Abstract: A protocol that is managed by a coordinating network element or third-party intermediary or peer network elements and utilizes tokens prohibits any subset of a union of the coordinating network element or third-party intermediary, if any, and a proper subset of the processors involved in token generation from substantively accessing underlying data. By one approach, processors utilize uniquely-held secrets. By one approach, an audit capability involves a plurality of processors. By one approach, the protocol enables data transference and/or corroboration. By one approach, transferred data is hosted independently of the coordinating network element. By one approach, the coordinating network element or third-party intermediary or a second requesting network element is at least partially blinded from access to tokens submitted by a first requesting network element. By one approach, a third-party intermediary uses a single- or consortium-sourced database.

Abstract: Events within a computer system are grouped in order to identify security threats and, in some cases, perform an action to mitigate the threat. In some aspects, a computing system event that meets a criterion, are identified. A first layer of computing resources is determined which includes computing resources referenced during the computing system event. A second layer of computing resources is then determined, the second layer including one or more of a parent process or file loaded by the first layer processes, a process writing to a file included in the first layer of computing resources, or a previous version of a file included in the first layer of computing resources. Similarities between computing resource pairs in the first and second layers are determined, and a group of high similarity pairs related to each other is identified. In some embodiments, a mitigating action is identified based on the group.

Abstract: Systems and methods for providing an API for a database system. The API may be provided to enable external application developers to build applications that can support the dynamic security model of the content management system and describe the runtime properties of records in data objects. The API of may provide a record property object and/or a query describe object when returning data set in response to a query by providing information about actions an end user can take on the data records, and to provide metadata required to understand a data response.

Abstract: A method including receiving, at a processor, credential requests for accessing the VPN environment from a first user device using a first interface and from a second user device using a second interface; transmitting, to the first user device, a first credential based at least in part on the first user device using the first interface; and transmitting, to the second user device, a second credential based at least in part on the second user device using the second interface, the first credential being different from the second credential. Various other aspects are contemplated.

Abstract: Updating a verifiable claim so that a duration of the verifiable claim can be modified without direct user input. A plurality of verifiable claims that have previously been issued to a user are accessed by a computing system. The plurality of verifiable claims include duration metadata that defines a duration of each of the plurality of verifiable claims. The duration metadata of each of the plurality of verifiable claims is monitored to determine those of the plurality of verifiable claims that are set to expire based on the defined duration. For those verifiable claims that are set to expire, a request is made to a party that issued each verifiable claim for update information that is configured to modify the duration of each verifiable claim. In response to receiving the update information, the duration of each verifiable claim is automatically updated without the need for any direct user input.

Abstract: Described herein are systems, methods, and software to enhance the management of responses to incidents. In one example, a method of improving responses to incidents in an information technology environment includes identifying an incident associated with a component of the information technology environment. The method further provides determining a predicted resolution time for the incident by each analyst of the plurality of analysts based on the incident response information and selecting an analyst to resolve the incident based on the predicted resolution times.

Abstract: Systems and methods for managing a list of huddle board participants are disclosed. The huddle collaboration system includes a huddle management system having an authentication module, a data processing module, a huddle board management module, and a module manager, among other suitable components. The system runs an automatic process to update a list of huddle boards and huddle board participants, which includes the process of adding or eliminating team members from the list of participants of one or more huddle boards and/or modifying a dotted line member's permissions within one or more huddle boards. The huddle board management module enables the automatic update of permissions assigned to a team member in one or more huddle boards, in a faster and more accurate manner; therefore enhancing the productivity of the huddle and leveraging the human and information technology resource of the company.

Abstract: An encrypted communication is correctly decrypted even when key exchange completion notification is delayed. A key storage (10) stores at least one common key which is shared with another encrypted communication device. A key selecting unit (11) selects an encryption key from the at least one common key stored in the key storage (10). An encrypting unit (12) generates encrypted data by encrypting, by using the encryption key, data to be transmitted to the other encrypted communication device. A transmitting unit (13) transmits, to the other encrypted communication device, the encrypted data with a key index, by which the encryption key is uniquely identified, added thereto. A receiving unit (14) receives the encrypted data with the key index added thereto from the other encrypted communication device. A key obtaining unit (15) obtains, from the at least one common key stored in the key storage (10), a decryption key corresponding to the key index added to the encrypted data.

Abstract: A method for sharing data in a multi-tenant database includes receiving, by a target account of a multiple tenant database, access rights of a share object in a first account of the multiple tenant database, wherein the share object having access rights to a database object of the first account and wherein access to the database object of the first account by the target account is based on the access rights of the share object. The method also includes receiving, by one or more processors of the target account, access rights to an alias object, wherein the alias object references the database object of the first account.

Abstract: The current embodiments offer a method to generate, send, and authenticate users through validations codes without the need for data retention. Codes are generated each time they are sent and received based on original and identifiable inputs. They are then compared to authenticate a user. Eliminating the need for data retention or persistence removes the risks associated with keeping data on the service provider's storage as can be maliciously accessed.

Abstract: The disclosed embodiments relate to securely transferring data between a source node and a destination node using an application whitelist. A control flow may be established between a source node and a perimeter gateway. the perimeter controller may receive a request to establish a node flow between an application executing on the source node and the destination node. the perimeter controller may determine whether the first application is included in an application whitelist that includes applications allowed to transfer data to nodes in a private network via a node flow. A node flow between the source node and destination node may be established upon determining that the first application is included in the application whitelist to facilitate secure data transfer between the source node and destination node.

Abstract: Systems, methods, and devices for implementing secure views for zero-copy data sharing in a multi-tenant database system are disclosed. A method includes receiving, by a cross-account, a grant to access a share object comprising a secure view and usage functionality associated with a secure user-defined function (UDF) to underlying data. The method includes accessing, by the cross-account, the share object using the grant. The method includes sending a request to a share component to cause the share component to implement the secure view and the usage functionality associated with the secure UDF. The method includes sending a query to the share component to cause the share component to implement the secure UDF.

Abstract: Embodiments of the invention are directed to a system that performs virtual private network authentication with a read only sandbox integration for virtual private network security. In this way, the invention matches an internet protocol address to a user portrait of user internet protocol addresses to confirm that the connecting device is the authentic user for accessing the virtual private network. If there is a discrepancy between the user portrait and the internet protocol address of the connecting device, the system launches a read only sandbox for connecting device interaction. The read only sandbox allows for bilateral communication with the connecting device where the system has full access to the connection device at a file level to interrogate file level data for confirmation.

Abstract: A proxy server enforces security rules on data accesses. Network traffic between a client application and a cloud application is routed to the proxy. The proxy tags data that is stored in the cloud applications in order to track the data. When a data request is received by the proxy, the proxy uses a set of rules to decide whether the requesting user is allowed access to the data from the cloud application.

Abstract: A collaboration system provides network access to a plurality of content objects. The collaboration system facilitates collaboration interactions between particular users by allowing or denying network access to the plurality of content objects based on user invitations. A computing module observes and records user-to-user or user-to-content collaboration invitations over the plurality of content objects. On an ongoing basis, a collaboration network graph is constructed and maintained, with updates to the collaboration network graph being continually applied based on observed collaboration interactions. On demand, such as upon receipt of a user request for access to a content object, the updated collaboration network graph is consulted so as to generate a then-current sharing boundary.

Abstract: A method and system to communicate VPN server information to a client application without providing a full list of VPN server IP addresses. Instead, the method includes VPN server selection criteria that can be requested by client applications, such as “Free or Premium servers”, “Geolocation”, “Load”, “Streaming and protocol capabilities”, etc. A tagged data payload (e.g., JSON) can be used to provide these criteria, upon a request by a client application. Various groupings of VPN servers can be represented by the above criteria. The method communicates the available VPN servers to a client application without sending and revealing the full list of VPN servers stored in the VPN infrastructure. This makes the VPN server selection efficient, reduces network load and VPN tunnel establishing time, also, ensures confidentiality of VPN server lists that is important for any of VPN service providers and users.

Abstract: A relative risk can be determined using an originating Internet Protocol (IP) address as an identifying factor for purposes of authenticating a user. The originating IP address can be used as an identifying factor for a particular user account to determine potentially fraudulent activity and reduce the risk of fraud. This additional identifying factor can be used as a part of an overall authentication platform to help screen fraud attempts and to authenticate valid and non-fraudulent users. Using certain aspects can distinguish whether originating IP addresses are public or private. Some examples can track and match originating IP addresses to user accounts and also can keep track of recently active sessions for each IP address.

Abstract: An application-specific integrated circuit (ASIC) and method are provided for executing a memory-hard algorithm requiring reading generated data. A processor or state machine executes one or more steps of the memory-hard algorithm and requests the generated data. At least one specialized circuit is provided for generating the generated data on demand in response to a request for the generated data from the processor. Specific embodiments are applied to memory-hard cryptographic algorithms, including Ethash and Equihash.

Abstract: An information handling system may include a host system processor and a storage resource communicatively coupled to the host system processor. The storage resource may be configured to, responsive to receiving a command from the host system processor relating an address range of the storage resource, create an entry in a drive status table stored in a persistent storage area of the storage resource, the entry setting forth information indicative of the address and a completion status of the command and update a status of the address range in the drive status table as steps of the command are completed by the storage resource, such that, if a drive event occurs preventing full completion of the command, the host system processor may access the drive status table to determine a status of the command, and take a remedial action based on the status of the command.

Abstract: Embodiments disclosed herein describe one or more servers of an enterprise system that may be configured to receive security and vulnerability information from a plurality of data sources and then rate them based upon their respective variance from an enterprise policy or status quo configuration in a related process area. The servers may execute scoring modules to normalize the data received from the data sources to tailor the system response to a given vulnerability. As such, identified vulnerabilities may be rated according to the needs of the enterprise, rather than being rated according to the factory or default configurations of a particular data source.