Abstract: Mechanisms are provided for facilitating recertification of a user access entitlement. These mechanisms collect, from a system resource of the data processing system, access information representative of accesses of the system resource by a user access entitlement. These mechanisms determine that recertification of the user access entitlement, with regard to the system resource, is to be performed and a pattern of access is determined based on the access information for the user access entitlement. A recertification request graphical user interface is output to a user based on the pattern of access. The graphical user interface includes the pattern of access and one or more graphical user interface elements for receiving a user input specifying acceptance or denial of the recertification of the user access entitlement.

Abstract: A computer-implemented method for scanning data including accessing a reference table including a grid of data cells arranged in columns and rows and containing reference data elements. Each of the rows may relate to one of a plurality of data subjects. The method may also include generating a list of reference subcombinations. The list of reference subcombinations may be generated by designating a primary column for uniquely identifying the data subjects and generating a plurality of first preliminary reference subcombinations. Each of the first preliminary reference subcombinations may include reference data elements gathered from the primary column and a second column of a single row of the reference table. The method may also include accessing a subject file having a plurality of data entries. Each of the data entries may include a plurality of logically-related and delimited subject data elements.

Abstract: Secure shared access to encrypted data in a data store is facilitated by using a data control server (DCS) to maintain a data storage reference table (DSRT) for shared data units present in a shared data pool hosted by least one data storage device, and accessible to a plurality of computing entities. The DSRT specifies for each shared data unit identifier information, location information for accessing the shared data unit in the shared data pool, and a hash value which has been computed for the shared data unit. The DCS selectively facilitates a decryption operation by providing hash values which serves as a basis for deriving a decryption key for decrypting shared data units which have been identified.

Abstract: A first communication device for transmitting data to a second communication device comprises a storage device for storing instructions and a processing circuit coupled to the storage device. The processing circuit is configured to execute the instructions stored in the storage device. The instructions comprise compressing a first packet to a first compressed packet according to a compressor instance, wherein the first packet is associated to a flow identity (ID); generating a first Protocol Data Unit (PDU) comprising the flow ID and the first compressed packet; associating a first sequence number (SN) to the first PDU; encrypting the first PDU to a first encrypted packet; generating a first Packet Data Convergence Protocol (PDCP) PDU comprising the first SN and the first encrypted packet; and transmitting the first PDCP PDU via a first logical channel (LC) to the second communication device.

Abstract: An electronic authorization system is typically configured for: receiving electronic activity requests from a plurality of source nodes; analyzing each of the electronic activity requests using a decisioning algorithm, wherein a decision boundary of the decisioning algorithm is dynamically altered while analyzing the electronic activity requests; for each of the electronic activity requests, determining an activity exposure level of the decision boundary based on (i) a distance to the decision boundary and (ii) an amount of information exposed regarding the decision boundary; for each of the plurality of source nodes, determining a source exposure level of the decision boundary based on the activity exposure levels of the decision boundary of the electronic activity requests; and in response to determining that a likelihood of decision boundary profiling by one or more first source nodes exceeds a defined threshold, performing an exposure remediation action.

Abstract: Described herein are systems and methods for enhancing an interface for an information technology (IT) environment. In one implementation, an incident service causes display of a first version of a course of action and obtains input indicative of a request for a new action in the course of action. The incident service further determines suggested actions based at least one the input and causes display of the suggested actions. Once displayed, the incident service obtains input indicative of a selection of at least one action from the suggested actions, and causes display input indicative of a selection of at least one action from the suggested actions.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for identifying copyrighted material based on embedded copyright information. One of the methods includes generating, by a computing device, a timestamp indicating a time at which an update to a text segment within the textual content is performed to provide an updated text segment; generating, by the computing device, a unique identifier (ID) based on the timestamp and copyright information associated with the textual content, wherein the timestamp, the textual content, the updated text segment, and the copyright information are recorded on a blockchain of a blockchain network; and embedding, by the computing device, the unique ID in at least a portion of the updated text segment to provide an information-embedded updated text segment that enables retrieval of the copyright information associated with the updated text segment from the blockchain based on the unique ID.

Abstract: Embodiments of the invention provide an electronic system for generating secret information comprising a Physically Unclonable Function (PUF) circuit, the PUF circuit being configured to provide a difference between two values of a physical variable of the PUF in response to a challenge applied to the PUF circuit. The system is configured to apply a set of challenges during an enrolment phase, and measure the physical variable difference provided by the PUF in response to each challenge.

Abstract: Embodiments described herein provide techniques to limit programmatic access to privacy related user data and system resources for applications that execute outside of a sandbox or other restricted operating environment while enabling a user to grant additional access to those applications via prompts presented to the user via a graphical interface. In a further embodiment, techniques are applied to limit the frequency in which a user is prompted by learning the types of files or resources to which a user is likely to permit or deny access.

Abstract: A first electronic device is associated with a biometric sensor. Biometric data received by the biometric sensor is used to permit the first electronic device to pair with, unlock, and/or access a second electronic device.

Abstract: A software distribution processing device stores a common key for each ECU and a verification key for an electronic signature of software updating data, verifies an electronic signature of the updating data received from management server equipment by use of the verification key, attaches an electronic signature using the common key for each ECU to the updating data succeeded in verification of the electronic signature, and then transmits to each ECU the updating data attached with the electronic signature using the common key for each ECU.

Abstract: A system and method for application software security and auditing are disclosed. A particular embodiment includes an application security management system configured to: instrument one or more data input and output points of an application for one or more instances of data identified as sensitive data, access one or more policies corresponding to the one or more instances of the sensitive data, trace the one or more instances of the sensitive data through the application in association with the one or more policies, and generate an audit of each instance of the sensitive data indicating a route from which the sensitive data is accessed, to where the sensitive data is written, and where the sensitive data surfaces in the application.

Abstract: User information is obtained, and an access token for receiving provision of a service from a service provider is obtained. The obtained access token is stored in a memory unit in association with the user information. In accordance with an instruction, the service provider is accessed using the access token stored in the memory unit, and a function corresponding to the instruction is executed.

Abstract: A method executed by a computer system that transmits a multimedia content through a negative-base number. The method includes generating a binary sequence for the multimedia content, converting the binary sequence into a negative-base number, receiving the negative-base number, retrieving a negative base of the negative base number, calculating the binary sequence based on the negative-base number and the negative base, and obtaining the multimedia content based on the binary sequence.

Abstract: Briefly, methods and/or apparatuses of overlaying a secure, connected, flexible networking structure, such as on cloud infrastructure, are described.

Abstract: A method for threat detection by identifying patterns of used memory blocks is described. In one embodiment, the method includes identifying a pattern of memory allocations from a known malware threat; tracking memory allocations of memory; identifying a plurality of memory allocations that match at least a portion of the pattern of memory allocations based at least in part on the tracking of the memory allocations; and performing a security action upon determining a quantity of the plurality of memory allocations satisfies a predetermined threshold. In some examples, the method includes determining that a sequence of wiped data strings satisfies a confidence threshold, and identifying the plurality of memory allocations is based at least in part on the confidence threshold. In some cases, the security action includes flagging the identified pattern of memory allocations, quarantining an associated application or process, or generating a notification.

Abstract: In particular embodiments, a data processing data inventory generation system is configured to: (1) generate a data model (e.g., a data inventory) for one or more data assets utilized by a particular organization; (2) generate a respective data inventory for each of the one or more data assets; and (3) map one or more relationships between one or more aspects of the data inventory, the one or more data assets, etc. within the data model. In particular embodiments, a data asset (e.g., data system, software application, etc.) may include, for example, any entity that collects, processes, contains, and/or transfers personal data (e.g., such as a software application, “internet of things” computerized device, database, website, data-center, server, etc.). For example, a first data asset may include any software or device (e.g., server or servers) utilized by a particular entity for such data collection, processing, transfer, storage, etc.

Abstract: A system connected to an existing computer includes a unit for monitoring the screen and provides input, a storage unit that stores data that pairs screen buffer regions with authentication details, wherein the system learns new pairs via user training and presents stored authentication details when the screen buffer regions match a related stored region which is paired with a region of the screen, and a unit that determines which of stored passwords need to be presented to the system by a pattern matching of regions of screen pixels.

Abstract: Systems and methods for receiving a request to analyze trust of a client system and perform actions based on a client trust profile. A trust rating server device receives a request from a client computing device to analyze the trust on the device. The request identifies at least one credential or certificate installed on the device for example. The credential or certificate is obtained and analyzed to identify key information that relates to trust, such as level of encryption, country or entity of origin, duration of credential, certifying authority, etc. A rating is established using the key information and compared to a profile or other metric. One or more credentials or certifications may be blocked, disabled, enabled or removed based on a user's profile. Trust credentials are continuously monitored on the device for changes, and new credentials are blocked that do not meet thresholds established in the user's profile.

Abstract: Systems and methods for cloud security monitoring and threat intelligence in accordance with embodiments of the invention are disclosed. In one embodiment, a process for monitoring and remediation of security threats includes generating a threat model using a first portion of activity data, identifying, based upon the threat model, a threat using a second portion of activity data, selecting a security policy to implement in response to the identified threat, identifying cloud security controls in a remotely hosted cloud application server system to modify in accordance with the selected security policy, establishing a secure connection to the remotely hosted cloud application server system using login credentials associated with a tenant account with the cloud application, and sending instructions to the remotely hosted cloud application server system to set the identified cloud security controls with respect to the tenant account in accordance with the selected security policy.