Abstract: Examples discussed herein disclose, among other things, an encrypting device. The encrypting device may include a key engine to obtain a first key associated with a first access level, and a second key associated with a second access level. The encrypting device may also include a multi-key encryption engine to encrypt a first portion of the plaintext with the first key, and encrypt a second portion of the plaintext with the second key, where the first portion may include more detailed information than the second portion, and where the first access level may be higher than the second access level.

Abstract: Disclosed are various embodiments for malware detection by way of proxy servers. In one embodiment, a proxied request for a network resource from a network site is received from a client device by a proxy server application. The proxied request is analyzed to determine whether the proxied request includes protected information transmitted in an unsecured manner. It is then determined whether the network resource comprises malware based at least in part on an execution of the network resource or whether the proxied request includes the protected information transmitted in the unsecured manner. The proxy server application refrains from sending data generated by the network resource to the client device in response to the proxied request when the network resource is determined to comprise the malware.

Abstract: A system may include a transaction history controller to store, in a distributed blockchain database, a first chain including a primary head node for a first subscriber to a social media history map service and multiple blocks each representing an online transaction for the first subscriber, and a second chain including a follower head node, linked to the primary head node, for a second subscriber and multiple blocks each representing an online transaction for the second subscriber. The transaction history controller may receive data representing a first online transaction for the second subscriber, format the data for the distributed blockchain database, store the formatted data as a new block in the second chain, receive a request to generate a trend report for a cluster of subscribers that includes the first and second subscribers, and generate the trend report dependent on the blocks in the first and second chains.

Abstract: The present disclosure relates to techniques for authentication of a user on a restricted website, or on an enterprise network with single sign-on, or on various other service systems with security restrictions using push notifications. One technique includes receiving an authorization request for a first application to access a resource, sending a first push notification to a second application, the first push notification requesting authentication of a user of the first application, receiving information indicating a response to the first push notification, sending a second push notification to the first application, the second push notification includes a status of the authorization request based on the response to the first push notification, receiving information indicating an outcome of the authentication request based on the response to the first push notification, and providing the first application access to the resource.

Abstract: Systems and methods for detecting anomalous data traffic over proxy servers in a data communications network. The method includes receiving, by a server computing device, network log data corresponding to data traffic during a timeframe. The method further includes normalizing the network log data using at least one of timestamp data of the network log data or IP address data of the network log data. The method also includes extracting risk-based data features from the network log data. The method further includes calculating using an isolation forest algorithm, anomaly scores for the normalized network log data based on the extracted risk-based features. The method also includes determining at least one anomaly event based on the calculated anomaly scores. The method further includes identifying at least one host device and at least one timestamp corresponding to the at least one anomaly event.

Abstract: A computer-implemented method for information protection comprises: determining one or more data inputs and one or more data outputs for a transaction, wherein the data inputs are associated with input data types respectively, and the data outputs are associated with output data types respectively; encrypting the input data types and the output data types; committing each of the encrypted input data types and the encrypted output data types with a commitment scheme to obtain corresponding commitment values; obtaining at least a parameter R based at least on the commitment values; and submitting the transaction to one or more nodes in a blockchain network with disclosure of the parameter R and without disclosure of the input data types and output data types for the nodes to verify consistency between the input data types and the output data types.

Abstract: A database access control system is augmented to enable an external security device to fully assess a database query against a security policy even when the device does not obtain (or otherwise misses) session information that is needed to facilitate that check. Upon receipt from a local agent of a database protocol packet to be examined, the device determines whether any session information needed for the evaluation is unavailable or is otherwise missing. If so, the device extracts metadata from the database protocol packet and generates a separate request back to the agent based on the extracted metadata. The agent then uses information in the separate request to obtain the unavailable or missing session information and, upon its receipt, forwards that information to the device. Upon receiving the additional session information that it needs, the device performs its usual security policy validation on the original database query (as augmented with the additional information returned by the agent).

Abstract: A computer implemented system and method for providing general data protection regulation (GDPR) compliant hashing in blockchain ledgers. The invention guarantees a user's right to be forgotten, in compliance with the GDPR regulations, utilizing blockchain technologies.

Abstract: Anti-Phishing protection assists in protecting against phishing attacks. Any links that are contained within a message that has been identified as a phishing message are disabled. A warning message is shown when the phishing message is accessed. The first time a disabled link within the phishing message is selected a dismissible dialog box is displayed containing information about how to enable links in the message. After the user dismisses the dialog, clicking on a disabled link causes the warning message to flash drawing the user's attention to the potential severity of the problem. The links may be enabled by the user by selecting the warning message and choosing the appropriate option. Once the user enables the links, future displays of the message show the links as enabled.

Abstract: Access level and security group information can be updated for a data instance without having to take down or recycle the instance. A data instance created in a data environment will have at least one default security group. Permissions can be applied to the default security group to limit access via the data environment. A control security group can be created in a control environment and associated with the default security group. Permissions can be applied and updated with respect to the control security group without modifying the default security group, such that the data instance does not need to be recycled or otherwise made unavailable. Requests to perform actions with respect to the control security groups are made via the control environment, while allowing native access to the data via the data environment.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for secure multi-party computation. One of the methods includes identifying a trusted input data item that is homomorphically encrypted; generating a message authentication code (MAC) key share; generating a MAC share associated with the trusted input data item, wherein the MAC share is a random number; generating a ciphertext based on the trusted input data item, the MAC key share, and the MAC share; sending the ciphertext to the second computing device, wherein the second computing device uses the ciphertext as a component of a MAC share associated with the secret input data item; and after the multi-party computation is completed by the plurality of computing devices, verifying a result of the multi-party computation based at least in part on the MAC share associated with the secret input data item.

Abstract: A computer-implemented method includes: receiving, by a platform including one or more computing devices, a blockchain authorization information generation request from a client, in which the blockchain authorization information generation request includes a target blockchain identifier and user information; determining, based on the target blockchain identifier, a target blockchain; determining a blockchain parameter of the target blockchain, in which the blockchain parameter indicates one or more requirements for authorization information used to join the target blockchain; generating blockchain authorization information based on the blockchain parameter and the user information, in which the blockchain authorization information conforms to the one or more requirements; and sending the blockchain authorization information to the client.

Abstract: A method is disclosed. The method includes transmitting by a computing device, an account creation request to a remote server computer. The method further includes automatically provisioning the computing device with an access token in response to receiving a request to create the account.

Abstract: A method and an apparatus for setting a password protection question are disclosed. The method includes: receiving a password protection question set request for a password, the set request including a user identifier; extracting one or more pieces of setting information corresponding to the user identifier; individually acquiring one or more password protection questions that match the one or more pieces of setting information; and outputting the one or more password protection questions. The embodiments of the present disclosure can output password protection questions related to preference or interest of a user when the user sets a password protection question, which reinforces the impression of the user on the password protection question, thereby reducing situations that the user forgets the set password protection question and an answer thereof, and improving the practicability of the password protection question.

Abstract: An identity management system detects the occurrence of a trigger event, such as a time period expiration, or an action on the identity management system. The identity management system accordingly generates a new password for an account of a user on a third-party service and causes the account of the user on the third-party service to use the new password. The identity management system can also detect a manual user change of a password for a third-party service and cause configuration of client devices of the user to reflect the new password.

Abstract: Embodiments of the present disclosure are directed to updating categorization of online content. An analytics engine implemented at least partially in hardware can receive an engagement indicator across a network interface; identify a type of the engagement indicator, the type of the engagement indicator comprising one of a positive engagement indicator or a negative engagement indicator; and update the reputation data stored in memory based on the type of the engagement indicator. A safe harbor time window is described during with user activity with online content is not reported to system administrators.

Abstract: Embodiments provide session synchronization across multiple user devices in a cloud-based identity and access management (IAM) system by authenticating the user into an application on a first device; receiving a first request by a single-sign-on (SSO) service of the IAM system from the first device to enroll the first device in a circle of trust (CoT) device group associated with the user, where a second device of the user is already enrolled in CoT; sending a push notification to the second device to obtain user consent to enroll the first device in CoT, where the second device obtains user consent and sends a consent token to the first device; receiving a second request including the consent token from the first device; verifying the consent token; enrolling the first device in CoT; and performing SSO session synchronization across devices enrolled in CoT.

Abstract: A system and method for application security profiling that includes extracting a code property graph from at least a subset of a code base; generating a code profile from the code property graph, wherein generating the code profile occurs prior to a compilation of the code base; and applying the code profile, comprising of identifying sections of interest within the code base.

Abstract: A method at a computing device for enabling access to a credential vault if a master password for the credential vault is lost, the method including selecting at least one credential from within the credential vault; encrypting one of the master password or a vault key for the credential vault with the selected at least one credential, thereby creating a recovery file; and storing the recovery file, wherein the selected at least one credential can be used to decrypt the recovery file to enable access to the credential vault.

Abstract: In a method for validating software updates, a data processing system contains a current version of a software component. The data processing system saves at least first and second current advance keys (AKs). After saving the current AKs, the data processing system receives an update package for a new version of the software component. The data processing system extracts a digital signature and two or more new AKs from the update package. The data processing system uses at least one current AK to determine whether the digital signature is valid. In response to a determination that the digital signature is valid, the data processing system uses a software image from the update package to update the software component, and the data processing system saves the new AKs, for subsequent utilization as the current AKs.