Unauthorized use of computer programs is made difficult by compiling a processor rather than just compiling a program into machine code. The way in which the processor should respond to machine instructions, i.e. its translation data, is computed from an arbitrary bit string B and a program P as inputs. The translation data of a processor are computed that will execute operations defined by the program P when the processor uses the given bit string B as a source of machine instructions. A processor is configured so that it will execute machine instructions according to said translation data. Other programs P may then be compiled into machine instructions B for that processor and executed by the processor. Without knowledge of the bit string B and the original program P it is difficult to modify the machine instructions B so that a different processor will execute the other program P.

Technologies for privacy-safe security policy evaluation include a cloud analytics server, a trusted data access mediator (TDAM) device, and one or more client devices. The cloud analytics server curries a security policy function to generate a privacy-safe curried function set. The cloud analytics server requests parameter data from the TDAM device, which collects the parameter data, identifies sensitive parameter data, encrypts the sensitive parameter data, and transmits the encrypted sensitive parameter data to the cloud analytics server. The cloud analytics server evaluates one or more curried functions using non-sensitive parameters to generate one or more sensitive functions that each take a sensitive parameter. The cloud analytics server transmits the sensitive functions and the encrypted sensitive parameters to a client computing device, which decrypts the encrypted sensitive parameters and evaluates the sensitive functions with the sensitive parameters to return a security policy. Other embodiments are described and claimed.

An electronic device is provided. The electronic device includes a user interface, a location sensor configured to sense a location of the electronic device, a processor electrically connected with the user interface and the location sensor, and a memory electrically connected with the processor and configured to store a first application program and a second application program. The memory is further configured to store instructions that, when executed, enable the processor to receive first location data with a first degree of accuracy regarding the location of the electronic device from the location sensor, process at least part of the first location data to generate second location data with a second degree of accuracy lower than the first degree of accuracy regarding the location of the electronic device, provide the at least part of the first location data to execute the first application program, and provide at least part of the second location data to execute the second application program.

According to an example of providing access to a portable computing device, a connection is established with a docking station. A request from the docking station to perform an action related to a portable computing device is received, and a rule associated with the portable computing device from a policy database is fetched. A determination is made whether to perform the action, and in the event that an action is to be performed, an instruction is transmitted to perform the action on the docking station.

A policy determination unit acquires a rule for a request for accessing data based on a preset access control policy, and selects whether to acquire attribute information about an attribute of each record of the data from the outside of a database in which the data is stored. As a result, when selecting acquisition of the attribute information, the attribute information is acquired and the rule based on the attribute information is evaluated, and when selecting no acquisition of the attribute information, the database is caused to execute filtering of the data based on the rule. Then, based on the evaluation result of the rule or the filtering execution result, a record of the data corresponding to the access request is acquired from the database.

Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, and detecting a possible attacker. The methods include monitoring of user-side input-unit interactions, in general and in response to an interference introduced to user-interface elements. The monitored interactions are used for detecting an attacker that utilizes a remote access channel; for detecting a malicious automatic script, as well as malicious code injection; to identify a particular hardware assembly; to perform user segmentation or user characterization; to enable a visual login process with implicit two-factor authentication; to enable stochastic cryptography; and to detect that multiple users are utilizing the same subscription account.