Abstract: A web browser may output a form comprising a payment field. A URL may be received from a communications interface of a contactless card, the URL comprising encrypted data generated by the contactless card based on a private key stored in a memory of the contactless card. An application may transmit the encrypted data to an authentication server, which may decrypt the encrypted data based on the private key. The application may receive, from a virtual account number server, a virtual account number. The application may receive an expiration date and a CVV. The application may copy the virtual account number to a clipboard of an OS. The OS may paste the virtual account number from the clipboard to the payment field of the form in the web browser. The OS may output a notification comprising the expiration date and the CVV associated with the virtual account number.

Abstract: A method, computer system, and a computer program product for verified data transfer is provided. The present invention may include determining a first data type of a copy field including a copied data. The present invention may then include determining a second data type of a paste field intended for receiving the copied data. The present invention may further include, in response to identifying a mismatch between the first determined data type of the copy field including the copied data and the second determined data type of the paste field, preventing an input of the copied data into the paste field.

Abstract: An example operation may include providing a value to a transport based on sensor data associated the transport.

Abstract: A system is described herein comprising at least one application configured to run on one or more processors of a computing device for providing a data sanitization application, wherein the data sanitization application comprises identifying the device type and data capacity of a storage component. The data sanitization application comprises determining a health status of the storage component. The data sanitization application comprises initiating a data wipe of the storage component when the health status comprises a first state, wherein the data wipe comprises wiping data of the storage component using at least one data wipe method. The data sanitization application comprises auditing the data wipe by detecting data values of the storage component, the auditing including passing the data wipe when the detected data values meet at least one condition.

Abstract: Examples are disclosed related to presenting on a client device configured for a first digital rights management technology (DRM-1) content that is protected by a second digital rights management technology (DRM-2).

Abstract: The present disclosure provides systems and methods for automatically detecting third-party re-identification of anonymized computing devices.

Abstract: A selected system obtains from a selected location software features information relating to another system. Using the software features information obtained from the selected location, a determination is made as to whether a selected license tier has been obtained. Based on determining that the selected license tier has been obtained, the selected system dispatches work of the other system into a container of the selected system.

Abstract: Disclosed is a method of customizing an appliance. The method includes steps of pre-storing a public key in the appliance; connecting the appliance to an external storage device; and booting up the appliance to automatically proceed with the following customization process: obtaining a customization file from the external storage device; authenticating the customization file with the public key; and executing customization with the customization file if the authentication succeeds.

Abstract: The present disclosure provides a method and apparatuses configured for identifying a server instance in communications between an entity and a bootstrapping server. In particular, the method is directed to sending a data communication between the entity and the bootstrapping server, wherein the data include a pointer to the server instance. In addition, the bootstrapping server is configured to set, in at least part of data to be communicated to an entity, a pointer to a security server instance.

Abstract: A system, method, and computer-readable medium are disclosed for reproducing an issue via a remote access controller by providing the remote access controller with a method for allowing a user to take a snapshot (i.e., a representation of the state of all components of an integration environment at a particular point in time) of an integration of the various components administered via a management application suite executing on a remote access controller. In certain embodiments, the management application suite comprises an OpenManage Integration for VMware vCenter. Such a method reduces the time needed to determine a root cause of an issue and assists system managers in properly providing a solution to the issue.

Abstract: Techniques for providing access to scope-delimited sensitive data are disclosed. A user provides sensitive data to a first party associated with a payment service provider. The first party stores the sensitive data with the payment service provider, and the payment service provider provides the first party merchant with an encoding of the payment data. The first party provides a purchasing opportunity to the user for goods offered by a third party also associated with the payment service provider. The first party transmits a sensitive data grant request to the payment service provider. In response, the payment service provides a scope-delimited encoding of the sensitive data. The first party provides the scope-delimited encoding of the payment data to the third party. The third party merchant creates a transaction using the scope-delimited encoding of the sensitive data. At some time later, access to the scope-delimited encoding of the sensitive data is revoked.

Abstract: A method for authenticating control boards in an appliance includes reading a serial number from a memory of a first control board positioned within the appliance, reading a serial number from a memory of a second control board positioned within the appliance and in communication with the first control board, comparing the serial number from the memory of the first control board to the serial number from the memory of the second control board, and authenticating the first and second control boards when the serial number from the memory of the first control board matches the serial number from the memory of the second control board.

Abstract: Methods and apparatus for generating and delivering selected primary content and contextually-related, targeted secondary content to users of a network. In an exemplary embodiment, the network comprises a packet-switched data (e.g., IP) network such as the Internet, and the primary content comprises video or media clips that are user-selectable via a network site or web page. The primary content carries with it descriptive metadata that is accessed by a distribution server and forwarded to a secondary content source. The secondary content source (or its proxy) utilizes the metadata to identify and return contextually-related secondary content such as advertising links. This secondary content is then presented to the user in conjunction with the primary content, such as in a common display window and in a seamless fashion, thereby avoiding distractions to the user associated with generating ancillary windows or other display mechanisms, and providing the user with highly relevant secondary content choices.

Abstract: Embodiments for deploying services to multiple Hadoop clusters and providing user access to these services in a secure manner. A process allows authorized users to select a service, validate its entitlement to the organization and then install distributed components of the service onto multiple hosts on different Hadoop clusters. In order to enable this deployment and secure access of this service, an identity federation mechanism is used to ensure the user identity of the system is propagated to distributed clusters in a secure fashion thereby ensuring authorized access to clusters or services is provided in a seamless fashion.

Abstract: A first block storage server virtual machine to host a first volume using one or more storage devices of a computer system is executed by the computer system. A second virtual machine having access to a virtual block storage device is executed by the computer system. A block storage client is executed by the computer system. A first block storage operation is received by the block storage client from the second virtual machine, the first block storage operation to perform on the virtual block storage device. A message is sent by the block storage client to the first block storage server virtual machine to cause the first block storage server virtual machine to perform the block storage operation with the first volume.

Abstract: A first request to create a first storage volume to store a first portion of a first logical volume is received by a first block storage server instance. A second request to create a second storage volume to store a second portion of the first logical volume is received by a second block storage server instance. A third request is sent to a third block storage server instance to create a third storage volume to store the second portion of the first logical volume. The second portion of the first logical volume is stored by the third block storage server instance to the third storage volume. A data store containing an identification of each block storage server instance hosting a portion of the first logical volume is updated to remove an identification of the second block storage server instance and add an identification of the third block storage server instance.

Abstract: A first request to launch a first virtual machine to host a block storage server application is received. At least a portion of a storage capacity of one or more storage devices of a host computer system is provisioned to the first virtual machine as a provisioned storage device. The block storage server application is executed with the first virtual machine. As part of executing the block storage server application, a logical volume is created on the provisioned storage device in response to a second request from a block storage service of a provider network to create the logical volume, a third request to perform an input/output operation is received and performed with the logical volume.

Abstract: Systems and methods provide remote control of product functionality and software kits allow firmware development of remote control of product functionality. The remote control may be time-based where the product functionality is based upon the expiration date and a current time. The remote control may be location-based where the product functionality is based upon the geographical location of the product. The remote control of the product functionality may be based upon proximity of the product to an authentication device.

Abstract: Systems and methods for enhanced network connection privacy. An example method may comprise: receiving a selection to activate a non-persistent mode for a network manager of a client device, the non-persistent mode preventing tracking of network locations accessed by the client device; activating the non-persistent mode for the network manager; and while the non-persistent mode is activated for the network manager: receiving a request to connect to a network; and performing, via the network manager, a set of operations to establish a connection with the network, the set of operations excluding storing information revealing the network connection in persistent memory of the client device.

Abstract: An apparatus for authorizing file access events includes a processor and a memory that stores code executable by the processor. The code is executable by the processor to record hardware usage patterns prior to a file access event of a file, and correlate the hardware usage patterns with file access events targeting the file. The code is also executable to receive a file access event targeting the file, compare a hardware usage pattern preceding the received file access event targeting the file to the hardware usage patterns correlated with file access events targeting the file, and authorize the received file access event in response to the hardware usage pattern preceding the received file access event targeting the file matching a hardware usage pattern correlated to a file access event targeting the file.

Abstract: A method and system for a configurable security and surveillance system are provided. A configurable security and surveillance system may comprise at least one programmable sensor agent and/or at least one programmable content analysis agent. A plurality of processing features may be offered by the configurable security and surveillance system by programming configurable hardware devices in the programmable sensor agents and/or the programmable content analysis agents via a system manager. Device programming files may be utilized to program the configurable hardware devices. The device programming files may be encrypted and decryption keys may be requested to enable the programming of different processing features into the programmable sensor agents and/or the programmable content analysis agents. The device programming files and/or the decryption keys may be received via a network transfer and/or via a machine-readable media from an e-commerce vendor.

Abstract: Techniques for providing data version comparison between trans-time zone sites. One example method includes target data and a corresponding time stamp is received from each trans-time zone site. Each of the time stamps are based on a respective time zone of a sending trans-time zone site from which the target data and the time stamp were received. Each of the received time stamps are modified based on the respective time zone of the sending trans-time zone site for the time stamp and a time zone of the central server. The received target data is compared from each of the trans-time zone sites to stored target data based on the modified corresponding time stamp. A latest version of the target data is stored by the central server having a modified corresponding time stamp that is greater than each of the other modified corresponding time stamps.

Abstract: A computer automated system and method comprising configuring a single or plurality of mobile devices over a network, validating the configured devices, and communicating contextual information to the configured devices. The devices are authenticated and the authentication is sent to a server over the network, when a contextual service, controlled/offered by the server through a contextual service point in communication with the server, is invoked by the configured mobile device in the vicinity of the contextual service point. The mobile device is then enabled to consume a contextual service, offered by and delivered at the contextual service point, either from within the mobile device or over the network.

Abstract: A method and a system for permanently deleting data from storage. The method includes receiving a wipe command to permanently delete a data segment stored in a storage system. The data segment includes an address to blocks where the data of the data segment is stored. The method also includes sanitizing the data segment, marking the address as sanitized, locating a last journal entry in a journal. The last journal entry includes metadata regarding the data segment. The method also includes sanitizing the last journal entry, traversing the journal, and sanitizing each journal entry of the data segment.

Abstract: An update providing apparatus of a vehicle is provided. The apparatus includes a communication circuit that communicates wirelessly with a server, a battery, and a control circuit. The control circuit is electrically connected to the communication circuit and the battery and obtains update data associated with a target controller mounted within the vehicle, from the server. Accordingly, the control circuit calculates an estimated remaining amount upon completing an update, based on an estimated required time of the update, an estimated required time of a roll-back, and a current remaining amount of the battery and performs the update on the target controller, when the estimated remaining amount satisfies a particular condition.

Abstract: System and method for checking and characterizing metadata of snapshots utilize a snapshot metadata database to execute at least one of checking and characterizing operations on the metadata of snapshots. The snapshot metadata database includes information extracted from backing storage elements containing the metadata of snapshots.

Abstract: Remotely controlling access to a digital camera. In some embodiments, a method may include defining at least one parameter associated with a capture of media by a camera coupled to a monitored computer device, determining that the camera is capturing media, determining that the at least one parameter is present in the captured media; determining that the presence of the at least one parameter is not approved, and sending an instruction to the monitored computer device to disable use of the camera coupled to the monitored computer device for a pre-determined period of time based on determining that the presence of the at least one parameter is not approved.

Abstract: A node, of a network of nodes with access to a distributed ledger, receives a request to verify the user has consented to a current version of terms (i.e., current terms) associated with a program. The node obtains, using the distributed ledger, historical consent data indicating a version of the terms to which the user has previously provided consent. The node performs a first verification procedure to determine the user has not consented to the current terms, provides an indication to a user device that the user has not consented to the current terms, and receives, from the user device, a message indicating an acceptance of the current terms. The node performs additional verification procedures to determine that the user is who consented to the current terms and updates the distributed ledger to include a record indicating that the user consented to the current terms.

Abstract: A method for detecting and preventing phishing phone calls through verified attribute analysis is described. The method may comprise receiving, by a receiving device, a phone call from a sending device and receiving identification data in parallel with the phone call, the identification data describing context of the phone call. The method may then identify an attribute assertion from the identification data. The attribute assertion may comprise a signed attribute of the phone call and may be signed by a trusted authority. The method may comprise determining content of the phone call, analyzing the content of the phone call against the signed attribute, and performing a defined operation based on a result of the analysis of the content against the signed attribute.

Abstract: Approaches provide for mandatory access controls and account identification masking controls in an electronic environment. For example, a customer can configure a client device to access an API gateway which acts as a proxy for a resource in a resource provider environment. Requests for resources or services can be redirected to the API gateway. A registered function may be triggered when the request is received and may filter the request. After filtering, the request can be forwarded on to the actual API endpoint to access the requested resource. From the client's perspective, the resource is being accessed directly, and from the resource's perspective, it is being accessed by the proxy. This layer of indirection enables data to be protected preemptively, rather than waiting for an undesirable condition to exist and then reactively attending to the issue.

Abstract: This disclosure describes techniques for securely, efficiently, and/or effectively providing cryptographic operations and key management services. Systems in accordance with one or more aspects of the present disclosure may provide secure management of cryptographic keys as service to a plurality of data center users or customers that contract for services provided by a data center. In one example, this disclosure describes a data center comprising a plurality of cloud service provider ports, a plurality of customer ports, network infrastructure coupling the plurality of cloud service provider ports to the plurality of customer ports, and a computing system including at least one hardware security module.

Abstract: A method is performed at a client device distinct from an application server. In the method, a first key is stored in a secure store of the client device. A wrapped second key is received from the application server. The first key is retrieved from the secure store and used to unwrap the second key. Encrypted media content and a media control command to control playback of the media content is received from the application server. The content is decrypted using the unwrapped second key, and decoded for playback. During playback of the media content, a play position of the decrypted media content is transmitted to the application server and the decrypted media content is transmitted to a display device that is coupled to the client device. The decrypted media content is displayed in accordance with the received media control command.

Abstract: A system for producing secure data management software, comprising at least one hardware processor adapted to: receive a plurality of data patterns, each comprising at least one data field identifier selected from a set of protected data field identifiers of at least one data repository, at least one output target, and an access instruction; identify in a plurality of computer instructions of the data management software one or more forbidden output instructions by matching one or more reaching definitions of some of the plurality of computer instructions with one or more of the plurality of data patterns; and remove the one or more forbidden output instructions from the plurality of computer instructions.

Abstract: In an implementation of identifying related computing devices for automatic user account login, a login request to a user account that includes a unique identification (ID) of a user computing device and an internet protocol (IP) address of the user computing device are received. One or more user computing devices that have logged in to the user account using a same IP address as the user computing device are identified based on a user ID of the user account and the unique ID of the user computing device. Whether one or more unique IDs corresponding to the one or more user computing devices that have logged in to the user account are correlated with the unique ID of the user computing device is determined. If yes, data corresponding to login information used by the one or more user computing devices to log in to the user account to the user computing device for automatic account login are sent.

Abstract: A computer-implemented method enables reconstructing contents of blocks in a storage system having l availability zones (AZs), a set of n storage units in each AZ arranged as columns, and a set of m storage blocks in each storage unit. The storage blocks of n+1 of the storage units are parity blocks, where l?1 of the AZs each include an additional parity block. The method includes using the parity blocks and/or data in the AZs and reconstructing contents of blocks in the storage system having l availability zones (AZs) from a concurrent loss of: one of the AZs, a storage unit together with one storage block in one of the remaining l?1 AZs, and one further storage block in each of the remaining l?2 AZs of the storage system.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for implementing a blockchain-based workflow. One of the methods includes receiving a workflow specification that indicates one or more state transition methods to be performed by a smart contract on a blockchain network and one or more client service methods to be performed by one or more client devices off the blockchain network participating in a workflow. The smart contract is generated according to the workflow specification and includes the one or more state transition methods. A configurable client service logic is generated according to the workflow specification for each of the one or more client devices and includes the one or more client service methods. The smart contract is deployed to the blockchain network.

Abstract: Provided is a process of securing data in a distributed storage and processing application, the process including: obtaining a cluster of computing nodes, wherein: the cluster stores a plurality of ciphertexts; accessing a transformation key with a first computing node; transforming the ciphertext with the first computing node based on the transformation key into a transformed ciphertext configured to be decrypted with a temporary access key; decrypting the transformed ciphertext with the second computing node based on the temporary access key to obtain plaintext data.

Abstract: Networks and methods for use in authenticating messages are provided. One exemplary method generally includes receiving a message from a client, where the message includes a client certificate. The method also includes validating, by an application programming interface (API) gateway, a computing device based on a certificate identifying the computing device as a recognized computing device, and validating, by the API gateway, the client based on the client certificate via a global access manager, separate from the repository. The method further includes causing a security token indicative of the client to be generated, when the computing device and the client are validated, whereby the security token is indicative of the client and permits the message, from the client, to be delivered to one or more backend services.

Abstract: An information processing device that performs an authentication to authenticate a user and controls operations of an image processing device based on a result of the authentication, comprising: an application that accesses the image processing device and performs a process to enable the image processing device to operate; and an authentication server that performs the authentication to authenticate the user and sends application information relating to the application to the image processing device when successfully authenticating the user through the authentication. The application generates an access request including information relating to the application and sends the generated access request to the image processing device when accessing the image processing device in response to an instruction given by the authenticated user who is successfully authenticated through the authentication.

Abstract: A computer identifies one or more privacy settings. The computer receives a query for information. The computer determines whether a response to the query satisfies the one or more privacy settings. If the computer determines that the response to the query does not satisfy the one or more privacy settings, the computer alters the response to satisfy the one or more privacy settings.

Abstract: Systems and methods for facilitating hibernation mode transitions for virtual machines. An example method comprises: disabling modifications of a hardware configuration parameter of a virtual machine running in a hibernation state on a host computer system; and responsive to determining the hardware configuration parameter of the virtual machine has been modified, causing the virtual machine to discard, upon awakening, a previously saved memory state.

Abstract: A network media system forms a group comprising a first networked device and a second networked device using a first media playback protocol. The network media system includes the first networked device and the second networked device. The network media system determines a group coordinator for the group using the first media playback protocol. The network media system transmits, to a media source device, a group network identity using a second media playback protocol. The media source device and one of the first networked device and the second networked device are configured to use the first media playback protocol and the second media playback protocol. The first media playback protocol and the second media playback protocol are incompatible.

Abstract: In an example, there is disclosed an apparatus, including: a network interface to communicatively couple to an internet of thing (IoT) having at least one edge device; a gateway engine to provide gateway services to one or more edge devices via the network interface; and one or more logic devices, including at least one hardware logic device, providing an adaptive security engine to: compile a periodic device interaction summary (DIS) for the edge device; send the DIS to a cloud service; receive from the cloud service a DIS signature for the edge device; determine that one or more interactions from the edge device are suspicious; and act on the determining.

Abstract: Mechanisms are provided for providing a private consolidated cloud service architecture. The mechanisms operate to implement a private consolidated cloud service (PCCS) engine. The PCCS engine generates a private consolidated cloud (PCC) for a consumer based on one or more PCC characteristics specified by a request from the consumer. The PCCS engine also generates, in the PCC, for each of a plurality of public cloud services, a private instance of the public cloud service in the PCC. The PCC receives, from a consumer device, a request for processing of consumer private data by a specified private instance of a public cloud service in the PCC. The private instance of the public cloud service in the PCC performs the requested processing of consumer private data within the PCC without exposing the consumer private data outside the PCC. The PCC provides results of the requested processing to one of the consumer device or the public cloud service.

Abstract: Systems and methods are provided for implementing reciprocal data sharing in a data exchange system. Limitations may be placed on the amount of data an exchange member may access based on the amount of data that exchange member has contributed. The system may include determining a data contribution associated with a first member of the data exchange, determining a data access limit for the first member based on the data contribution, and providing data to the first member when the first member has not exceeded the data access limit. In some embodiments, there may be separate data access limits for each member of the data exchange, so that a first member may have different access limits when accessing data from a second member, data from a third member, and data from a fourth member. Further, the system may limit a requester to a type of data that corresponds to the type of data contributed.

Abstract: One embodiment provides a method for retrospective snapshot creation including creating, by a processor, a first snapshot that captures logical state of a data store at a first key. Creation of the first snapshot is based on determining a log offset corresponding to the first key, determining existence of a second snapshot that captures logical state of the data store and recording a retrospective snapshot at a last valid log address offset prior to the first key upon a determination that the second snapshot exists based on determining at least one of: whether log address offsets from a first log entry of a log to a log entry of the log at the first key are contiguous and whether log address offsets from the second snapshot to the first key are contiguous.

Abstract: A data processing system with technology to secure a virtual machine control data structure (VMCDS) comprises random access memory (RAM) and a processor in communication with the RAM. The processor comprises virtualization technology that enables the processor to run a virtual machine monitor (VMM) in the data processing system and to run guest software in a virtual machine (VM) that is managed by the VMM. The VM is based at least in part on a VMCDS for the VM. An instruction decoder in the processor recognizes and dispatches a set-mask instruction. The set-mask instruction specifies access restrictions to be imposed on the VMM with respect to the VMCDS of the VM. The processor also comprises a mask enforcer to automatically enforce the access restrictions specified by the set-mask instruction, in response to an attempt by the VMM to access the VMCDS of the VM. Other embodiments are described and claimed.

Abstract: Systems and methods for authorizing operations associated with blocked media assets using two-factor authentication. In some aspects, a media guidance application (e.g., executed by a set-top box or other user equipment used to store and display media assets) prompts a user for a password (e.g., a personal information number) in order to unlock the content for viewing. In response to receiving a second request from the user to perform an operation related to the media asset (e.g., delete), the media guidance application prompts the user for an additional factor confirming his or her identity, consistent with two-factor authentication protocol. If the user's identity is authenticated as a user that has authority to perform the operation related to the media asset (e.g., delete the stored media asset), the media guidance application performs the operation related to the media asset (e.g., deletes the media asset).

Abstract: Facilitating exclusive access to a workflow of a service provider via a mobile wallet interface involves, within a client runtime environment, activating through the interface a service provider-specific application so that the service provider-specific application has exclusive access to a secure electronic transaction workflow of the service provider associated with at least one of the service provider-specific application and the wallet, while being denied access by the client runtime environment to any other service provider services or resources.

Abstract: Examples described herein include systems and methods for controlling access to a server, such as an email server or a gateway, in situations where the identity of the requesting device is unknown or where the user device accesses the server using an unknown or unmanaged application. In one example, the system can utilize a user authentication credential included in the request to identify other devices belonging to the user that happen to be enrolled with the system. An out-of-band message can be sent to those enrolled devices, requesting confirmation from the user and, in conjunction with an authentication token, allowing the system to trust the previously unknown device. In the example of an unmanaged application attempting to access an email server, the system can confirm compliance of the requesting device and issue an authentication token that, along with an appropriate command sent to the email server, provides access.