There is provided input circuitry to receive input data. Output circuitry outputs a sequence of instructions to be executed by data processing circuitry. Generation circuitry performs a generation process to generate the sequence of instructions using the input data with at least some of the instructions being grouped into functions. The sequence of instructions comprises an indirect control flow instruction comprising a field that indicates where a target of the indirect control flow instruction is stored. The target is an entry point to one of the functions and the generation process causes at least one of the instructions in the sequence of instructions to store a state of control flow speculation after execution of the indirect control flow instruction.

A secure storage system having authentication and cryptographic data protection is made by providing a mass-data memory and a security element communicatively coupled with the mass-data memory. This mass-data memory and the securing element are controlled by respective different control commands such that different drivers can be installed to operate the mass-data memory and the security element. A secured hardware data interface is provided between the mass-data memory and the security element, and the security element provides security-critical information concerning the data of the mass-data memory.

A proxy system is installed on a computing device that is in the network path between the device and the Internet. The proxy system, residing on the computing device, decrypts and inspects all traffic going in and out of the computing device.

One embodiment provides a method, including: receiving, at an information handling device, an indication to share content displayed by the information handling device with an individual; identifying, using a processor, a sensitivity level associated with an aspect of the content; identifying a permission level associated with the individual; determining, using a processor, whether the permission level enables the individual access to the aspect based on the sensitivity level; and censoring, responsive to determining that the permission level does not enable the individual access to the aspect, the aspect from the individual. Other aspects are described and claimed.

Intruder detection using quantum key distribution is disclosed. A request for a first key for use with a first application configured to execute on a computing device is received by a quantum computing system. The request includes information that identifies the application. In response to the request, a quantum key distribution (QKD) process to generate a key is initiated. It is determined that an intruder attempted to eavesdrop on the QKD process. A message is sent to the computing device that instructs the computing device to cause the first application to implement a reduced functionality mode of the first application.

Various implementations disclosed herein include devices, systems, and methods for per-pixel filtering. In some implementations, a method includes obtaining an image data frame. In some implementations, the image data frame includes a plurality of pixels. In some implementations, the method includes generating a respective pixel characterization vector for each of the plurality of pixels. In some implementations, each pixel characterization vector includes an object label indicating an object type that the corresponding pixel of the plurality of pixels represents. In some implementations, the method includes modifying corresponding pixel data of the plurality of pixels having a first object label. In some implementations, the method includes synthesizing a first modified image data frame that includes modified pixel data for the plurality of pixels having the first object label and unmodified pixel data for the plurality of pixels not having the first object label.

Aspects of the disclosure relate to resource allocation and rebating during in-flight data masking and on-demand encryption of big data on a network. Computer machine(s), cluster managers, nodes, and/or multilevel platforms can request, receive, and/or authenticate requests for a big data dataset, containing sensitive and non-sensitive data. Profiles can be auto provisioned, and access rights can be assigned. Server configuration and data connection properties can be defined. Secure connection(s) to the data store can be established. Sensitive information can be redacted into a sanitized dataset based on one or more data obfuscation types. RAM requirements and current RAM allocation can be diagnosed. Portion(s) of the current RAM allocation exceeding the RAM requirements can be rebated. The encrypted data can be transmitted, in response to the request, to a source, a target, and/or another computer machine and can be decrypted back into the sanitized dataset.

Aspects of the disclosure relate to resource allocation and rebating during in-flight data masking and on-demand encryption of big data on a network. Computer machine(s), cluster managers, nodes, and/or multilevel platforms can request, receive, and/or authenticate requests for a big data dataset, containing sensitive and non-sensitive data. Profiles can be auto provisioned, and access rights can be assigned. Server configuration and data connection properties can be defined. Secure connection(s) to the data store can be established. Sensitive information can be redacted into a sanitized dataset based on one or more data obfuscation types. RAM requirements and current RAM allocation can be diagnosed. Portion(s) of the current RAM allocation exceeding the RAM requirements can be rebated. The encrypted data can be transmitted, in response to the request, to a source, a target, and/or another computer machine and can be decrypted back into the sanitized dataset.

A computing device includes a secure storage hardware to store a secret value and processing hardware comprising at least one of a cache or a memory. During a secure boot process the processing hardware loads untrusted data into at least one of the cache or the memory of the processing hardware, the untrusted data comprising an encrypted data segment and a validator, retrieves the secret value from the secure storage hardware, derives an initial key based at least in part on an identifier associated with the encrypted data segment and the secret value, verifies, using the validator, whether the encrypted data segment has been modified, and decrypts the encrypted data segment using a first decryption key derived from the initial key to produce a decrypted data segment responsive to verifying that the encrypted data segment has not been modified.

At least one aspect of the present disclosure is directed to systems and methods of secure and privacy preserving device classification. A server can maintain a plurality of data records, each including an indication of a request and a known classification value. The server can train a context obfuscation model using each of the plurality of requests and known classification values. The server can train a classification model using resources and category information from a data structure in the memory of the client device. The server can transmit the context obfuscation model to a different plurality of client devices. The server can receive a request for classification including a classification vector and request metadata. The server can determine the classification of the device responsible for the request using the classification model. The server can transmit the device classification to the device responsible for the request.