller-based device one or more code block copies defined in a virtual address space of the controller-based device, with the code block of the process being stored in a particular segment of a physical address space of the controller-based device, and with the code block configured to separately map to each of the one or more of the code block copies in the virtual address space. The method further includes processing at least a portion of one of the one or more code block copies defined in the virtual address space when the corresponding code block of the process is to be processed.

Abstract: In certain embodiments, the use of re-usable cold storage keys to sign messages may be facilitated. In some embodiments, an offline computer system (operating within an offline computing environment) may obtain, from a removable computer-readable storage medium, signing key shards corresponding to a signing private key and a blockchain transaction to be signed, where the signing key shards satisfy a key shard threshold that is (i) a number of key shards required for reconstructing the signing private key and (ii) less than a number of key shards derived from the signing private key using a ceremony key. The offline computer system may form a ciphertext of the signing private key using the signing key shards and reconstruct the signing private key by decrypting the ciphertext using the ceremony key. The offline computer system may sign the blockchain transaction using the signing private key.

Abstract: An example method for execution on a system on a chip (SoC) having a plurality of subsystems includes receiving, by a storage controller from a subsystem of the plurality of subsystems, a command to fetch, from a local memory, task descriptor data comprising access parameters for accessing a storage device, the access parameters including a storage device address; obtaining, by an encryption engine of the SoC, the command to fetch the task descriptor data; determining, by the encryption engine based on an access rule, whether the subsystem has sufficient privilege to access the storage device address; in response to determining that the subsystem has sufficient privilege to access the storage device, encrypting, source data in the local memory according to an encryption key associated with the subsystem; and providing the encrypted source data to the storage controller for writing to the storage device at the storage device address.

Abstract: A method for automatically attaching a purpose-built electronic device to a provider network includes steps of discovering, by a Wi-Fi module of the purpose-built electronic device, a wireless data network in operable communication with the provider network selecting, by the Wi-Fi module, the wireless data network, transmitting a primary authentication certificate from the Wi-Fi module to an authentication, authorization, and accounting server of the provider network, receiving, by an application server of the provider network, a secondary authentication certificate from a functionality module of the purpose-built electronic device authenticating, by the provider network, the primary and secondary authentication certificates, and attaching the purpose-built device to the provider network.

Abstract: A method includes determining a corresponding level of a security model associated with each device of a plurality of devices connected to a network, each level of the security model having a corresponding tag; applying, to each of the plurality of devices, the corresponding tag based on the corresponding level of the security model with which each of the plurality of devices are associated; receiving, over a network connection, network traffic from at least one of the plurality of devices and the corresponding tag; analyzing the corresponding tag associated with the network traffic; determining a destination for the network traffic; applying one or more security measures to the network traffic based on the corresponding tag for the at least one device and a corresponding tag of the destination for the network traffic; and sending the network traffic to the destination with the corresponding tag of the destination.

Abstract: Systems, methods and apparatus for location-based services with data privacy protection. A privacy agent in network communication with a global privacy policy registry is installed on a mobile device. The privacy agent is operable to enforce rules based on privacy agreements when the mobile device is within and/or within a predetermined proximity of one or more geofences.

Abstract: Securely re-encrypting homomorphically encrypted data by receiving fully homomorphically encrypted (FHE) information from a client device, training a machine learning model using the FHE information, yielding FHE ciphertexts, applying a first transform to the FHE ciphertexts, yielding obfuscated FHE ciphertexts, sending the obfuscated FHE ciphertexts to a secure device, receiving a re-encrypted version of the obfuscated FHE ciphertexts from the secure device, applying a second transform to the re-encrypted version of the obfuscated FHE ciphertexts yielding de-obfuscated re-encrypted FHE ciphertexts, determining FHE ML model parameters according to the de-obfuscated re-encrypted ciphertexts, and sending the FHE ML model parameters to the client device.

Abstract: A system includes at least one processor to continually monitor at least one resource associated with a computing network for a condition in the computing network that may trigger an authorization control modification, determine that the condition has occurred in the computing network, and dynamically and automatically modify a user authorization control for at least one particular user responsive to the condition.

Abstract: A method for providing and managing non-direct URL fetching service for retrieving a content from a web server to a client device is disclosed, such as for overcoming geo-blocking or a Man-In-The-Middle (MITM) attack. The non-direct fetching method may use intermediate devices, such as proxy server, Data-Center proxy server, tunnel devices, or any combination thereof. A URL request may be sent in parallel using both direct and non-direct fetching schemes, in order to verify the need for using the non-direct fetching service. Direct or non-direct fetching scheme may be selected by using a file that associates a fetching scheme to the requested URL. The selection of the fetching mechanism may use dynamically in real-time updating of a Proxy Auto-Configuration (PAC) file. As part of an accounting scheme, quotas may be applied to a cumulative received data or a time duration of using a non-direct fetching service.

Abstract: Embodiments of the invention are directed to systems, methods, and computer program products for providing intelligent analysis of technical and non-technical data to validate instances of permitted use of such brand elements and generate alerts for instances of non-permitted use of such brand elements. The system provides a single portal view for upload of relevant data and transmission of analysis results. The invention utilizes a permissioned distributed register database architecture for the secure storage and tokenization of brand elements and retrieval of validation and ownership information. The invention further includes the capability to recommend and automate remedial measures to prevent continued unauthorized use of brand elements.

Abstract: Various embodiments relate to a method of receiving an original message, share-holder list, and threshold amount. The original message is tokenized resulting in a tokenized message. A plurality of shares are generated from the tokenized message using a message sharing algorithm of a secret sharing scheme. Each of the plurality of shares is signcrypted using a public key and a private key associated with the shared secret provider computing system and a public key of a respective one of the share-holders included in the share-holders list, resulting in a plurality of signcrypted shares. The plurality of signcrypted shares is distributed to the respective ones of the share-holders according to the public key used to signcrypt the respective signcrypted share. The authenticity and data integrity of the first share of the plurality of signcrypted shares can be determined by using the public key associated and a public/private key pair associated with the share-holder.

Abstract: Methods and systems are provided for providing a mobile communications device with access to a provider with a plurality of security levels. The security state of the device varies according to severity levels of device security events. The mobile communications device generates data regarding security events and provides the data to the provider, which compares that security state to a policy associated with the provider. The mobile communications device is allowed to access to a provider service where the device's current security state meets or exceeds the security state required for the provider service.

Abstract: A system provides for authorization of data access and processing functions within a distributed server network using a delegated proof-of-stake consensus mechanism. In particular, the system may use assign authorization levels to each node within the network environment. Certain actions or processes performed within the network (e.g., potentially damaging actions) may require that the node proposing the action meets a threshold authorization level before authorizing the action. The system may further increase or decrease authorization levels for each node depending on the outcomes of the proposed actions. In this way, the system may provide a secure way to authorize certain actions or processes taken within a computing environment.

Abstract: A system and method are disclosed wherein a risk score is generated by interrogating multiple sources of information across a network. The information is aggregated, such that every network action for individuals and organizations are turned into a unique behavioral model, which can be used as a unique identifier (“fingerprint”). This fingerprint is in turn used by a personalized Trust Guardian System to block, modify and/or allow network actions.