Abstract: An information handling system may include at least one processor; and an information handling resource, wherein the information handling resource has hardware definition information associated therewith, and wherein the hardware definition information is not stored in a physical storage resource of the information handling resource; wherein the information handling system is configured to: determine a storage location of a database including the hardware definition information of the information handling resource; and retrieve the hardware definition information from the database.

Abstract: Test devices, apparatuses, methods, and systems are disclosed. A test device for testing accessibility of a user interface is described. The test device comprises processing circuitry configured to generate a data structure based on a plurality of user interface files. The data structure comprises a plurality of data structure nodes, and each user interface file comprises a plurality of file elements associated with the accessibility of the user interface. Each data structure node of the plurality of data structure nodes corresponds to one or more file elements of the plurality of file elements. An accessibility test of the user interface is performed based on the data structure.

Abstract: In accordance with one embodiment, a method of modifying data in a telecommunication system can be implemented by receiving a communication comprising voice data and non-voice data at a first processor; sending the non-voice data from the first processor to a second processor; sending the voice data from the first processor to a third processor; receiving a sensitive-data-alert-message at the second processor from a fourth processor; and, in response to the sensitive-data-alert-message from the fourth processor, producing a set of modified-non-voice data at the second processor by removing a set of sensitive data contained within the non-voice data.

Abstract: An apparatus for the generation of dynamic data packets is disclosed. The apparatus includes at least processor and a memory communicatively connected to the processor. The memory instructs the processor to receive a plurality of entity profiles comprising a plurality of attribute data. The processor identifies target data for each entity profile using the attribute data The memory instructs the processor to pair a first entity profile and a second entity profile of the plurality of entity profiles as a function of the assignment. The memory instructs the processor to generate a first dynamic data packet as function of the pairing of the entity profile and the second entity profile. The memory instructs the processor to assign the first dynamic data packet to a first event handler. The memory instructs the processor to display the first dynamic data packet using a dynamic content transmitter on a display device.

Abstract: An apparatus and method for automated credential generation, the apparatus includes at least a processor, and a memory communicatively connected to the at least a processor, wherein the memory containing instructions configuring the at least a processor to receive a data collection, wherein the data collection comprises a plurality of data objects, and wherein the plurality of data objects comprises at least an attribute datum, parse the data collection using a credential validation module to identify and extract the at least an attribute datum associated with the user, classify the data collection to at least a credential datum as a function of the at least an attribute datum using the credential validation module, and generate a verifiable credential as a function of the at least a credential datum.

Abstract: An information computer system is provided for securely releasing time-sensitive information to recipients via a blockchain. A submitter submits a document to the system and a blockchain transaction is generated and submitted to the blockchain based on the document (e.g., the document is included as part of the blockchain transaction). An editor may edit the document and an approver may approve the document for release to the recipients. Each modification and/or approval of the document is recorded as a separate transaction on the blockchain where each of the submitter, editor, approver, and recipients interact with the blockchain with corresponding unique digital identifiers—such as private keys.

Abstract: Methods, systems, apparatus, and computer program products related to a distributed ledger platform/system for managing large capital projects are provided. In an example embodiment, the distributed ledger platform/system includes a plurality of nodes, wherein each node is in data communication with the other nodes; a ledger stored in each node; and a transaction verification to verify the at least one transaction information/data. The ledger contains transaction information related to at least one of the following: vendor payments, intellectual property licensing, construction certifications, equipment inspections, vendor qualification, vendor selection criteria, document access, and regulatory compliance.

Abstract: Embodiments implement a secure connector framework at a cloud infrastructure. Embodiments receive one or more notebook profiles from an on-premises system corresponding to a first cloud customer, the on-premises system comprising at least one of one or more datasets, one or more models, or one or more libraries, the notebook profiles comprising permission sets that specify a level of access to the datasets, the models and the libraries, the notebook profiles corresponding to an on-premises machine learning (“ML”) notebook. Embodiments transform the received notebook profiles into a cloud policy set for sharing the datasets, the models and the libraries. Embodiments then transmit and receive corresponding data from the first cloud customer to a second cloud customer, the transmitted and received data based on the cloud policy set.

Abstract: A data communication method includes: processing to-be-transmitted target secret information by using a preset secret sharing algorithm to obtain a plurality of secret fragments; and distributing the plurality of secret fragments to each relay node in a first relay node layer among preset M relay node layers to transmit the plurality of secret fragments to a receiving device by means of each relay node in the M relay node layers, so that the receiving device can obtain the target secret information based on each received secret fragment under the condition that the number of the received secret fragments is greater than or equal to a preset security threshold. By applying the data communication method, in the case that the number of breached relay nodes does not exceed the preset security threshold, an attacker cannot obtain a sufficient number of secret fragments to crack the target secret information.

Abstract: The embodiments herein describe authenticating a photomask used to fabricate an IC or a wafer. Because the IC may have been fabricated at a third-party IC manufacturer, the customer may want to ensure the manufacturer did not mistakenly use an incorrect mask, or that the mask was not altered or replaced with a rogue mask by a nefarious actor. That is, the embodiments herein can be used to identify when an IC manufacture (whether trusted or not) mistakenly used the wrong photomask, or to verify that a third-party IC manufacturer did not tamper with or replace the authentic photomask with a rogue mask. Advantageously, the embodiments herein can create a secure IC fabrication process to catch mistakes as well as ensure that non-trusted third-parties did not introduce defects into the IC.

Abstract: Methods and systems are presented for providing an asynchronous communication system for facilitating computing services to computer nodes across multiple availability zones. Each computer node includes a client application configured to receive a service request and to generate a request file based on the service request. The client application uploads the request file to a folder hosted by a file sharing system and shared with a processing server. When a new request file is detected in the folder, the processing server downloads the request file from the file sharing system. Based on performing one or more computing services according to the request file, the processing server generates a response file including output data from the computing services. The processing server uploads the response file to the folder hosted by the file sharing system. The client application downloads the response file and presents the output data on a device.

Abstract: In one example, a method of data restore testing is disclosed. The method may determine whether to validate a request to restore a backup of production data. The request may be for a database backup, a file system backup or another data type. The method may generate a database instance that restores a backup database data if the request is for database data and may generate a file system instance to restore a backup file system if the request is for a backup of a file system. The method may lockdown access to the restored backup, validate the integrity of the restored backup relative to production data. The validation may be based on a checksum of the restored backup and a checksum of the production data, for example.

Abstract: It is provided a method for enabling rendering of user-specific information using a display device, the method being performed by a user device comprising a camera, the user device being separate from the display device. The method comprises the steps of: determining a selected display device and creating a logical association between the user device and the selected display device; capturing at least one image of the display device using the camera; decoding the at least one image, resulting in decoded content; and rendering the decoded content for a user of the user device in a location corresponding to the selected display device.

Abstract: In an embodiment, a vulnerability scanner component determines one or more target software objects of a remote file system for a vulnerability scan, and performs, via a file system application programming interface (API), a file system decoding procedure based on information associated with the remote file system to determine a subset of disk blocks of the remote file system that comprise the one or more target software objects. The vulnerability scanner component transmits, to a remote device, a read request associated with the subset of disk blocks, and obtains, in response to the read request, the subset of disk blocks (e.g., rather than a full disk image). The vulnerability scanner component extracts the one or more target software objects from the subset of disk blocks, and performs the vulnerability scan on the extracted one or more target software objects.

Abstract: A registration device (400) generates ciphertext data using a new data key, generates an encrypted keyword using a new keyword key, and registers a set of the ciphertext data and the encrypted keyword. A search operation device (500) restores an old data key from the new data key, restores an old keyword key from the new keyword key, and generates a new search query and an old search query, using the new keyword key and the old keyword key, respectively. A data management device (600) finds an encrypted keyword that matches one of the new search query and the old search query, and outputs an encrypted search result including ciphertext data corresponding to the encrypted keyword that has been found. The search operation device decrypts a plaintext from the ciphertext data included in the encrypted search result, using one of the new data key and the old data key.

Abstract: A compute server of a distributed cloud computing network receives a request for an object that is to be handled by an object worker, where the object worker includes a single instantiation of a piece of code that solely controls reading/writing to the object. The object worker is instantiated at the compute server. The compute server enforces an access policy to determine whether the request is allowed to be processed by the object worker. If the request is allowed to be processed by the object worker, the object worker processes the request. If the request is not allowed to be processed by the object worker, the request is blocked.

Abstract: A network appliance receives a communication from a client device that includes a request to establish a network connection to a server. Prior to initiating a network connection between the network appliance and the server, the network appliance accesses a server certificate issued by the server. In response to a determination, based on application of a policy to the server certificate, not to decrypt data transmitted between the client device and the server, the network appliance establishes only a single connection between the network appliance and the server. The network appliance transmits encrypted data between the client device and the server over the single connection.

Abstract: An access policy analysis system may use stored policy summaries to efficiently perform access analysis. A request that causes an access analysis of an entity in a cloud service provider with respect to a resource hosted in the cloud service provider may be received. An access policy summary generated for the entity based on a set of access policies applied by an access management system of the cloud service provider may be obtained. An access policy summary generated for the resource based on the set of access policies may be obtained. A tree structure that describes a hierarchy of entities in the cloud service provider may be traversed to identify a parent node of the entity in the hierarchy of entities. The access analysis may then be generated based on the access policy summaries for the identified node in the tree structure, for the entity and for the resource.

Abstract: A metadata query is received in as storage system from a client node that asks one or more questions regarding a set of metadata in a metadata store. The metadata query is executed on at least one metadata summary structure. Each metadata summary structure summarizes a metadata stream of metadata access during a period of time, and different metadata summary structures from different periods of time are periodically merged together so that the metadata query is conducted on a merged metadata summary structure. An answer is returned from the query executed on the merged metadata summary structure.

Abstract: Auditing data containing sensitive data are stored in a data structure comprising data objects. Each data object comprises one or more pairs of a name and a value. Pairs that are flagged or identified as containing sensitive data are partially encrypted; the value is encrypted using an asymmetric key and the name corresponding to the encrypted value remains unencrypted. Some pairs that are not flagged or identified as containing sensitive data are left unencrypted. Unencrypted data may be stored in the partially encrypted auditing data as plain text. The auditing data may be analyzed to generate business metrics and identify application errors. The auditing data may also be queried, and data objects containing unencrypted pairs and/or partially encrypted pairs may be returned based on matching unencrypted names and/or values to the data query.

Abstract: Documents, such as those that may or will be the subject of a litigation, may be managed by automatically determining that a document, such as an email or other communication, is privileged or producible such that superfluous documents may be removed to improve data storage and reduce the burden on storage, processing, and communication resources. Additionally, documents such as emails may comprise attached or embedded documents (e.g., attachments) which may be similarly or independently classified from their associated email. After determining privilege, such as via metadata associated with a sender/receiver of an email, similarly categorized documents may be grouped for presentation and/or storage. The documents may be indexed, such as by entries within a production log, to further facilitate accurate production and management of non-privileged documents, as well as, the exclusion of privileged documents. Documents not required for production may be indexed and/or purged from storage.

Abstract: The disclosed technology relates to using a blockchain to manage files and ownership thereof for a file sharing and storage service. The blockchain can also record and track edits to the files. The file sharing and storage service can automatically analyze the files to identify various visual features and subjects, and record metadata thereof to the blockchain.

Abstract: A high-performance distributed ledger and transaction computing network fabric over which large numbers of transactions are processed concurrently in a scalable, reliable, secure and efficient manner. In one embodiment, the computing network fabric or “core” is configured to support a distributed blockchain network that organizes data in a manner that allows communication, processing and storage of blocks of the chain to be performed concurrently, with little synchronization, at very high performance and low latency, even when the transactions themselves originate from distant sources. This data organization relies on segmenting a transaction space within autonomous but cooperating computing nodes that are configured as a processing mesh. Secure transaction processing is facilitated by storing cryptographic key materials in secure and trusted computing environments associated with the computing nodes to facilitate construction mining proofs during the validation of a block.

Abstract: Techniques are described herein that are capable of detecting potential malicious use of a resource management agent using a resource management log. The resource management log is analyzed. The resource management log logs API requests that request that a resource management system cause the resource management agent to perform respective operations. An anomalous operation is detected among the operations based at least in part on an identified API request satisfying one or more criteria associated with anomalous behavior. The identified API request requests that the resource management system cause the resource management agent, which is loaded on a machine and which enables the resource management system to remotely manage resources associated with the machine, to perform the anomalous operation. An alert is generated to notify a user of the potential malicious use of the resource management agent based at least in part on detection of the anomalous operation.

Abstract: A computer implemented method for securing at least one of files and records related to a specific process, the method comprising obtaining interaction data comprising one or more persons and one or more files and/or records, said interaction data comprises a process interaction score between at least one user and the specific process; identifying, from the interaction data, one or more persons and one or more files and/or records related to the specific process; comparing a process threshold with a process interaction score between a target user and the specific process; and in response to the comparison satisfying a rule, performing a security operation on the one or more files and/or records related to the specific process.

Abstract: A method of logging in to an operating system applied to an electronic device is provided. A distributed identity document corresponding to a login request is obtained by querying a blockchain in response to the login request. A target public key is extracted from the distributed identity document, and an encrypted first character string is obtained by encrypting a first character string using the target public key. The encrypted first character string is sent to the user terminal. Once a second character string is received from the user terminal, whether or not allow the user terminal to log in to the operating system is determined according to the first character string and the second character string.

Abstract: A multi-tenant authentication system facilitates packaging and installing of integrations for authentication services of system tenants. The integrations include cloud resources of one or more cloud services. In order to package an integration, the multi-tenant authentication system retrieves resource manifests for cloud resources from corresponding cloud services. The multi-tenant authentication system generates the resource manifests to describe the cloud resource and any dependencies of the cloud resource, and also generates a package manifest including instructions for using the resource manifests to install the corresponding integration. The multi-tenant authentication system further facilitates installation of integration packages for tenants of the multi-tenant authentication system. The multi-tenant authentication system communicates with cloud services associated with resource manifests to install corresponding cloud resources to consistently replicate integrations for different tenants.

Abstract: In certain embodiments, resource allocation related to records may be facilitated by generating and using modified instances of such records. In some embodiments, a set of records associated with a user may be stored in a memory area, where each such record includes a record identifier. In response to obtaining one or more commands related to a resource transfer from a user device associated with the user, a new set of records associated with the user may be generated such that each record of the new set is (i) a modified instance of a corresponding record of the record set and (ii) includes a record identifier different from the record identifier of the corresponding record. In one use case, the new records and its data may then be utilized to perform operations related to the user commands. In another use case, the new records may replace its older corresponding records.

Abstract: A system and method for selectively transmitting cryptographically signed information to a limited number of parties of an agreement using one or more processors. For each party affected by a decision of a first party, the processors generate a token according to a function of both (i) a cryptographic key of the given party and (ii) a cryptographic key of a second party, and transmit to respective private data stores of each party (a) the first party's decision, (b) the generated token, and (c) an identity of the second party. The decision of the first party and the generated tokens are transmitted to the private data stores of only the parties that are affected by the decision of the first party.

Abstract: The present application relates to devices and components including apparatus, systems, and methods for secured user equipment communications over a user equipment relay. In some embodiments, symmetric or asymmetric encryption may be used for the secured user equipment communications.

Abstract: Control method and electronic device are provided. The electronic device includes: a controller; a first memory, connected to the controller and storing at least a boot system; and a second memory, connected to the controller, for storing update data of the boot system. After the electronic device completes a power-on self-test, the controller controls the first memory to be in an inaccessible state and controls the second memory to be in an accessible state.

Abstract: Some embodiments are directed to a container builder (110) for building a container image for providing an individualized network service based on sensitive data (122) in a database (121). The container builder (110) retrieves the sensitive data (122) from the database (121), builds the container image (140), and provides it for deployment to a cloud service provider (111). The container image (140) comprises the sensitive data (122) and instructions that, when deployed as a container, cause the container to provide the individualized network service based on the sensitive data (122) comprised in the container image (140).

Abstract: A method and an apparatus for processing a screen by using a device are provided. The method includes obtaining, at the second device, a display screen displayed on the first device and information related to the display screen according to a screen display request regarding the first device, determining, at the second device, an additional screen based on the display screen on the first device and the information related to the display screen, and displaying the additional screen near the display screen on the first device.

Abstract: A blockchain transaction filtering method including receiving a transaction request at the server, executing a first smart contract function comprised by a first smart contract stored on the server responsive to the transaction request, executing a first filter smart contract function comprised by a first filter smart contract stored on the server responsive to the transaction request, the first filter smart contract function checking the transaction request for inconsistency with a first filtering criterion, defining a first identified transaction request and implementing a first response responsive to identifying the first identified transaction request.

Abstract: A computer-implemented method of encrypting a data object of variable size utilizing an inner encryption algorithm can take a variable size input and of outputting, as its output, an encrypted version of the variable size input. The method comprises compressing or encoding the data object in its totality to obtain a compressed or encoded version of the data object in a format compatible with the inner encryption algorithm, encrypting, by the inner encryption algorithm, the compressed or encoded version of the data object to obtain an encrypted version of the data object, and decompressing or decoding the encrypted version of the data object to obtain a decompressed or decoded version of the encrypted version of the data object, which constitutes a format-preserved encrypted version of the data object.

Abstract: A method including determining, by a device, an assigned key pair including an assigned public key and an assigned private key; determining, by the device for a folder including encrypted content, a folder access key pair including a folder access public key and a folder access private key; encrypting, by the device, the folder access private key by utilizing the assigned public key; and accessing, by the device, the encrypted content based at least in part on decrypting the folder access private key. Various other aspects are contemplated.

Abstract: Secure communications can be established in which a request is received from a client computing device to instantiate a virtual key store (VKS) node. In response to the request, a cryptographically calculated uniform resource locator (URL) is generated. In addition, a crytopgraphic identity certificate is received from a certification authority server. Subsequently, a virtual desktop infrastructure (VDI) instance is instantiated and configured with the cryptographic identity certificate. Communications are then established between the client computing device and the VDI instance using the generated cryptographically calculated URL such that the VDI instance acts as a cryptographic proxy with at least one remote computing device.

Abstract: A method including determining, by a device, an assigned key pair including an assigned public key and an assigned private key; determining, by the device for a folder including encrypted content, a folder access key pair including a folder access public key and a folder access private key; encrypting, by the device, the folder access private key by utilizing the assigned public key; and accessing, by the device, the encrypted content based at least in part on decrypting the folder access private key. Various other aspects are contemplated.

Abstract: The disclosed embodiments include computer-implemented processes that, using a distributed notarized ledger, constrain an ability of multiple parties to simultaneously, or near simultaneously, update or modify elements of reference data maintained within a centralized data store. For example, an apparatus may receive, from a first computing system, a request to modify reference data maintained at a second computing system. The apparatus may approve the first requested modification to the reference data based on a notarization criterion maintained within an element of a notarized distributed ledger, and perform operations that record notarization data characterizing the approved modification within an additional element of the notarized distributed ledger. The apparatus may also transmit the notarization data to the first computing system, and the notarization data causing an application program executed by the first computing system to modify local reference data in accordance with the notarization data.

Abstract: A data protection system (10) and method are disclosed. The data protection system (10) includes a data repository (20), a data access interface (30) and an authentication system (40). The data repository (20) stores user data (25) for a user (50). The user data (25) comprises a plurality of individually encrypted components (25a-25e). The data access interface (30) is arranged to provide remote access to each of the individually encrypted components (25a-25e) in encrypted form. The data protection system (10) is arranged to provide selective access to each individual component in unencrypted form upon the authentication system authenticating the user for the respective component.

Abstract: A transmitter device for sending an encrypted message to a receiver device in an identity-based cryptosystem, the transmitter device being associated with a transmitter identifier. The transmitter device is configured to receive a transmitter partial private key from a trusted center, the transmitter device being configured to: send a request for two public session keys to the receiver device; receive from the receiver device a first ciphertext set, the first ciphertext set being derived from an encryption and authentication of two public session keys; decrypt and authenticate the two public session keys from the first ciphertext set using a receiver identifier and the transmitter partial private key; determine a second ciphertext set from the transmitter partial private key, from the receiver identifier, and from the two public session keys, the second ciphertext comprising an encrypted message; send the second ciphertext set to the receiver device.

Abstract: A capacity resolver system for provisioning and management of nodes at point of presence (POP) in a cloud-based multi-tenant system. The capacity resolver system includes a plurality of POPs and a cloud orchestration server. The POPs include hypervisors that include a plurality of nodes. The cloud orchestration receives a request for provisioning a node. The request is provisioned at the POP based on parameters from the hypervisors of the POP. The parameters include Central Processing Unit (CPU) Core utilization, memory utilization, disk utilization and Virtual File System (VFS) availability of the node. A triggering of one or more parameters above their respective threshold values is determined at the POP. Nodes are identified for downsizing or migration based on the triggering of the one or more parameters. The node is provisioned at the hypervisor of the POP in accordance with a priority for the downsizing or the migration of the nodes.

Abstract: A method including determining, by a device, an assigned key pair including an assigned public key and an assigned private key; determining, by the device for a folder including encrypted content, a folder access key pair including a folder access public key and a folder access private key; encrypting, by the device, the folder access private key by utilizing the assigned public key; and accessing, by the device, the encrypted content based at least in part on decrypting the folder access private key. Various other aspects are contemplated.

Abstract: A registration device (200) generates an encryption keyword by encrypting a keyword with a registration key, generates an index including the encryption keyword and identification information which identifies a corresponding ciphertext, generates a conversion key from the registration key and a search key, and registers a plurality of ciphertexts, the index, and the conversion key in a server device (400). A search device (300) generates a search query by encrypting a keyword, and transmits the search query to the server device (400).

Abstract: In an embodiment, dynamically-generated code may be supported in the system by ensuring that the code either remains executing within a predefined region of memory or exits to one of a set of valid exit addresses. Software embodiments are described in which the dynamically-generated code is scanned prior to permitting execution of the dynamically-generated code to ensure that various criteria are met including exclusion of certain disallowed instructions and control of branch target addresses. Hardware embodiments are described in which the dynamically-generated code is permitted to executed but is monitored to ensure that the execution criteria are met.

Abstract: A method and system of cloning a multi-tiered application is disclosed and it comprises of validating received source server configuration data against received target server configuration data. Further the data at a set of nodes on the target server is restored. The cloning of the multi-tiered application is initiated based on a set of predetermined rules, wherein the cloning comprises a set of sequential actions performed at each of the set of nodes. The method of cloning comprises of generating a set of dynamic configuration files for the set of nodes based on the predefined restore rules and the validation and also generating a set of tokens for the set of nodes to communicate status of refresh. Further the target application is restored based on the set of dynamic configuration files and the set of sequential actions at each of the set of nodes is performed based on the status of set of tokens.

Abstract: Techniques and systems for protecting data input to a web-based application are provided herein. A method may include executing, within a web browser being executed by a computer system, a web-based application. Execution of the web-based application may include tagging one or more data fields as sensitive and fetching a public key from a remote server system. The method may include identifying, by the web-based application, a keystroke entry being input into the one or more data fields tagged as sensitive within the web-based application. Prior to storing the keystroke entry in memory mapped to the web browser, the method may include encrypting by the web-based application, the keystroke entry using the fetched public key to generate an encrypted entry. The web browser may store the encrypted entry to memory. Importantly, the keystroke entry may never be stored to the memory of the web browser in an unencrypted form.

Abstract: A computing device includes one or more processors, a memory and an encryption accelerator. The memory includes instructions that when executed on the processors cause a first networking session to be established between a pair of communication peers. Encryption of messages of the first session is enabled by a parameter of a security protocol of the session. The encryption accelerator obtains a key determined in the first session, and uses the key to encrypt messages of a second networking session established between the peers.

Abstract: A method, non-transitory computer readable medium, and device that assists with managing storage in a distributed deduplication system includes receiving an object to be stored from a client computing device. The received object is divided into a plurality of fragments. A plaintext hash value and a ciphertext hash value is determined for each of the plurality of fragments, wherein each of the plurality of fragments is renamed with the corresponding determined ciphertext hash value. Each of the renamed plurality of fragments are stored in a plurality of storage repositories.

Abstract: A data processing system and a data processing method are capable of concealing files and folders. The data processing system of the invention includes a data storage device and at least one processor. When an application process is started and executed by the at least one processor to search a designated folder in the data storage device through a storage device driver residing in a kernel mode of an operating system, a storage filter driver residing in the kernel mode of the operating system judges if there are any files in the designated folder which have not been searched, and if any, the storage filter driver retrieves a next file in the designated folder through the storage device driver. If the storage filter driver determines that the application process is untrusted and determines that the next file is a concealed file, the storage filter driver does not return the next file.