Abstract: The present technology pertains to a link service that can create, maintain, and service links to objects on behalf of a content management system or other services. The link service can share administration of links with other services when desired or can even allow other services to issue the link and manage the object that is the subject of the link while providing other functions to support the link. Additionally, link service can interface with a file system that can support links as actors in the file system, whereby greater control and flexibility in supporting links is provided. Link service can also accommodate servicing and management of links issued by legacy services, where the legacy services have unique link logic that should still be utilized to maintain a consistent user experience.

Abstract: Methods and system implement solutions for integrating encryption and emulation into native database formats and/or architectures. “Native” database is used to describe a database that has not been designed for end to end encryption, an off the shelf database deployment, and/or a commercially available database. According to some embodiments, various encryption systems and methods employ emulation operations to enable a native database and native database functions to leverage full encryption primitives. Various aspects integrate emulation operations into standard database implementations, where the emulation enables native database functions to operate on entirely encrypted data.

Abstract: A smart card may include a memory configured to store a user connection lease and user interface (UI) cache for a user and a private/public key pair of the smart card, with the user connection lease being bound to the private/public key pair of the smart card. The smart card may further include a processor coupled to the memory and configured to establish a communications link with a kiosk device to be shared by a plurality of different users, initiate a virtual session for the user at the kiosk device based upon the user connection lease and the private key responsive to establishing the communications link (with the smart card defining an endpoint for the virtual session authorization), and cause the kiosk device to launch the virtual session based upon the user UI cache.

Abstract: A method includes obtaining audit records. Each of the audit records indicates a timestamp for a corresponding message, at least one event type code selected from a plurality of event type codes for a corresponding audit event of the corresponding message, and an identifier for a corresponding system entity associated with creation of the corresponding message. A number of audit records are aggregated over a period of time. An audit file is generated to include the number of audit records and integrity information. Storage of the audit file is facilitated by utilizing a name of the audit file.

Abstract: A device implementing a system for device-relationship based communication includes at least one processor configured to establish, by a first device associated with a first user, a secure communication channel with a second device associated with a second user via a direct wireless connection. The at least one processor is configured to transmit, over the secure communication channel, first device-identifying information to the second device, and receive, over the secure communication channel, second device-identifying information from the second device. The at least one processor is configured to establish a particular type of relationship with the second device, store the second device-identifying information in association with an indication of the particular type of relationship established with the second device, and transmit, to the second device and over the secure communication channel, the indication of the particular type of relationship established with the second device.

Abstract: This invention provides systems and methods for data processing by means of an ongoing background process on an end-user's computer. As a user receives and generates data, files are analyzed. A container file is opened into the volatile memory and its contents (including data and metadata) are extracted, without requiring an index to be created. The extracted components are analyzed based on predefined characteristics.

Abstract: Various approaches for providing scalable network access processing. In some cases, approaches discussed relate to systems and methods for providing scalable zero trust network access control.

Abstract: Methods, systems, and apparatuses are described herein for improving computer authentication processes through the exclusion of certain merchants that may cause confusion. Indications of a plurality of different merchants, including merchant logos may be received. The indications may be processed to identify at least one similarity between a first merchant and a second merchant. A request for access to an account associated with a user and transaction data corresponding to the account may be received. Based on the similarity between the first merchant and the second merchant, at least one transaction corresponding to the first merchant may be removed to generate processed transaction record. An authentication question may be generated and a candidate response to the authentication question may be received. Based on the candidate response, access to the account may be provided.

Abstract: The present application discloses a method, system, and computer system for predicting responses to DNS queries. The method includes receiving a DNS query comprising a subdomain portion and a root domain portion from a client device, determining whether to obtain target address information corresponding to the DNS from a predictive cache, in response to determining to obtain the target address information from the predictive cache, obtaining the target address information from the predictive cache, and providing the target address information to the client device.

Abstract: Disclosed herein are system, method, and computer program product embodiments for encrypting and decrypting a sensitive data item using a zero-knowledge encryption protocol. An embodiment operates by receiving a request to decrypt the sensitive data item from a client. The embodiment retrieves the requested sensitive data item from a data store. The embodiment generates a result set by replacing a ciphertext value of the sensitive data item to be stored in the result set with a placeholder identifier. The embodiment retrieves a data encryption key (DEK) block from a DEK manager, wherein the DEK block comprises a DEK associated with the sensitive data item. The embodiment generates and encrypts a cipher ticket comprising the ciphertext value of the sensitive data item. The embodiment then sends the result set, the cipher ticket, and the DEK block to the client for decryption of the ciphertext value of the sensitive data item.

Abstract: A gunshot detection system includes gunshot sensor units and a control panel. The gunshot sensor units generate audio data and encrypt the audio data using an encryption key before storing the audio data and/or sending it to the control panel. The control panel decrypts received encrypted audio data using a decryption key. The encryption keys might be programmed at the control panel and distributed to the gunshot sensor units. The control panel would also store decryption keys for decrypting the audio data from each of the different gunshot sensor units. An additional layer of end-to-end encryption is provided for messages exchanged between the devices. The gunshot sensor units can also be equipped with wireless interfaces for communicating with the control panel over a communication network. To address potential bandwidth issues, the gunshot sensor units determine current network conditions and compress the audio data based on the current network conditions.

Abstract: A method for scalable vulnerability detection is provided. The method includes selecting at least a workload of a plurality of workloads deployed in a first cloud environment for inspection, wherein the workload includes a first volume; generating in a remote cluster an inspection node, the inspection node including at least a first disk, wherein the remote cluster provisions inspection nodes in response to demand for inspection nodes; generating a persistent volume (PV) on which the at least a first disk is mounted, wherein the at least a first disk is generated from a snapshot of the first volume; and generating a persistent volume claim (PVC) of the PV for an inspector workload, wherein the inspector workload is configured to inspect the PV for an object, and wherein inspector workloads are provisioned in response to demand for inspector workloads.

Abstract: A biometric scanner apparatus comprising a biometric sensor configured to scan at least a biological sample and receive a unique biometric pattern, a secret data extractor configured to receive the unique biometric pattern from the biometric sensor and generate an output comprising a sample-specific secret, and a sample identifier circuit communicatively connected to the secret data extractor wherein the sample identifier circuit is configured to produce at least an output comprising a secure proof of the sample-specific secret.

Abstract: Aspects of the subject disclosure may include, for example, identifying a first sensitivity level associated with a first data item, comparing the first sensitivity level to a first threshold, resulting in a first comparison, selecting a first device based on the first comparison, transmitting the first data item to the first device based on the selecting of the first device, identifying a second sensitivity level associated with a second data item, wherein the second sensitivity level is different from the first sensitivity level, comparing the second sensitivity level to a second threshold, resulting in a second comparison, selecting a second device based on the second comparison, wherein the second device is different from the first device, and transmitting the second data item to the second device based on the selecting of the second device. Other embodiments are disclosed.

Abstract: Examples associated with Bluetooth device pairing are described. One example includes storing a set of device pairings. Device pairings may indicate Bluetooth devices that are authorized to connect. An authorization signal is received from a first Bluetooth device. The authorization signal may seek approval to connect with a second Bluetooth device over a Bluetooth connection. A control signal is provided to the first Bluetooth device when a device pairing indicates the first Bluetooth device is authorized to connect to the second Bluetooth device.

Abstract: The application discloses an electronic operating device (100) arranged to protect communication between a consumer application (125) and a network-connected consumer device (300). The operating device protects a command message by signing the command message with a private key obtained from a key storage of the operating device (optionally also encrypting the command message with an encryption key), and sends the protected command message to the network controller (200). The network controller performs the verification of the signature of the command message such that legacy consumer devices without cryptgraphic capability can be used. The signature ensures that only authorised devices (100) can send commands to the consumer device (300).

Abstract: A rollover system is provided to facilitate transitioning of client devices in a shared account network environment, from an old password to a new replacement password. The switching of passwords may take place gradually during a rollout period for client devices without required downtime and reducing a risk of lockouts. During the rollover period, a prior salt is temporarily carried over to a new verifier for the replacement password. Two new verifiers are generated: a temporary new verifier using the old salt for verification during the rollover period and another new verifier using a different new salt for verification after the rollover period had expired. During the rollover period, authentication involves the use of the temporary new verifier with the old salt or by the old verifier and old salt of the prior password. After the rollover period, authentication is based on the new verifier with a new salt.

Abstract: The embodiment herein provides a system for securing computer infrastructure and one or more devices that depend on one or more cloud platforms. The system includes a memory, and a processor that stores and executes a set of instructions. The processor is configured to (i) extract one or more information data from at least one of the cloud platforms or the devices that depends on the one or more cloud platforms, (ii) execute compliance tests to identify compliance and non-compliance in the one or more information data, (iii) generate a network topology map by querying the one or more information data, (iv) classify a connectivity between the one or more devices and their nature, (v) compute risk metrics, (vi) re-execute the compliance tests to detect changes, and (vii) implement security compliances without impacting a production or operational environment of the one or more cloud platforms.

Abstract: Methods and apparatus are disclosed for unified security configuration management. A method may comprise: determine a security configuration to be executed; determine at least one security application which is installed on at least one node and is associated with the security configuration; format for the security configuration, instructions corresponding to each of the at least one security application, respectively; and send the instructions to the at least one node for respective configuration for each of the at least one security application.

Abstract: Methods, systems, and apparatuses are described herein for improving computer authentication processes through the generation of synthetic merchants. A plurality of different real merchant names may be received. The plurality of different real merchant names may be processed to determine one or more name elements. A request for access to an account associated with a user may be received. Based on the one or more name elements, one or more synthetic merchant names may be generated. Based on the one or more synthetic merchant names, synthetic transaction data may then be generated. A synthetic authentication question may be generated and presented to a user. A candidate response to the synthetic authentication question may be received. Based on the candidate response, access to the account may be provided.