An intrusion detection system detects when an unexpected person enters the environment of a user who is in a meeting. A privacy protection action which is an action that is to be taken in response to the detected intrusion, is identified. Audio and/or video systems are then controlled to perform the privacy protection action. Machine learning can be used, based upon user interactions, to improve intrusion detection and other parts of the system.

According to an embodiment provided herein, there is provided a system that binds a trusted output session to a trusted input session. The system includes a processor to execute an enclave application in an architecturally protected memory. The system includes at least one logic unit forming a trusted entity to, responsive to a request to set up a trusted I/O session, generate a unique session identifier logically associated with the trusted I/O session and set a trusted I/O session indicator to a first state. The system includes at least one logic unit forming a cryptographic module to, responsive to the request to set up the trusted I/O session, receive an encrypted encryption key and the unique session identifier from the enclave application; verify the unique session identifier; and responsive a successful verification, decrypt and save the decrypted encryption key in an encryption key register.

In some examples, an electronic device includes a processor to determine an image frame includes protected information, the image frame having a first visibility, and modify, responsive to the determination, an area of the protected information to have a second visibility.

In one example, a method includes receiving a first indication of an incoming communication and determining that the incoming communication includes private information. The method may also include outputting, for display at a wearable computing device, a second indication of the incoming communication, wherein the indication includes non-private information. The method may also include determining, based on motion data generated by the wearable computing device, that a user of the wearable computing device is likely viewing the wearable computing device. The method may also include outputting, for display at the wearable computing device, an indication of the private information.

In response to a request for data protection of a first resource of a first system, data protection methods are identified to provide data protection for the first resource. One or more of the data protection methods are selected based on one or more data protection objectives of a data protection plan that is associated with the first resource. The data protection objectives collectively specify an expected outcome of the data protection plan. For each of the selected data protection methods, a list of actions to be performed is determined to satisfy expected outcome of the data protection objectives. The list of actions is deployed to the first system and a second system that provides data protection for the first system, including provisioning one or more data protection services in the first and second systems to carry out the list of actions.

Methods and systems for activating a display security application and initiating a privacy measure on a computing device are provided. A user opens and turns on an application on the computing device, which monitors the security of the screen. The security feature recognizes when an unauthorized user is within viewing range of the display of the computing device. The user is prompted to initiate a privacy measure or ignore the unauthorized user. If the user initiates the privacy measure, the unauthorized user is prevented from seeing the content on the display. The user may terminate the privacy measure when the unauthorized user is no longer within viewing range of the display.

The subject matter of this specification can be embodied in, among other things, a method that includes receiving at a computing device that is in a locked state, one or more user inputs to unlock the device and to execute at least one command that is different from a command for unlocking the device. The method further includes executing in response to the user inputs to unlock the device an unlocking operation by the device to convert the device from a locked state to an unlocked state. The method further includes executing the at least one command in response to receiving the user inputs to execute the at least one command. The at least one command executes so that results of executing the at least one command are first displayed on the device to a user automatically after the device changes from the locked state to the unlocked state.

A communication device. The communication device comprises a central processing unit (CPU), a graphics processing unit (GPU), and a non-transitory memory comprising executable instructions for a sharing application that when executed by at least one of the CPU or the GPU, causes the sharing application to transmit an executable of a trusted application to an endpoint communication device, begin execution of the sharing application in a trusted security execution zone (TSZ) execution mode for sharing media content, instantiate a trustlet application that begins execution by the CPU or the GPU in the TSZ execution mode, display a unit of media content on the communication device, determine whether the unit of media content comprises confidential information, and in response to a determination the unit of media content comprises confidential information, transmit commands to the trusted application to control one or more functions at the endpoint communication device.

The present disclosure includes systems and techniques relating to information flow and hardware security for digital devices and microprocessor systems. In general, in one implementation, a technique includes: receiving a hardware design specifying an implementation for information flow in a hardware configuration; receiving one or more labels annotating the hardware design; receiving a security property specifying a restriction relating to the one or more labels for implementing a secure information flow in the hardware configuration; designating each of the one or more labels to a corresponding security level in accordance with the specified restriction; and automatically assigning a respective value to each of the one or more labels in the hardware design, wherein each respective value is determined in accordance with the corresponding security level designated for each of the one or more labels.

Apparatuses, methods, systems, and program products are disclosed for watermark security. An apparatus includes a watermark module configured to generate a digital watermark to be presented as part of a graphical interface based on data presented on the graphical interface. A digital watermark verifies an authenticity of data to be presented in a graphical interface. An apparatus includes a presentation module configured to embed the digital watermark into the graphical interface prior to the data being presented in the graphical interface such that the digital watermark is graphically imperceptible to a user, dynamically update the digital watermark during runtime in response to detecting a change in the at least a portion of the data that is encoded into the digital watermark, and re-embed the digital watermark into the graphical interface in response to the digital watermark being updated.