Abstract: Embodiments can provide a computer implemented method in a computing system including a processor and a memory comprising instructions, which are executed by the processor to cause the processor to implement a system for virtual reality user authentication, the method including responsive to a user request, generating, by a virtual reality system, a virtual reality authentication program splash screen based on at least one of a user profile and one or more real-life activities of the user; activating, by the virtual reality system, a virtual reality authentication module; prompting, through the virtual reality system, the user to perform one or more real-life tasks specific to the user involving motions using the virtual reality system; recording, through the virtual reality system, the motions using one or more sensors; and storing, using an authentication server, the motions of the at least one of the user as authentication requirements for accessing a virtual reality program.

Abstract: A system and method for operating a policy aware unification file system within a computer system that takes into account the security requirements of each file system as each file system is unified into the unified file system are provided. As the application is compatible with existing run time policies of files and directories within each file system that is to be unified, the application supports the enforcement of security policies or requirements of each file and/or directory that has been unified into the unified file system.

Abstract: An individual data unit for enhancing the security of a user data record is provided that includes a processor and a memory configured to store data. The individual data unit is associated with a network and the memory is in communication with the processor. The memory has instructions stored thereon which, when read and executed by the processor cause the individual data unit to perform basic operations only. The basic operations include communicating securely with computing devices, computer systems, and a central user data server. Moreover, the basic operations include receiving a user data record, storing the user data record, retrieving the user data record, and transmitting the user data record. The individual data unit can be located in a geographic location associated with the user which can be different than the geographic locations of the computer systems and the central user data server.

Abstract: Methods, systems, and devices for facilitating joint submissions. In an example embodiment, a system may facilitate a joint submission from multiple devices. For example, a primary device may receive data for a joint submission with a peripheral device, and the data may be segmented into sensitive and non-sensitive data.

Abstract: Aspects of the present disclosure include a system comprising a machine-readable storage medium storing at least one program and computer-implemented methods for detecting anomalies in revisions to a web document. Consistent with some embodiments, a method includes publishing, at a network-based content publication platform, a web document comprising a plurality of distinct elements generated using data received from a computing device of a user. The method further includes accessing an updated web document that was generated based on modifications to the published web document made by the user. The method further includes generating one or more anomaly scores based on a comparison of the updated web document to the published web document, and determining whether to allow publication of the updated web document based on a result of a comparison of the anomaly score to a threshold anomaly score.

Abstract: A method is provided for securely and efficiently accessing connection data of at least one telecommunication provider is provided, wherein the connection data is ascertained by the telecommunication provider and is encrypted by the telecommunication provider, the encrypted connection data is transmitted from the telecommunication provider to a secured environment, the connection data is decrypted in the secured environment and, for a first predetermined time period, is stored as decrypted connection data exclusively in a volatile memory of the secured environment, and the access to the connection data is exclusively granted as access to the decrypted connection data stored in the volatile memory of the secured environment via a predetermined interface of the secured environment.

Abstract: Based on a hidden service address table stored in a memory, a virtual circuit related to a hidden service is mapped to a corresponding port-level channel based on the hidden service's address. Data associated with the hidden service is routed between the virtual circuit and the port-level channel. This enables binding of high level anonymity protocols to low level communication services of a network fabric and ensures that other nodes in the network fabric can leverage fabric-hosted hidden services without requiring updates to an existing anonymity protocol.

Abstract: A data processing request is obtained containing blockchain data and an identifier used to identify a blockchain network to which the data processing request belongs. The identifier is extracted from the data processing request. Based on the identifier, corresponding processing logic associated with the data processing request is executed. The blockchain data is stored to a blockchain storage area corresponding to the identifier.

Abstract: The present invention relates to a technique of authenticating a user by using junk data randomly generated when a password is inputted. According to the present invention, a password is received from a user and is stored, and it is determined whether a password matches with an original password stored in a memory among junk data and a password inputted together in a user authentication step. At this time, if a password including the junk data matches, by at least a certain length or more, a password including junk data inputted in a previous authentication step, user authentication fails even if the separately extracted passwords match each other, such that security can be further enhanced.

Abstract: A method of controlling a data processing device, the method comprising: receiving, at the data processing device, a communication from a remote device wherein the communication comprises verification data; verifying the verification data at the data processing device; initiating an action by a watchdog associated with the data processing device based on the verification.

Abstract: This document discloses a method and system for just-in-time compression and optimization of raw unstructured in-line and in-transit data by identifying low entropy data blocks or duplicated information security information in raw computer security alerts within a series of time windows. In particular, the method and system automatically manages; processes; and optimizes in-line and in-transit data blocks or raw information security alerts received from a plurality of information surveillance sources and/or peripheral monitoring devices simultaneously. The data blocks or raw information security alerts that are found to be unique in the various time windows are transposed into meta-definition tables to be further processed while redundant data blocks or raw alerts contained within each particular time window are identified, marked and processed accordingly.

Abstract: An apparatus in one embodiment comprises a processing platform that includes one or more processing devices each comprising a processor coupled to a memory. The processing platform is associated with at least one storage device. The processing platform comprises a backend data classifier configured for communication with a data loss prevention system. The backend data classifier comprises a file analyzer configured to compare characteristics relating to current states of respective files stored in the storage device with information stored in a file history database, and an assignment module configured to assign classifications to respective ones of the files stored in the storage device based at least in part on comparison results from the file analyzer. The data loss prevention system is configured to perform different data loss prevention operations on different ones of the files stored in the storage device based at least in part on their respective assigned classifications.

Abstract: Methods and systems for providing quality of service to an information handling system may involve generating a new transport encryption key for a management controller group, notifying nodes in the management controller group to negotiate for the new transport encryption key, and encrypting a first message to be sent to a first node in the management controller group using a current transport encryption key. The new transport encryption key for encrypted communications in the management controller group and to replace a current transport encryption key. The first message encrypted after notifying the nodes in the management controller group to negotiate for the new transport encryption key. The nodes of the management controller group including the first node.

Abstract: The claimed subject matter provides systems and/or methods that effectuate a simple protocol for tangible security on mobile devices. The system can include devices that generate sets of keys and associated secret identifiers, employs the one or more keys to encrypt a secret and utilizes the identifiers and encryptions of the secret to populate a table associated with a security token device that is used in conjunction with a mobile device to release sensitive information persisted on the mobile device for user selected purposes.

Abstract: A communication framework is provided that can be configured to control or limit a network controller's ability to communicate, export, or share the network controller's data with others, such as with other network controllers in the network environment. As part of this framework, techniques are provided that enable constraints to be specified for a particular network controller, where the constraints control and limit the data that is permitted to be communicated from the particular network controller to other network controllers or intended data recipients in the network environment.

Abstract: A first set of data associated with one or more data stores is received. A distance from a representation of a subset of the first set of data to at least a second representation of another set of data in vector space is identified. In response to the identifying of the distance, the first set of data is anonymized. The anonymizing includes adding noise to at least some of the first set of data.

Abstract: Disclosed is a system for controlling access of one or more applications to a storage device, including: a storage device including one or more memories; and a kernel implemented between the applications and the storage device, in which when the kernel receives a first access request to the storage device from a first application, the kernel transmits to the storage device first memory address information to be accessed by the first application and a first access code included in the first access request, and the storage device stores a database for an authorized access code for each memory address information and controls the first application to access a memory corresponding to the first memory address information according to whether the first memory address information and the first access code are present in the database.

Abstract: The present application describes a method, system, and non-transitory computer-readable medium for exchanging encrypted communications using hybrid cryptography protocol. According to the present disclosure, a first device divides a first communication into at least a first secret and a second secret. The first device encrypts the first secret using a first cipher suite and the second secret using a second cipher suite. The first device generates a first signature of the first encrypted secret and the second encrypted secret according to a first signature generation algorithm associated with the first cipher suite and a second signature of the first encrypted secret and the second encrypted secret according to a second signature generation algorithm associated with the second cipher suite. The first device transmits the first encrypted secret and the second encrypted secret, the first signature, and the second signature to the second device.

Abstract: The invention relates generally to monitoring and managing network components, such as monitoring the network components to determine the vulnerabilities of network components, implementing remediation plans for the vulnerabilities, instituting remediation suppression for acceptable uses, instituting network component exceptions and rolling exceptions to other network components automatically, and taking consequence actions for the vulnerabilities. A network component exception may be implemented for a network component when the network component data meets custom criteria. When the custom criteria is met, the network component is automatically rolled into the network component exception process to automatically associate network component exceptions with network components that have data that meets the custom criteria. The network component exceptions prevent vulnerability actions from being taken with respect to the associated network components.

Abstract: A server, primary client device, and secondary device may be provided. The server may be configured to receive a login request sent by a secondary client device, the login request including a secondary account identifier and an encoded image, the secondary account identifier associated with a secondary account. The server may decode the encoded image to identify a primary account identifier and an expiration time indicator encoded in the encoded image. The server may determine that the secondary account is linked with a primary account. The server may compare the expiration time indicator with the request time to determine that the encoded image has not expired. The server may authorize privileged communication with the secondary client device in response to the secondary account being linked with the primary account and determination that the encoded image has not expired.