A ransomware mitigation system and corresponding methods are provided. The ransomware mitigation system monitors the rate of modification of files on computing devices to determine whether the monitored rate of modifications exceeds a predetermined threshold. If the threshold is exceeded, then the ransomware mitigation system actuates a forced shutdown of the computing device and/or a forced disconnection of the network connection to the computing device. The ransomware mitigation system includes a software monitoring portion as well as a hardware switching unit. The software monitoring portion is in synchronous bidirectional communication with the hardware switching unit on a separate network. If the software monitoring portion is shutdown then the hardware unit actuates the shutdown and/or disconnection of the computing device(s). The hardware unit includes a hardware lock that requires physical presence of a person to allow for maintenance.

A system and method for encrypting and decrypting information is presented. In some embodiments, an endpoint token management system is provided for facilitating dynamic and random encryption and decryption methods. The system and methods may be employed in virtually any system or network, and may be used to protect virtually any type of data, whether at rest (data storage), in motion (data transfer), or in use. In some embodiments, synchronization points are used as analogs for encryption/decryption keys, enabling the encrypting system and decrypting system to begin randomly altering encryption data in a like-manner, thereby creating a constantly changing encryption field that is virtually impossible to decrypt without authorization.

Techniques for verifying the integrity of application data using secure hardware enclaves are provided. In one set of embodiments, a client system can create a secure hardware enclave on the client system and load program code for an integrity verifier into the secure hardware enclave. The client system can further receive a dataset from a server system and store the dataset at a local storage or memory location, and receive, via the integrity verifier, a cryptographic hash of the dataset from the server system and store the received cryptographic hash at a memory location within the secure hardware enclave. Then, on a periodic basis, the integrity verifier can compute a cryptographic hash of the stored dataset, compare the computed cryptographic hash against the stored cryptographic hash, and if the computed cryptographic hash does not match the stored cryptographic hash, determine that the stored dataset has been modified.

Embodiments are directed to countermeasures against hardware side-channel attacks on cryptographic operations. An embodiment of an apparatus includes multiple crypto cores; and a current source including multiple current source blocks, the current source blocks including a respective current source block associated with each of the crypto cores, and wherein the current sources blocks are switchable to switch on a current source block associated with each active core of the multiple crypto cores and to switch off a current source associated with each inactive core of the multiple cryptographic cores.

The disclosure relates to systems and methods for managing state using relatively small assistance from protected hardware. Obfuscated code segments may communicate with supporting protected hardware, store encrypted state values in main memory, and/or communicate via secure channels to secure platform hardware components. In various embodiments, consistent state may be achieved, at least in part, by computing secure tag information and storing the secure tag information in a secure and/or otherwise protected device register. Consistent with embodiments disclosed herein, the tag information may be used to derive keys used to encrypt and/or decrypt stored state information. Tag information may further be used in connection with verification operations prior to using the information to derive associated keys.

Methods for protecting software licensing information via a trusted platform module (TPM) are performed by systems and devices. When a licensing server is unreachable, a license is generated for a software application by a licensing manager. The license is generated via a secure register of the TPM using an asymmetric key, specific to the software application and policy-tied to the secure register, to generate a signature of a hashed license file for the software application. The asymmetric key is stored, mapped to the license file, and used for subsequent license validation. A licensing manager validation command is provided to validate the license using the key, as applied to the hash, to verify the signature and checking validity of the time stamp. Time stamp expiration or alteration of the license are determined to provoke invalidation indications for the validating application.

System for ex post facto upgrading of at least one Legacy personal communication device including a legacy modem and lacking at least one desired wireless communication feature, the system comprising an upgraded communication device including an auxiliary modem physically connected via an ex post facto physical connection to a Legacy personal communication device having at least one legacy wireless output channel which has been neutralized or disabled.

A paper tray access system for a printer includes a locking cover of paper tray, an authentication device, a weight sensor located beneath the paper tray, a printer display, a computing device including electrical circuitry, a memory storing program instructions and at least one processor. The computing device is configured to receive user input from the authentication device and determine whether the user input matches the authentication record. When user input matches authentication record, the computing device presents a selection on printer display to access a paper tray, receives the selection, records a first weight of the paper tray upon receiving the selection, unlocks the locking cover, records a second weight of the paper tray, calculates an amount of papers removed from paper tray when second weight is less than first weight, and calculates an amount of papers added to paper tray when second weight is greater than first weight.

Systems and methods for dynamic workspace targeting with crowdsourced user context are described. In some embodiments, an Information Handling System (IHS) of a workspace orchestration service may include a processor; and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution by the processor, cause the IHS to: detect execution of an application in a workspace instantiated by a client IHS; validate the application based upon productivity context information and security context information received from the client IHS; and in response to the validation, distribute the validated application to another workspace instantiated by another client IHS.

An electronic gaming machine (“EGM”) includes a processor circuit, a port coupled to the processor circuit, and a memory coupled to the processor circuit. The port is configured to communicatively couple to a license dongle. The license dongle is configured to store a license associated with a game. The license is usable to allow the game to be played on the EGM. The memory includes machine-readable instructions that, when executed by the processor circuit, cause the EGM to perform operations. The operations include providing an identifier of the license dongle to a separate entity. The operations further include, responsive to providing the identifier of the license dongle, receiving an indicator of the license associated with the game. The operations further include initiating the game on the EGM using the license.