Abstract: The systems and methods disclosed herein transparently provide an improved scalable cloud-based dynamically adjustable or configurable storage volume. In one aspect, a gateway provides a dynamically or configurably adjustable storage volume, including a local cache. The storage volume may be transparently adjusted for the amount of data that needs to be stored using available local or cloud-based storage. The gateway may use caching techniques and block clustering to provide gains in access latency compared to existing gateway systems, while providing scalable off-premises storage.

Abstract: The variable domain data access control system and method described herein use the same variable domain to describe a data security model and a variable domain data model, such as a product configuration model. A variable domain is a set of resource data that can be described using a logical relationship data structure. The variable domain utilizes logical relationship expressions, such as a Boolean logic language, to define resource data in terms of parts, rules and/or attributes, and any other property that can be accessed for viewing, manipulation, or other purposes. The data security model represents an access control list (ACL) that includes security attributes as resource data and uses the same data structure and logical relationship expressions as an associated variable domain data model. An application, such as a configuration engine, can be used to create controlled access to the variable domain data model using the data security model.

Abstract: Methods and systems for authenticating a user are described. In some embodiments, a series of voice interactions are received from a user during a voiceline session. Each of the voice interactions in the series of voice interaction may be analyzed as each of the voice interactions are received. A confidence level in a verification of an identity of the user may be determined based on the analysis of each of the voice interactions. An access level for the user may be automatically updated based on the confidence level of the verification of the identity of the user after each of the voice interactions is received.

Abstract: Techniques for notification of reassembly-free file scanning are described herein. According to one embodiment, a first request for accessing a document provided by a remote node is received from a client. In response to the first request, it is determined whether a second request previously for accessing the document of the remote node indicates that the requested document from the remote node contains offensive data. If the requested document contains offensive data, a message is returned to the client, without accessing the requested document of the remote node, indicating that the requested document is not delivered to the client.

Abstract: A service provider computing environment includes a service provider computing device, which receives tenant secrets policies from tenants. The tenants are tenants of multi-tenant assets of a service provider. One or more data security zones in which the multi-tenant assets are located are identified. A service provider secrets policy includes data security jurisdiction zone secrets policy data for the one or more data security jurisdiction zones. The data security jurisdiction zone secrets policy data is analyzed to determine allowed secrets data with respect to each of the identified data security jurisdiction zones. The service provider computing environment determines of the tenant secrets policies satisfy the requirements of the service provider secrets policy. If the tenant secrets policies satisfy the requirements of the service provider secrets policy, the service provider computing environment allows the tenant secrets policies to be applied to tenant data or information in the multi-tenant assets.

Abstract: Methods, systems, and computer program products for predicting an account takeover tsunami using dump quakes are disclosed. A computer-implemented method may include analyzing activity for a plurality of user accounts based on detecting an abnormal increase in system activity, determining the abnormal increase in the system activity is associated with account validation attacks performed by an unauthorized party, identifying attributes of a plurality of user accounts associated with the account validation attacks, searching online locations using the identified attributes of the user accounts to find a data breach source, monitoring the online locations periodically based on the identified attributes of the user accounts to detect future publication of a dump of private user data, sending a notification to another organization in advance of the publication of the dump of private user data to allow the other organization to adjust security of one or more other systems in advance.

Abstract: The anti-diversity concept for secure communication on a two-link compound channel provides secure communication over two parallel communication channels. The message is split into two separate bit sequences by a source splitter. An error correction encoder (110) is applied to the two bit sequences to provide two code words for two channels (122, 124), such that left and right halves of an error correction code matrix respectively corresponds to the two parallel signal channels (122, 124). For the left half of the error correction code matrix, an upper left matrix block is a random permutation matrix, an upper right block is the identity matrix, and the bottom right matrix block is a random matrix of column and row weight greater than or equal to one. The bottom left matrix block is a column permutation of the bottom right, random matrix block. The right half error correction code matrix is a similar, symmetric structure.

Abstract: A processing system includes a processing core and a hardware accelerator communicatively coupled to the processing core. The hardware accelerator includes a data register having a plurality of data bits and a key register having a plurality of key bits. The hardware accelerator also includes a data mode selector module to select one of an encrypt mode or a decrypt mode for processing the plurality of data bits. The hardware accelerator further includes a key mode selector module to select one of the encrypt mode or the decrypt mode for processing the plurality of key bits.

Abstract: Provided are a processing method for a Network Address Translation, NAT, technology, an NAT device and a BNG device, the method includes: the NAT device determining whether or not session establishment of a UE reaches a preset threshold, and notifying the BNG device to execute a security strategy for the UE if the session establishment of the UE reaches the preset threshold, wherein the security strategy is used for stopping the attack behavior of the UE and informing the UE of the attack behavior of the UE. In the disclosure, the technical problem in the related art that the user lodges complaints against the operator for the abnormal behavior of the host user is solved, thus by reminding the user to check the security of the host user, the disclosure increases the utilization rate of the NAT device and improves user experience.

Abstract: Methods and systems for performing one or more operations on a first computing device are disclosed. A method includes receiving, from a second computing device via a short-range wireless communication, a service session setup request and an identifier of one of the second computing device and an associated user of the second computing device. The method further includes determining whether to authorize the service session setup request based on the identifier. Then in response to determining to authorize the service session setup request, a service session may be established between the first and the second computing devices. The method also includes receiving one or more service instructions that are allowable based on the identifier. The method furthermore includes performing, at the first computing device, the one or more operations based on the service instructions.

Abstract: An information processing apparatus including a hardware security module includes a verification unit configured to verify whether an encryption key of the hardware security module is usable and a disabling unit configured to disable a user authentication function if the verification unit verifies that the encryption key is not usable.

Abstract: A method of obtaining password data for entry to an application running on a device. The method may include running a password manager application on a device. The password manager application may identify one or more applications installed on the device. The password manager application may display the identified applications on a display of the device. The password manager application may receive a user selection of a displayed application. The password manager application may determine whether an entry exists for the selected application in a memory associated with the password manager application. If no entry exists, the password manager application may generate an entry comprising password data for the selected application. If an entry exists, the password manager application may retrieve password data relating to the selected application.

Abstract: A network-based appliance includes a mechanism to intercept, decrypt and inspect secure network traffic flowing over SSL/TLS between a client and a server. The mechanism responds to detection of a session initiation request message from the client, the message being received following establishment of a TCP connection between the client and server. The mechanism responds by holding the session initiation request message, preferably by creating a fake socket to a local process, and then diverting the request message over that socket. The TCP connection is then terminated, and the mechanism initiates a new session in initiation request message, all while the original session initiation request message continues to be held. The server responds with its server certificate, which is then used by the mechanism to generate a new server certificate. The new server certificate is then returned to the requesting client as the response to the session initiation request message.

Abstract: A technique for preventing selected sets of data words from unauthorized transmission out of the secure perimeter of a computer system is disclosed. A set of security rules is applied to an outgoing data message and if one of the set of rules is triggered, at least a portion of the message is transmitted to a central server that is within the secure perimeter, for scanning by another set of security rules. The central server then sends a security command back to the remote device, which executes the security command before transmitting the outgoing message out of the secure perimeter of the computer system.

Abstract: Systems and methods for exporting failure and diagnostic data and securing privileges in a service Operating System (OS). In some embodiments, an Information Handling System (IHS) includes a processor; and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution by the processor, cause the IHS to: identify a malfunction; store malfunction data in a predefined location; detect the coupling of an external device to the IHS; and export the malfunction data from the predefined location to the external device.

Abstract: Systems and methods for detecting behavior-based anomalies are described herein. In various embodiments, the system includes a context engine for creating behavioral vectors that are transmitted to a long term data store, to behavioral engines configured to create baselines based on historical data, and to sensors configured to observe system resources. According to particular embodiments, the system is configured to collect data regarding the system resources (e.g., via the sensors) and compare the collected data to baselines to determine whether anomalies have occurred.

Abstract: A hardware sensor and a hardware user-input component are integrated in a portable electronic device. The hardware sensor is operable to produce hardware sensor output indicative of orientation or motion or both of the device within its environment. The hardware user-input component has multiple elements operable to accept user input through touch. A user-input driver and the device's operating system are jointly operable to detect touch events involving the elements. A software application stored in the device's memory is executable by the device's processor as a process. A sensor driver or the operating system or both are configured to control what hardware sensor output, if any, is receivable by the process. This control may thwart an attack based on analysis of the hardware sensor output, the attack designed to deduce what user input has been made via multiple elements of the hardware user-input component.

Abstract: An apparatus for recording multimedia content transmitted over a network including a reception interface for receiving the multimedia content from the network, a user input interface for receiving user inputs, and a storage resource including executable instructions including a recording module for recording the multimedia content in accordance with the user inputs. The user inputs also include a multimedia selection signal for indicating the multimedia content to be recorded, and a segmenting signal for indicating a size of at least one of a plurality of segments in which the multimedia content is recorded.

Abstract: This disclosure is related to using network flow information of a network to determine the trajectory of an attack. In some examples, an adjacency data structure is generated for a network. The adjacency data structure can include a machine of the network that has interacted with another machine of the network. The network can further include one or more deception mechanisms. The deception mechanisms can indicate that an attack is occurring when a machine interacts with one of the deception mechanisms. When the attack is occurring, attack trajectory information can be generated by locating in the adjacency data structure the machine that interacted with the deception mechanism. The attack trajectory information can correlate the information from the interaction with the deception mechanism, the interaction information of the network, and machine information for each machine to determine a possible trajectory of an adversary.

Abstract: The disclosed computer-implemented method for enforcing secure software execution may include (1) providing at least one known benign input to an executable file that is susceptible to abnormal code execution, (2) observing a series of function calls made by the executable file as the executable file processes the known benign input, (3) storing the series of function calls as a control flow graph that represents known safe function call pathways for the executable file, and (4) forcing a subsequent execution of the executable file to follow the series of function calls stored in the control flow graph to protect the executable file against abnormal code execution. Various other methods, systems, and computer-readable media are also disclosed.