Abstract: Systems, methods, and computer-readable media for gathering network intrusion counter-intelligence. A system can maintain a decoy network environment at one or more machines. The system can identify a malicious user accessing network services through the network environment. Further, the system can receive network service access requests from the user at one or more machines in the network environment and subsequently direct the network service access requests from the malicious user to the decoy network environment based on an identification of the malicious user. The network services access requests can be satisfied with network service access responses generated in the decoy network environment. Subsequently, the system can maintain malicious user analytics based on the network service access requests of the malicious user that are directed to the decoy network environment.

Abstract: A secure processor, comprising a logic execution unit configured to process data based on instructions; a communication interface unit, configured to transfer of the instructions and the data, and metadata tags accompanying respective instructions and data; a metadata processing unit, configured to enforce specific restrictions with respect to at least execution of instructions, access to resources, and manipulation of data, selectively dependent on the received metadata tags; and a control transfer processing unit, configured to validate a branch instruction execution and an entry point instruction of each control transfer, selectively dependent on the respective metadata tags.

Abstract: A technique includes, in response to an exception occurring in the execution of a process on a computer, invoking an operating system service. The operating system service is used to sanitize data that is associated with the process and is stored in a memory of the computer. The data is associated with sensitive information.

Abstract: An embodiment integrated circuit comprises a first memory zone having a first level of access rights that is configured to store at least one first software application containing encrypted instructions, means for verifying the integrity of the first software application, an encryption/decryption means, for example a first logic circuit, that is configured to decrypt the encrypted instructions which are considered to exhibit integrity, a processing unit that is configured to execute the decrypted instructions, the first logic circuit being further configured to encrypt the data generated by the execution operation and a second means, for example a second logic circuit, that is configured to store the encrypted data in a second memory zone having a second level of access rights that is identical to the first level of access rights.

Abstract: Methods and systems for secure data analysis include determining that analysis provider access rules and data provider access rules are compatible. Analysis software is received from an analysis provider and a dataset is received from a data provider. The analysis software is executed on the dataset to generate an analysis output, with access to data in the dataset being constrained by the analysis provider access rules and the data provider access rules. An output of the analysis is sent to the analysis provider.

Abstract: Systems are provided for managing access to a log of dataset that is generated when the dataset is accessed. A system stores, with respect to each of a log producer and a log accessor, an encrypted symmetric key for dataset that is encrypted using a corresponding public key. The system returns the encrypted symmetric key for the log producer, such that the log producer can decrypt the dataset that is encrypted using the symmetric key. A log of the dataset is generated when the log producer accesses the dataset.

Abstract: Systems and methods for bare-metal or pre-boot user-machine authentication, binding, and entitlement provisioning are described. In some embodiments, a method may include: receiving, at a first portal managed by a manufacturer of an Information Handling System (IHS): (i) user credentials associated with a user of the IHS, and (ii) device identification associated with the IHS before the IHS is shipped to the user; selecting a customer of the manufacturer associated with the device identification; forwarding an indication of the user credentials to a second portal managed by the customer; and, in response to the second portal having successfully authenticated the user, establishing an identity session with the second portal; receiving, from the IHS, a request to initiate an entitlement sequence.

Abstract: Systems, devices, and methods for password protection of defined spaces in a memory device. The method includes receiving a data block from a host. The data block includes a user-defined current password, a user-defined new password, a password length of the current password, a password length of the new password, and a user-defined address range field including start and end addresses of a defined space in the memory device. The method further includes matching password lengths of the user-defined current password and a current password length of a current password for the defined space already stored in the memory device. The method also includes comparing the user-defined current password and the current password of the defined space. The method further includes replacing or resetting the current password of the defined space with the user-defined new password based on a result of the matching and a result of the comparing.

Abstract: A data storage device and method for securely storing and retrieving data at a data storage device. The disclosure includes a reverse encryption where a decryption function is applied to plaintext data to generate ciphertext data. Conversely, the disclosure includes applying an encryption function to ciphertext data to generate plaintext data. This involves using an encryption function that is inverse, and symmetric, to the decryption function. In some specific examples, this includes sharing cryptography engines for securing user data in a storage medium and securing device management data in host memory.

Abstract: Systems and methods are disclosed herein that may implement an information handling system including a gateway and a peripheral device monitor. The gateway may interface peripheral devices and control access of host resources of the information handling system by any of the peripheral devices. The peripheral device monitor may detect connection of an unverified peripheral device to the gateway, perform a trust verification process with the unverified peripheral device, control the gateway to enable access of the host resources by the unverified peripheral device when the unverified peripheral device becomes verified, and control the gateway to prevent access to the host resources by the unverified peripheral device when the unverified peripheral device fails the trust verification process. The trust verification process may include validating a device certificate and verifying a digest of boot code of the peripheral device.

Abstract: A global endpoint may be associated with an organization name and a plurality of directories located in different geographic regions. The global endpoint may be a computing system that hosts a page used by users to access an application or service. A user may be able to access the application or service using already existing credentials. For example, the user may access the application or service using credentials stored and maintained by an entity with which the user is affiliated. Users having credentials stored in different geographic regions may be able to access the application or service via the same global endpoint.

Abstract: A system and method for scheduling tasks associated with changing a personality of a ticketing interface. One or more processors generate interaction scores for each of the plurality of user devices based on receiving interactions between the ticketing engine and a plurality of user devices. The system further generate interaction patterns for each of the plurality of user devices that include a relation between the interaction scores generated for each of the plurality of user devices with the interactions from the plurality of user devices. The system further classify each of the plurality of user devices based on the generated interaction patterns to identify whether a user device from the plurality of user devices is a fraudulent or a non-fraudulent user device and modify interface of the ticketing engine based on the classification of each of the plurality of user devices.

Abstract: Systems and methods for self-protecting and self-refreshing workspaces are described. In some embodiments, an Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution, cause the IHS to: receive, from a workspace orchestration service, one or more files or policies configured to enable the client IHS to instantiate a workspace based upon a workspace definition; determine that a context of the client IHS has been modified; in response to the determination, terminate the workspace; and receive, from the workspace orchestration service, one or more files or policies configured to enable the client IHS to re-instantiate the workspace based upon the workspace definition.

Abstract: A request is received from a client seeking to access files stored at a backup server. A first tree is received for the request. The first tree represents hashes of files stored at the client. A second tree is generated representing hashes of the files stored at the backup server. The first and second trees are compared to assess a degree of similarity between the files stored at the client and the files stored at the backup server. The user is denied access to the files stored at the backup server when the degree of similarity is below a threshold.

Abstract: A system includes a memory and at least one processor to disable automatic prioritization of at least one data protection operation in a computer network, begin the at least one data protection operation in the computer network, continually monitor the computer network and determine that a condition has occurred in the computer network, activate automatic prioritization of the at least one data protection operation in the computer network, and instruct backup server tooling software to direct backup data for the at least one data protection operation to move from a first target storage repository to a second target storage repository.

Abstract: A method of generating a cryptographic algorithm according to one embodiment of the present disclosure includes generating one or more key tables on the basis of a seed value; generating a first transformation function that converts an input bit string, which is input to one of input branches of a Feistel structure, into a first random bit string having a length that extends beyond a length of the input bit string; generating a second transformation function that converts a second random bit string generated by referencing the one or more key tables into a third random bit string having a length that is the same as the length of the input bit string; and generating a block cryptographic algorithm of a Feistel structure which includes a round function to which the one or more key tables, the first transformation function, and the second transformation function are applied.

Abstract: A method of generating a cryptographic algorithm includes generating at least one key table on the basis of a seed value; generating, by using a round tweak bit string and an input bit string that is input to one of input branches of a Feistel structure, a first transformation function converting the input bit string into a first random bit string having a length that extends beyond a length of the input bit string, generating a second transformation function converting a second random bit string generated by referencing the one or more key tables into a third random bit string having a length that is the same as the length of the input bit string, and generating a block cryptographic algorithm of a Feistel structure which includes a round function to which the one or more key tables, the first transformation function, and the second transformation function are applied.

Abstract: Systems and methods are shown for providing private local sponsored content selection and improving intelligence models through distribution among mobile devices. This allows greater data gathering capabilities through the use of the sensors of the mobile devices as well as data stored on data storage components of the mobile devices to create predicted models while offering better opportunities to preserve privacy. Locally stored profiles comprising machine intelligence models may also be used to determine the relevance of the data gathered and in improving an aggregated model for identifying the relevance of data and the selection of sponsored content items. Distributed optimization is used in conjunction with privacy techniques to create the improved machine intelligence models. Publishers may also benefit from the improved privacy by protecting the statistics of type or volume of sponsored content items shown with publisher content.

Abstract: Disclosed is a method of verifying integrity of a pair of public and private cryptographic keys within the additive group of the integers modulo N, with N being the product of two primary numbers p and q, the method including: calculating a candidate private exponent d? corresponding to a private exponent d of the private key; and executing a test of integrity. The test of integrity includes a step for verifying the coherence of the candidate private exponent d? with respect to a public exponent e of the public key and to the numbers p and q, the verification step involving a first multiple modulo of the public exponent e of the public key and a second multiple modulo of the public exponent e of the public key.

Abstract: There is provided a computer-implemented method for managing third-party access to data, to increase data security and/or privacy. The method comprises receiving, from a third-party computer, a request to access data, wherein the request is indicative of at least one requested operation. A validity of each of the requested operations is determined in dependence on permission data stored in a distributed public ledger. The permissions data defines, for said third-party computer, a set of permissible operations and one or more permissible data attributes associated with each of the set of permissible operations. The request and the validity are logged in the distributed public ledger.