Secured electronic data storage on a hard drive is described. A computer system that incorporates the hard drive includes a shrink, shred, and data randomization algorithm built into the read/write function of the computer system for the purposes of securing any data that is stored on the hard drive. Data to be stored on the hard drive is processed using the algorithm which shrinks, shreds, and randomly distributes the data into multiple storage locations, for example multiple partitions of storage, different data storage drives of the hard drive, different folders of a storage device, and the like. An electronic log of where the data is distributed is kept in electronic data storage, on the computer system and/or separate from the computer system, that allows the data on the hard drive to be retrieved, reassembled, decompressed, and if necessary decrypted, upon receipt of a read/access request.

The present application is directed to transparent execution of secret content. A device may be capable of downloading content that may include at least one secret portion, wherein any secret portions of the content may be directed to a secure workplace in the device not accessible to device operating system components, applications, users, etc. The device may then present the content in a manner that allows secret portions of the content to be executed without direct access. For example, the device may download content, and a director module in the device may direct any secret portions of the downloaded content to a secure workspace. During execution of the content, any inputs required by the secret portions may be provided to the secure workspace, and any resulting outputs from the secret portions may then be used during content presentation.

A mechanism for making multiple security schemes available in a single embedded system without requiring a firmware update or a hardware extension is provided. Embodiments provide firmware support for storing parameters related to each available security scheme and a selection mechanism to select the desired security scheme for the application utilizing the embedded system. Embodiments can also provide a status register to provide to a user an identification of the security scheme that is presently enabled on the embedded system. Embodiments can further prevent a malicious user from selecting an invalid security scheme.

Examples include a system and computer-implemented method to receive a notification from an application programming interface (API) of creation of a just in time (JIT) grant, the JIT grant defining a request for a user to be authorized to access a cluster according to a JIT policy; determine if access to the cluster by the user is authorized according to the JIT policy; grant access to the user to the cluster when access is authorized according to the JIT policy; and send a notification to the API that access by the user to the cluster is granted.

In one embodiment, a method for authenticating a user with an electronic device is disclosed. The method incudes receiving digital sensor data from a motion sensor over a signal acquisition time period; deleting a beginning portion of the digital sensor data prior to the signal acquisition time period; suppressing signal components in the data associated with voluntary movement of the user; signal processing the suppressed digital sensor data to extract signal features representing neuro muscular tone of the user; tabulating the extracted signal features over periods of time into a feature vector table; executing a predictive model with the feature vector table; generating a numerical degree of matching level based on the feature vector table and the user parameter set; and making a determination to either authorize the user or not based on the numerical degree of matching level. The predictive model is trained by a user parameter set.

One embodiment provides a method, including: receiving, at an information handling device, an indication to share content displayed by the information handling device with an individual; identifying, using a processor, a sensitivity level associated with an aspect of the content; identifying a permission level associated with the individual; determining, using a processor, whether the permission level enables the individual access to the aspect based on the sensitivity level; and censoring, responsive to determining that the permission level does not enable the individual access to the aspect, the aspect from the individual. Other aspects are described and claimed.

Described herein are a system and methods for obfuscating sensitive data during a data capture event in order to prevent unauthorized reproduction of that sensitive data. In some embodiments, an event listener detects an event likely to result in a data capture and notifies an obfuscation module. The obfuscation module then identifies sensitive data fields, determines an appropriate obfuscation technique for each data field, and obfuscates the identified data fields for the duration of the event. In some embodiments, any active data input actions may be canceled. In some embodiments, the data values within the obfuscated data fields may be revealed upon completion of the event.

Methods for secure random selection of t client devices from a set of N client devices and methods for secure computation of inputs of t client devices randomly selected from N client devices are described. Such random selection method may include determining an initial binary vector b of weight t by setting the first t bits to one: b.sub.i=1, 1≤i≤t, and all further bits to zero: b.sub.i=0, t<i≤N; each client device i (i=1, . . . , N) of the set of N client devices jointly generating a random binary vector b of weight t in an obfuscated domain on the basis of the initial binary vector b including: determining a position n in the binary vector; determining a random number r in {n, n+1, . . . N}; and, using the random number to swap binary values at positions n and r of the binary vector b.

Aspects of the disclosure relate to resource allocation and rebating during in-flight data masking and on-demand encryption of big data on a network. Computer machine(s), cluster managers, nodes, and/or multilevel platforms can request, receive, and/or authenticate requests for a big data dataset, containing sensitive and non-sensitive data. Profiles can be auto provisioned, and access rights can be assigned. Server configuration and data connection properties can be defined. Secure connection(s) to the data store can be established. Sensitive information can be redacted into a sanitized dataset based on one or more data obfuscation types. Crashed executor(s) can be detected and caged to prevent further use. Uncompleted task(s) for crashed executor(s) can be reassigned. The encrypted data can be transmitted, in response to the request, to a source, a target, and/or another computer machine and can be decrypted back into the sanitized dataset.

A system and method of deployment of malware detection traps by at least one processor may include performing a first interrogation of a first Network Asset (NA) of a specific NA family; determining, based on the interrogation, a value of one or more first NA property data elements of the first NA; obtaining one or more second NA property data elements corresponding to the specific NA family; integrating the one or more first NA property data elements and the one or more second NA property data elements to generate a template data element, corresponding to the specific NA family; producing, from the template data element, a malware detection trap module; and deploying, on one or more computing devices of a computer network, one or more instantiations of the malware detection trap module as decoys of the first NA.