Abstract: A computing device can perform operations to unlock encrypted volumes of the computing device while the computing device is in a recovery environment. In some examples, the computing device can work in conjunction with a test computing device to unlock the encrypted volumes using an unlock token and a PIN. In other examples, the computing device can perform operations without a test computing device. For example, the computing device can, while in the recovery environment, use credentials associated with a user of the computing device to obtain a recovery password to unlock keys for interpreting the encrypted volumes. In some examples, the computing device can use a shortened recovery password in conjunction with anti-hammering capabilities of a Trusted Platform Module in order to unlock keys for interpreting the encrypted volumes. These and other operations can facilitate secure unlock of volumes of encrypted data on a consumer device.

Abstract: An apparatus, a method, and a system are presented in which the apparatus includes an interface control circuit that may be configured to receive a message including a cryptographic keyword and a policy value. The policy value may include one or more data bits indicative of one or more policies that define allowable usage of the cryptographic keyword. The apparatus also includes a security circuit that may be configured to extract the cryptographic keyword and the policy value from the message, and to apply at least one policy of the one or more policies to usage of the cryptographic keyword in response to a determination that an authentication of the message succeeded.

Abstract: A method and an apparatus for trusted measurement, where the method includes: obtaining a first processing result by performing a first-manner processing on a code segment, and using a result obtained by performing a second-manner processing on the first processing result as a reference value; obtaining, at a first moment when the system is running, a second processing result by performing the first-manner processing on the code segment, and obtaining a first measurement value by performing the second-manner processing on the second processing result; and determining whether the first measurement value and the reference value are equal, and when the first measurement value and the reference value are equal, the system is trusted, where the code segment in the memory is a code segment that does not change with normal running of the system during one start-up and a running process of the system.

Abstract: The present disclosure addresses the meltdown vulnerability resulting from speculative execution in a multi-core processing system. The operating system (OS) can be loaded for execution on one of several processing cores (OS core), while an application can be loaded for execution on another of the processing cores (application core). The OS core uses process page tables that map the entire kernel address space to physical memory. Conversely, the application core uses pages tables that map only a portion of the kernel address space to physical memory.

Abstract: An apparatus includes a display, a processor coupled to the display and a memory coupled to the processor, wherein the memory includes instructions executable by the processor to identify an access attempt to a monitored resource by an application, the identification occurring after an access permission check is performed. The memory further includes instructions executable by the processor to determine whether the access attempt involves suspicious activity by evaluating a potential risk associated with the application accessing the monitored resource, and in response to determining that the access attempt involves suspicious activity to provide a graphical user interface (GUI) to the display, the GUI providing a notification of the access attempt.

Abstract: Certain embodiments may generally relate to controlling access to data held in the cloud. A method for controlling access to data held in the cloud may include determining, at a cloud server, the validity of user credentials received from a user device. The method may also include receiving context data related to the user device based on the validity of the user credentials. The method may further include synchronizing the context data with the cloud server. In addition, the method may include enforcing context-sensitive security checks on requests made by the user for resources based on the sensor data collected by the user device.

Abstract: Deception-based techniques for responding to security attacks are described herein. The techniques include transitioning a security attack to a monitored computing device posing as a computing device impacted by the security attack and enabling the adversary to obtain deceptive information from the monitored computing device. Also, the adversary may obtain a document configured to report identifying information of an entity opening the document, thereby identifying the adversary associated with the attack. Further, the techniques include determining that a domain specified in a domain name request is associated with malicious activity and responding to the request with a network address of a monitored computing device to cause the requesting process to communicate with the monitored computing device in place of an adversary server. Additionally, a service may monitor dormant domains names associated with malicious activity and, in response to a change, respond with an alert or a configuration update.

Abstract: The subject matter described herein provides protection against zero-day attacks by detecting, via a hypervisor maintaining an extended page table, an attempt to execute arbitrary code associated with malware in a guest operation system (OS) running within a virtual machine (VM). Further, the subject matter provides detection of lateral movement of the malware. The hypervisor uses hidden breakpoints to detect a request for thread creation, and then determines whether the request is to download and execute arbitrary code.

Abstract: A system and method operable to identify malicious software by extracting one or more features disassembled from software suspected to be malicious software and employing one or more of those features in a machine-learning algorithm to classify such software.

Abstract: Disclosed are systems and methods for detection of malicious intermediate language files. In one exemplary aspect, the system comprises a database comprising hashes of known malicious files, a resource allocation module configured to select a set of resources from a file being analyzed, a hash calculation module, coupled to the resource allocation module, configured to calculate a perceptive hash of the set of resources; and an analysis module, coupled to the other modules, configured to identify a degree of similarly between the set of resources and a set of resources from known malicious files by comparing the perceptive hash with perceptive hashes of the set of resources from known malicious files, determine a harmfulness of the file being analyzed based on the degree of similarity and remove or quarantine the file being analyzed when the harmfulness exceeds a predetermined threshold.

Abstract: A system for collection and analysis of forensic and event data comprising a server and an endpoint agent operating on a remote system. The server is configured to receive event data including process creation data, persistent process data, thread injection data, network connection data, memory pattern data, or any combination thereof, and analyze the event data to detect compromises of a remote system. The endpoint agent is configured to acquire event data, and communicate the event data to the server.

Abstract: Disclosed are systems and methods for protecting a computer system from ransomware and malware by copying and backing up files using a volume filter. A storage stack of the computer system includes a file protector driver and a volume filter driver. The file protector driver monitors for potentially dangerous actions to the system's files. The volume filter driver tracks any requested changes to files on a block level, and makes backup copies of the modified blocks when the blocks change on a block level of the storage device.

Abstract: A method of detecting malware in a specimen of computer content or network traffic is described. The method features conducting a first analysis on the specimen in accordance with a first plurality of analyses and an order of the first plurality of analyses. A second analysis is conducted on the specimen different than the first analysis type. Thereafter, further analyses on the specimen may be altered by modifying information associated with the first plurality of analyses or the order of the first plurality of analyses in response to feedback information based on results from at least the first analysis. The modified information changes a malware analysis of the specimen from being conducted in accordance with the first plurality of analyses to being conducted in accordance with a second plurality of analyses different in analysis type or in order of analyses than the first plurality of analyses.

Abstract: In one or more embodiments, one or more systems, methods, and/or processes may receive a digital signature, signed by a signing authority, for a request for utilization of an information handling system firmware application programming interface (API) of the information handling system firmware, signed based at least on information associated with a certificate signed by a certificate authority; may determine that the signing authority is authorized for the request for utilization of the information handling system firmware API; may determine that the signing authority is authorized for the request for utilization of the information handling system firmware API on a platform model of the information handling system; may determine that the certificate is not on a certificate revocation list; and may permit utilization of the information handling system firmware API.

Abstract: A method, computerized apparatus and computer program product, the method comprising: obtaining computer code; determining from the computer code a collection of components reachable from the computer code; providing information about the components to a server; identifying by the server using information retrieved from a database, reachable components associated with the collection of components, which have stored vulnerabilities; determining from the computer code and the reachable components that have stored vulnerabilities, a collection of reachable finer resolution components; identifying, further components from the collection of reachable finer resolution components, which have stored vulnerabilities; and outputting information about the further components, wherein the computer code cannot be reconstructed from the information about the collection of components and the information about the finer resolution components.

Abstract: Provided are systems, methods, and computer-readable medium for a simulation platform that can generate simulated activity data for testing a security monitoring and control system. In various examples, the simulation platform can parse the activity data from a cloud service to determine the fields associated with each action in the activity data. The simulation platform can then generate a template, where each entry in the template describes an action and the fields associated with the action. The simulation platform can further generate a configuration that describes a test scenario. The simulation platform can use the configuration and the template to generate the particular action, including randomizing some or all of the fields of the action. When input into the security monitoring and control system, the system can operate on the simulated activity data in the same way as when the system ingests live activity data.

Abstract: Threat modeling systems include one or more computing devices communicatively coupled with one or more databases, the database(s) including threat model components and threats associated with one another. One or more mapping files coupled with the database(s) correlate the threat model components with visual diagram components of a third party software application. An import interface initiates reading of a third party generated data file by the computing device(s), the data file including a subset of the third party diagram components and relationships between the subset. An interface receiving input initiates a determination of threat model components correlated with the subset. A diagram interface displays a relational diagram using visual representations of threat model components correlated with the subset, the relational diagram defining a threat model.

Abstract: An e-mail system is disclosed that overcomes many deficiencies of, but is backward compatible with, existing e-mail systems. Embodiments of the system may include various features, including but not limited to: (1) secure transfer of e-mail messages, without the need for users to replace existing e-mail clients or to change e-mail addresses; (2) tracking of all actions performed in connection with an e-mail transmission; (3) the ability for a recipient to view information about an e-mail message, optionally including information about how other addressees have responded to it, before deciding whether to retrieve the e-mail message; (4) the aggregation of entire e-mail conversations into a single threaded view; (5) the ability to include both private and public messages in a single e-mail communication; (6) sender control over downstream actions performed in connection with an e-mail message; (7) flexible control over cryptographic methods used to encrypt emails messages for storage.

Abstract: A user interface for applying restriction parameters to content items and users in a grouped manner is provided. A selection of one or more restriction groups can be received through a graphical user interface on a display device associated with a content management system. One or more restriction marks associated with the one or more restriction groups can be displayed on the graphical user interface. A selection of the displayed one or more restriction marks can be received through the graphical user interface for being assigned to a content item stored in the content management system. The content item can have associated metadata stored in the content management system. Metadata associated with the content item can be updated. The updated metadata can indicate that the selection of the one or more restriction marks is assigned to the content item.

Abstract: The disclosure discloses a method and device for access control. The method includes: when a group of tasks are executed, controlling an access of a subject to an object according to operation permission corresponding to each of the tasks in the group of tasks. The device comprises a control component arranged to, when a group of tasks are executed, control an access of a subject to an object according to operation permission corresponding to each of the tasks in the group of tasks.

Abstract: A system and method is described for implementing or managing IRM controls over digital content through a browser. The computer implementing or managing IRM controls over digital content through a browser includes at least one user device and a server. The user device includes a browser, the server comprises a database to store a plurality of IRM rights data and corresponding user permission, an identifier module to identify the user, an editor module to allow the user to view, edit, copy, paste and print the digital content based on the user permission defined for any respective protected document within the user device or downloaded through the Internet.

Abstract: A content management system for collecting files from one or more submitters in a collection folder. A collector, who generates the collection folder, can invite one or more submitters to submit one or more files to the collection folder. A submitter submits one or more files along with one or more comments associated with the one or more of submitted files. The one or more submitters have limited rights to the collection folder. The limited rights can include uploading rights and prohibiting a submitter from viewing files that other submitters associated with the collection folder submitted. Thus, the collection folder is able to store files from the one or more submitters, but prevent them from viewing other's submissions.

Abstract: A method of adding sensing of moisture and other characteristics into a garment such as a diaper, incontinence garment, brief, or underwear is disclosed. The primary design intent is optimal moisture detection, low per unit cost, and wide-scale data analysis of groups of patients. The embodiments place various forms of electrodes within a garment, and measuring the electrical properties of the electrodes to determine if the garment has contacted moisture. The embodiments herein could be used for sensing incontinence, sensing perspiration, and detecting failure of protective garments, among other purposes. The target moisture is urine and feces; however, other sources of body moisture can also be sensed. A specialized mesh network achieves accuracy of the information obtained, as well as redundancy and timely updating of that information.

Abstract: A computing system includes: a control unit configured to: receive user information through a vault user account; process the user information for storage in an information vault; implement a security protocol for the vault user account including to determine a security breach to the vault user account based on receiving an electronic communication from a user electronic contact address addressed to a breach detection contact address; a storage unit, coupled to the control unit, configured to store the user information.

Abstract: A method for execution by a storage unit of a dispersed storage network includes receiving an access request from a requestor. An access anomaly of the access request is detected, and the access request is queued for processing in response. An anomaly detection indicator is issued to a plurality of other storage units. A secondary authentication process is initiated with the requestor, and a secondary authentication response from the requestor. The access request is processed when the secondary authentication response is favorable.

Abstract: Methods, systems, and computer program products for accessing a database element are described. A table link of a persistency interface is defined, the table link being a representation of a table of a persistency schema. A role for the persistency interface is defined, the role defining a type of access for a specified portion of the database element.

Abstract: The technology disclosed relates to assigning field level security to fields extracted from primary sources on a batch basis and compiled into analytical, read-only databases, for ultra-fast, ad-hoc data exploration and faceted navigation on integrated, heterogeneous data sets. The method includes assigning field level security to the extracted fields by combining user selectable inheritance of field level security from source fields that yield the extracted fields, with pinning of inheritance of field level security for the extracted fields to reference fields in the database sources wherein the reference fields are distinct from the extracted fields.

Abstract: This disclosure relates to sharing confidential data between a first data provider and a second data provider. A processor determines a correspondence between one of multiple first data records from the first data provider and one of multiple second data records from the second data provider. The multiple first data records are stored on a first data store accessible by the first data provider and protected by encryption from the second data provider. The multiple second data records are stored on a second data store accessible by the second data provider and protected by encryption from the first data provider. The processor creates a first reference to the one of the multiple first data records and a second reference to the one of the multiple second data records. The first reference is accessible by the second data provider and the second reference is accessible by the first data provider.

Abstract: A method and apparatus for inheritance-based propagation is provided. The method comprises receiving a request from a client computer to update an access permission associated with a specific namespace in a nested namespace structure for a user, the specific namespace being associated with a group of users, wherein the nested namespace structure includes one or more child namespaces of the specific namespace; causing updating of the access permission associated with the specific namespace for the user; identifying the specific namespace as the current namespace; and performing an iterative process having the following steps until a termination criterion is satisfied.

Abstract: A distributed storage system for the long-term storage of data objects that is implemented utilizing one or more distinct storage sites that may be comprised of system controllers and object storage systems that act in concert to embody a single distributed storage system. A system may include a one or more types and/or instances of object storage systems. A system may include witness functionality in which a trusted user and/or client acts to maintain consistent storage policies on behalf of one or more users and/or clients. A system may further include system controllers associated with logical and/or physical sites that coordinate object, user, device, and system management functionally.

Abstract: Systems, methods, and devices for generating a secure join of database data are disclosed. A method includes determining data stored in a first account to be compared with data stored in a second account. The method includes determining a function for generating a secure join key, wherein the secure join key includes a hashed string that hashes one or more of a data entry of the first account and a data entry of the second account. The method includes providing the secure join key to the first account and/or the second account.

Abstract: Provided are a method for securely calling fingerprint information, an apparatus for securely calling fingerprint information, and a mobile terminal. The method includes: receiving a request for calling the fingerprint information (S101); according to a unique identification in an application process sending the request for calling the fingerprint information, determining whether the application corresponding to the application process is a legitimate application (S102); when it is determined that the application corresponding to the application process is a legitimate application, allowing the application corresponding to the application process to call the fingerprint information (S103).

Abstract: In an example, an anonymized set of confidential data data values of a first confidential data type is obtained. Then an anonymized set of confidential data data values of a second confidential data type is also obtained. A multiplier following a log-normal distribution is determined for the anonymized set of confidential data data values of the first confidential data type. Then smoothing is performed independently for the anonymized set of confidential data data values of the first confidential data type and the multiplier. Percentiles for the anonymized set of confidential data data values of the second confidential data type are then determined using the smoothed anonymized set of confidential data data values of the first confidential data type and the smoothed multiplier.

Abstract: Various methods and systems for processing at least some of genome sequences and at least some of associated information, for an individual, may be described and disclosed herein. A purpose of such processing may be to prevent, minimize, and/or mitigate against (1) identification of the individual from such genome sequence information and/or from associated information; and/or (2) using such genome sequence information and/or associated information as a basis for discriminating against the individual.

Abstract: A relational database is transformed so as to obfuscate secure and/or private aspects of data contained in the database, while preserving salient elements of the data to facilitate data analysis. A restructured database is generatively modeled, and the model is sampled to create synthetic data that maintains sufficiently similar (or the same) mathematical properties and relations as the original data stored in the database. In one example, various statistics at the intersection of related database tables are determined by modeling data using an iterative multivariate approach. Synthetic data may be sampled from any part of the modeled database, wherein the synthesized data is “realistic” in that it statistically mimics the original data in the database. The generation of such synthetic data allows publication of bulk data freely and on-demand (e.g., for data analysis purposes), without the risk of security/privacy breaches.

Abstract: Position data may gradually pseudonymized by a method, comprising: generating a sequence of relative positions from a sequence of absolute positions of a moving object; randomizing the sequence of relative positions using at least a sequence of random numbers generated from at least one seed; in response to receiving an analytical job comprising the at least one seed, restoring the sequence of relative positions from the randomized sequence of relative positions; and in response to receiving an analytical job comprising both the at least one seed and at least one absolute position derived from the sequence of absolute positions, restoring the sequence of absolute positions from the randomized sequence of relative positions.

Abstract: A method and system which shows a user contacts that are nearby but protects those contacts' privacy by mixing indistinguishably into the list contacts that are not nearby thus creating an obfuscated list such that user is unable to identify which contacts are nearby and which are not nearby. The user selects contacts the user would want to see if they were nearby. If the user selects a contact who is actually nearby, the system then protects the user's privacy by presenting another obfuscated list to the selected contact. The system discloses proximity only after two users have each mutually selected each other. The system may more broadly be used by showing the user contacts that have any form of matching personal data while still protecting all users' privacy with obfuscated lists until two users have each mutually selected each other.

Abstract: In particular embodiments, a consent conversion optimization system is configured to test two or more test consent interfaces against one another to determine which of the two or more consent interfaces results in a higher conversion percentage (e.g., to determine which of the two or more interfaces lead to a higher number of end users and/or data subjects providing a requested level of consent for the creation, storage and use or cookies by a particular website). The system may, for example, analyze end user interaction with each particular test consent interface to determine which of the two or more user interfaces: (1) result in a higher incidence of a desired level of provided consent; (2) are easier to use by the end users and/or data subjects (e.g., take less time to complete, require a fewer number of clicks, etc.); (3) etc.

Abstract: Various embodiments of the present technology generally relate to file sharing, encryption, and protection of digital assets. More specifically, some embodiments of the present technology relate to computer files comprising an unencrypted file combined with an encrypted file, and methods for creation of such combined files. The unencrypted file can be read by target applications and can present a variety of information (e.g., contact information, registration information, etc.). The encrypted data may be accessed only when the proper management software, drivers, application programming interfaces, and other components of a runtime environment have been installed on a computing device.

Abstract: An aspect provides a method, including: accepting, at an input component of an information handling device, input of a user; identifying, using a processor, the input of the user as controlling input; determining, using a processor, one or more control factors associated with the controlling input; classifying, using a processor, the controlling input as a permissible control action for an application running on the information handling device based on the one or more control factors; and committing, using a processor, the permissible control action responsive to the classifying. Other aspects are described and claimed.

Abstract: A computer-implemented technique is described herein for removing sensitive content from documents in a manner that preserves the usefulness of the documents for subsequent analysis. For instance, the technique obscures sensitive content in the documents, while retaining meaningful information in the documents for subsequent processing by a machine-learning engine or other machine-implemented analysis mechanisms. According to one illustrative aspect, the technique removes sensitive content from documents using a modification strategy that is chosen based on one or more selection factors. One selection factor pertains to the nature of the processing that is to be performed on the documents after they have been anonymized.

Abstract: The disclosure includes a system and method for associating protection data to a video object and verifying the content and source of the video object based on the protection data. A video processing application receives, at a producer, a video object; computes, at the producer, a digital signature based on content of the first video object; adds, at the producer, identification information of the producer to the digital signature of the first video object, the producer being a source of the first video object; transmits the first video object along with the digital signature from the producer to a first consumer; and authenticates, at the first consumer, the content and source of the first video object based on the digital signature.

Abstract: A network interface device comprises an integrated circuit device comprises at least one processor. A network interface device comprises a memory. The integrated device is configured to execute a function with respect to at least a part of stored data in said memory.

Abstract: An information processing apparatus that transmits image information being displayed on a display unit to a client to causes the client to display the image information, when combining an image of a cursor with the image information being displayed on the display unit and storing a result of the combining, in a case that it is determined that the image information is information of a screen for inputting information having confidentiality, restricts viewing of the image of the cursor in the image information and transmits the image information in which the viewing of the image of the cursor is restricted to the client.

Abstract: Systems, methods, and software for filtering components, such as hardware components, compatible with computer-modeled structures are presented. A compatible components system provides selection methods that present components compatible with computer-aided design (CAD) models designed in computer modeling software. The system executes methods designed to filter components made available to designers using attribute information of the features and attribute information of the components. Designers may interact with the compatibility methods numerous times, narrowing components through a series or number of filtering steps until a desired compatible component is easily selected. The computer modeling software may include graphical user interfaces for selecting component source locations, filtering types of components presented by the system, and adding components to CAD models.

Abstract: A method of designing a furniture product includes displaying a first and a second part members on a screen such that a first face of the first part member and a second face of the second part member are in parallel; setting XY coordinate in which a corner of a rectangle of each face of the first and second part members is set as an origin, and two sides extending orthogonally from the corner are set as X axis and Y axis to designate a first position on the first face by the XY coordinate; perpendicularly projecting the first face of the first part member onto the second face of the second part member to calculate a position on the second face that corresponds to the first position and designating the calculated position on the second face as a second position by the XY coordinate on the second face.

Abstract: Methods for aligning a digital 3D model of teeth represented by a 3D mesh to a desired orientation within a 3D coordinate system. The method includes receiving the 3D mesh in random alignment and changing an orientation of the 3D mesh to align the digital 3D model of teeth with a desired axis in the 3D coordinate system. The methods can also detect a gum line in the digital 3D model to remove the gingiva from the model.

Abstract: Provided is a method of modeling a target object, the method including obtaining information about the target object including an arrangement of particles including target particles, generating coarse particles by down-sampling the target particles, modeling a movement of the target object based on the coarse particles, and redefining the target particles based on a result of the modeling.

Abstract: A global objective function is initialized to an initial value. A particular model simulation process is executed using prepared input data. A mismatch value is computed by using a local function to compare an output of the particular model simulation process to corresponding input data for the particular model simulation process. Model objects associated with the particular model simulation process are sent to another model simulation process. An optimization process is executed to predict new values for input data to reduce the computed mismatch value.

Abstract: Provided is a method of batching and scheduling for steelmaking production with plant-wide process consideration, including the steps of: establishing a mathematical model for quantitatively describing the decision problem of batching on steelmaking and continuous casting procedures; starting from the production capacity balance between parallel equipment of the same procedure, and material flow convergence between upstream and downstream procedures, establishing a model for the assignment and sequencing of batches on continuous casting equipment and the time dimension; integrating the batching plan and the production scheduling scheme, issuing the batching plan and the production scheduling scheme integrated to all production and manufacturing units at the steelmaking stage.