There is a need to provide a central processing unit capable of improving the resistance to power analysis attack without changing programs, lowering clock frequencies, and greatly redesigning a central processing unit of the related art. In a central processing unit, an arithmetic unit is capable of performing arithmetic operation using data irrelevant to data stored in a register group. A control unit allows the arithmetic unit to perform arithmetic processing corresponding to an incorporated instruction. At this time, the control unit allows the arithmetic unit to perform arithmetic processing using the irrelevant data during a first one-clock cycle.

In some examples, geographical track data obfuscation may include ascertaining geographical data points that include a first data point and subsequent data points. For each of the subsequent data points, a delta degree value may be determined as a difference between a subsequent data point and a corresponding previous data point. A first format preserving encryption (FPE) may be applied to encrypt longitude and latitude values of the first data point. A second FPE may be applied by applying a translation of a plurality of translations to encrypt each delta degree value. A total distance traveled, a total time, and/or a total elevation gain may be extracted from the encrypted first data point and the encrypted delta degree values.

This document discloses a method and system for just-in-time compression and optimization of raw unstructured in-line and in-transit data by identifying low entropy data blocks or duplicated information security information in raw computer security alerts within a series of time windows. In particular, the method and system automatically manages; processes; and optimizes in-line and in-transit data blocks or raw information security alerts received from a plurality of information surveillance sources and/or peripheral monitoring devices simultaneously. The data blocks or raw information security alerts that are found to be unique in the various time windows are transposed into meta-definition tables to be further processed while redundant data blocks or raw alerts contained within each particular time window are identified, marked and processed accordingly.

An enhanced information assurance system may comprise an improved computer including a central processing unit (CPU) emulator configured to extend the available machine instruction set. The CPU emulator may be configured to emulate machine language instructions taken from a nonnative set of secure opcodes. The CPU emulator may ensure that instructions and data in random access memory (RAM) remain encrypted at all times when in RAM, for example by storing the instructions and data in CPU registers when decrypted on an as-needed basis.

A processor capable of secure execution. The processor contains an execution unit and secure partition logic that secures a partition in memory. The processor also contains cryptographic logic coupled to the execution unit that encrypts and decrypts secure data and code.

The present application is directed to transparent execution of secret content. A device may be capable of downloading content that may include at least one secret portion, wherein any secret portions of the content may be directed to a secure workplace in the device not accessible to device operating system components, applications, users, etc. The device may then present the content in a manner that allows secret portions of the content to be executed without direct access. For example, the device may download content, and a director module in the device may direct any secret portions of the downloaded content to a secure workspace. During execution of the content, any inputs required by the secret portions may be provided to the secure workspace, and any resulting outputs from the secret portions may then be used during content presentation.

Methods and apparatus are described for automatically modifying web page source code to address a variety of security vulnerabilities such as, for example, vulnerabilities that are exploited by mixed content attacks.

Virtual field programmable gate array (VFPGA) duplicates and/or emulates a field programmable gate array through the use of base hardware and firmware that uses RAM as ROM or EPROM and provides control and monitoring and manipulation through the use of elementary and basic device functionality commands (machine code primitives) to accommodate the needs of polymorphic cipher engine software so that the software achieves the same results as thou it had access to programmable logic arrays, gate and logic blocks found in field programmable gate array chips.

Methods and systems for managing access to data stored in data storage systems are disclosed. To prevent malicious parties from gaining access to sensitive data stored in a data storage system, an access control system may be implemented. The access control system may include environmental monitoring of the physical environment and a registration process that assigns cryptographic key pairs to registered combinations of users and devices. The combinations may include an end device, a user of the end device, a display device, and an environmental sensing device (e.g., a camera). When an end device requests sensitive data, the registered user and devices may be authenticated using the key pairs generated during registration, and environmental data collected by sensing devices may be analyzed to determine whether the physical environment is secure. Provided the physical environment is secure, the sensitive data may be provided to and/or made accessible to the registered user.

Using a computer system, an instruction is received to define or modify a permission constraint corresponding to one or more files. A permission-instruction data set representing the permission constraint is stored in a data store. Subsequent to storing the permission-instruction data, a user request to access a particular file is intercepted. The data store is queried to determine whether any pending permission-instruction data set corresponds to the particular file. In response to the query, it is determined that the permission-instruction data set corresponds to the particular file. A permission constraint of the particular file is added or modified based on the permission-instruction data set. Based on the modified or added permission constraint, it is determined whether and/or an extent to which the user request is authorized. A response to the user request based on the determination as to whether and/or an extent to which the user request is authorized.