Abstract: A computer-implemented method includes receiving, by an application, a request to copy application data of the application, where the application data includes sensitive data generated by the application. The application identifies each instance of the sensitive data in the application data. The application generates a clean copy of the application data, where generating the clean copy includes removing each instance of the sensitive data from the application data. The clean copy is returned responsive to the request to copy the application data.

Abstract: A cybersecurity system is provided that sums and scores one or more cybersecurity controls for different client computing systems that each have different attributes, needs, and interests. In addition, the cybersecurity system provides to each different client computing system auto-suggestions that suggest one or more ways in which the client computing system may improve the confidentiality, integrity, and availability of the information stored on the client computing system and/or improve the confidentiality, integrity, and availability of the underlying characteristics of the client computing system. In addition, the cybersecurity system verifies that the functioning of the client computing system has improved.

Abstract: A system provides access to a third-party application by a user without revealing at least one sign-on credential used to access the application to the user. The system includes an access management server and a permission server. The access management server hosts a user portal. In response to a user input from the user portal requesting to access the application, the access management server requests, from the permission server, confirmation of user's permission to access the application. The permission server determines whether access is confirmed using stored permission data, which includes applications the user is currently permitted to access. If the permission server confirms the user's permission, the access management server redirects the user to a sign-on page of the application, automatically enter the sign-on credentials in an anonymized format that is not readable by the user, and automatically submits the sign-on credentials.

Abstract: Examples described herein include virtualized environments including a virtualized file server. Examples of secure domain join processes are described which may facilitate joining a virtualized file server or portions thereof to a domain. In some examples, the secure domain join process itself, and/or an associated file server virtual machine, may have insufficient credentials to write objects into an active directory. The active directory credentials need not be shared with the file server virtual machine. Rather, in some examples, the secure domain join process may provide a user system with a list of actions to be performed using active directory credentials.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for storing blockchain data. One method includes receiving a request from an application component of a blockchain node to execute one or more software instructions in a trusted execution environment (TEE); determining one or more blockchain node blocks for executing the one or more software instructions; performing error correction coding of the one or more blocks in the TEE to generate one or more encoded blocks; dividing each of the one or more encoded blocks into a plurality of datasets; selecting one or more datasets from each of the one or more encoded blocks; and hashing the one or more datasets to generate one or more hash values corresponding to the one or more datasets for use in replacing the one or more datasets to save storage space of the blockchain node.

Abstract: A computer-implemented method is provided. The method may include determining a behavioral pattern of a user based on historical data access events and historical data access conditions corresponding to the historical data access events, wherein the data access events are associated with a computer enterprise system. A data access request from the user with respect to a secure resource may be received from a computing node connected to the computer enterprise system. A behavioral state of the user may be determined with respect to the data access request and data access conditions corresponding to the data access request. A discrepancy between the behavioral pattern and the behavioral state of the user may be detected. A security risk level may be determined based on the discrepancy. In response to determining that the security risk level exceeds a predetermined threshold, a security action may be performed with respect to the secure resource.

Abstract: Systems and methods of detecting an unauthorized data insertion into a stream of data segments extending between electronic modules or between electronic components within a module, wherein a Secret embedded into the data stream is compared to a Replica Secret upon receipt to confirm data transmission integrity.

Abstract: Systems and methods for providing one or more services to a device are disclosed. The device may be remote from a first network. The one or more services may be associated with the first network.

Abstract: An authentication device that uses biometric authentication includes an acquisition unit configured to acquire first biometric information of a user, a storage unit configured to store second biometric information which is preregistered, a processing unit configured to obtain an authentication determination value based on similarity between the first biometric information acquired by the acquisition unit and the second biometric information stored in the storage unit, and a decision unit configured to decide a service providable to the user based on the authentication determination value and a plurality of thresholds to which different services are respectively assigned.

Abstract: Aspects of the disclosure relate to processing authentication requests to secured information systems using machine-learned user-account behavior profiles. A computing platform may receive an authentication request corresponding to a request for a user of a client computing device to access one or more secured information resources associated with a user account. The computing platform may capture one or more behavioral parameters and activity data associated with one or more interactions with one or more non-authenticated pages. Then, the computing platform may evaluate the one or more behavioral parameters and the activity data using a behavioral profile associated with the user account. Based on this evaluation, the computing platform may identify the authentication request as malicious and may generate and send one or more denial-of-access commands to prevent the client computing device from accessing the one or more secured information resources associated with the user account.

Abstract: A method for generating device identifiers, including: receiving an identifier assignment request; in response to the received identifier assignment request, assigning a device identifier to a device, the device identifier being a unique identifier, wherein the device is to be assigned with the device identifier; and transmitting the device identifier to an identifier recording apparatus, wherein the identifier recording apparatus records the device identifier into the device.

Abstract: Embodiments described herein may be directed to systems, methods, apparatuses, devices, computer program products, computer-executable instructions, and/or applications for providing a remote cloud browsing session. A remote cloud browsing session may receive a request for Internet content from a user device, access the Internet content from an Internet content source, and transmit second Internet content to the user device based on the requested Internet content.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for storing blockchain data. One method includes receiving a request from an application component of a blockchain node to execute one or more software instructions in a trusted execution environment (TEE); determining one or more blockchain node blocks for executing the one or more software instructions; performing error correction coding of the one or more blocks in the TEE to generate one or more encoded blocks; dividing each of the one or more encoded blocks into a plurality of datasets; selecting one or more datasets from each of the one or more encoded blocks; and hashing the one or more datasets to generate one or more hash values corresponding to the one or more datasets for use in replacing the one or more datasets to save storage space of the blockchain node.

Abstract: In an example system for private key recovery performed by a processor of a key recovery computing system, a key recovery computing system is configured to provide an original private key. The original private key is associated with a storage location of a blockchain-based asset. The key recovery computing system is configured to receive supplemental recovery information provided by a user via a user computing device. A recovery seed is derived from at least a subset of the supplemental recovery information, wherein the recovery seed is non-invertible. The original private key and the recovery seed are stored relationally to the supplemental recovery information. In some embodiments, the processor is further configured to cryptographically protect at least one of the original private key and the recovery seed via a universal second-factor authentication (U2F) device.

Abstract: A novel method for stateful packet classification that uses hardware resources for performing stateless lookups and software resources for performing stateful connection flow handshaking is provided. To classify an incoming packet from a network, some embodiments perform stateless look up operations for the incoming packet in hardware and forward the result of the stateless look up to the software. The software in turn uses the result of the stateless look up to perform the stateful connection flow handshaking and to determine the result of the stateful packet classification.

Abstract: An identity profile of a user is tracked using previous message communications of the user. A message identified as potentially from the user is received. The identity profile of the user is identified and obtained. Information is extracted from a header of the received message. A security risk assessment of the received message is determined at least in part by comparing the extracted information with one or more corresponding entries of the identity profile of the user. A security action is performed based on the determined security risk assessment.

Abstract: A method includes generating a core record identification (ID) associated with an electronic document. A processor sets one or more access rules indicative of whether the electronic document may be edited after saving the document. The one or more access rules are associated with at least one administrator ID of an administrative user. The method further includes determining, based on a core record ID, whether or not to obtain the electronic consent of a consenting party. The processor evaluates whether the first consenting party ID must provide an electronic consent to the electronic document based on one or more organization consent rules indicative of i) whether consent is required for each access of the computing resource, and ii) whether per-user consent or organizational consent is required. The processor provides access to the computing resource based at least in part on the first consenting party and the core record ID.

Abstract: The disclosed embodiments relate to systems and methods for secure and efficient resource access using distributed directory caching techniques. Techniques include obtaining, from a directory service, client directory data associated with a client; providing the client directory data to a computing device associated with the client for caching on the computing device; identifying a request from the client; receiving, from the computing device, the client directory data that was cached on the computing device; and evaluating the request based on the received client directory data.

Abstract: A set of certificates are received at a gateway device from a management server, where each one of the certificates was generated by the management server upon determination that the gateway device is associated with a respective wireless sensing device (WSD). The gateway device receives from a first WSD an advertisement message indicating it is available for connecting to a gateway device. In response to confirming based on a first certificate of the set of certificates associated with the first WSD, that it is authorized to connect to the WSD, the gateway device transmits to the first WSD the first certificate and an identifier of the gateway device for enabling authentication of the gateway device at the WSD. The gateway device receives data from the first WSD, upon confirmation at the WSD that it is authorized to connect with the gateway device.

Abstract: A system and method are provided for setting access controls for a content item, the method comprising receiving a content item generated in association with a first online profile, determining contextual information associated with the content item, identifying, based on the determined contextual information, a second online profile associated with the content item, obtaining a first access control policy of the first online profile and a second access control policy of the second online profile, wherein each of the first access control policy and the second access control policy is associated with controlling access to the content item, determining, based on the obtained first access control policy and the second access control policy, a third access control policy for controlling access to the content item, and controlling access to the content item based on the determined third access control policy.