Abstract: According to one embodiment, a processing circuit is described including a first input path and a second input path, a processing element configured to receive a first input bit and a second input bit via the first input path and the second input path and configured to perform a logic operation which is commutative with respect to the first input bit and the second input bit and a sorter configured to distribute the first input bit and the second input bit to the first input path and the second input path according to a predetermined sorting rule.

Abstract: There is provided a method and system to manage multiple levels of privacy in a document having a plurality of elements. In accordance with the method, a selection of a first element in the document is received. The first element is tagged with a selected first privacy level of a hierarchical privacy level list. The list includes a plurality of hierarchical levels of privacy associated with a controlling authority. A selection of a second element in the document is received. The selected second element is tagged with a selected second privacy level of the hierarchical privacy level list.

Abstract: According to one embodiment, a computerized method comprises three operations. First, an incoming object is analyzed to determine if the incoming object is suspicious by having characteristics that suggest the object is an exploit. Next, a virtual machine is dynamically configured with a software image representing a current operating state of a targeted client device. The software image represents content and structure of a storage volume for the targeted client device at a time of configuring the virtual machine. Lastly, the object is processed by the virtual machine in order to detect any anomalous behaviors that may cause the object to be classified as an exploit.

Abstract: A method of encoding and encrypting input data (D1) to generate corresponding encoded and encrypted data (E2) is provided. At least a first data block of the input data (D1) is encoded to generate a first encoded data block. The at least first encoded data block is then encrypted using at least one key to provide a first encoded and encrypted data block for inclusion in the encoded and encrypted data (E2). Moreover, a first seed value is generated for use in encrypting a next encoded data block to provide a next encoded and encrypted data block for inclusion in the encoded and encrypted data (E2). Furthermore, a next seed value is generated for use in encrypting a subsequent encoded data block, in a sequential repetitive manner until each data block of the input data (D1) is encoded and encrypted into the encoded and encrypted data (E2).

Abstract: Described are techniques to enable computers to efficiently determine if they should run a program based on an immediate (i.e., real-time, etc.) analysis of the program. Such an approach leverages highly trained ensemble machine learning algorithms to create a real-time discernment on a combination of static and dynamic features collected from the program, the computer's current environment, and external factors. Related apparatus, systems, techniques and articles are also described.

Abstract: Inline command functionality for automatically sharing a document with user access permissions is provided. Automatic sharing of a document is performed in response to a trigger entry within the document. When a trigger entry and a user identifier entry is received, an auto-share system automatically resolves user access permissions in the background, detects sharing permissions, and shares the document with user access permissions without requiring the user who is sharing the document to manually input data. A notification is provided to the sharing user informing the user that the document is being shared, and another notification is provided to the user with whom the document is being shared including a link to the document. If the document was unintentionally shared, the sharing user is enabled to select the notification, and quickly and easily make modifications to the user access permissions for the document.

Abstract: A method and system of an identity service to provide a single point of access for a plurality of applications for an authentication of a user identity. An authentication request is received from an application via an application program interface (API), wherein the authentication request includes logon information. The authentication request is translated to one or more identity providers. Upon authentication, serially executing one or more programmatic extension scripts associated with the user. Privileges are granted to the user based on at least one of the programmatic extension scripts associated with the user.

Abstract: Aspects of the present disclosure relate to cryptography. In particular, example embodiments relate to computing a relationship between private data of a first entity and private data of a second entity, while preserving privacy of the entities and preventing inter-entity data sharing. A server includes a first component to compute an intersection of two datasets, without directly accessing either dataset. The server includes a second component to compute a relationship, such as a regression, between data in the first dataset and data in the second dataset, without directly accessing either dataset.

Abstract: Technologies for indirect branch target security include a computing device having a processor to execute an indirect branch instruction. The processor may determine an indirect branch target of the indirect branch instruction, load a memory tag associated with the indirect branch target, and determine whether the memory tag is set. The processor may generate a security fault if the memory tag is not set. The processor may load an encrypted indirect branch target, decrypt the encrypted branch target using an activation record key stored in an activation key register, and perform a jump to the indirect branch target. The processor may generate a next activation record coordinate as a function of the activation record key and a return address of a call instruction and generate the next activation record key as a function of the next activation record coordinate. Other embodiments are described and claimed.

Abstract: Methods and systems for performing garbage collection involving sensitive information on a mobile device are described herein. Secure information is received at a mobile device over a wireless network. The sensitive information is extracted from the secure information. A software program operating on the mobile device uses an object to access the sensitive information. Secure garbage collection is performed upon the object after the object becomes unreachable.

Abstract: The present disclosure relates to computer-implemented methods and systems for intelligent task management. An example method may include identifying one or more authorized entities. The method may further include broadcasting at least one task associated with a user to one or more devices associated with the one or more authorized entities. The method may further include receiving from the one or more authorized entities, via the one or more devices, an indication of acceptance of the at least one task. The method may further include selecting at least one trusted entity among the one or more authorized entities. The method may further include issuing at least one digital certificate to the at least one trusted entity to perform the at least one task.

Abstract: A data processing system having rich execution environment (REE) and a trusted execution environment (TEE) is provided. In the data processing system, an unsecure memory is coupled to the REE and used for storing encrypted data for use in the TEE. The TEE may have a cache for storing the encrypted data after it is decrypted. The data in both the memory and the cache is organized in blocks, and the cache is smaller than the memory. An interpreter is provided in the TEE, along with a service block in the REE, for fetching and decrypting the data to be stored in the cache. The interpreter checks an integrity of the decrypted data using a hash tree having multiple levels. In the event of a cache miss, all blocks of the hash tree in a path from the data block to a root block are retrieved from the memory in one access operation. A method for operating the cache in the data processing system is also provided.

Abstract: A method, system, and apparatus for video coding and decoding with embedded motion information are disclosed. Image data is associated with basis functions and motion data. A method of identifying one or more basis functions which are representative of image data and associating the basis function with the motion data. A method or receiving information indicative of a basis function and of motion data and determining a motion vector based on the motion data. A system where portions of an image representative of basis functions are further associated with motion data at an encoder and then communicated to a decoder. A decoder produces at least portions of a predicted image using basis functions parameters and motion data.

Abstract: An ecosystem that allows fine-grained multi-party control over access to information stored in one or more data sources of a data provider. A requesting party can submit a query job to the data provider. Resellers in the chain can introduce their own query modifiers to the query job, adding additional data access, data transformation and segmentation functions to the query job. The data provider can append its own query modifier to the query job and execute the query job with all of the query modifiers. Access control for each link in the chain is checked before the query modifier for the link is executed. After execution of all query modifiers and the query job, the results can be provided to the requesting party.

Abstract: A “trusted domain” is established within which content received from a communications network, e.g., a cable TV network, is protected from unauthorized copying thereof, in accordance with the invention. In an illustrative embodiment, the trusted domain includes a device associated with a user which receives content from the cable TV network. The content may be encrypted using a content key in accordance, e.g., with a 3DES encryption algorithm before it is stored in the device. In addition, a first encrypted content key version and a second encrypted content key version are generated by respectively encrypting the content key with a public key associated with the device and another public key associated with the user, in accordance with public key cryptography. The first and second encrypted content key versions are stored in association with the encrypted content in the device storage.

Abstract: A method and system for secure message handling of an application across deployment locations. The application is divided into multiple processing nodes which process messages and can be deployed in multiple different locations. The application is analyzed to identify processing nodes referencing given data aspects having deployment constraints. It is ascertained whether one or more data aspects of the given data aspects are accessed by an identified processing node. If so, a restriction is determined for the identified processing node based on the deployment constraints of the accessed one or more data aspects and the identified processing node of the application is deployed according to the determined restriction for the identified processing node. If not, the identified processing node or a preceding processing node is marked to indicate a required tokenization of the one or more data aspects, wherein the tokenization removes the deployment constraints for the identified processing node.

Abstract: A method for presenting data, the method including presenting via a first computer output device an indicator indicating a data item whose value is prevented, in accordance with predefined access control criteria, from being presented via the first computer output device, receiving from a requestor a request to present the data item value, maintaining a record of an identity of the requestor together with a description of the requested data item, and presenting via a second computer output device the data item value.

Abstract: In various example embodiments, systems and methods for administering machine access to a cloud service are presented. An edge manager device in a cloud computing environment can establish a first client for a first application that is executed externally to the cloud computing environment. The edge manager device can provide a first request via a first network to an authorization service application to obtain client identification and client secret information for use by the first client. The edge manager device can receive the client identification and client secret information from the authorization service application via the first network. The client identification and client secret information can be selected by the authorization service application to permit later data access to the edge manager device by the first client. The edge manager device can provide the client identification and client secret information to the first client via a second network.

Abstract: Disclosed in an embodiment of the present application is an information pushing method, comprising: a wireless network sharer client obtaining a first identifier of a wireless network selected from a wireless network list scanned/stored by a wireless network sharer terminal, and sending the same to a server; the server generating a second identifier and sending the same to the wireless network sharer client; the wireless network sharer changing the first identifier of the wireless network into a third identifier based on the second identifier; the wireless network sharer client obtaining a wireless network list updated by a wireless network sharer mobile terminal and sending the third identifier of the selected wireless network in the list to the server; and the server comparing the second identifier with the third identifier, and allowing successful authentication when the two identifiers are consistent, and registering information about the devices of the wireless network.

Abstract: A method and a device are provided for categorizing a Stream Control Transmission Protocol (SCTP) receiver terminal (120) as a malicious SCTP receiver terminal, which generates spoofed optimistic SCTP selective acknowledgement (SACK) packet for exploiting a SCTP transmitter terminal as a flood source for Denial-of-Service attacks. The SCTP receiver terminal (120) generates data enriched SCTP SACK packets (170). Each data enriched SCTP SACK packet comprises a cumulative payload essence of all successfully received data packets (200). The SCTP transmitter terminal (110) performs a data enriched SACK validation in which it computes the cumulative payload essence of all successfully transmitted data packets (200), and compares the computed value with the cumulative payload essence contained in the received data enriched SACK. The SCTP transmitter terminal detects a spoofed optimistic SACK packet if the comparison results in a difference.