Abstract: A request to replicate a first account maintained by a data platform is received. Based on the request, account data associated with the account is accessed. The account data comprises security configurations for the first account. In response to the request, the first account is replicated using the account data. A second account results from replicating the first account. The replicating of the first account comprises automatically replicating the security configurations for the first account to the second account. The replicating of the security configurations comprises replicating an identity management configuration of the first account; replicating an authorization configuration of the first account; and replicating an authentication configuration of the first account.

Abstract: A computer network data center includes a persistent storing device storing raw data from an external data source, a multi-core parallel modelling system coupled to the persistent storing device, and a gateway server coupled to the persistent storing device as a reverse firewall. In operation, the raw data in the persistent storing device is not erased, altered or destroyed. The multi-core parallel modelling system processes the raw data to provide anonymized information for an external user device. The gateway server has a communication channel for secure communication with external devices but prevents access to the raw data stored in the persistent storing device by the external devices.

Abstract: Encryption interface technologies are described. A processor can include a system agent, an encryption interface, and a memory controller. The system agent can communicate data with a hardware functional block. The encryption interface can be coupled between the system agent and a memory controller. The encryption interface can receive a plaintext request from the system agent, encrypt the plaintext request to obtain an encrypted request, and communicate the encrypted request to the memory controller. The memory controller can communicate the encrypted request to a main memory of the computing device.

Abstract: A method for managing the operation of a group of a plurality of connected objects includes exchanging information between two of the connected objects of the group. The information relates to a state of each connected object participating in the exchanging of information. The method also includes triggering an action on a connected object participating in the exchanging of information. The triggering is based on the information received by this object.

Abstract: A system may select a list of servers in a computer network to perform behavioural profiling, wherein each server is associated with a domain name, the list of servers includes domain name entries, and the list of servers is prioritized according to a popularity value for each server. The system may update the list of servers based on a popularity threshold, partition the computer network into one of: subnetworks or subdomains, and establish a hierarchy along one of: the subnetworks or the subdomains based on the domain name entries in the list of servers. The system may update the popularity value for a server associated with a resolved network address, and may update the hierarchy along one of: the subnetworks or the subdomains based on the popularity value.

Abstract: A blockring service system may include a processor and memory, wherein the processor is configured to: receive a blockring request from the at least one user node; parse the request to derive blockring parameters; generate a blockring having a plurality of blocks connected by bonds based on the blockring parameters; and send the blockring to the at least one user node for distribution.

Abstract: Disclosed are non-limiting methods for authenticating devices, comprising receiving a request for a device authentication identifier, transmitting a device authentication request message via a frame embedded in a webpage of a merchant website, the device authentication request message comprising challenge data associated with a challenge, receiving a device authentication response message via the frame embedded in the webpage of the merchant website based on the device authentication request message, the device authentication response message comprising challenge response data associated with a challenge response, transmitting the device authentication identifier message based on the device authentication response message, receiving a transaction request message for a transaction, comprising the device authentication identifier and transaction data associated with the transaction, determining the device score based on the device authentication identifier, and generating, an authorization request message based

Abstract: Various approaches for memory encryption management within an edge computing system are described. In an edge computing system deployment, a computing device includes capabilities to store and manage encrypted data in memory, through processing circuitry configured to: allocate memory encryption keys according to a data isolation policy for a microservice domain, with respective keys used for encryption of respective sets of data within the memory (e.g., among different tenants or tenant groups); and, share data associated with a first microservice to a second microservice of the domain. Such sharing may be based on the communication of an encryption key, used to encrypt the data in memory, from a proxy (such as a sidecar) associated with the first microservice to a proxy associated with the second microservice; and maintaining the encrypted data within the memory, for use with the second microservice, as accessible with the communicated encryption key.

Abstract: An enterprise security system is improved by instrumenting endpoints to explicitly label network flows according to sources of network traffic. When a network message from an endpoint is received at a gateway, firewall, or other network device/service, the network message may be examined to determine the application on the endpoint that originated the request, and this source information may be used to control routing or other handling of the network message.

Abstract: Systems and methods for memory isolation are provided. The methods include receiving a request to write a data line to a physical memory address, where the physical memory address includes a key identifier, selecting an encryption key from a key table based on the key identifier of the physical memory address, determining whether the data line is compressible, compressing the data line to generate a compressed line in response to determining that the data line is compressible, where the compressed line includes compression metadata and compressed data, adding encryption metadata to the compressed line, where the encryption metadata is indicative of the encryption key, encrypting a part of the compressed line with the encryption key to generate an encrypted line in response to adding the encryption metadata, and writing the encrypted line to a memory device at the physical memory address. Other embodiments are described and claimed.

Abstract: Methods and systems for using consent policies to determine whether to proceed with actions relative to persons based on a hierarchy of consent values for that person are described. Responsive to a query, records are retrieved which pertain to a person's consent for another entity to perform an action relative to the person in view of data privacy laws. A consent policy is selected. The selected consent policy includes rules that are configurable to reflect a manner to comply with data privacy laws. The selected consent policy is applied to the records. Applying the selected consent policy comprises applying rules to find a result for a second level of the hierarchy of consent values, determining a result for a first level of the hierarchy of consent values, and applying rules to determine whether to proceed with the action relative to the person.

Abstract: Implementations of the disclosure are directed to proving and creating on a distributed ledger a verifiable transaction record of a transaction between a user associated with user device and an agent associated with agent system, where the identities of the user and agent are hidden. Some implementations are directed to providing for hidden identity of claims where a distributed ledger identity of a user may be masked from an agent.

Abstract: A system and method are disclosed for making Virtual Private Network (VPN) connections in networks, which currently cannot have VPNs due to technical limitations and some practices by network operators. The system and method are a solution that may be independent of VPN protocols used for making secure connections. The system and method can be used in a public cloud on the internet or a in a private network. The system and method are capable of providing VPN connections “everywhere” and in all connection scenarios.

Abstract: The systems and methods of gesture triggered automatic erasure on a private network, comprising: establishing a secure and encrypted private network with one or more profile computing devices; embedding local information on a first profile within one or more secure objects; embedding transit information exchanged by the first profile on the private network within one or more secure objects at source and destination; receiving a signal from the first profile computing device; automatically deleting one or more of the secure objects with embedded local and transit information from all profile computing devices.

Abstract: Embodiments of the disclosure provide an apparatus for adding a protection function for an indirect access memory controller. The apparatus can include: a bus monitoring unit configured to monitor a bus address, perform permission authentication if a register controlling operation is detected, and configure a list entry if a permission list configuring operation is detected; an permission list unit configured to partition a memory space into several virtual memory protection areas and independently set an access permission attribute (i.e.: readable, writable, erasable, etc.) of each memory area; a window register information bus configured to provide window register information, i.e.

Abstract: Systems and methods for providing an API for a database system. The API may be provided to enable external application developers to build applications that can support the dynamic security model of the content management system and describe the runtime properties of records in data objects. The API of may provide a record property object and/or a query describe object when returning data set in response to a query by providing information about actions an end user can take on the data records, and to provide metadata required to understand a data response.

Abstract: A system and method for securely protecting consumer's or user data that is stored on servers or computers controlled by another person/entity is disclosed. The user's sensitive data is encrypted by using a user-provided encryption key and saved on the server. Each time in conducting a business transaction, the user provides an encryption key and causes the encrypted user's data to be decrypted on a server or a client computer. The resulted usable user data is then used in conducting business transactions such as making payment, making bank transactions, managing credit reports, medical records, and personal information, conducting multiple-party business transactions, doing computation services, etc. The encryption of stored data by using different private keys will remove the incentive to hack the whole database and thus create an ecosystem discouraging repeated mass data breaches.

Abstract: Systems and methods are disclosed for cross-platform token exchange. One method comprises receiving a primary token exchange request from an upstream entity, generating an ancillary detokenization request based on the primary token exchange request, and transmitting the ancillary detokenization request to an input token vault. An ancillary detokenization response comprising sensitive data may then be received from the input token vault, and one or more ancillary tokenization requests may be generated based on the ancillary detokenization response and the primary token exchange request. The one or more ancillary tokenization requests may be transmitted to one or more output token vaults. Subsequently, one or more ancillary tokenization responses may be received from the one or more output token vaults, each ancillary tokenization response comprising an output token.

Abstract: Methods and apparatus for identifying media are described. Example methods disclosed herein include presenting a graphical enable button via a display of a media presentation device, the graphical enable button, when selected, is to enable monitoring functionality implemented by the media presentation device, the monitoring functionality to monitor media presented by the media presentation device, the monitoring functionality to be disabled by default. Disclosed example methods also include detecting a first user input corresponding to selection of the graphical enable button and, in response to detection of the first user input: (i) enabling the monitoring functionality implemented by the media presentation device, and (ii) transmitting, via a network interface, information to a remote monitoring entity.

Abstract: Systems and methods for providing an API for a database system. The API may be provided to enable external application developers to build applications that can support the dynamic security model of the content management system and describe the runtime properties of records in data objects. The API of may provide a record property object and/or a query describe object when returning data set in response to a query by providing information about actions an end user can take on the data records, and to provide metadata required to understand a data response.