Abstract: Provided are a memory controller, a method of operating the memory controller, and a storage device including the memory controller. The method includes performing a first operation on a non-volatile memory; storing a first code path corresponding to pieces of codes executed as the first operation is performed in a history buffer; comparing the first code path with a plurality of reference code paths related to the first operation; and identifying whether the first operation is abnormally performed based on a result of the comparison.

Abstract: In a case where a standard authentication system is being connected to an image forming device, a cooperation processing unit of the image forming device uses a set value managed by a set value management unit thereby to cooperate with the standard authentication system. In a case where an extension authentication system is being connected to the image forming device, the cooperation processing unit of the image forming device uses a set value managed by a set value management service, which is an extension service that provides a function other than a standard function of the electronic device, thereby to cooperate with the extension authentication system. A program for the cooperation processing unit and a program for the set value management unit are included in firmware of the image forming device. A set value management program for the set value management service is not included in the firmware.

Abstract: Embodiments of the present disclosure relate to methods, devices, and computer readable medium for restoring a file in a virtual machine disk. The method comprises: receiving, from a client, a user's request regarding restoring a file in a virtual machine disk. The method further comprises: determining, based on the request and from a backup disk of the virtual machine disk, files accessible to the user. In addition, the method further comprises providing the client with information related to the files accessible to the user.

Abstract: Security policies may be utilized to grant or deny permissions related to the access of computing resources. Two or more security policies may be compared to determine whether the policies are equivalent, whether one security is more permissive than another, and more. In some cases, it may be possible to identify whether there exists a security permission that is sufficient to determine two security policies lack equivalency. Propositional logics may be utilized in the evaluation of security policies.

Abstract: A blockchain integrated station receives a startup instruction. The blockchain integrated station sends a signature verification request for a disk image stored in the blockchain integrated station to a cryptographic acceleration card included in the blockchain integrated station. The blockchain integrated station receives a signature verification result from the cryptographic acceleration card, where the signature verification result indicates whether a signature of the disk image passes a verification. In response to determining that the signature verification result indicates that the signature of the disk image passes the verification, the blockchain integrated station executes the disk image.

Abstract: A method of operating a data exchange includes creating a first listing referencing data of a first database of a plurality of databases, wherein the first listing comprises access controls and a data share associated with a first user, the access controls defining portions of the first database that are accessible by a second user, receiving a request from the second user for a bidirectional share between the portions of the first database that are accessible by the second user and portions of a second database controlled by the second user, and receiving an instruction from the first user to perform a database operation referencing data of the bidirectional share between the portions of the first database that are accessible by the second user and the portions of the second database controlled by the second user.

Abstract: A method and an apparatus for authority control, a computer device, and a storage medium, and relates to the field of the Internet technologies. The method includes: acquiring a configuration file according to a business scenario when a container is initialized, wherein the configuration file is managed outside the container; validating the configuration file in the container; receiving a user instruction; and identifying a type of the user instruction when the user instruction is an executable instruction. The method further including acquiring script content of a script file when the type of the user instruction indicates that the user instruction is the script file, wherein the script content includes at least one command statement; and performing a validity check on the at least one command statement based on the configuration file.

Abstract: For zero-touch provisioning of devices at scale using device configuration templates by device type, a secure element, a provisioning wizard, a provisioning client, an enrollment client, an update client, an enrollment service, an update publisher service, signing and encryption certificates, a method including generating device configuration templates for enrollment and update by device type, sending device configuration templates signed with a device owner signing certificate, and a device owner encryption certificate to the device manufacturer, generating a device configuration for a device based on the device configuration templates using a secure element on the device for immutable device identity, an extended configuration for the device, signing the device configuration with a device manufacturer signing certificate and a secure element signing certificate, encrypting the doubly signed device configuration with an owner encryption certificate, configuring bootstrap metadata, and configuring the device

Abstract: In some examples, a method comprises determining, at an electronic device having a first component of a first component type, a unique identifier associated with the first component. In some examples, in accordance with a determination that the unique identifier does not match the expected identifier of the component of the first component type in the electronic device, determining that the first component associated with the unique identifier satisfies one or more eligibility criteria. In some examples, in accordance with the determination that the first component associated with the unique identifier satisfies the one or more eligibility criteria, authenticating an association of the first component with the electronic device, including updating an installation counter associated with the first component, and updating the expected identifier for the component of the first type based on the unique identifier of the first component.

Abstract: A security system for software to be input to a closed internal network includes: a kiosk including a registration module configured to read the stored software of a connected portable storage medium, a vaccine module configured to detect malicious code in the software, and an authentication module configured to set inspection authentication for the portable storage medium whose software has been inspected for malicious code; and a client including a check module configured to check the portable storage medium for inspection authentication and authorize the execution of the stored software.

Abstract: A processor-based method for locating data and metadata closely together in a storage system is provided. The method includes writing a first range of a file and a first metadata relating to attributes of the file into at least one segment controlled by a first authority of the file. The method includes delegating, by the first authority, a second authority for a second range of the file, and writing the second range of the file and second metadata relating to the attributes of the file into at least one segment controlled by the second authority.

Abstract: Using container-centric managed access, an administrator is enabled to define a set of future grants for each object that will be created in the future in a container managed by the administrator. When a user creates a database object, the system checks the future grants to determine if any apply to the user, the database object, or the combination. Any applicable future grants are applied to the database object before the user is allowed to modify it. As a result, the administrator is enabled to control the privileges associated with the database object even before the database object is created, while restricting individual object owners from managing privileges on their owned objects.

Abstract: Systems, methods, and non-transitory computer-readable media are provided for data analysis. A user interface comprising boards corresponding to one or more objects and one or more operations on the input and/or output objects of the boards can be generated for high-scale top-down data analysis.

Abstract: A non-transitory computer-readable medium stores computer-readable instructions executable by a processor of an information processing device communicably connected with an image processing apparatus and a cloud server. The computer-readable instructions realize an application configured to, when executed by the processor, cause the processor to perform, in response to receiving an import instruction to import a workflow, reading, from an export file, workflow information representing the workflow that is a sequence of processes using the image processing apparatus and the cloud server, and selecting one of a plurality of methods to obtain authentication information for accessing the cloud server to perform the workflow represented by the read workflow information, and access, in response to receiving a workflow execution instruction to perform the workflow, the cloud server by using the authentication information obtained in the selected method.

Abstract: Mechanisms for mitigating damage resulting from a website being an intermediary in a cyberattack, comprising: detecting a domain name server query made to the website; making a request to the website; receiving a header in response to the request; inspecting the header to identify a software stack component of the website; cross-referencing the software stack component to a common vulnerabilities and exposures (CVE) database to identify a CVE that applies to the software stack component; applying a rule to determine the impact of the CVE on whether the website is a possible intermediary in a cyberattack; determining that the website is a possible intermediary in a cyberattack; and taking action on the website to mitigate damage resulting from the website being an intermediary in a cyberattack.

Abstract: An active attestation apparatus verifies at runtime the integrity of untrusted machine code of an embedded system residing in a memory device while it is being run/used with while slowing the processing time less than other methods. The apparatus uses an integrated circuit chip containing a microcontroller and a reprogrammable logic device, such as a field programmable gate array (FPGA), to implement software attestation at runtime and in less time than is typically possible with comparable attestation approaches, while not requiring any halt of the processor in the microcontroller. The reprogrammable logic device includes functionality to load an encrypted version of its configuration and operating code, perform a checksum computation, and communicate with a verifier. The checksum algorithm is preferably time optimized to execute computations in the reprogrammable logic device in the minimum possible time.

Abstract: A non-transitory computer-readable medium stores computer-readable instructions executable by a processor of an information processing device communicably connected with an image processing apparatus and a cloud server. The computer-readable instructions realize an application configured to, when executed by the processor, cause the processor to perform, in response to receiving an import instruction to import a workflow, reading, from an export file, workflow information representing the workflow that is a sequence of processes using the image processing apparatus and the cloud server, and selecting one of a plurality of methods to obtain authentication information for accessing the cloud server to perform the workflow represented by the read workflow information, and access, in response to receiving a workflow execution instruction to perform the workflow, the cloud server by using the authentication information obtained in the selected method.

Abstract: A computer platform is disclosed. The computer platform comprises a non-volatile memory to store fuse override data; and a system on chip (SOC), coupled to the non-volatile memory, including a fuse memory to store fuse data and security micro-controller to receive the fuse override data and perform a fuse override to overwrite the fuse data stored in the fuse memory with the fuse override data.

Abstract: In one example, an electronic device may include a power source to supply power to a peripheral device, a sensor circuit to monitor a power consumption of the peripheral device, and a controller coupled to the sensor circuit to detect that the power consumption of the peripheral device is greater than a threshold and generate a popup message on a user interface of the electronic device based on the detection. The popup message may include an option. Further, the controller may direct the power source to continue to provide the power to the peripheral device in response to a determination that the option is selected prior to an expiration of a timer.

Abstract: Disclosed is a method for managing database permissions, the method including: obtaining a login account that successfully logs in to a first database, where the first database is a relational database built in with permission management and is pre-configured with an external table that has a mapping relationship with a second database; ascertaining management permissions of the login account based on pre-configured management permission information; determining whether a management operation on the external table by the login account exceeds the management permissions of the login account; and if the management operation by the login account does not exceed its management permissions, permitting the management operation, and synchronizing the management operation to the second database based on the mapping relationship between the external table and the second database. Further disclosed are a system and a device for managing database permissions, as well as a computer-readable storage medium.

Abstract: A detection circuit, including a first connecting terminal, an SPI bus, and a security component, is provided. The first connecting terminal is configured to be detachably connected to the main board. The security component is coupled to the first connecting terminal and the SPI bus. The security component forms a first loop with the main board, and is configured to detect a loop state of the first loop. The security component locks the SPI bus when the first loop is being detected by the security component to be disconnected.

Abstract: The disclosed technology relates to a system configured to compute a difference between a remote tree data structure representing a server state for content items associated with an account on a content management system and a sync tree data structure representing a known synchronization state between the content management system and the computing system. The system is configured to generate, based on the difference, a set of operations that when performed on the computing system update the content items stored on the client device to converge a file system state on the computing system and the server state.

Abstract: A platform's central instance manager (IM) receives microservice requests issued to a common application shared between various tenants. Embodiments function to co-locate within a same database, the persistence containers of different microservice instances of a specific tenant. The central IM associates a corresponding tenant identifier with microservice request instances created. Referencing this assigned tenant identifier, the central IM maintains an external configuration file comprising a mapping of services (m) and tenants (n), to relevant persistence container service instances. Such mapping permits the allocation of tenant-specific microservice data for storage within persistence containers of a particular database. This co-location of data promotes flexibility, allowing tenants to furnish database structures tailored to their individual needs.

Abstract: The embodiments of the present application provide a permission management system, a permission management method, and an electronic device. First, at least two unlocking passwords are set on the electronic device, and each unlocking password corresponds to a working mode. Then, the user permission for application software on the electronic device is configured for each working mode. Finally, upon receiving the correct input unlock password, the electronic device is unlocked and the working mode corresponding to the input unlock password is started. The embodiments of the present application can protect the personal privacy of a user by means of setting the access permission of the application software of the electronic device.

Abstract: A data analysis system is proposed for providing fine-grained low latency access to high volume input data from possibly multiple heterogeneous input data sources. The input data is parsed, optionally transformed, indexed, and stored in a horizontally-scalable key-value data repository where it may be accessed using low latency searches. The input data may be compressed into blocks before being stored to minimize storage requirements. The results of searches present input data in its original form. The input data may include access logs, call data records (CDRs), e-mail messages, etc. The system allows a data analyst to efficiently identify information of interest in a very large dynamic data set up to multiple petabytes in size. Once information of interest has been identified, that subset of the large data set can be imported into a dedicated or specialized data analysis system for an additional in-depth investigation and contextual analysis.

Abstract: A system receives a media sample. The system then identifies a critical portion of the media sample. The media sample is split into a verification sample comprising the critical portion of the media sample. The verification sample is decomposed into a first and second layer. A first hash value is generated based on the first layer by applying a hash function to a first code element from the verification sample. A second hash value is generated based on the second layer by applying the hash function to a second code element from the verification sample. A blockchain transaction is generated comprising a profile associated with the user. The transaction is stored as a block in a blockchain ledger.

Abstract: A digital brand asset system is provided enabling a brand owner to create, distribute, maintain, manage, merchandise and analyze smart brand assets. The system enables distribution and sharing of smart brand assets across the websites. The websites can host webpages containing codes representing the smart brand assets. When a user device retrieves a webpage from one of the websites and renders the webpage, it executes the codes and requests the content of the smart brand assets from a brand asset server. Through the brand asset server, a brand owner can control the content and the presentation of the smart brand asset hosted by the websites, based on various factors such as previous click through rates, aggregated shopper behaviors, geographical locations of the websites or website visitors, categorized types of websites, blacklist of websites.

Abstract: A system receives a login sample. The login sample is decomposed into first and second layers. A verification media sample is decomposed into first and second layers. The system determines that the first layer of the login sample does not match the first layer of the verification sample, that the second layer of the login sample does not match the second layer of the verification sample, or both. First and second critical portions are extracted from the login sample. A first and second login hash are generated from the first and second critical portions. A first and second ledger hash are retrieved from a blockchain ledger. It's determined that the first login hash does not match the first ledger hash, the second login hash does not match the second ledger hash, or both. The user is flagged.

Abstract: Methods, systems, and media for a platform for collaborative processing of computing tasks. The method includes sending, to client devices, a one or more client applications including program code associated with an interactive application and a machine learning application. When executed, the program code causes the client devices to generate a user interface for the interactive application; request, using the generated user interface, inputs from a user of the client devices; receive the requested inputs; process, using computing resources of the client devices, at least part of the machine learning application; and transmit data associated with results of the received inputs and the processing of at least part of the machine learning application. The method further includes receiving and processing the data associated with the results of the received inputs and the processing of at least part of the machine learning application to process the computing tasks.

Abstract: In accordance with some embodiments, an apparatus for privacy protection is provided. In some embodiments, the apparatus includes a first device including a receiver configured to receive audio signals, a memory configured to store one or more criteria, and a processor configured to process the received audio signals based on the stored criteria in the memory. The apparatus further includes a second device in communication with the first device, wherein the first device, upon detecting one or more audio sound patterns, is configured to send a notification to the second device.

Abstract: An information processing system, a service providing system, and a user creation method. The information processing system creates a second user belonging to a second tenant in response to reception of a request for managing the second tenant from a terminal device operated by a first user, the second tenant being different from a first tenant to which the first user belongs.

Abstract: The provided systems and methods attempt to address possible issues with the use of third party applications with software as a service (SAAS) platforms, namely that lack of performance of third party app hosting infrastructure running the third party applications can affect multiple clients on the SAAS platform. In order to least mitigate this, third party app providers can create and upload their scripts to the SAAS platform for execution on the SAAS platform. The scripts must conform with extension points within SAAS functionality that are predefined. During execution, when the extension point is reached, the script is run on the SAAS platform instead of making an API call to the application on the third party app hosting infrastructure.

Abstract: A storage port receives a login request. The storage port configures an audit mode indicator as enabled in a login response to a host port to enter a security enabled mode to indicate to the host port that Input/Output (I/O) operations are to be transmitted from the host port to the storage port even if authentication or security association negotiation with the storage port cannot be completed successfully.

Abstract: A microcode signature security management system based on a Trustzone technology comprises the steps of: starting a normal operating system; acquiring the signature-encrypted microcode file and outputting the signature-encrypted microcode file and a switching signal by the normal operating system; receiving the switching signal and starting the monitor mode by the microprocessor to start a secure operating system; receiving the signature-encrypted microcode file, performing signature verification on the signature-encrypted microcode file, loading the file when the signature verification passes, otherwise outputting microcode error information when the signature verification fails by the secure operating system. The security of microcode is ensured on the basis of a secure operating system safety environment to which a system layer is inaccessible.

Abstract: At an object storage service, one or more security rules to be implemented for a request directed to an unstructured object are identified, including a content query-based rule. The query-based rule indicates a query predicate and a security enforcement action. A value of an attribute is extracted from the unstructured object using a rule obtained via a programmatic interface, and used to verify that the predicate is satisfied. The security enforcement action is then implemented.

Abstract: Aspects of the present disclosure are directed to methods and systems for protecting sensitive data in a hosted service system. The system includes a host system having a database management system (DBMS) with a database and a query pre-parser. A processing application is configured to process a request from a tenant system and route the processed request as a query to the query pre-parser. The query pre-parser is configured to decrypt a sensitive data part of the query, generate a modified query including the decrypted sensitive data part, generate a database query using the modified query, and transmit the database query to the database.

Abstract: Some embodiments of the invention provide a system for defining, distributing and enforcing policies for authorizing API (Application Programming Interface) calls to applications executing on one or more sets of associated machines (e.g., virtual machines, containers, computers, etc.) in one or more datacenters. This system has a set of one or more servers that acts as a logically centralized resource for defining and storing policies and parameters for evaluating these policies. The server set in some embodiments also enforces these API-authorizing policies. Conjunctively, or alternatively, the server set in some embodiments distributes the defined policies and parameters to policy-enforcing local agents that execute near the applications that process the API calls. From an associated application, a local agent receives API-authorization requests to determine whether API calls received by the application are authorized.

Abstract: A method of controlling use of network-connectable devices is provided. First network requests from a first user device executing a first operating system are monitored, and applications operating in the foreground on the first user device during the first network requests are monitored. A model is trained based on the first network requests and based on the applications respectively operating in the foreground on the first user device during the first network requests. Second network requests from a second user device executing a second operating system are monitored, and the model is applied to the second network requests from the second user device to determine a particular application operating in the foreground on the second user device. A function of the second user device is restricted based on the determining of the particular application operating in the foreground on the second user device.

Abstract: Systems and methods for embodiments of graph based and machine learning artificial intelligence systems for generating access item recommendations in an identity management system are disclosed. Embodiments of the identity management systems disclosed herein may utilize a graph based approach, a machine learning based approach, and hybrid combinations thereof for generating access item recommendations.

Abstract: Aspects of the present disclosure are directed to methods and systems for protecting sensitive data in a hosted service system. The system includes a host system and the host system includes a key management system (KMS) and a metadata service system (MSS). The KMS and the MSS are communicatively coupled to each other. The system further includes a database management system (DBMS) having a database, a query pre-parser, and a results handler. The query pre-parser and the results handler are communicatively coupled to the KMS and the MSS, and the system also includes a processing application configured to process at least some data received from a tenant system.

Abstract: In an example, a machine-readable medium includes instructions that, when executed by a processor, cause the processor to order, as part of an execution of a trusted process, a plurality of processes into a sequence comprising a first process, at least one intermediate process, and a last process. The machine-readable medium may further comprise instruction to cause the processor to generate, as part of an execution of the first process, a value based on a code portion of the process following the first process in the sequence, and to generate, as part of an execution of each intermediate process, a respective value based on the value generated by the process preceding the intermediate process in the sequence and based on a code portion associated with the process following the intermediate process in the sequence.

Abstract: Systems for performing a security assessment of a target computing resource, such as a virtual machine or an instance of a virtual machine, include a scanning service that facilitates duplication of all or a portion of the target computing resource, and then performs the security assessment on the duplicate computing resource to avoid consuming processing time, processing power, and storage space of the target computing resource. A snapshot of the target computing resource, containing the data necessary to reproduce the portion to be assessed, is captured and used to implement the duplicate computing resource in newly allocated resources. The snapshot can be an image of a logical volume implementing the target computing resource. To reproduce a target virtual machine, the snapshot may include a configuration used to instantiate the target virtual machine; the scanning service may implement a duplicate virtual machine that is instantiated with the same configuration.

Abstract: Provided are systems, methods, and devices for implementing a central platform for enterprise applications and software as a service (SaaS). Methods include retrieving, using one or more processors of a central computing platform, one or more update data objects. Methods also include identifying, using the one or more processors, a configuration of a customer portal interface. Methods further include retrieving, using the one or more processors, current configuration data associated with the customer portal interface, the current configuration data characterizing a configuration and settings of an application program interface (API) an instance of application data associated with a distributed application. Methods also include generating, using the one or more processors, one or more custom input data objects based, at least in part, on the current configuration data associated with the customer portal interface.

Abstract: A mobile computing device includes: a housing having a recess configured to receive a latch of a charging cradle to lock the mobile computing device in the charging cradle; a set of charging contacts configured to engage with corresponding power connectors of the charging cradle; and a processor configured to: responsive to detecting an unlock event, determine whether an unlock condition is satisfied; and when the unlock condition is satisfied, cause the charging cradle to release the latch.

Abstract: Control of a prompt for a credential to unlock a computer-readable storage device is provided. Some embodiments permit identifying a component that encrypted the computer-readable storage device and, depending on the identified component, prompting for such a credential. One embodiment can determine that a firmware encrypted the computer-readable storage device and can prompt for a password, for example, to unlock the computer-readable storage device during a boot-up process performed by the firmware. Other embodiments can determine that an operating system encrypted the computer-readable storage device, and can avoid the presentation of a prompt for a password, for example, during a boot-up process performed by the firmware. The computer-readable storage device can be a self-encrypting drive (SED) or another type of disk drive.

Abstract: A system for providing hardware-based cybersecurity for ‘smart’ devices includes a security device implemented without the use of microprocessors for critical security functions and an electrically separable device for removal or disconnection of certain security functions. The security device acts a security bridge between the microprocessor core(s) of the protected system and the rest of the protected system. The security device controls access to a protected storage area that holds microprocessor code and/or data for the protected system, and blocks or otherwise prevents execution of any code not present in the protected storage area. The electrically separable device is cryptographically matched to a single instance of a protected system and contains circuitry required to load, remove, or alter any information in the protected storage area. The electrically separable device can also be used for secure communication over a public network to and from the protected system.

Abstract: There may be provided a computer-implemented method. It may be implemented at least in part using a blockchain network such as, for example, the Bitcoin network.

Abstract: Code of a particular application is analyzed against a semantic model of a software development kit of a particular platform. The semantic model associates a plurality of application behaviors with respective application programming interface (API) calls of the particular platform. A set of behaviors of the particular application is identified based on the analysis of the code and a particular one of the set of behaviors is identified as an undesired behavior. The particular application can be automatically modified to remediate the undesired behavior. The particular application can be assigned to one of a plurality of device modes, and access to the particular application on a user device can be based on which of the plurality of device modes is active on the user device.

Abstract: A digital assistant includes an extensibility client that interfaces with application extensions that are built by third-party developers so that various aspects of application user experiences, content, or features may be integrated into the digital assistant and rendered as native digital assistant experiences. Application extensions can use a variety of services provided from cloud-based and/or local sources such as language/vocabulary, user preferences, and context services that add intelligence and contextual relevance while enabling the extensions to plug in and operate seamlessly within the digital assistant context. Application extensions may also access and utilize general digital assistant functions, data structures, and libraries exposed by the services and implement application domain-specific context and behaviors using the programming features captured in the extension.

Abstract: A method executed by a voice decoding device includes the following steps: receiving and determining whether an identification data is correct; if the identification data is incorrect, showing a decoding array, including plural characters, wherein positions of the plural characters are randomly distributed; receiving a numerical voice command, wherein the numerical voice command includes plural arranged decoding characters in regular turn; determining whether the numerical voice command corresponds to a preset decoding trace; arranging the plural decoding characters corresponding to the decoding array to form an arranged trace; when the arranged trace is the same as the decoding trace, unlocking the voice decoding device. By randomly displaying the decoding array, the invention permits a user to speak the sequence corresponding to the preset decoding trace so that unauthorized users cannot decode the voice decoding device by eavesdropping the pin, so as to achieve the better anti-theft effect.