Abstract: The present disclosure relates to a method for accessing a database stored on a server using a relation. The server is coupled to a client computer via a network, wherein the relation comprises first data items, the first data items forming a partially ordered set in the first relation, wherein for each first data item a referential connection exists in the database assigning said first data item to at least one second data item of the database. The method comprises: identifying first data items of the relation referencing N second data items; for each identified first data item modifying, using a same modification method, the identified first data item M times, wherein M?N, for obtaining M unique modified data items; associating with each of modified first data items of a given first data item a respective portion of the N referential connections of the given first data item; inserting the modified first data items in the relation, thereby replacing the identified first data items.

Abstract: A data storage device and method for securely storing and retrieving data at a data storage device. The disclosure includes a reverse encryption where a decryption function is applied to plaintext data to generate ciphertext data. Conversely, the disclosure includes applying an encryption function to ciphertext data to generate plaintext data. This involves using an encryption function that is inverse, and symmetric, to the decryption function. In some specific examples, this includes sharing cryptography engines for securing user data in a storage medium and securing device management data in host memory.

Abstract: A system for shutting down a process of a database is provided. In some aspects, the system performs operations including tracking, during startup of a process, code locations of a process in the at least one memory. The operations may further include tracking, during runtime of the process and in response to the tracking the code locations, memory segments of the at least one memory allocated to the process. The operations may further include receiving an indication for a shutdown of a process. The operations may further include waking, in response to the indication, at least one processing thread of a plurality of processing threads allocated to a database system. The operations may further include allocating a list of memory mappings to the plurality of processing threads. The operations may further include freeing, by the first processing thread, the physical memory assigned to the processing thread by the memory mappings.

Abstract: An authentication method for a user to access service providers through an online enabled device, an offline authentication device configured to authenticate a user to service providers through online enabled devices, and a user authentication system comprising a authentication device, an online enabled device and online service providers.

Abstract: Some embodiments of the present disclosure disclose methods and systems for assessing the data risk management capabilities of data processors that receive second-party data as part of an engagement to provide support services. In some embodiments, the transfer of the second-party data to the data processors can be monitored to identify file transfers including unauthorized personally identifiable information (PII) attributes. In some embodiments, the database of the data processor may be scanned to locate any residual second-party data that should be removed after the data processor's engagement to provide the support services have expired.

Abstract: This application sets forth techniques for managing phone number-based user accounts. According to some embodiments, a server computing device can be configured to carry out the steps of (1) receiving, from a first client computing device, a request to create a user account based on a phone number, (2) in response to authenticating that the first client computing device is associated with the phone number: creating the user account based on the phone number, creating a hidden contact address based on the phone number, and assigning the hidden contact address to the user account, and (3) in response to receiving a notification that a second client computing device is associated with the phone number: requiring the user account to be updated to be based on a different phone number, or assigning, to the user account, a visible contact address based on the phone number.

Abstract: Methods, systems, and computer programs are presented for secure data encryption in a multi-tenant service platform. One method includes an operation for detecting a write request to write index data to storage. The write request is from a first user from a group of users, and the storage is configured to store index data for the group of users. Further, the method includes operations for authenticating that the first user is approved for access to the storage, and for identifying a first encryption key for the first user, where each user from the group of users has a separate encryption key. Further yet, the method includes encrypting the index data with the first encryption key and storing the encrypted index data in the storage.

Abstract: An extended enterprise browser installed on an endpoint device provides protection from ransomware attacks to SaaS and private enterprise applications. The extended enterprise browser monitors for alternate browser installed on the endpoint device. The extended enterprise browser may take one or more actions to block the spread of ransomware by the alternate browser.

Abstract: System and methods are disclosed including a plurality of memory devices and a processing device, operatively coupled with the plurality of memory devices, to perform operations comprising: receiving, from a host system, encrypted write data appended with error-checking data; determining whether the encrypted write data contains an error based on the error-checking data; and responsive to determining that the encrypted write data contains an error, notifying the host system that the encrypted write data contains an error.

Abstract: A processing service of a provider network may protect media content from being tampered with when it is transmitted from the provider network/transcoder to untrusted networks (e.g., third-party networks/CDNs) and to a media player. The processing service (e.g., the transcoder) generates a public and a private key. The service uses the private key to digitally sign content portions (e.g., video frames) before distribution to untrusted CDNs. The provider network creates a manifest that includes the public key. To play the media content, the media player obtains a manifest that includes the public key (via a secure/trusted connection with the provider network). The media player may then obtain the media content from an untrusted edge server/CDN and validate it using the public key that was separately obtained from the manifest (to verify the content was not tampered with).

Abstract: A method and system for securing an operating domain that spans one or more distributed information technology networks is disclosed. In the present invention, a state machine reference monitor, comprising a monitor port operatively connected to one or more network traffic capture devices positioned across a distributed network of an operating domain, with each traffic capture interception network device in communication with a central server. Each interception network device along with the central server having a processor and a memory comprising instructions, which when executed by each device processor perform the method of extracting logic state data and deducting ancillary logic state data across the distributed operating domain.

Abstract: System and methods of gating notifications for content objects of an electronic learning platform are described herein. The notification may be conditioned on whether the content object is available to a user receiving the notification, or the state of the content object, for example.

Abstract: In one embodiment, an encoded pointer is constructed from a stack pointer that includes offset. The encoded pointer includes the offset value and ciphertext that is based on encrypting a portion of a decorated pointer that includes a maximum offset value. Stack data is encrypted based on the encoded pointer, and the encoded pointer is stored in a stack pointer register of a processor. To access memory, a decoded pointer is constructed based on decrypting the ciphertext of the encoded pointer and the offset value. Encrypted stack data is accessed based on the decoded pointer, and the encrypted stack is decrypted based on the encoded pointer.

Abstract: A page processing method. The method includes generating a loading masking directory when page data of a target page is being loaded, the loading masking directory including a data directory corresponding to a data module set to be loaded in the target page, and loading state information of data modules in the data module set; and displaying the loading masking directory at least during a loading period of the page data.

Abstract: A command to perform a data operation at a memory device is received. The command includes an encryption key tag. A first key table is accessed from local memory. The first key table includes a first set of key entries corresponding to a first set of encryption keys. The first key table is searched to determine whether it includes an entry corresponding to the encryption key tag. Based on determining the first key table does not include an entry corresponding to the tag, a second key table is accessed from RAM. The second key table includes a second set of key entries corresponding to a second set of encryption keys. A key entry corresponding to the encryption key tag is identified from the second key table. The key entry includes an encryption key corresponding to the encryption key tag. The command is processed using the encryption key.

Abstract: An apparatus includes a cache controller circuit and a cache memory circuit that further includes cache memory having a plurality of cache lines. The cache controller circuit may be configured to receive a request to reallocate a portion of the cache memory circuit that is currently in use. This request may identify an address region corresponding to one or more of the cache lines. The cache controller circuit may be further configured, in response to the request, to convert the one or more cache lines to directly-addressable, random-access memory (RAM) by excluding the one or more cache lines from cache operations.

Abstract: An industrial control system module and methods are described for self-destruction or the destruction and/or erasure of sensitive data within the industrial control system module upon an indication of an unauthorized module access event. In an implementation, a secure industrial control system module includes a circuit board including electrical circuitry; a sealed encasement that houses the circuit board, where the sealed encasement includes a housing having a first housing side and a second housing side, where the housing is configured to house the circuit board when the first housing side and the second housing side are coupled together; and a first sensor component integrated with the sealed encasement, where the first sensor component is communicably coupled to the circuit board and electrical circuitry and is configured to provide an indication of an unauthorized access event.

Abstract: A method for authenticating a mobile device in real-time. The method includes detecting the mobile device, sending a text message containing a unique uniform resource locator (“URL”) to the mobile device, and detecting an access of the unique URL by the mobile device through a first communication path. In response to detecting the access of the unique URL, requesting and subsequently receiving, by the host system in real-time, a phone number and a subscriber identification ID associated with the mobile device through a second communication path distinct from the first communication path, and a device fingerprint of the mobile device through the first communication path. The method further includes initiating a risk analysis based on the phone number, the subscriber ID, and the device fingerprint and determining an authentication status of the mobile device based on the risk analysis.

Abstract: A programmable integrated circuit device includes a programmable core, a boot device configured to boot up the programmable core, and a one-time programmable memory module controlling life cycle states of the programmable integrated circuit device, including (i) an operational state during which programming resources of the programmable device are locked, and (ii) an inspection state in which the programming resources of the programmable device are accessible. The one-time programmable memory module is configured to allow unidirectional advance from the operational state to the inspection state, when authorized by a lock control circuit responsive to control signals from the boot device to authorize the unidirectional advance from the operational state to the inspection state. Authorization of the unidirectional advance may be limited to a time interval during a boot cycle of the programmable device. The unidirectional advance may be based on receipt of an authenticated request from a requester.

Abstract: There is provided a method of communication among at least two processes miming on the same computer. The method comprises: generating, by at least one process of the at least two processes, a group key usable for encrypting/decrypting a data unit retrieved from/stored to shared access memory, wherein the generating utilizes, at least, a nonce provided by each of the at least two processes, and wherein the nonces are provided as encrypted integrity-protected data according to, at least, a platform-provided hiding function, wherein each process executes in a protected container, the processes are signed by a single signing authority, and the protected container infrastructure enables use of encrypted, integrity-protected data according to a platform-provided hiding function and a platform-provided revealing function; and verifying, by at least one process of the at least two processes, that a data unit read from shared access memory is successfully decrypted using the group key.

Abstract: A computing system may receive a request of the user for a first action of the user with an entity. In connection with granting the request of the user, the computing system may configure a token for use by the user and the entity such that (i) the entity is added as an approved entity, and (ii) the token is configured with a resource amount of the first action as a usage threshold of the token. The computing system may receive a request of the entity to use the token. The computing system may determine whether granting the request of the entity would cumulatively exceed the usage threshold of the token. Based on a determination that granting the request of the entity would not cumulatively exceed the resource usage of the token, the computing system may grant the request of the entity to use the token.

Abstract: Provided is an electronic device, an information processing apparatus, an information processing method, and an information processing system capable of improving convenience in a case where a floating license is used in an electronic device that does not directly communicate with an information processing apparatus providing the floating license.

Abstract: Embodiments of the present invention are directed to methods and systems for managing a cryptocurrency payment network comprising one or more issuer nodes and one or more distributor nodes. Issuer nodes may be granted different rights from distributor nodes with respect to the issuance and distribution of digital currency within the cryptocurrency payment network. A management system server computer may generate unique node verification key pairs for each node in the cryptocurrency payment network, where the node verification key pairs may be used to identify and authenticate issuer nodes and distributor nodes.

Abstract: A memory controller can include a front end portion configured to interface with a host, a central controller portion configured to manage data, a back end portion configured to interface with memory devices. The memory controller can manage memory devices according to different protocols. For a first protocol, the memory device performs error correction operations and for a second protocol, the memory controller performs error correction operations. For the first protocol, error correction information, error detection information, and/or metadata is exchanged between the memory devices and the memory controller via data pins. For the second protocol, error correction information, error detection information, and/or metadata is exchanged between the memory devices and the memory controller via data mask inversion pins. The second protocol can have some features disabled that are enabled according to the first protocol, such as low-power features.

Abstract: According to an aspect, a method for accessing a computing device includes receiving, by the computing device, an authentication credential for recovery access to the computing device, the authentication credential being different from an authentication credential used to access encrypted data on the computing device, obtaining, in response to receipt of the authentication credential for recovery access, a first key portion stored on the computing device, transmitting, over a network, a request to receive a second key portion, receiving, over the network, a response that includes the second key portion, recovering a decryption key using the first key portion and the second key portion, and decrypting the encrypted data on the computing device using the decryption key.

Abstract: A method for automatically creating a honeyfile for a file system, includes the steps of: surveying a file set of the file system to identify tokenisable data in the file set, tokenising the identified tokenisable data to form a plurality of token sequences, and either selecting one of the plurality of token sequences or generating a token sequence to operate as an exemplar token sequence; applying a substitution method to substitute the tokens of the exemplar token sequence with replacement tokenisable data; and packaging the replacement tokenisable data into a honeyfile.

Abstract: Aspects of the disclosure relate to preventing unauthorized access to secured information systems. A computing platform may receive, from an end user desktop computing device, a request to login to a user account associated with a user account portal. In response to receiving the request, the computing platform may generate an authentication token in an authentication database and may send a notification to at least one registered device linked to the user account. After sending the notification, the computing platform may receive, from the at least one registered device, an authentication response message. If the authentication response message indicates that valid authentication input was received, the computing platform may update the authentication token to indicate that the request to login to the user account has been approved. After updating the authentication token, the computing platform may provide, to the end user desktop computing device, access to a portal interface.

Abstract: Techniques are described for determining account features based on a risk assessment. A first set of account features may be determined, including security feature(s) such as mode(s) for authenticating and/or verifying the identity of a user associated with account(s). Based on the first set of features, a risk metric may be determined for the account(s). The risk metric may indicate a risk that fraud may be committed against the account or using the account. Based on the determined risk metric, a second set of account features may be determined for the account(s). The first and second sets of account feature(s) may be applied to the account(s). Disabling a particular feature may cause a reevaluation of the risk metric and a redetermination of the feature sets to be applied to the account(s).

Abstract: Example storage systems, storage devices, and methods provide proactive management of storage operations to, for example, beneficially minimize bottlenecking, latency, and other issues. An example system has a storage pool with a first storage device and a second storage device, and a processor configured to generate a storage request including a storage command, include a command processing time constraint in the storage request, send the storage request to the first storage device, and receive, from the first storage device, a proactive response including an estimation for an execution of the storage command by the first storage device based on the command processing time constraint. The processor may then select a fallback mechanism for executing the storage command based on the proactive response.

Abstract: Systems and methods for malware detection using multiple neural networks are provided.

Abstract: A memory controller includes a key generator, an encryption and decryption circuit, and a processor. The key generator generates a first security key and a second security key based on a write request from a host. The encryption and decryption circuit encrypts write data corresponding to the write request based on the first security key to generate encrypted write data, and encrypts the first security key based on the second security key to generate a first encrypted security key. The processor controls nonvolatile memories such that the encrypted write data, the first encrypted security key, and the second security key are programmed in at least one of the nonvolatile memories, and controls the nonvolatile memories such that a dummy program operation is performed on a page of the nonvolatile memories in which the second security key is programmed instead of erasing the encrypted write data.

Abstract: An equality determination unit obtains [ei] in which ei=(ei,1, . . . , ei,N) is concealed, ei in which ei,j=a1 is established when xi,j is kj and ei,j=a0 is established when xi,j is not kj, by secure computation using a concealed search target word [xi] and a concealed search word [k]. A wildcard determination unit obtains [w] in which w=(w1, . . . , wN) is concealed, w in which wj=b1 is established when kj is a wildcard character and wj=b0 is established when kj is not a wildcard character, by secure computation using [k]. An OR operation unit obtains [yi] in which yi=(yi,1, . . . , yi,N) is concealed, yi in which yi,j=d1 is established when at least one of ei,j=a1 and wj=b1 is satisfied and yi,j=d0 is established when at least one of ei,j=a1 and wj=b1 is not satisfied, by secure computation using [ei] and [w].

Abstract: A data operations system receives compressed data and a search term. The data operations system completes a modified decoding of the compressed data, resulting in distinguishable data terms that are smaller than the corresponding data terms, and loads modified decoded terms into a data register. The data operations system generates a truncated search term and loads instances of the truncated search term into a query register. The data operations system performs a parallel data operation, such as a query operation, by comparing each of the modified decoded terms to an instance of the truncated search term. The data operations system returns the results of the operation.

Abstract: The various examples are directed to establishing a secure session between a device and a server. The device and the server may establish a session key. The session key may be used for encrypting data. After authenticating the session key, the server may transmit secure session data to the device, and the device may store the secure session data. The server may transmit information for deriving, based on secure session data, the session key to a different server. The device may transmit the secure session data to the server, or to the different server, to re-establish the secure session. The different server may derive, using the information and based on the secure session data, the session key. The different server may re-establish, using the session key, the secure session.

Abstract: A processor includes a register to store an encoded pointer to a memory location in memory and the encoded pointer is to include an encrypted portion. The processor further includes circuitry to determine a first data encryption factor based on a first data access instruction, decode the encoded pointer to obtain a memory address of the memory location, use the memory address to access an encrypted first data element, and decrypt the encrypted first data element using a cryptographic algorithm with first inputs to generate a decrypted first data element. The first inputs include the first data encryption factor based on the first data access instruction and a second data encryption factor from the encoded pointer.

Abstract: A method for supporting TCM communication by a BIOS of an ARM server, including: setting an access mode of a LPC bus device to a 4-byte mode by means of a BIOS of an ARM server; causing the BIOS to perform data communication with a TCM chip of the LPC bus device in the 4-byte mode; in response to the BIOS reading a register by means of the LPC bus device, determining a type of the register; in response to determining that the type of the register is a specific FIFO register, changing a control register from the 4-byte mode to a single-byte mode, and performing single-byte read-write on the specific FIFO register; and in response to completion of read-write of the specific FIFO register, changing the control register to the 4-byte mode by means of the BIOS, and performing a read-write operation on other FIFO registers.

Abstract: An anti-virus chip includes a first connection terminal, a second connection terminal, a detection unit and a processing unit. The first connection terminal and the second connection terminal are respectively coupled to a connection port and a system circuit of an electronic device. The detection unit detects whether the connection port is connected to an external device via the first connection terminal. When the detection unit detects that the connection port is connected to the external device, the processing unit performs a virus-scan program on the external device to determine whether a virus exists in the external device. When determining that a virus does not exist in the external device, the processing unit establishes a first transmission path between the first connection terminal and the second connection terminal. When determining that a virus exists in the external device, the processing unit does not establish the first transmission path.

Abstract: The present invention relates to data rights management and more particularly to a secured system and methodology and production system and methodology related thereto and to apparatus and methodology for production side systems and are consumer side systems for securely utilizing protected electronic data files of content (protected content), and further relates to controlled distribution, and regulating usage of the respective content on a recipient device (computing system) to be limited strictly to defined permitted uses, in accordance with usage rights (associated with the respective content to control usage of that respective content), on specifically restricted to a specific one particular recipient device (for a plurality of specific particular recipient devices), or usage on some or any authorized recipient device without restriction to any one in specific, to control use of the respective content as an application software program, exporting, modifying, executing as an application program, viewing,

Abstract: A method includes: detecting, by a computing device, a new entry in one of plural databases; comparing, by the computing device, the new entry to watch entries defined in a watch database; determining, by the computing device, whether the new entry matches a watch entry in the watch database; creating, by the computing device, a new watch in the watch database when the new entry does not match any watch in the watch database; and updating, by the computing device, a watch in the watch database when the new entry matches the watch in the watch database.

Abstract: According to one embodiment, a memory system includes a nonvolatile memory and a controller. In response to receiving from a host a write request designating a first address for identifying data to be written, the controller encrypts the data with the first address and a first encryption key, and writes the encrypted data to the nonvolatile memory together with the first address. In response to receiving from the host a read request designating a physical address indicative of a physical storage location of the nonvolatile memory, the controller reads both the encrypted data and the first address from the nonvolatile memory on the basis of the physical address, and decrypts the read encrypted data with the first encryption key and the read first address.

Abstract: A memory controller and a storage device including the same are provided. The memory controller generates a plurality of scrambled data by randomizing input data, counts the number of toggles per bit of each scrambled data, and writes one scrambled data with a smallest number of toggles in a non-volatile memory.

Abstract: Recovery of an in-memory database is initiated. Thereafter, pages for recovery having a size equal to or below a pre-defined threshold are copied to a superblock. For each copied page, encryption information is added to a superblock control block for the superblock. The copied pages are encrypted within the superblock using the corresponding encryption information added to the super block control block. The superblock is then flushed from memory (e.g., main memory, etc.) of the database to physical persistence.

Abstract: Embodiments of the inventive concept include solid state drive (SSD) multi-card adapters that can include multiple solid state drive cards, which can be incorporated into existing enterprise servers without major architectural changes, thereby enabling the server industry ecosystem to easily integrate evolving solid state drive technologies into servers. The SSD multi-card adapters can include an interface section between various solid state drive cards and drive connector types. The interface section can perform protocol translation, packet switching and routing, data encryption, data compression, management information aggregation, virtualization, and other functions.

Abstract: A system for distributed key storage, comprising a requesting device communicatively connected to a plurality of distributed storage nodes, the requesting device designed and configured to receive at least a confidential datum, select at least a distributed storage node of a plurality of distributed storage nodes, whereby selecting further comprises receiving a storage node authorization token from the at least a distributed storage node, querying an instance of a distributed authentication listing containing authentication information using at least a datum of the storage node authorization token, retrieving an authentication determination from the instance of the authentication listing, and selecting the at least a distributed storage node as a function of the authentication determination, generate at least a retrieval authentication datum, and transmit the at least a confidential datum and the at least a retrieval verification datum to the at least a distributed storage node.

Abstract: Systems and methods for generating and validating certified electronic credentials are disclosed. A publisher may receive a certified electronic credential order from a credentialer and prepare a plurality of certified electronic credentials. The publisher may associate each credential with authentication information and a credential record, and retain a database of associated authentication information and credential records. The publisher may provide validation services, receiving a validation request through a credentialer's validation portal, and provide a response through the credentialer's portal indicative of the validity, additional information about the credential and/or the credential holder. The credential holder may assign a personal access key to control or limit the validation of a credential. A validating entity may receive credential validation through the credentialer with a heightened degree of confidence in the validation and lack of forgery.

Abstract: A backend computer and methods of using the backend computer are described. The method may comprise: receiving, at a first backend computer, sensor data associated with a vehicle; determining a labeling of the sensor data, comprising: determining personal data and determining non-personal data that is separated from the personal data, wherein each of the personal and non-personal data comprise labeled data, wherein the personal data comprises information relating to at least one identified or identifiable natural person; and performing via the personal data and the non-personal data that is separated from the personal data, at the first backend computer, data processing associated with collecting sensor data associated with the vehicle.

Abstract: Methods and systems described herein improve blockchain storage operations in a variety of environments. A blockchain compression system may determine that a blockchain compression condition associated with a blockchain having a first plurality of blocks has been satisfied. In response, the system compresses the first plurality of blocks using a first hash tree into a first root hash value and stores the first plurality of blocks in a first database. The blockchain compression system generates a first new era genesis block that includes the first root hash value and a first database address of the first database at which the first plurality of blocks are stored. The blockchain compression system stores the blockchain at one or more nodes in a blockchain network. The blockchain includes the first new era genesis block and any previous new era genesis blocks. This may effectively reduce storage requirements for the blockchain, in various embodiments.

Abstract: Methods and apparatus for providing a resource element identification system to process received uplink transmissions. In an embodiment, a method is provided that includes receiving soft-demapped symbols that comprises resource elements. The method also includes descrambling the resource elements of the symbols one-by-one using descrambling bits generated by at least one linear feedback shift register (LFSR). After each symbol is descrambled, a state of the at least one LFSR is stored as a stored state. The method also comprises restoring the stored state to the at least one LFSR before a next symbol is descrambled so that generation of the descrambling bits continues from symbol to symbol. The method also comprises forwarding the descrambled symbols to a downstream combining function.

Abstract: Systems and methods for processing tokenization requests to facilitate safe storage of tokens. A tokenization request comprising sensitive data is received. A sensitive data digest is generated based on the sensitive data and a query comprising the sensitive data digest is submitted to a database. The database stores a plurality of relational elements. Each relational element being mapped to: (i) a given sensitive data digest stored in the database and (ii) a given token digest stored in the database. A token associated with the sensitive data is generated based on a response to the query received from the database.

Abstract: Described herein are systems and methods for controlling access to a protected resource based on various criteria. In one exemplary aspect, a method comprises designating a plurality of program data installed on a computing system as protected program data; intercepting, by a kernel mode driver, a request from an untrusted application executing on the computing system to alter at least one of the protected program data; classifying, by a self-defense service, the untrusted application as a malicious application based on the intercepted request and information related to the untrusted application; and responsive to classifying the untrusted application as a malicious application, denying, by the kernel mode driver, access to the at least one of the protected program data.