Abstract: Examples of the present disclosure describe systems and methods for malicious software detection based on API trust. In an example, a set of software instructions executed by a computing device may call an API. A hook may be generated on the API, such that a threat processor may receive an indication when the API is called. Accordingly, the threat processor may generate a trust metric based on the execution of the set of software instructions, which may be used to determine whether the set of software instructions poses a potential threat. For example, one or more call stack frames may be evaluated to determine whether a return address is preceded by a call instruction, whether the return address is associated with a set of software instructions or memory associated with a set of software instructions, and/or whether the set of software instructions satisfies a variety of security criteria.

Abstract: A simulated process is initiated. The simulated process includes generating, by an emulator, a control signal based on external inputs. The simulated process further includes processing, by a simulator, the control signal to generate simulated response data. The simulated process further includes generating, by a deep learning processor, expected behavioral pattern data based on the simulated response data. An actual process is initiated by initializing setpoints for a process station in a manufacturing system. The actual process includes generating, by the deep learning processor, actual behavioral pattern data based on actual process data from the at least one process station. The deep learning processor compares the expected behavioral pattern to the actual behavioral pattern. Based on the comparing, the deep learning processor determines that anomalous activity is present in the manufacturing system. Based on the anomalous activity being present, the deep learning processor initiates an alert protocol.

Abstract: A voltage glitch detector includes a ring oscillator, a plurality of counters, a combined result circuit, and a result evaluation circuit. The ring oscillator includes a plurality of series-connected stages. An output of a last stage of the ring oscillator is coupled to an input of a first stage of the ring oscillator. Each counter of the plurality of counters has an input coupled to a node located between two stages of the plurality of series-connected stages. The combined result circuit is coupled to each of the plurality of counters. The combined result circuit combines the count values received from each counter of the plurality of counters to provide a combined result. The result evaluation circuit is coupled to compare the combined result with a reference value to determine when a voltage glitch is detected.

Abstract: An over-the-air (OTA) upgrade method includes obtaining, by a server, a new version of encrypted data and an old version of encrypted data of system software applied to a mobile terminal, decrypting, by the server, the new version of encrypted data to obtain a new version of original data, decrypting, by the server, the old version of encrypted data to obtain an old version of original data, performing, by the server, differentiation on the new version of original data and the old version of original data to obtain differential data, generating, by the server, OTA data based on the differential data, and sending, by the first server, the OTA data to the mobile terminal.

Abstract: A method comprises detecting with a mobile security system a wake event on a mobile device, providing from the mobile security system a wake signal, the providing being in response to the wake event to wake a mobile device from a power management mode, and managing with the mobile security system security services of the mobile device. Managing security services may comprise scanning a hard drive of the mobile devices for viruses and/or other malware. Managing security services may also comprise updating security applications or scanning the mobile device for unauthorized data.

Abstract: An example computing device incudes a main processor, a management firmware subsystem, and a controller to control operation of the management firmware subsystem. The controller is separate from a main processor. A memory stores subsystem data that is useable by the controller. The computing device further includes a set of instructions that determines a manufacturing mode of the computing device. The manufacturing mode is enabled when the computing device is under manufacture or maintenance. The manufacturing mode is disabled when the computing device is under normal operation. The set of instructions further determines a manufacturing state of the subsystem data. The manufacturing state indicates whether the subsystem data is complete. In response to determining that the manufacturing mode is disabled and that the manufacturing state of the subsystem data is incomplete, the set of instructions initiates a restoration of the subsystem data from a backup of the subsystem data.

Abstract: A processor system includes a processor and a first memory area storing a boot program code. The boot program code starts execution of the operating system when executed by the processor, performs a cryptographic operation when processor executes the boot program code. A second memory area stores one or more cryptographic keys and is only accessible to the boot program code. A third memory stores the operating system. A communication interface receives data over a communication network. The processor retrieves the boot program code from the first memory area and executes the boot program code to start execution of the operating system. The processor terminates execution of the boot program code. The processor is configured to re-execute the boot program code while the operating system is executed to cryptographically encrypt data upon the basis of the cryptographic keys stored in the second memory area.

Abstract: A method may include determining that a non-constant value of a variable corresponding to a variable node of the abstract syntax tree flows into an operator node in the abstract syntax tree. The method may further include adding, to the abstract syntax tree, a check taint node including functionality to: make a taint status determination that the non-constant value is tainted, and return the non-constant value to the operator node. The operator node generates a result value by executing an operator using the non-constant value. The method may further include adding, to the abstract syntax tree, a set taint node that stores, based on the taint status determination, the result value in a second tainted object, and performing, using the abstract syntax tree, a taint analysis of the source code to identify a vulnerability in the source code.

Abstract: A method for evaluating security of third-party applications includes: launching, in an automated test environment, a test instance of a first application; determining a data access pattern for the first application of accessing a protected remote server based on detecting data retrieval operations of retrieving data from the protected remote server by the test instance and determining application states of the first application associated with the detected data retrieval operations; and providing the data access pattern for the first application on a client device.

Abstract: A method for managing vulnerability data may include: (1) ingesting, by a data ingestion engine, vulnerability data from a plurality of sources; (2) normalizing, by a data normalizer module, the vulnerability data into a plurality of data records; (3) generating, by a data processing module, a dynamic risk score for each data record; (4) storing, by a risk record register, a risk record for each data record, wherein the risk record may include the dynamic risk score, a priority level, an identifier for a software application, and a software dependency; (5) selecting, by a control policy selection engine, a control policy based on one of the dynamic risk scores; (6) implementing, by the risk record register, the selected control policy; (7) monitoring, by the risk record register, implementation of the control policy; and (8) updating, by the risk record register, the control policy selection engine based on the monitoring.

Abstract: Disclosed are a model parameter training method and a terminal based on federation learning, and a medium. The method includes: determining a feature intersection of a first sample of the first terminal and a second sample of a second terminal, training the first sample based on the feature intersection to obtain a first mapping model, sending the first mapping model to the second terminal; receiving a second encryption mapping model sent by the second terminal, predicting a missing feature of the first sample of the first terminal according to the second encryption mapping model to obtain a first encryption supplementary sample; receiving a first encryption federation learning model parameter sent by a third terminal, training a federation learning model to be trained according to the first encryption federation learning model parameter, and calculating a first encryption loss value; and sending the first encryption loss value to the third terminal.

Abstract: A system includes a memory device and a processor, operatively coupled with the memory device, to perform operations including receiving, from a device via a brokering agent, a request to provide an encrypted version of a set of secrets data corresponding to a target state of the device, determining whether to authorize the request in view of the brokering agent, and in response to authorizing the request, providing the encrypted version of the set of secrets data and permission to transition to the target state.

Abstract: The disclosed technology teaches facilitate User and Entity Behavior Analytics (UEBA) by classifying a file being transferred as encrypted or not. The technology involves monitoring movement of a files by a user over a wide area network, detecting file encryption for the files using a trained classifier, wherein the detecting includes processing by the classifier some or all of the following features extracted from each of the files: a chi-square randomness test; an arithmetic mean test; a serial correlation coefficient test; a Monte Carlo-Pi test; and a Shannon entropy test, counting a number of the encrypted files moved by the user in a predetermined period, comparing a predetermined maximum number of encrypted files allowed in the predetermined period to the count of the encrypted files moved by the user and detecting that the user has moved more encrypted files than the predetermined maximum number, and generating an alert.

Abstract: Creating a replica of a storage system, including: receiving, by a first storage system from a computing device, data to be stored on the first storage system; reducing, by the first storage system, the data using one or more data reduction techniques; sending, from the first storage system to the second storage system, the reduced data, wherein the reduced data is encrypted; and sending, from the second storage system to a third storage system, the reduced data, wherein the reduced data is encrypted.

Abstract: Disclosed are various embodiments for searching encrypted data. A search query containing a plaintext key can be received from a client device or other application. A request can then be sent to a storage engine for a ciphertext key of a node of a binary tree, the node representing an encrypted key-value pair that includes the ciphertext key. The ciphertext key can be decrypted using a cryptographic key to generate a decrypted ciphertext key. Then, the decrypted ciphertext key can be compared to the plaintext key. A determination can then be made as to whether the encrypted key-value pair represented by the node of the binary tree satisfies the search query based at least in part on a comparison of the decrypted ciphertext key to the plaintext key.

Abstract: A computer-implemented method can include: a computer program file open request providing read access to text or binary plaintext file data residing on a data storage means; processing the plaintext file data in an input data buffer area following a computer program file data read operation to improve performance by creating a multiplicity of processing threads to perform concurrent, usually non-overlapping encryption processing operations; and an encryption program constructing a previously constructed complex of Pseudo Random Number Generator (PRNG) means to provide on-demand Pseudo Random Number (PRN) values.

Abstract: A computer-implemented method can include encrypting a data file as a multiplicity of independent segments that are each a multiple of a block encryption's block size, encrypting the application data on a segment-by-segment basis using the multiplicity of selected encryption methods and associated information, and creating a programming shared object “shim” Interposer module.

Abstract: A computer-implemented method for securely transferring a secret from a source computing component to a target computing component, wherein the source computing component and the target computing component are part of a secure computing environment is disclosed. The method comprises upon the source computing component receiving from the target computing component a signed attestation document, verifying, by the source computing component, an authenticity and content of the attestation document, and upon a successful verification of the authenticity and the content, transferring, by the source computing component the secret to the target computing system. Thereby, the attestation document is attesting that the target computing component is compliant to an update governance rule.

Abstract: A computer system with multiple security levels, the system comprising a high-power processing device (130), a low-power processing device (110), and an interface unit (120) comprising functions for moving classified information between the high-power device (130) and the low-power device (110) according to formal rules for confidentiality and/or integrity. Additional security aspects, e.g. availability, may readily be accommodated. A method for implementing multiple levels of security along a number of independent security axes on the system is also disclosed.

Abstract: An information processing device according to an embodiment includes a memory and one or more hardware processors. The memory includes a flag table storage area to store a flag table in which file information for individually identifying one or more pieces of software is associated with a flag used for execution control of a corresponding one of the pieces of software. When rewrite of first software is detected, the hardware processors: extract first file information being the file information corresponding to the first software; change a first flag corresponding to the first file information to a first value indicating that verification of integrity of the first software is required; change a file of the first software in an authorized manner; and change the first value, which has been changed, to a second value indicating permission of execution of the first software.

Abstract: Embodiments of the present disclosure provide systems and methods for managing access rights for a copy of an original digital document. The method performed by a server system includes receiving a request for generating a copy of an original document. The method includes performing an authorization of the request for generating the copy of the original document based on the access rights associated with the original document. Further, the method includes generating a copy document of the original document upon successful authorization. The method includes determining the access rights defined for the copy document in the original document. The method further includes transmitting the access rights to the copy document. The method includes sending the copy document with the access rights. The access rights set on the copy document facilitate the user to perform document-related operations on the copy document.

Abstract: The disclosed computer-implemented method for dynamic formjacking protection may include identifying a sensitive data input field element on a webform loaded in a browser, creating a secure isolated container overlaid on the identified sensitive data input field element, and collecting, via the secure isolated container, real input data intended for the sensitive data input field element. The method may also include inserting dummy data into the sensitive data input field element and intercepting a form submit request from the webform to a destination. The method may further include determining whether the destination is a trusted destination, and when the destination is determined to be the trusted destination, modifying the form submit request to allow the real input data to be sent to the trusted destination. The method may also include sending the form submit request to the destination. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Disclosed embodiments relate to systems and methods for securely provisioning sensitive data elements to virtualized execution instances. The techniques may include: identifying a request to provision a new virtualized execution instance; determining, in association with the request, that the new virtualized execution instance will require a prohibited data element in order to communicate with a target network resource; without providing the new virtualized execution instance the prohibited data element, registering the new virtualized execution instance; identifying a request from the new virtualized execution instance to communicate with the target network resource; performing a verification process for the request to communicate with the target network resource; and conditional on the verification process, provisioning the prohibited data element to the new virtualized execution instance.

Abstract: A method, a computer program product, and a system for implementing a dynamic virtual database honeypot. The method includes relaying a query request received from a database client to a database and receiving, from the database, a response relating to the query request. The method also includes determining the query request is an attack on the database based on session information relating to the database and the database client, generating a honey token based on information contained within the response, generating an alternate response formatted in a same format as the response and containing artificial information that masks the information contained within the response. The method further includes inserting the honey token into the alternate response and transmitting the alternate response to the database client.

Abstract: Disclosed are various embodiments for discovering availability of digital media titles from multiple digital media service providers. A control is presented to establish a relationship between a user account and a first digital media service provider. A first availability for access by the user account of a digital media title is received from the first digital media service provider. A second availability for access by the user account of the digital media title is received from a second digital media service provider. An indication of availability for access of the digital media title by the user account from the first digital media service provider and the second digital media service provider is presented based at least in part on the first availability and the second availability.

Abstract: A system can receive, from user input, request data indicative of a request to create a file with a first filename. The system can, based on the request data, determining a second filename for the file. The system can store an association between the first filename and the second filename. The system can create the file in a file system with the second filename.

Abstract: In general, the invention relates to providing computer implemented services using information handling systems. One or more embodiments of the invention includes receiving a request to decompose a composed information handling system, wherein the composed information handling system comprises a hardware resource, obtaining a cleaning requirement for the hardware resource, initiating, based on the cleaning requirement, a cleaning operation on the hardware resource, receive a confirmation that the cleaning operation is complete, and after receiving the confirmation, set a state of the hardware resource to allocatable.

Abstract: Provided is a process including: receiving one or more write requests to write a plurality of values to a plurality of fields in one or more tuples of a relational database, different ones of the values corresponding to different ones of the fields, detecting duplicates of the values with steps for expediting detection of duplicates, and selecting a first subset of the values based on the first subset of values corresponding to fields in a first subset of the fields, the first subset of fields being designated as higher-security fields than a second subset of fields among the plurality of fields.

Abstract: Embodiments are provided for securing data access to machine learning training data at a plurality of distributed computing devices. Electronic content including original data that corresponds to a preferred data security level is divided into a plurality of microsegments. The plurality of microsegments is restrictively distributed to a plurality of computing devices which apply transcription labels to the plurality of microsegments. The labeled microsegments are reconstructed into training data which is then used to train a machine learning model while facilitating an improvement in data security of the original data included with the training data from the reconstructed microsegments.

Abstract: A data access control method and a database access apparatus. The method includes: obtaining a first data operation instruction, where the instruction is triggered by a first user; querying permission setting information based on the identifier of the target data body, and determining permission of the first user to operate the target data body, where the permission setting information includes an identifier of at least one data body and permission of at least one user to operate the at least one data body; generating a second data operation instruction based on the permission of the first user to operate the target data body and the first data operation instruction; and executing the second data operation instruction to operate data in the target data body within a target range, where the target range is a range allowed by the permission of the first user to operate the target data body.

Abstract: Described herein are techniques for preventing software applications from gaining access to unauthorized biometric data in accordance with user preferences. In some embodiments, a software application requests access to sensor data collected by a sensor installed on a user device via a gateway application installed on the user device. Upon receipt of the request, the gateway application determines what types of biometric data the software application is authorized to obtain within the sensor data. The gateway application then identifies biometric data that is present within the sensor data. The sensor data is then altered such that biometric data that the software application is not authorized to obtain is obfuscated. Once the sensor data has been altered, the software application is provided access to that altered sensor data.

Abstract: In aspects of personal content managed during device screen recording, a wireless device has a display screen to display digital image content, and a screen recording session captures the digital image content and audio data. The wireless device implements a content control module that determines the screen recording session captures personal content associated with a user of the wireless device, the personal content being captured as part of the digital image content or the audio data. The content control module can generate a user screen recording having a user authorization access level, the user screen recording including the digital image content and/or the audio data, as well as the personal content unaltered for user review. The content control module can also generate a shareable screen recording having a share authorization access level, the shareable screen recording including the digital image content and/or the audio data with the personal content obfuscated.

Abstract: Provided are a program and personal information protection method which are executed by a system which is operated by a medical practitioner, said program and method comprising: a display process of causing a monitor part 2 to display an examination result screen 3 including personal information which identifies a subject; an identification process of identifying the personal information in the examination result screen 3 which is displayed in the display process; and an invalidation process of invalidating the personal information identified in the identification process in a captured image which includes the examination result screen 3. Instances of personal information being displayed in error to outside users are thus reduced in comparison to the prior art, and sharing of examination result information is implemented smoothly.

Abstract: Access to sensitive information in a database can be restricted to improve security and enable efficient auditing. A security engine receives a request from a requesting entity to access data in the database and determines that the requested data includes sensitive information. In response to the requesting entity being authorized to access the data, the security engine retrieves the requested data from the database and modifies the retrieved data by modifying metadata of the retrieved data to include a tag indicating that the retrieved data includes sensitive information. The security engine provides the modified data to the requesting entity and modifies a data access log to identify each attempted access to the modified data. When sensitive data is requested, an interface can include an obscuring element, requiring a user to manually select the element to view the data, enabling the logging of the explicit access request by the user.

Abstract: A device and method for analyzing a performance of an n-tier application capable of carrying out on-the-fly anonymization processing of production data. The production data is generated following a performance test request message transmitted to the n-tier application. The anonymization processing is implemented by an anonymization module that identifies, from a sensitive data identification repository, data to be anonymized in the response message. The anonymization processing also includes generating, from an anonymization repository, anonymized data from the previously identified data to be anonymized, and generating an anonymized response message from the anonymized data and the response message.

Abstract: A tokenization system receives a request for data anonymization, the request referencing unstructured/semi-structured content containing values of interest. The tokenization system performs a tokenization operation on the unstructured/semi-structured content, generates self-describing tokens for the values of interest, each self-describing token having a preconfigured pattern, an indication of a protection strategy, and a token value, and stores the values of interest in a secure data vault. The tokenization system may receive a request to reveal the self-describing tokens in the unstructured/semi-structured content. In response, the tokenization system searches the anonymized version of the unstructured or semi-structured content for the preconfigured pattern, identifies self-describing tokens, uses the self-describing tokens to retrieve the values of interest from the secure data vault, and produces a detokenized version of the unstructured/semi-structured content containing the values of interest.

Abstract: Systems and methods for obtaining an external content item from an online service for presentation on the client device is presented. On the client device, a condition is detected in the execution context of an executing application, the condition corresponding to the presentation of an external content item by the application. A request is made to the online service for content items. In response, content information is received, where the content information identifies potential content items. According to various embodiments, initial scores are associated with each potential content item in the content information. At the client device, a completed score is generated for each content item according to local information on the client device and the corresponding initial score. An external content item is selected for presentation on the client device from the potential content items according to, at least in part, the completed scores.

Abstract: In particular embodiments, a sensitive data management system is configured to remove sensitive data after a period of non-use. Credentials used to access remote systems and/or third-party systems are stored with metadata that is updated with each use of the credentials. After a period of non-use, determined based on credential metadata, the credentials are deleted. Personal data retrieved to process a consumer request is stored with metadata that is updated with each use of the personal data. After a period of non-use, determined based on personal data metadata, the personal data is deleted. The personal data is also deleted if the system determines that the process or system that caused the personal data to be retrieved is no longer in use. An encrypted version of personal data may be stored for later use in verifying proper consumer request fulfillment.

Abstract: An electronic device for controlling access to a device resource, and an operation method thereof, are disclosed. The electronic device may include a memory; and a processor configured to execute at least one operating system executed in a first region allowing an operation based on a first authority; execute at least one application executed in a second region allowing an operation based on a second authority; and in response to detection of access to at least one device resource by the at least one application, determine authority of access to the at least one device resource by using an authority determination module executed in a third region allowing an operation based on a third authority.

Abstract: Systems and techniques for real-time feature level software security are described herein. A request may be received from a computing device for data from the feature of the software application. The request for data may include authorization information of a user of the computing device. It may be identified that the feature of the software application contains code containing a reference to a security configuration service. A security configuration may be determined for the feature of the software application by comparing a resource identifier and a feature identifier of the feature of the software application to a set of security configurations of the security configuration service. The security configuration may provide access rules for the feature of the software application. A response may be sent to the computing device based on a comparison of the received authorization information of the user of the computing device to the determined security configuration.

Abstract: Systems and techniques for real-time feature level software security are described herein. A request may be received from a computing device for data from the feature of the software application. The request for data may include authorization information of a user of the computing device. It may be identified that the feature of the software application contains code containing a reference to a security configuration service. A security configuration may be determined for the feature of the software application by comparing a resource identifier and a feature identifier of the feature of the software application to a set of security configurations of the security configuration service. The security configuration may provide access rules for the feature of the software application. A response may be sent to the computing device based on a comparison of the received authorization information of the user of the computing device to the determined security configuration.

Abstract: Embodiments are disclosed for a method. The method includes generating a correction datastore indicating shifts in magnitude representing corresponding characters that uniquely identify hardware comprising a computer processing chip. The method further includes generating security masks based on a correction file. Additionally, the method includes using a correction process for the computer processing chip. The generated security masks include corresponding overlays representing the shifts in magnitude with respect to corresponding product masks for the computer processing chip. The method also includes generating the computer processing chip using the security masks and the product masks.

Abstract: Systems and method are provided for determining a reliability of a physically unclonable function (PUF) cell of a device. One or more activation signals are provided to a PUF cell under a plurality of conditions. A PUF cell output provided by the PUF cell under each of the plurality of conditions is determined. A determination is made of a number of times the PUF cell output of the PUF cell is consistent. And a device classification value is determined based on the determined number of times for a plurality of PUF cells.

Abstract: An appliance includes an external communication port, such as an RJ45 port, and a wireless communication module in wireless communication with a remote server through an external network. A controller is configured to receive, using the wireless communication module, a secure unlock command from a remote server, the secure unlock command being generated when a remote service device transmits appliance identification data to the remote server, and unlock the external communication port to permit the remote service device to access operating software through the external communication port.

Abstract: A control device according to an embodiment includes: a winding unit (30, 3001) that unwinds a wire having one end movably held by a user in a direction of the one end and winds the wire by an elastic force in a direction away from the one end, a wire lock unit (30, 3002) that locks unwinding of the wire from the winding unit, and a control unit (100) that controls an operation by the wire lock unit of locking the unwinding according to a relationship between a position of a virtual object disposed in a virtual space and a position, in the virtual space, corresponding to a position of the one end in a real space.

Abstract: A portable device (e.g., a wireless device such as a cell phone) is provided with a flexible keyboard and a flexible display screen. Such flexible components may be stored in the housing of the portable device when not in use. The flexible display screen and flexible keyboard may be expanded from the housing when the flexible components are utilized by a user. Non-flexible display and input components may be provided on the exterior of the portable device such that the device may be used, in some form, while the flexible components are stored. In one embodiment, a portion of the flexible display (or flexible keyboard) may be utilized when the flexible display (or flexible keyboard) is stored in said first housing.

Abstract: Embodiments described systems and method to estimate user gaze comprising receiving a target image data associated with the user from a camera coupled with the display, wherein the target image data includes a target eye patch image data associated with the user; and determining, using a neural network, the target point of regard associated with the target image data based on: the target eye patch image data, a plurality of aggregated gaze reference vectors, and a plurality of reference image data associated with the user, respectively associated with the plurality of aggregated gaze reference vectors. In embodiments, the target point of regard is determined within a predetermined threshold. In embodiments, the target point of regard is mapped onto the display.

Abstract: One embodiment provides a method, the method including: detecting, using a content focus system, an attentive state of a user with respect to a display; determining, using the content focus system, the attentive state corresponds to content displayed on the display; and increasing, using the content focus system, a size of the content, wherein the increasing comprises increasing the content to a size that covers other content displayed on the display. Other aspects are described and claimed.

Abstract: A method for predicting eye movement in a head mounted display (HMD). The method including tracking movement of an eye of a user with a gaze tracking system disposed in the HMD at a plurality of sample points. The method including determining velocity of the movement based on the movement of the eye. The method including determining that the eye of the user is in a saccade upon the velocity reaching a threshold velocity. The method including predicting a landing point on the display of the HMD corresponding to a direction of the eye for the saccade.

Abstract: Provided is a method of controlling an intelligent barrier-free kiosk including: recognizing a moving object, which is within a preset distance from the kiosk and is approaching the kiosk; learning characteristic information of the recognized moving object; determining, based on a result of the learning, whether a user related to the moving object intends to use the kiosk; and, based on determining that the user intends to use the kiosk, changing a height of the kiosk.