Abstract: Methods and apparatus for distributing documents are provided. A source node can determine a map for a document, where the map can include information about a number of portions of the document and a corresponding number of distribution nodes. The source node can, for each portion of the number of portions of the document, send the portion of the document to the corresponding distribution node. The source node can record, at a distributed storage system, a first transaction that records information related to the map for the document using the source node. The source node can determine to distribute the document. After determining to distribute the document, the source node can: record a second transaction related to a distribution identifier associated with the map for the document at the distributed storage system and can send a distribution notification that comprises the map for the document and the distribution identifier.

Abstract: A method, non-transitory computer readable medium and apparatus for controlling access of a custom browser function are disclosed. For example, the method includes a processor that sends a request to a third party website, receives a hypertext markup language code and a browser script, renders the hypertext markup language code, detects that the browser script is trying to access a custom browser function, compares one or more parameters associated with the custom browser function to an access control list to control an access of the custom browser function, and executes the custom browser function when a match of the one or more parameters is found in the access control list.

Abstract: Systems, methods, and software can be used to improve the security for machine to machine communications. In some aspects, a method is disclosed comprising: receiving, at a vehicle, a connection request from an electronic device; receiving, at the vehicle, security posture information from the electronic device, wherein the security posture information comprises at least one of operating system update information or antivirus status information; and determining, by the vehicle, whether to connect to the electronic device based on the security posture information of the electronic device.

Abstract: Evaluating computers, devices, or endpoints on a network, such as a large network of computers in an enterprise environment. Detecting computers, devices, or endpoints that may present a security risk to the network or may be compromised in some way. Generating network traffic that, in some cases, should be ignored or should prompt specific, known responses. Detecting endpoint(s) that respond to such network traffic in an anomalous way, or otherwise attempt to perform certain operations based on such network traffic.

Abstract: Implementations of the present disclosure include identifying, by a relay that is communicatively linked with a first blockchain instance and a second blockchain instance in a unified blockchain network, a blockchain domain name of a first blockchain instance; identifying a blockchain domain name of the second blockchain instance; receiving, from a node of the first blockchain instance, an access request for accessing the second blockchain instance, wherein the access request including the blockchain domain name of the second blockchain instance; identifying a chain identifier of the second blockchain instance based on the blockchain domain name of the second blockchain instance, wherein the chain identifier of the second blockchain instance indicates a blockchain network configuration of the second blockchain instance; and providing access to the second blockchain instance for the first blockchain instance based on the blockchain network configuration indicated by the chain identifier of the second blockchai

Abstract: A content request communication, e.g., generated using a first processor of a device, can be transmitted to a web server. A response communication including content identifying a first value can be received from the web server. The first processor can facilitate presentation of the content on a first display of the device. A communication can be received at a second processor of the device from a remote server. The communication can include data representing a second value and can be generated at the remote server using information received from the web server. Further, the second processor can produce a secure verification output that can be presented on a separate, second display, representing at least the second value. The presentation on first display can at least partially overlap in time with the presentation on the second display.

Abstract: A method, system, and computer-usable medium are disclosed for providing a multi-access interface for network traffic, comprising: receiving information regarding topology of a virtual private network and storing the topology in the form of a routing table. A method, system, and computer-usable medium are disclosed for providing an interface for network traffic, comprising: in a virtual private network comprising a plurality of tunnels delivering only information associated with Open Systems Interconnect stack Level 3, receiving a network communication and performing multicast forwarding among the plurality of tunnels using multicast forwarding from Open Systems Interconnect stack Level 2.

Abstract: Data security access and management may require a server dedicated to monitoring document access requests and enforcing rules and policies to limit access to those who are not specifically identified as having access to the data. One example of operation may include selecting data to access via a user device, applying at least one policy to the data that limits access to the data to user profiles assigned privileges to the policy, encrypting the data, generating metadata indicating the policy and pairing the metadata with the data, and storing the data and the metadata in a policy server.

Abstract: Techniques for generating access control policy warnings and suggestions are disclosed herein. An access control policy change specifying changes to one or more permissions associated with the access control policy is received and, based on a set of requests for access associated with the access control policy, an access control policy warning is produced which specifying an indication of whether or not the changes to the one or more permissions should be permitted.

Abstract: The disclosed computer-implemented method for protecting website visitors may include (i) retrieving an instance of a website that was dynamically generated by aggregating multiple website subcomponents, (ii) decomposing the instance of the website into the multiple website subcomponents, (iii) checking whether a website subcomponent has been previously scanned by a security scanner, (iv) accelerating a review of the instance of the website by reusing results of a previous scan of the website subcomponent that was performed in response to retrieving a different instance of the website subcomponent rather than performing an original scan of the website subcomponent, and (v) protecting a visitor of the website by modifying a display of the instance of the website based on the accelerated review of the instance of the website that reused results of the previous scan of the website subcomponent. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A system and method for managing a trusted connection within a public cloud comprises transmitting a first token and a second token from a cloud service manager to a public cloud controller, initializing a public cloud manager in response to receipt of the first token and the second token, and generate a cloud certificate, and transmitting the cloud certificate and the second token from the public cloud manager to a management plane. The method further comprises establishing a trusted connection between the public cloud controller and the management plane in response to receipt of the cloud certificate and the second token by the management plane.

Abstract: Various examples are directed to systems and methods for secure communication sessions between a web application and a server. A session identifier routine executing at a computing device may receive a first request message comprising a session identifier field, the session identifier field comprising a client session identifier describing a communication session between the web application executing at the computing device and the server computing device. The session identifier routine may transform the client session identifier to a server session identifier using session identifier transformation data accessed from session vault persistence at the computing device. The session identifier routine may write the server session identifier to the session identifier field of the first request message and initiate sending the request message including the server session identifier to the server computing device.

Abstract: A processor includes a processing core to identify a code comprising a plurality of instructions to be executed in the architecturally-protected environment, determine that a first physical memory page stored in the architecturally-protected memory matches a first virtual memory page referenced by a first instruction of the plurality of instructions, generate a first address mapping between a first address of the first virtual memory page and a second address of the first physical memory page, store, in the cache memory, the address translation data structure comprising the first address mapping, and execute the code by retrieving the first address mapping in the address translation data structures to be executed in the architecturally-protected environment, determine that a first physical memory page stored in the architecturally-protected memory matches a first virtual memory page referenced by a first instruction of the plurality of instructions, generate a first address mapping between a first address of

Abstract: A device receives information identifying malicious behavior by a compromised endpoint device associated with a network and traffic associated with the compromised endpoint device after the malicious behavior is identified. The device receives endpoint device information identifying other endpoint devices associated with the network, wherein the compromised endpoint device is not one of the other endpoint devices. The device receives network device information identifying network devices associated with the network, and processes the traffic, the endpoint device information, and the network device information, with a machine learning model, to generate a security policy to isolate the malicious behavior. The device performs one or more actions based on the security policy to isolate the malicious behavior.

Abstract: A biometric authentication system may include a centralized database including stored biometric signature information for authenticating a user of one or more external systems. The biometric authentication system may extract data attributes from a biometric signature of the user and compare them to the stored biometric signature information in the database. The biometric authentication system may identify user identifier information associated with a signature key stored of the stored biometric signature information that matches the data attributes to authenticate the user to access secure information.

Abstract: Disclosed embodiments relate to systems and methods for security protection against threats to network identity providers. Techniques include identifying a first request from a client for access to a secure network resource; redirecting the client to an identity provider. The identity provider may be configured to authenticate the client and provide the client with data signed using a first identity provider key. Further techniques include identifying a second request from the client, the second request including a doubly-signed version of the data, verifying the doubly-signed version of the data using a second identity provider key corresponding to the first identity provider key and a second client key corresponding to the first client key; and allowing, conditional on a result of the verifying, the client to access the secure network resource.

Abstract: A method is provided for securely activating or deactivating functionality in a data processing system. The method includes determining to activate or deactivate a selected functional block of a plurality of functional blocks in the data processing system. An authentication key and a unique identifier are provided to a key derivation function of a function control circuit to produce a derived key value. The key derivation function is iteratively input with a sequence of function set identifiers, where each function set identifier is for identifying one or more of the functional blocks. Each function set identifier is paired with a previously derived key value from a previous iteration. A final iteration of the key derivation function provides a verification key for verifying the authenticity of the derived key value corresponding to the selected functional block to be activated or deactivated.

Abstract: A system is disclosed herein including a plurality of information handling systems (IHSs) coupled to and managed by a remote management system (RMS). According to one embodiment, each IHS may be configured to monitor data pertaining to the IHS, determine if the data triggers one or more events, and transmit a notification to the RMS if one or more events are triggered. The RMS may be configured to receive a notification transmitted from at least one IHS, select a policy to be applied to one or more of the IHSs based on the received notification, and transmit the selected policy to the one or more IHS s. The one or more IHSs may be further configured to receive the selected policy from the RMS, store the selected policy, and perform actions specified by the selected policy when policy rules specified by the selected policy are violated.

Abstract: The present disclosure relates to a method and system for enabling IOT security using a decentralized IOT security platform that leverages the advanced communication and blockchain security thread model to protect IOT eco-systems. The platform uses a multi-chain data schema including a device chain and an event chain. The multi-chain data schema uses a time-envelope mechanism to generate an event to connect different device chains and enforce a set of security rules through smart contracts. The method comprising receiving an encrypted block from IOT device with event data and verifying the device signature and identity based on certain rules within the device chain. Further, the method comprising determining access to event chain using previous token, current token and timestamp of the encrypted block and updating the event chain upon access determination. The event chain protects data integrity and confidentiality against malicious packets, unauthorized devices, weak encryption and man-in-the-middle attacks.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for storing blockchain data based on error correction code. One of the methods includes determining, by a blockchain node, block data associated with a current block of a blockchain; performing error correction coding of the block data to generate encoded data; dividing, based on one or more predetermined rules, the encoded data into a plurality of data sets; storing, based on the one or more predetermined rules, one or more data sets of the plurality of data sets; hashing each data set of remaining data sets of the plurality of data sets to generate one or more hash values corresponding to the remaining data sets; and storing the one or more hash values.