Systems and methods are provided for scoped credentials within secure execution environments executing within virtual machines instances in an on-demand code execution system. In the on-demand code execution system, the execution environments are reset after every request or session. By resetting the single execution environment after each request or session, security issues are addressed, such as side-channel attacks and persistent malware. Additionally, the use of scoped credentials improves security by limiting the access rights for each code execution request or session to the smallest atomic level for the request or session. Following the request or session, the scoped credential is invalidated.

A data management system receives a status update request in which a target is specified and executes status update processing of updating a status of the target specified in the status update request. The status update processing includes transaction processing that is processing of updating first information and second information in an ACID (Atomicity, Consistency, Isolation, Durability) transactional manner. The first information is a first object group (one or more first objects) for each target. The first object is data that represents the status of the target. The second information is a second object group (one or more second objects) for each target. The transaction processing includes first processing of creating, updating, or deleting the first object corresponding to the specified target, and second processing of adding the second object including at least one of a content of the first processing and a summary of the first object to the second object group corresponding to the specified target.

An example method for restricting read access to content in the component circuitry and securing data in the supply item is disclosed. The method identifies the status of a read command, and depending upon whether the status disabled or enabled, either blocks the accessing of encrypted data stored in the supply chip, or allows the accessing of the encrypted data stored in the supply chip.

An integrated circuit includes a system memory, a security processor and a non-security processor. An attack against the integrated circuit is made more difficult based on using a key generated by the security processor. The security processor, as an example, reads a program image from the system memory and generates the key based on the program image. In some instances, a dedicated communication channel is provided for communication between the non-security processor and the security processor. The dedicated channel may be used to provide the key to the non-security processor for performance of a security operation.

An online data hub/portal that provides for data to be extracted from production environments, sanitized (removal of non-public information NPI) and loaded into non-production environment (e.g., testing and development environment). The online data hub/portal allows users to extract data from a disparate production applications into a first secure staging location that triggers identification of Non-Public Information (NPI), sanitization of the identified NPI and validation of the data (e.g., verifying that NPI has been identified and sanitized and that all relationships between data elements in downstream and upstream applications are kept intact). Once sanitized and validated, the data hub places the data in a second secure staging location that provides for loading the sanitized data into the non-production environment.

An example storage medium includes instructions that, when executed, cause a processor of a computing device to read, during start-up of the computing device, first configuration data from a first storage device of the computing device; read second configuration data from a second storage device of the computing device; determine that there is an inconsistency between the first configuration data and the second configuration data; check a tamper status of the computing device; based on the tamper status and the determination that there is an inconsistency between the first configuration data and the second configuration data: (i) clear a secure storage location of the computing device, the secure storage location storing data to access protected data; or (ii) replace the first configuration data on the first storage device of the computing device based on second data and continue the start-up of the computing device.

An apparatus includes a cryptographic key for decrypting content to be read from a storage media, and a control circuit. The control circuit is configured to, upon a boot of a server, dynamically generate a new boot authentication code using a prescribed method and determine a reconstituted boot authentication code. The reconstituted boot authentication code was reconstituted from an initial boot authentication code that was previously generated using the prescribed method. The control circuit is configured to compare the new and reconstituted boot authentication codes, and, based on a determination that the new and reconstituted boot authentication codes do not match, take a corrective action.

An operating system of a mobile device defines an interface for an MDM to ensure security of the device. A private personal MDM (PPMDM) instead interfaces with the operating systems and one or more enterprise MDMs (EMDM) implement security policies through the PPMDM subject to user control. Data may be flagged as associated with an EMDM based on source or location to enable deletion due to theft or disassociation with an enterprise. Blocks or threat detection according to an EMDM policy may be reported to an EMDM in a non-invasive manner.

A method of identifying one or more pieces of personal data associated with a data subject based at least in part on one or more triggering action; identifying a storage location of each of the one or more pieces of personal data associated with the data subject; automatically determining that a first portion of the one or more of the pieces of personal data has one or more legal bases for continued storage; automatically maintaining storage of the first portion of the one or more pieces of personal data; and automatically facilitating deletion of a second portion of the one or more pieces of personal data associated with the data subject.

Embodiments herein facilitate resisting side channel attacks through various implementations and combinations of implementations. In embodiments, this is accomplished by preventing sensitive data from consecutively following other data through potentially vulnerable resources which otherwise may cause data to leak. Where such vulnerabilities to attacks are known, suspected, or as a proactive precaution, a cleaner can be used to inhibit the sensitive data from passing through the vulnerable areas consecutively and thus inhibit the leakage. Embodiments also envision utilizing certain types of circuits to assist in preventing leakage. By using such circuits one can reduce or even potentially eliminate the requirement for cleaners as mentioned previously.