Abstract: A system includes an interface and a processor. The interface is configured to receive, at an application routing platform, an API call for an application platform comprising a signed tenant token. The processor is configured to determine that the signed tenant token is valid; determine an application platform token for the application platform; associate a root certificate with the application platform token; determine routing information to the application platform based at least in part on the API call; and provide the application platform the API call and the application platform token using the routing information to enable access to the application platform, wherein the application platform determines whether the application platform token is valid using the root certificate and executes the API call in response to a determination that the application platform token is valid.

Abstract: A distributed system, such as a distributed storage system in a virtualized computing environment and having storage nodes arranged in a cluster, is provided by management server with a transition period between non-encryption and encryption modes of operation. The transition period enables all of the nodes to complete a transition from the non-encryption mode of operation to the encryption mode of operation, without loss of data-in-transit (DIT). An auto-remediation feature is provided by the management server to the cluster, so as to fix inconsistent state(s) of one or more nodes in the cluster.

Abstract: The present disclosure relates to a circuit for performing a hash algorithm, computing chip, data processing device and method. A circuit includes: operation stages in a pipeline structure each including 0th to 15th expansion registers; expansion data operation logic modules each disposed between two adjacent operation stages including a first operation stage and its subsequent second operation stage, and including a first sub-module configured to compute data in a 0th expansion register of the second operation stage based on data in a 1st expansion register of the first operation stage and a second sub-module configured to compute data in a 15th expansion register of the second operation stage based on data in a 0th expansion register of the first operation stage: data in an (i?1)th expansion register of the second operation stage is data in an ith expansion register of the first operation stage.

Abstract: Aspects of the present disclosure relate to an apparatus comprising first interface circuitry to communicate with a first computing device and second interface circuitry to communicate with a second computing device. The first interface circuitry is configured to receive a handshake message from the first computing device. The second interface circuitry is configured to transmit the handshake message to the second computing device and to receive a handshake response message from the second computing device. The first interface circuitry is configured to transmit the handshake response message to the first computing device, whereby to establish a communication session between the first computing device and the second computing device.

Abstract: A remote browsing session is initiated between a remote browser client executing on a client device and a remote browser host executing on a remote browser server. The remote browser host receives from the client device, encrypted remote browser data of remote browser data that affects the remote browser session. The remote browser client does not have access to a decryption key for the encrypted remote browser data. The encrypted remote browser data is decrypted to reveal the remote browser data including data for one or more cookies. The remote browser host is configured with the remote browser data. The remote browser host manages updates to the remote browser data during the remote browsing session including updates to one or more cookies. Periodically, updates to the remote browser data are encrypted and transmitted to the remote browser client for storage.

Abstract: Examples of multi-persona account management in client devices are described. A client device can host a personal workspace, such as for personal data and applications of a user, along with a separate alternate persona workspace for work-related data and applications of the user. The client device interfaces with a management computing environment to enroll in device management services and establish the alternate persona workspace on the client device. In one example, the client device queries a management computing environment to establish an alternate persona workspace in the client device. The client device then creates the alternate persona workspace in the client device based on a response from the management computing environment, associates an alternate persona account with the alternate persona workspace, and receives a notification to install at least one application in the alternate persona workspace from an account administration environment of the alternate persona account.

Abstract: A method including utilizing, during an established VPN connection between the VPN server and a user device, a first exit IP address to transmit a first query to a host device for retrieving data of interest requested by the user device; determining that the host device has blocked the first exit IP address; establishing, during the established VPN connection, a secure connection with a secondary server to enable communication of encrypted data between the VPN server and the secondary server; and transmitting, during the established VPN connection and over the secure connection to the secondary server, an encrypted message identifying the host device and the data of interest to be retrieved from the host device to enable the secondary server to transmit a second query to request the data of interest based on utilizing a second exit IP address is disclosed. Various other aspects are contemplated.

Abstract: Preserving distributions of data values of a data asset in a data anonymization operation is provided. Anonymizing data values is performed by transforming sensitive data in a set of columns over rows of the data asset while preserving distribution of the data values in the set of transformed columns to a defined degree using a set of autoencoders and loss function. The autoencoders are base trained from preexisting data in a data assets catalog and actively trained during data dissemination. Parametric coefficients of the loss function are configured and the threshold is generated using policies from an enforcement decision for the data asset and data consumer. The loss function value of a selected row is compared to the threshold. Transformed data values of the selected row are transcribed to an output row when the loss function value is greater than the threshold and disseminated to the data consumer.

Abstract: In particular embodiments, in response a data subject submitting a request to delete their personal data from an organization's systems, the system may: (1) automatically determine where the data subject's personal data is stored; (2) in response to determining the location of the data (which may be on multiple computing systems), automatically facilitate the deletion of the data subject's personal data from the various systems; and (3) determine a cause of the request to identify one or more processing activities or other sources that result in a high number of such requests.

Abstract: An approach to exchanging information between data storage devices (DSDs) within a secure data center and an external fleet health manager (FHM) application includes querying one or more DSDs for data to be analyzed, including providing a unique query identifier, whereby a particular DSD responsively provides (i) a device identifier identifying itself, (ii) a random key code for authentication and integrity purposes, (iii) the data to be analyzed, and (iv) the query identifier for the FHM application to verify. The FHM application can then digitally sign a corrective action payload, using the key code from the particular DSD, including the query identifier and the device identifier and a recommended corrective action, and transmit the signed corrective action payload to the data center for application to the particular DSD, whereby the DSD can execute pre-defined fundamental repair action operation(s) corresponding to the corrective action for in-situ repair.

Abstract: Techniques for dynamic server groups that can be patched together using stream clustering algorithms, and learning components in order to reuse the repeatable patterns using machine learning are provided herein. In one example, in response to a first risk associated with a first server device, a risk assessment component patches a server group to mitigate a vulnerability of the first server device and a second server device, wherein the server group is comprised of the first server device and the second server device. Additionally, a monitoring component monitors data associated with a second risk to the server group to mitigate the second risk to the server group.

Abstract: The present disclosure describes techniques of encryption and decryption. The described techniques comprise obtaining a digital code to be encrypted; obtaining at least one predetermined rule; generating an encrypted digital code by rearranging and reorganizing bits comprised in the digital code to be encrypted based on the at least one predetermined rule; and delivering the encrypted digital code to a client computing device.

Abstract: Embodiments described herein provide a privacy mechanism to protect user data when transmitting the data to a server that estimates a p-th frequency moment, Fp for p?[1, 2] and p low-rank approximation for p?[1, 2). The privacy mechanism uses an encode-shuffle then analyze (ESA) framework that provides a compromise between the central and local model of privacy.

Abstract: Disclosed are examples of systems, apparatus, devices, computer program products, and methods implementing aspects of a decentralized content fabric. In some implementations, one or more processors are configured to provide fabric nodes of an overlay network, including one or more fabric nodes that receive a client's request to access digital content on the overlay network. The request includes an authorization token digitally signed by or on behalf of a user of the client. The fabric node(s) extract a user identifier (ID) from the authorization token, then determine that one or more rules maintained on the overlay network are satisfied. The one or more rules condition access to the digital content upon the extracted user ID matching an ID associated with an owner of a digital instrument. The digital instrument, which can be a non-fungible token, is stored in a blockchain ledger as a unique representation of the digital content.

Abstract: Techniques for identifying certain types of network activity are disclosed, including parsing network traffic to automatically recognize anonymous identifiers. Such techniques may be used to identify and eliminate malicious and/or undesirable network traffic, and to identify topics relevant to a user of a particular network device so that communications to such a user are more likely to relate to a topic of interest to the user.

Abstract: According to an embodiment, a method receives one or more messages associated with connecting a client and a first host. At least one of the messages comprises an encrypted portion indicating the first host and at least one of the messages comprises a cleartext portion indicating a second host. The method determines first and second sets of links associated with the first and second host, respectively. The first set is determined based on monitoring a result of connecting the client and the first host. The second set is determined based on observing behavior associated with connecting to the second host. The method detects domain fronting in response to determining, based on comparing the first set of links and the second set of links, that the first host differs from the second host.

Abstract: In one embodiment, a method comprises: receiving, by a secure executable container executed by a network device, a request initiated by a user for a community forum in a secure data network, the user having generated the request via an endpoint device and the user having established a two-way trusted relationship with the endpoint device in the secure data network; processing, by the secure executable container, the request for the community forum in the secure data network, the processing including causing a network device executing a community server to post the community forum in the secure data network according to identifiable features selected by the user; and preventing, by the secure executable container, any executable resource in the network device from accessing the secure data network without authorized access via a prescribed Application Programming Interface (API) required by the secure executable container.

Abstract: A schema for a hierarchical data structure may include application specific extensions to the schema applied to a hierarchical data structure. Class may be added to the schema by individual applications granted access to a hierarchical data structure. When an access request for an object of the hierarchical data structure is received, the class may be identified in the schema and applied to process the access request to the object. Different classes may be added by different applications without disrupting the utilization of the schema for accessing the hierarchical data structure of other applications.

Abstract: A method for mitigating misinformation in encrypted messaging environments includes receiving content from an originating user, encrypting the content into an originating message using a first encrypting key, appending an originating message identifier to the originating message, storing the originating message identifier on a messaging server in conjunction with transmitting the originating message to a first device corresponding to a first recipient, decrypting the originating message using a first decrypting key, storing the content on the first device to produce locally stored content and inserting the originating message identifier within metadata for the locally stored content. The method may also include encrypting the locally stored content into a new message intended for a second recipient, detecting the originating message identifier within the metadata for the locally stored content, and appending the originating message identifier to the new message.

Abstract: Performing cryptographic operations such as encryption and decryption may be computationally expensive. In some contexts, initialization vectors and keystreams operable to perform encryption operations are generated and stored in a repository, and later retrieved for use in performing encryption operations. Multiple devices in a distributed system can each generate and store a subset of a larger set of keystreams.