Abstract: The present invention relates to data rights management and more particularly to a secured system and methodology and production system and methodology related thereto and to apparatus and methodology for production side systems and are consumer side systems for securely utilizing protected electronic data files of content (protected content), and further relates to controlled distribution, and regulating usage of the respective content on a recipient device (computing system) to be limited strictly to defined permitted uses, in accordance with usage rights (associated with the respective content to control usage of that respective content), on specifically restricted to a specific one particular recipient device (for a plurality of specific particular recipient devices), or usage on some or any authorized recipient device without restriction to any one in specific, to control use of the respective content as an application software program, exporting, modifying, executing as an application program, viewing,

Abstract: A method includes: detecting, by a computing device, a new entry in one of plural databases; comparing, by the computing device, the new entry to watch entries defined in a watch database; determining, by the computing device, whether the new entry matches a watch entry in the watch database; creating, by the computing device, a new watch in the watch database when the new entry does not match any watch in the watch database; and updating, by the computing device, a watch in the watch database when the new entry matches the watch in the watch database.

Abstract: An anti-virus chip includes a first connection terminal, a second connection terminal, a detection unit and a processing unit. The first connection terminal and the second connection terminal are respectively coupled to a connection port and a system circuit of an electronic device. The detection unit detects whether the connection port is connected to an external device via the first connection terminal. When the detection unit detects that the connection port is connected to the external device, the processing unit performs a virus-scan program on the external device to determine whether a virus exists in the external device. When determining that a virus does not exist in the external device, the processing unit establishes a first transmission path between the first connection terminal and the second connection terminal. When determining that a virus exists in the external device, the processing unit does not establish the first transmission path.

Abstract: A memory controller and a storage device including the same are provided. The memory controller generates a plurality of scrambled data by randomizing input data, counts the number of toggles per bit of each scrambled data, and writes one scrambled data with a smallest number of toggles in a non-volatile memory.

Abstract: According to one embodiment, a memory system includes a nonvolatile memory and a controller. In response to receiving from a host a write request designating a first address for identifying data to be written, the controller encrypts the data with the first address and a first encryption key, and writes the encrypted data to the nonvolatile memory together with the first address. In response to receiving from the host a read request designating a physical address indicative of a physical storage location of the nonvolatile memory, the controller reads both the encrypted data and the first address from the nonvolatile memory on the basis of the physical address, and decrypts the read encrypted data with the first encryption key and the read first address.

Abstract: Recovery of an in-memory database is initiated. Thereafter, pages for recovery having a size equal to or below a pre-defined threshold are copied to a superblock. For each copied page, encryption information is added to a superblock control block for the superblock. The copied pages are encrypted within the superblock using the corresponding encryption information added to the super block control block. The superblock is then flushed from memory (e.g., main memory, etc.) of the database to physical persistence.

Abstract: A backend computer and methods of using the backend computer are described. The method may comprise: receiving, at a first backend computer, sensor data associated with a vehicle; determining a labeling of the sensor data, comprising: determining personal data and determining non-personal data that is separated from the personal data, wherein each of the personal and non-personal data comprise labeled data, wherein the personal data comprises information relating to at least one identified or identifiable natural person; and performing via the personal data and the non-personal data that is separated from the personal data, at the first backend computer, data processing associated with collecting sensor data associated with the vehicle.

Abstract: A system for distributed key storage, comprising a requesting device communicatively connected to a plurality of distributed storage nodes, the requesting device designed and configured to receive at least a confidential datum, select at least a distributed storage node of a plurality of distributed storage nodes, whereby selecting further comprises receiving a storage node authorization token from the at least a distributed storage node, querying an instance of a distributed authentication listing containing authentication information using at least a datum of the storage node authorization token, retrieving an authentication determination from the instance of the authentication listing, and selecting the at least a distributed storage node as a function of the authentication determination, generate at least a retrieval authentication datum, and transmit the at least a confidential datum and the at least a retrieval verification datum to the at least a distributed storage node.

Abstract: Embodiments of the inventive concept include solid state drive (SSD) multi-card adapters that can include multiple solid state drive cards, which can be incorporated into existing enterprise servers without major architectural changes, thereby enabling the server industry ecosystem to easily integrate evolving solid state drive technologies into servers. The SSD multi-card adapters can include an interface section between various solid state drive cards and drive connector types. The interface section can perform protocol translation, packet switching and routing, data encryption, data compression, management information aggregation, virtualization, and other functions.

Abstract: Systems and methods for generating and validating certified electronic credentials are disclosed. A publisher may receive a certified electronic credential order from a credentialer and prepare a plurality of certified electronic credentials. The publisher may associate each credential with authentication information and a credential record, and retain a database of associated authentication information and credential records. The publisher may provide validation services, receiving a validation request through a credentialer's validation portal, and provide a response through the credentialer's portal indicative of the validity, additional information about the credential and/or the credential holder. The credential holder may assign a personal access key to control or limit the validation of a credential. A validating entity may receive credential validation through the credentialer with a heightened degree of confidence in the validation and lack of forgery.

Abstract: Methods and systems described herein improve blockchain storage operations in a variety of environments. A blockchain compression system may determine that a blockchain compression condition associated with a blockchain having a first plurality of blocks has been satisfied. In response, the system compresses the first plurality of blocks using a first hash tree into a first root hash value and stores the first plurality of blocks in a first database. The blockchain compression system generates a first new era genesis block that includes the first root hash value and a first database address of the first database at which the first plurality of blocks are stored. The blockchain compression system stores the blockchain at one or more nodes in a blockchain network. The blockchain includes the first new era genesis block and any previous new era genesis blocks. This may effectively reduce storage requirements for the blockchain, in various embodiments.

Abstract: Methods and apparatus for providing a resource element identification system to process received uplink transmissions. In an embodiment, a method is provided that includes receiving soft-demapped symbols that comprises resource elements. The method also includes descrambling the resource elements of the symbols one-by-one using descrambling bits generated by at least one linear feedback shift register (LFSR). After each symbol is descrambled, a state of the at least one LFSR is stored as a stored state. The method also comprises restoring the stored state to the at least one LFSR before a next symbol is descrambled so that generation of the descrambling bits continues from symbol to symbol. The method also comprises forwarding the descrambled symbols to a downstream combining function.

Abstract: Systems and methods for processing tokenization requests to facilitate safe storage of tokens. A tokenization request comprising sensitive data is received. A sensitive data digest is generated based on the sensitive data and a query comprising the sensitive data digest is submitted to a database. The database stores a plurality of relational elements. Each relational element being mapped to: (i) a given sensitive data digest stored in the database and (ii) a given token digest stored in the database. A token associated with the sensitive data is generated based on a response to the query received from the database.

Abstract: Described herein are systems and methods for controlling access to a protected resource based on various criteria. In one exemplary aspect, a method comprises designating a plurality of program data installed on a computing system as protected program data; intercepting, by a kernel mode driver, a request from an untrusted application executing on the computing system to alter at least one of the protected program data; classifying, by a self-defense service, the untrusted application as a malicious application based on the intercepted request and information related to the untrusted application; and responsive to classifying the untrusted application as a malicious application, denying, by the kernel mode driver, access to the at least one of the protected program data.

Abstract: Techniques are described herein for performing key rotation and key replacement. In an embodiment, a request is received that specifies key names. A first set of messages is generated, where each message identifies a table that is associated with the encrypted-data locations, and stored in a queue for processing by a first plurality of worker processes. Each worker process retrieves a message from the queue and generates a second message that identifies a subset of encrypted data records from the table. Each second message is stored in a distinct queue which is assigned to a worker process of a second plurality of worker processes. Each worker process retrieves the message from the assigned queue, decrypts the subset of encrypted data records, re-encrypts the decrypted data records using a new encryption key that corresponds to a new key name, and stores the re-encrypted data records in a database.

Abstract: Various embodiments relate to an inline encryption engine in a memory controller configured to process data read from a memory, including: a first data pipeline configured to receive data that is plaintext data and a first validity flag; a second data pipeline having the same length as the first data pipeline configured to: receive data that is encrypted data and a second validity flag; decrypt the encrypted data from the memory and output decrypted plaintext data; an output multiplexer configured to select and output data from either the first pipeline or the second pipeline; and control logic configured to control the output multiplexer, wherein the control logic is configured to output valid data from the first pipeline when the second pipeline does not have valid output decrypted plaintext data available.

Abstract: An embodiment is directed to a hardware circuit for encrypting and/or decrypting data transmitted between a processor and a memory. The circuit is situated between the processor and memory. The circuit includes a first interface communicatively coupled to the processor via a set of buses. The circuit also includes a second interface communicatively coupled to the memory. The circuit further includes hardware logic capable of executing an encryption operation on data transmitted between the processor and memory, without adding latency to data transmission speed between the processor and the memory. The hardware logic is configured to encrypt data received at the first interface from the processor, and transmit the encrypted data to the memory via the second interface. The hardware logic is also configured to decrypt data received at the second interface from the memory, and transmit the decrypted data to the processor via the first interface.

Abstract: The purpose of the present invention is to provide a new data utilization system in which, while an individual independently uses and utilizes one's own personal data, security and anonymity of the data can be effected.

Abstract: A novel architecture for a data sharing system (DSS) is disclosed and seeks to ensure the privacy and security of users' personal information. In this type of network, a user's personally identifiable information is stored and transmitted in an encrypted form, with few exceptions. The only key with which that encrypted data can be decrypted, and thus viewed, remains in the sole possession of the user and the user's friends/contacts within the system. This arrangement ensures that a user's personally identifiable information cannot be examined by anyone other than the user or his friends/contacts. This arrangement also makes it more difficult for the web site or service hosting the DSS to exploit its users' personally identifiable information. Such a system facilitates the encryption, storage, exchange and decryption of personal, confidential and/or proprietary data.

Abstract: A method for multi-party authorization includes a security component determining that a request for the performance of an action on a computing device is from a first party. The security component initiates transmissions to the computing device of first and second information indicating knowledge of first and second secrets provisioned on the computing device. The computing device, upon verifying the knowledge of first and second secrets, then permits the requested action.

Abstract: In one embodiment, a service receives administration traffic data in a network associated with a remote administration session in which a control device remotely administers a client device. The service analyzes the administration traffic data to determine whether any portion of the administration traffic data is resulting from an administration session involving a trusted administrator. The service flags a first portion of the administration traffic data as authorized when the first portion of the administration traffic data is determined to result from an administration session involving a trusted administrator, and a second portion of the administration traffic data is non-flagged. The service assesses the second portion of the administration traffic data using a machine learning-based traffic classifier to determine whether the second portion of the administration traffic data is malicious.

Abstract: A system and method for digitally signing data. A method includes generating, by a first device, at least one first secret share based on a secret key chosen by the first device, wherein the first device is offline with respect to a second device; partially signing data by the first device using the at least one secret share, wherein the data is received from the second device without establishing direct communications between the first device and the second device; and sending the partially signed data from the first device to the second device, wherein the second device generates signed data using the partially signed data, wherein the signed data corresponds to a public key generated based on the at least one first secret share and at least one second secret share generated by the second device.

Abstract: A computer-implemented method of authenticating a memory of a gaming machine uses a computing device having a processor communicatively coupled to a memory. The method includes identifying a first subset of the memory including one or more operational data components associated with operating the gaming machine. The method also includes identifying a second subset of the memory. At least some of the second subset of the memory is distinct from the first subset of the memory. The method further includes authenticating the first subset of the memory while the gaming machine is in a disabled state. The method also includes enabling operation of the gaming machine after the authenticating the first subset of the memory if the authentication of the first subset of the memory is successful. The method further includes authenticating the second subset of the memory while the gaming machine is in an enabled state.

Abstract: Technology related to managing network traffic with sensitive data is disclosed. In one example, a method can include performing a cryptographic transformation of sensitive data of a request from a requestor for a resource. A portion of the cryptographic transformation of the sensitive data of the request can be transmitted to a sensitive data server. One or more possible matches to the cryptographic transformation of the sensitive data of the request can be received from the sensitive data server. A match to the cryptographic transformation can be identified within the one of the one or more possible matches. In response to identifying the match, an access policy for the requestor or the resource can be changed.

Abstract: A cryptographic anonymization method, apparatus, and system are disclosed. An example apparatus includes a server configured to receive encrypted usage information and an identifier from an application operating on a user terminal and trans-cypher the encrypted usage information from a first encryption scheme to a second encryption scheme to create second encrypted usage information without decrypting the encrypted usage information. The server is also configured to convert and encrypt the identifier to an encrypted unique identifier. The server is further configured to compare the second encrypted usage information to a taxonomy of data labels using rules. For each match of at least some of the second encrypted usage information to a data label, the server is configured to add the encrypted unique identifier to the matching data label. The server uses the data labels and/or the encrypted unique identifier for serving advertisements to the user.

Abstract: Methods and systems are presented for facilitating a data migration process between two data centers in an automated and secured manner. Based on detection of an event, a migration server initiates a data migration process for migrating data from a source data center to a destination data center. The migration server transmits instructions to a first migration application of the source data center, which causes the first migration application to retrieve the data, encrypt the data within an attested enclave of the source data center, and transfer the encrypted data to a pipeline. The migration server also transmits instructions to a second migration application of the destination data center, which causes the second migration application to retrieve the encrypted data from the pipeline, decrypt the encrypted data in an attested enclave of the destination data center, and store the decrypted data in a data storage of the destination data center.

Abstract: The present disclosure relates to a method of fault detection in an application, by an electronic circuit, of a first function to a message, including the steps of generating, from the message, a non-zero even number N of different first sets, each including P shares; applying, to the P shares of each first set, one or a plurality of second functions delivering, for each first set, a second set including Q images; and cumulating all the images, starting with at most Q-1 images selected from among the Q images of a same second set.

Abstract: Systems and methods for ensuring that data received from a virtual device is random are provided. A processing device may be used to generate, by a virtual device executing on a hypervisor, data intended for a virtual machine (VM) having a guest memory that includes one or more encrypted pages and one or more unencrypted pages. Data written to an encrypted page of the guest memory by the VM is encrypted using an encryption key assigned to the VM and information read from the encrypted page by the VM is decrypted using the encryption key. The hypervisor may write the data to the encrypted page, wherein the data is not encrypted by the encryption key assigned to the VM because it is written by the hypervisor. The VM reads the data from the encrypted page as randomized data because it cannot be properly decrypted by the encryption key.

Abstract: This disclosure describes techniques for authentication related to verification of identity for network access. The techniques may include sending a challenge associated with authentication to a network to a mobile device. In response to sending the challenge, the techniques may include receiving a challenge response from the mobile device. The challenge response may include biometric credential information associated with a user of the mobile device. The challenge response may also include an indication of an authorization assertion associated with the authentication to the network. In some examples, the techniques may include tailoring access to the network for the mobile device based on the biometric credential information.

Abstract: A method for verifying licenses is performed by a legacy management controller (LMC) and a non-legacy management controller (NLMC). The method includes obtaining, by the LMC, a first license installation request and a license, wherein the license comprises license data and a plurality of signatures; in response to the first license installation request: making a first determination, by the LMC, that a first signature of the plurality of signatures is valid; in response to the first determination: installing, by the LMC, the license on the LMC; obtaining, by the NLMC, a second license installation request and the license; in response to the second license installation request: making a second determination, by the NLMC, that a second signature of the plurality of signatures is valid; and in response to the second determination: installing, by the NLMC, the license on the NLMC.

Abstract: The present disclosure describes techniques of encryption and decryption. The described techniques comprise obtaining a digital code to be encrypted; obtaining at least one predetermined rule; generating an encrypted digital code by rearranging and reorganizing bits comprised in the digital code to be encrypted based on the at least one predetermined rule; and delivering the encrypted digital code to a client computing device.

Abstract: A security processor includes a key generator circuit configured to randomly generate a key, an encryption circuit configured to encrypt user data based on the key, and a security manager circuit configured to receive a first user identification (ID), which uniquely corresponds to a user of a device, and determine whether to allow access to the user data by authenticating the first user ID.

Abstract: An encrypted data storage system and method based on offsite key storage are provided, comprising the system includes a key control center, an offsite key storage system, and a data encryption/decryption storage system. The offsite key storage system includes a first key control device, a key storage device, and a first quantum key distribution device. The data encryption/decryption storage system includes a second key control device, a data encryption/decryption storage device, and a second quantum key distribution device. The first quantum key distribution device is in quantum communication connection with the second quantum key distribution device. The first key control device is communicatively connected with the key storage device and the first quantum key distribution device, respectively.

Abstract: A method includes receiving a request to migrate a virtual machine executing on a source host computer system to a first destination host computer system. The method further includes receiving, from the virtual machine executing on the source host computer system, an encryption key specific to the virtual machine. One or more memory pages associated with the virtual machine are encrypted using the encryption key specific to the virtual machine. The method further includes causing the one or more memory pages associated with the virtual machine to be copied to the first destination host computer system.

Abstract: An integrated circuit for digital signal routing. Signal routing is achieved with a multiply-accumulate block, which takes data from one or more data sources and, after any required scaling, generates output data for a data destination. Data from a data source is buffered for an entire period of a data sample clock so that the multiply-accumulate block can retrieve the data at any point in the period, and output data of the multiply-accumulate block is buffered for an entire period of the data sample clock so that the data destination can retrieve the data at any point in the period. The multiply-accumulate block operates on a time division multiplexed basis, so that multiple signal paths can be processed within one period of the sample clock.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed for audio equalization. Example instructions disclosed herein cause one or more processors to at least: detect an irregularity in a frequency representation of an audio signal in response to a change in volume between a set of frequency values exceeding a threshold; and adjust a volume at a first frequency value of the set of frequency values to reduce the irregularity.

Abstract: Systems, computer program products, and methods are described herein for implementing enhanced file encryption technique. The present invention is configured to receive a request from a computing device of a user to encrypt a file; encrypt the file using a local file encryption key to generate an encrypted file; transmit, via an encryption engine, a first encryption request to an encryption server to encrypt a first portion of the encrypted file; receive, from the encryption server, an encrypted first portion of the encrypted file based on at least the first encryption request, wherein the first portion of the encrypted file is encrypted by the encryption server using a first file encryption key; append the encrypted first portion of the encryption file with a remaining portion of the encrypted file to generate a final encrypted file; and store the final encrypted file in a data repository.

Abstract: Described embodiments provide systems and methods for selecting one or more firewall rules to apply to a server based at least on identifying a service of the server. A device intermediary to a plurality of clients and a serve may identify a pattern of a firewall to apply to a response from the server to a request from a client of the plurality of clients. The pattern may be to identify a service configured on the server. The device may determine that the response from the server matches the pattern. The device may identify, responsive to the response matching the pattern, that the service is configured on the server. The device may select, based at least on the service, one or more rules for the firewall to apply to responses from the server.

Abstract: Disclosed herein is a data storage device comprising a data path and an access controller. The access controller generates a recovery private key, generates encrypted authorization data based on the recovery private key, stores the encrypted authorization data, and sends the recovery private key to a manager device. When recovery is desired, access controller receives a recovery public key, calculated based on the recovery private key, from a recovery manager device, decrypts the encrypted authorization data based on the recovery public key, generates a challenge for the recovery manager device based on the decrypted authorization data, sends the challenge to the recovery manager device over the communication channel that is different from the data path, receives a response to the challenge from the recovery manager device over the communication channel, and based at least partly on the response, enables decryption of the encrypted user content data.

Abstract: An information handling system includes a general storage for storing application data of applications hosted by the information handling system. The information handling system also includes a management storage for storing management data used to manage operation of the information handling system. The information handling system further includes a management storage manager that obtains data for storage in the management storage; encrypts the data to obtain encrypted data and authentication data for the encrypted data; generates error correction code data for the encrypted data and the authentication data; and stores, as a new record, the encrypted data, the authentication data, and the error correction code data in the management storage.

Abstract: A privacy protecting transaction engine for a cloud provider network is described. According to some embodiments, a computer-implemented method includes receiving a request from a customer of a cloud provider network to create a customer cloud in the cloud provider network, generating the customer cloud in the cloud provider network, receiving a first request at the cloud provider network for the customer cloud that includes private information of an end customer of the customer of the cloud provider network, removing the private information from the first request by a privacy protecting transaction engine of the cloud provider network to generate a second request, and sending the second request to the customer cloud for servicing.

Abstract: Computerized methods and systems identify malware enabled by automatically generated domain names. An agent executes a malware, in a controlled environment, at a first temporal input value and a second temporal input value. A first set of domain names is generated in response to the execution at the first temporal input value. A second set of domain names is generated in response to the execution at the second temporal input value. The agent compares the first set of domain names with the second set of domain names to produce a comparison output metric.

Abstract: Example selector derived encryption methods and systems include creating a hashed and encrypted database, as well as performing a query against the hashed and encrypted database using an encrypted selector exchange protocol to prevent the exposure of extraneous data from the hashed and encrypted database.

Abstract: Devices and techniques are generally described for an edge computing system. In various examples, a first application executed by a first virtual machine may generate a configuration file specifying a first machine learning task and first data. The first virtual machine may send the configuration file to a second virtual machine. The second virtual machine may generate first data effective to cause the first machine learning task to be executed by a third virtual machine. In various examples, the second virtual machine may retrieve the first data. In at least some examples, the second virtual machine may send the first data and the second data to a third virtual machine configured with access to a graphical processing unit.

Abstract: Systems and methods are provided for reordering and/or bypassing certain informational content or menus that are conventionally presented prior to playback of media content stored on physical media discs. Upon initial use of a physical media disc, certain information content or menus may be presented to a user or viewer, for example, piracy warnings, language selection menus, etc. However, upon subsequent use of the physical media disc, such informational content or menus may be bypassed. The user or viewer is given an option to immediately begin consuming the media content stored on the physical media disc. Conventional content, such as trailers are not played prior to playback of the media content.

Abstract: Methods and systems for managing and/or processing a blockchain to maintain data security for confidential and/or personal data are provided. According to certain aspects, the disclosed data security techniques may enable access sharing functionality utilizing the blockchain. For example, access sharing may be utilized to share policy information. The policy information may be associated with a smart contract. Accordingly, the policy information may be encrypted using a public key for the smart contract and compiled into a block of the blockchain. In response to a request to provide access to the information to a particular node, the private key for the smart contract may be encrypted using the public key for the particular node and compiled into a block of the blockchain.

Abstract: A method and associated system for matching and delivering digital work metadata to one or more digital service providers, including modifying one or more digital work metadata files to remove non-critical data or segment erroneous data from the one or more digital work metadata files; reformatting the one or more digital work metadata files for compatibility with a digital service provider usage report table; performing a first matching operation, in which the one or more digital work metadata files are compared to the digital service provider usage report table on the basis of one or more data points; performing a second matching operation, the second matching operation being an artificial intelligence (AI) matching operation on one or more unmatched digital work metadata files of the one or more digital work metadata files; and transmitting output data from the matching operations to the one or more digital service providers.

Abstract: A gateway device is connected via one or more networks to electronic controllers on-board a vehicle. The gateway device includes one or more memories, and circuitry that acquires firmware update information. The circuitry determines whether or not a first electronic controller satisfies a second condition based on second information about the first electronic controller, where the second information is whether the first electronic controller includes a firmware cache for performing a pre-update firmware cache operation. The circuitry also causes, when the second condition is not satisfied, the gateway device to execute a proxy process, where the gateway device requests the first electronic controller to transmit boot ROM data to the gateway device, creates updated boot ROM data with the updated firmware, and transmits the updated boot ROM data to the first electronic controller that updates the boot ROM and resets the first electronic controller with the updated firmware.

Abstract: An integrated circuit (IC) includes: a storage having a storage interface and addressable bytes, the storage interface coupled to first and second sets of peripheral terminals; control circuitry having control circuitry inputs and control circuitry outputs, the control circuitry inputs coupled to the storage interface and configured to receive configuration bits provided by the storage responsive to a control circuitry update trigger, and the control circuitry outputs coupled to first and second sets of peripheral outputs; and a cyclic-redundancy check (CRC) engine coupled to the storage interface, the CRC engine configured to distinguish between purposeful updates to the data in the storage and bit errors in the data in the storage.

Abstract: A system and method for the storage within one or more virtual execution context registers private code representative of processes or other information requiring an enhanced degree of security. The storage of the private code can be performed as a function of the type of code or in response to one or more markers embedded within the code. The time-variant nature of the virtual execution context registers affords a high degree of inherent security for the private code data stored within.