Abstract: In a method for decrypting persistent user cryptographic keys in a distributed cryptographically secured peer-to-peer filesystem, a primary input value is received from a first user on a first peer device. A symmetric user encryption key UK1 is generated for the first user from the primary input value on the first peer device. An encrypted private key ePrK1 is requested and received from a non-volatile memory of a data persistence server using the first peer device. The encrypted private key ePrK1 is decrypted using the symmetric user encryption key UK1 using a symmetric decryption algorithm on the first peer device, producing a private key PrK1=ESUK1?1(ePrK1). The private key PrK1 is used to reconstruct a distributed file.

Abstract: A computer-implemented method is provided for computer intrusion detection. The method includes establishing a mapping from low-level system calls to user functions in computer programs. The user functions run in a user space of an operating system. The method further includes identifying, using a search algorithm inputting the mapping and a system-call trace captured at runtime, any of the user functions that trigger the low-level system calls in the system-call trace. The method further includes performing, by a processor device, intrusion detection responsive to a provenance graph with program contexts. The provenance graph has nodes formed from the user functions that trigger the low-level system calls in the system-call trace. Edges in the provenance graph have edge labels describing high-level system operations for low-level system call to high-level system operation correlation-based intrusion detection.

Abstract: A method for causing sending and receiving of an encrypted file between a sending user terminal and a receiving user terminal connected via a network to be performed in a secret state via a management server is provided. The sending user terminal encrypts an original file and then fragments the original file into a plurality of divided files, creates a plurality of combined files formed by combining a plurality of the divided files, and distributes and saves the combined files to which restoration information for opening the combines files has been added in a plurality of online storages. The receiving user terminal can open the combined files obtained from the online storages by using the restoration information received from the management server to extract the divided files included in the combined files, and can restore the original file from the divided files.

Abstract: A system and method includes a communication interface configured to transmit a web-based form to an applicant device and receive a selection of the third party to provide data to populate the plurality of fields of the web-based form and an application server that, in conjunction with the communication interface, is configured to perform various steps. It may, in response to receiving the selection, transmit a third-party API call to the selected third party. It may also transmit data indicative of an authentication request associated with the selected third party and receive data indicative of a validated authentication request. It may further request a set of data from the selected third party via the third party API and receive the requested set of data, which includes data for populating a specific data field on the web-based form.

Abstract: Some embodiments of the present specification provide a method and an apparatus for establishing a trusted channel between a user and a trusted computing cluster. According to the method, when a user wants to establish a trusted channel with a trusted computing cluster, the user only negotiates a session key with any first trusted computing unit in the cluster to establish the trusted channel. Then, the first trusted computing unit encrypts the session key using a cluster key common to the trusted computing cluster to which the first trusted computing unit belongs, and sends the encrypted session key to a cluster manager. The cluster manager transmits the encrypted session key in the trusted computing cluster, so that other trusted computing units in the cluster obtain the session key and join the trusted channel. Thus, the user establishes a trusted channel with the entire trusted computing cluster.

Abstract: Various embodiments described herein disclose an endpoint modeling and grouping management system that can collect data from endpoint computer devices in a network. In some embodiments, agents installed on the endpoints can collect real-time information at the kernel level providing the system with deep visibility. In some embodiments, the endpoint modeling and grouping management system can identify similarities in behavior in response to assessing the data collected by the agents. In some embodiments, the endpoint modeling and grouping management system can dynamically model groups such as logical groups, and cluster endpoints based on the similarities and/or differences in behavior of the endpoints. In some embodiments, the endpoint modeling and grouping management system transmits the behavioral models to the agents to allow the agents to identify anomalies and/or security threats autonomously.

Abstract: Various embodiments described herein disclose an endpoint modeling and grouping management system that can collect data from endpoint computer devices in a network. In some embodiments, agents installed on the endpoints can collect real-time information at the kernel level providing the system with deep visibility. In some embodiments, the endpoint modeling and grouping management system can identify similarities in behavior in response to assessing the data collected by the agents. In some embodiments, the endpoint modeling and grouping management system can dynamically model groups such as logical groups, and cluster endpoints based on the similarities and/or differences in behavior of the endpoints. In some embodiments, the endpoint modeling and grouping management system transmits the behavioral models to the agents to allow the agents to identify anomalies and/or security threats autonomously.

Abstract: Described embodiments provide systems and apparatuses for enhanced quality of service, steering and policy enforcement for https traffic via intelligent in-line path discovery of a TLS terminating node. The system may include a first network device having a secure connection traversing through the first network device, and in communication with a second network device. The first network device and the second network device may be intermediary to a client device and a server. The first network device may determine that the second network device terminates the secure connection. The first network device may receive key generation information of the secure connection from the second network device following determining the second network device terminates the secure connection.

Abstract: Various embodiments described herein disclose an endpoint modeling and grouping management system that can collect data from endpoint computer devices in a network. In some embodiments, agents installed on the endpoints can collect real-time information at the kernel level providing the system with deep visibility. In some embodiments, the endpoint modeling and grouping management system can identify similarities in behavior in response to assessing the data collected by the agents. In some embodiments, the endpoint modeling and grouping management system can dynamically model groups such as logical groups, and cluster endpoints based on the similarities and/or differences in behavior of the endpoints. In some embodiments, the endpoint modeling and grouping management system transmits the behavioral models to the agents to allow the agents to identify anomalies and/or security threats autonomously.

Abstract: Techniques are disclosed to provide correctness-preserving security for graph databases. In various embodiments, security context data associated with a user with respect to a graph database is stored. A query associated with the user with respect to the graph database is received. A path is allowed to be traversed in connection with responding to the query based at least in part on a grant of a traversal right, reflected in the security context data, to traverse one or more of a node and a relationship included in the path.

Abstract: Utilizing an Information Analyzer to profile data in order to identify data assets that contain executable code for the purpose of ensuring the security and integrity of the profiled data. The results of the data profiling process can be used by security policies to reduce the risks of malicious code execution attacks.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for protecting user privacy in the playback of user sessions are described. In one aspect, a method includes accessing, for a user session with one or more user interfaces, event data that includes interface data specifying a structure of the user interface(s), and, for each of one or more user interface elements for which content was presented by the user interface(s) during the user session, an encrypted content element including the content of the user interface element encrypted using a public key corresponding to a rule enabling recording of the content of the user interface element and data identifying the rule. Playback of the user session is generated including, for each of the interface element(s), decrypting the encrypted content element for the user interface element and presenting the decrypted content during the playback of the user session.

Abstract: Disclosed herein are systems and methods for classifying organizational structure for implementing data protection policies. In one exemplary aspect, a method may comprise retrieving a plurality of data files of an organization, wherein the plurality of data files are stored in a data storage; retrieving structural information of the organization, the structural information comprising details of user accounts, organizational roles, and file metadata within the organization; classifying the structural information into an organization type of a plurality of organization types; classifying each respective data file of the plurality of data files into a respective topic of a plurality of topics, wherein the plurality of topics are associated with the organization type; generating a data protection policy for the organization based on each respective topic of the plurality of data files and the organization type; and executing the data protection policy on the data storage.

Abstract: Systems and methods are provided for data security. A server system provides data security using one or more processor devices, one or more communication interfaces, and one or more memory devices including computer-executable instructions.

Abstract: Network traffic is received from an unrecognized guest device on a computer network. A user profile server is queried to determine a user identifier that is associated with the device identifier of the unrecognized guest device. A login database is queried to find an unexpired login record of an authorized guest device associated with the user identifier. The unexpired login record grants the authorized guest device access to the network service with a service entitlement for an allowed access duration, and a stored device identifier in the unexpired login record of the authorized guest device is different from the device identifier of the unrecognized guest device. The service entitlement of the network service specified in the unexpired login record is shared between the authorized guest device and the unrecognized guest device for a remaining portion of the allowed access duration of the unexpired login record of the authorized guest device.

Abstract: Disclosed herein is a technique for managing permissions associated with the control of a host device that are provided to a group of wireless devices. The host device is configured to pair with a first wireless device. In response to pairing with the first wireless device, the host device grants a first level of permissions for controlling the host device to the first wireless device. Subsequently, the host device can receive a second request from a second wireless device to pair with the host device. In response to pairing with the second wireless device, the host device can grant a second level of permissions for controlling the host device to second wireless device, where the second level of permissions is distinct from the first level of permissions.

Abstract: An authentication server enrolls a user's mobile device as a trusted device with a vendor software after verifying the network ID of the user's mobile device. The authentication server associates the network ID in an authentication entry with authentication information such as a push notification token and cryptographic key. Later, when the user attempts to log in to the vendor software, the authentication server may attempt to cryptographically authenticate the user. Otherwise, the authentication server may use the push notification token to transmit an OTP to the user's mobile device as a push notification.

Abstract: A system and method are described for connecting an IoT device to a wireless router and/or access point.

Abstract: Disclosed are an identity authentication, number saving and sending, and number binding method, apparatus and device.

Abstract: In one aspect, a computerized system useful for implementing a virtual private network (VPN) including an edge device that automatically establishes an Internet Protocol Security (IPsec) tunnel alongside an unsecure Multipath Protocol (MP) tunnel with a gateway device in preparation for a transmission of a secure traffic communication. The edge device has a list of local subnets. The edge device sends the list of local subnets to the gateway during an initial MP tunnel establishment handshake message exchange between the edge device and the gateway device. Each subnet includes an indication of whether the subnet is reachable over the VPN. A gateway device that automatically establishes the IPsec tunnel alongside the unsecure MP tunnel with the edge device. An enterprise datacenter server that comprises an orchestrator module that receives a toggle the VPN command and enables the VPN on the orchestrator.