Abstract: The disclosure describes transmitting, by a user device to an infrastructure device, access information to enable authentication of the user device; calculating, by the user device, a hash of private data, the hash of the private data to be utilized for comparison with a hash of breached data that is compromised due to a data breach, the private data being different from the access information; verifying, by the user device based at least in part on communicating verification information with the infrastructure device, that the user device is authorized to have access to a plaintext version of the private data; transmitting, by the user device to the infrastructure device, the hash of the private data; and receiving, by the user device from the infrastructure device, a notification indicating a result of a comparison of the hash of the private data with the hash of the breached data.

Abstract: A method including receiving, by an infrastructure device from a manager device configured to manage network services provided by the infrastructure device, a manager request for requesting performance of an action associated with managing the network services, the manager request including a signature header signed by utilizing a manager private key associated with the manager device and a timestamp header identifying a point in time when the signature header was signed; determining, by the infrastructure device, a time difference between the point in time when the signature header was signed and a current time; authorizing, by the infrastructure device, the manager request based on determining that the determined time difference satisfies a predetermined duration of time; and enabling, by the infrastructure device, performance of the action associated with managing the network services based on authorizing the manager request is disclosed. Various other aspects are contemplated.

Abstract: Systems and methods for blurring connection information in virtual private networks are provided herein. In some embodiments, a method of blurring VPN connection metadata may comprise: receiving, by a VPN service provider infrastructure, a request from a user device to establish a VPN connection with one or more VPN servers, wherein the VPN service provider infrastructure includes a logic engine configured to perform statistical blurring of VPN connection metadata; establishing a connection between the user device and one or more target sites during a VPN session; receiving, from the one or more VPN servers, VPN connection metadata associated with the user's VPN connections and a user identifier associated with the user; performing statistical blurring of VPN connection metadata by modifying the VPN connection metadata using an unknown random value to create blurred connection metadata; and storing the blurred connection metadata in association with the user identifier received.

Abstract: A method for controlling access to process data includes encrypting process data of a process; receiving a request to access the process data; requesting a security code to access the encrypted process data; receiving the security code; authenticating the received security code; and granting access to the encrypted process data if the received security code is successfully authenticated and denying access to the encrypted process data if the received security code is not successfully authenticated.

Abstract: A method including receiving, by a responding device, verification information including a current fingerprint associated with a first instance of a source application stored on a transmitting device; determining, by the responding device based at least in part on the verification information, a verification fingerprint associated with a second instance of the source application stored on the responding device; comparing, by the responding device, the verification fingerprint with the current fingerprint; and transmitting, by the responding device based at least in part on the comparing, a result indicating whether a transmission packet to be transmitted utilizing the first instance of the source application potentially includes malicious content. Various other aspects are contemplated.

Abstract: A method including transmitting, by a transmitting device, verification information including a current fingerprint associated with a first instance of a source application stored on the transmitting device; determining, by a responding device based at least in part on the verification information, a verification fingerprint associated with a second instance of the source application stored on the responding device; comparing, by the responding device, the verification fingerprint with the current fingerprint; and selectively transmitting, by the transmitting device, transmission data utilizing the first instance of the source application based at least in part on a result of the comparing. Various other aspects are contemplated.

Abstract: A method including configuring a VPN server to determine, based on requesting data of interest from a host device, that the host device has declined to provide the data of interest; configuring the VPN server to verify, based on determining that the host device has declined to provide the data of interest, an identity of a secondary server with which the VPN server is authorized to establish a secure connection; configuring the VPN server to establish, based on verifying the identity of the secondary server, a secure connection with the secondary server to enable communication of encrypted information; and configuring the VPN server to transmit, to the secondary server, an encrypted message identifying the host device and the data of interest to be retrieved from the host device to enable the secondary server to request the data of interest from the host device is disclosed. Various other aspects are contemplated.

Abstract: A method including configuring a VPN server to assign, based on establishing a VPN connection, a first exit IP address to be utilized for retrieving information during the VPN connection; configuring the VPN server to determine, during the established VPN connection, a host device that is likely to block communication from the first exit IP address; configuring the VPN server to modify associated DNS settings to return communication information associated with the VPN server itself when the information is to be retrieved from the host device; configuring the VPN server to receive, during the established VPN connection, the information retrieved from the host device based on utilizing a second exit IP address associated with a secondary server; and configuring the VPN server to transmit, during the established VPN connection, the information to a user device in accordance with the modified DNS settings is disclosed. Various other aspects are contemplated.

Abstract: A method including configuring a VPN server to utilize a first exit IP address to transmit a query to a host device for requesting data of interest; configuring the VPN server to determine that the host device has blocked the first exit IP address; configuring the VPN server to establish, based on determining that the host device has blocked the first exit IP address, a secure connection with a secondary server to enable communication of encrypted information; and configuring the VPN server to transmit, to the secondary server over the secure connection, an encrypted message identifying the host device and the data of interest to be retrieved from the host device to enable the secondary server to transmit a second query to request the data of interest based on utilizing a second exit IP address, different from the first exit IP address is disclosed. Various other aspects are contemplated.

Abstract: A method including configuring a VPN server to receive, from a user device during an established VPN connection, a first data request to retrieve first information from a first host device; configuring the VPN server to transmit, during the established VPN connection, the first information to the user device based on utilizing a first exit IP address to retrieve the first information from the first host device; configuring the VPN server to receive, from the user device during the established VPN connection, a second data request to retrieve second information from a second host device; and configuring the VPN server to transmit, during the established VPN connection, the second information to the user device based on utilizing a second exit IP address, associated with a secondary server, to retrieve the second information from the second host device is disclosed. Various other aspects are contemplated.

Abstract: A method including determining, by a VPN server based on requesting data of interest from a host device, that the host device has declined to provide the data of interest to the VPN server; verifying, by the VPN server, an identity of a secondary server with which the VPN server is authorized to establish a secure connection; establishing, by the VPN server based on verifying the identity of the secondary server, a secure connection with the secondary server to enable communication of encrypted information between the VPN server and the secondary server; and transmitting, by the VPN server to the secondary server over the secure connection, an encrypted message identifying the host device and the data of interest to be retrieved from the host device to enable the secondary server to request the data of interest from the host device is disclosed. Various other aspects are contemplated.

Abstract: A method including receiving, by a VPN server from a user device during an established VPN connection, a first data request for the VPN server to retrieve first information from a first host device; transmitting, by the VPN server during the established VPN connection, the first information to the user device based on utilizing a first exit IP address to retrieve the first information from the first host device; receiving, by the VPN server from the user device during the established VPN connection, a second data request for the VPN server to retrieve second information from a second host device; and transmitting, by the VPN server during the established VPN connection, the second information to the user device based on utilizing a second exit IP address, associated with a secondary server, to retrieve the second information from the second host device is disclosed. Various other aspects are contemplated.

Abstract: A method including decrypting, by a user device based at least in part on utilizing a first trusted key generated by a trusted device, an assigned private key associated with the user device; decrypting, by the user device based at least in part on utilizing a second trusted key generated by the trusted device, a double-encrypted symmetric key to determine a single-encrypted symmetric key; decrypting, by the user device based at least in part on utilizing the assigned private key, the single-encrypted symmetric key to determine a symmetric key; and decrypting, by the user device based at least in part on utilizing the symmetric key, an encrypted folder stored on the user device to provide access to data included in the encrypted folder. Various other aspects and techniques are contemplated.

Abstract: A method including receiving, by a security device from a user device that is in a private network, a transmission packet for communication to a destination device over an open network; determining, by the security device based on receiving the transmission packet, whether the user device is permitted to transmit the transmission packet to the destination device over the open network; determining, by the security device based on determining that the user device is permitted to transmit the transmission packet to the destination device, whether the user device is permitted to utilize a protocol utilized by the user device to transmit the transmission packet; and determining, by the security device based on determining that the user device is permitted to utilize the protocol, whether the user device is permitted to utilize a transmission web application utilized by the user device to transmit the transmission packet is disclosed.

Abstract: Disclosed are systems and methods for determining, by a processor associated with a user device, encrypted authentication information by encrypting authentication information that is associated with authenticating the user device with a service provider, the encrypting utilizing one or more encryption keys; detecting, by the processor, an attempt to access a service to be provided by the service provider based on detecting transmission of a request for the service from the user device to the service provider; determining, by the processor, one or more authentication factors to be utilized to authenticate the user device with the service provider based on decrypting the encrypted authentication information by utilizing one or more decryption keys; and enabling, by the processor, authentication of the user device with the service provider based on enabling transmission of the one or more authentication factors to the service provider. Various other aspects are contemplated.

Abstract: In an embodiment, systems and methods for detecting malware are provided. A server trains a static malware model and a dynamic malware model to detect malware in files. The models are distributed to a plurality of user devices for use by antimalware software executing on the user devices. When a user device receives a file, the static malware model is used to determine whether the file contains malware. If the static malware model is unable to make the determination, when the file is later executed, the dynamic malware model is used to determine whether the file contains malware. The file along with the determination made by the dynamic malware model are then provided to the server. The server then retrains the static malware model using the received files and the received determinations. The server then distributes the updated static malware model to each of the devices.

Abstract: In an embodiment, systems and methods for detecting malware are provided. A server trains a static malware model and a dynamic malware model to detect malware in files. The models are distributed to a plurality of user devices for use by antimalware software executing on the user devices. When a user device receives a file, the static malware model is used to determine whether the file contains malware. If the static malware model is unable to make the determination, when the file is later executed, the dynamic malware model is used to determine whether the file contains malware. The file along with the determination made by the dynamic malware model are then provided to the server. The server then retrains the static malware model using the received files and the received determinations. The server then distributes the updated static malware model to each of the devices.

Abstract: A method including receiving, by an infrastructure device from a first user device, a request to provide a list of available user devices that are available for authenticating the first user device with a service provider; receiving, by the infrastructure device from the first user device, a selection message indicating a selection of a second user device for authenticating the first user device; transmitting, by the infrastructure device to the second user device based on receiving the selection message, an authentication message indicating that the second user device is to authenticate the first user device; receiving, by the infrastructure device from the second user device, one or more encrypted authentication factors associated with authenticating the first user device; and transmitting, by the infrastructure device to the first user device, the one or more encrypted factors associated with authenticating the first user device with the service provider is disclosed.

Abstract: In an embodiment, systems and methods for detecting malware are provided. A server trains a static malware model and a dynamic malware model to detect malware in files. The models are distributed to a plurality of user devices for use by antimalware software executing on the user devices. When a user device receives a file, the static malware model is used to determine whether the file contains malware. If the static malware model is unable to make the determination, when the file is later executed, the dynamic malware model is used to determine whether the file contains malware. The file along with the determination made by the dynamic malware model are then provided to the server. The server then retrains the static malware model using the received files and the received determinations. The server then distributes the updated static malware model to each of the devices.

Abstract: A method including receiving, at a VPN server from a user device during an established VPN connection between the VPN server and the user device, a data request for the VPN server to retrieve data of interest from a host device; utilizing, by the VPN server during the established VPN connection, a first exit IP address to transmit a query to the host device for retrieving the data of interest; determining, by the VPN server based on transmitting the query, that the first exit IP address is blocked by the host device; and transmitting, by the VPN server during the established VPN connection and based on determining that the first exit IP address is blocked, the data request to a secondary server to enable retransmission of the query to the host device by utilizing a second exit IP address is disclosed. Various other aspects are contemplated.