Abstract: A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths.

Abstract: In an embodiment, a method for deep application discovery and forensics of a reference system includes a computing device, such as an orchestrator, receiving and/or obtaining from an inspection layer executing on the reference system, during runtime of the reference system, architecture and configuration information describing the reference system. Also, the computing device generates, during runtime of the reference system, dependency matrices describing relationships between components of the reference system which allow for generation, during runtime of the reference system, at least one threat model describing vulnerabilities of the reference system based on the dependency matrices. The inspection layer identifies the applications and databases accessed by the applications.

Abstract: Environment type validation can provide a tamper-resistant validation of the computing environment within which the environment type validation is being performed. Such information can then be utilized to perform policy management, which can include omitting verifications in order to facilitate the sharing of policy, such as application licenses, from a host computing environment into a container virtual computing environment. The environment type validation can perform multiple checks, including verification of the encryption infrastructure of the computing environment, verification of code integrity mechanisms of that computing environment, checks for the presence of functionality evidencing a hypervisor, checks for the presence or absence of predetermined system drivers, or other like operating system components or functionality, checks for the activation or deactivation of resource management stacks, and checks for the presence or absence of predetermined values in firmware.

Abstract: Features for providing a secure method of symmetric encryption for private smart contacts among multiple parties in a private peer-to-peer network. The features include a master key representing a unique blockchain ledger. The master key may be shared among multiple participants in a private peer-to-peer network. Sharing of the master key may include communicating the master key in an encrypted message (e.g., email) using public key infrastructure (PKI). In some implementations, more complex distribution features may be includes such as quantum entanglement. The features support instantiation of a smart contract using a specific master key. The request may be submitted as an entry to the ledger with appropriate metadata and/or payload information for identifying and processing the request.

Abstract: Techniques for preventing rendering content from content delivery network (CDN) to unauthorized users are described herein. In accordance with various embodiments, a CDN includes one or more processors and a non-transitory memory. The CDN receives a request from a client device for a media content item, where the request indicates an identifier of a client. The CDN further provisions an encrypted media content item corresponding to the media content item for the client, where at least a portion of the encrypted media content item is encrypted using at least one personalized key assigned to the client. The CDN also facilitates obtaining a manifest corresponding to the encrypted media content item, where the manifest specifies encryption metadata for retrieving the at least one personalized key by the client. The CDN additionally sends the encrypted media content item and the manifest to the client device.

Abstract: A uniform enclave interface is provided for creating and operating enclaves across multiple different types of backends and system configurations. For instance, an enclave manager may be created in an untrusted environment of a host computing device. The enclave manager may include instructions for creating one or more enclaves. An enclave may be generated in memory of the host computing device using the enclave manager. One or more enclave clients of the enclave may be generated by the enclave manager such that the enclave clients configured to provide one or more entry points into the enclave. One or more trusted application instances may be created in the enclave.

Abstract: The present application provides methods and corresponding systems for accessing services on a gaming device which include receiving at least one item of identity verification data from a user of a gaming device; enabling at least one service, such as a wager-type game, on the gaming device based on a match between the at least one item of identity verification data received and at least one item of identity verification data obtained previously; displaying an interface screen comprising graphic objects associated with the wager-type game and at least one selectable element for the user to submit a gaming command and a wagering command during game play; obtaining at least one item of user change data from a user during game play; and prompting the user for identity verification data when a user change is suspected based on the at least one item of user change data.

Abstract: A method for the display of an image in a display area, the method comprising: loading a first image file defining a first image comprising a main image and a watermark image overlaying the main image using a first transformation; loading a second image file defining a second image comprising the main image and the watermark image overlaying the main image using a second transformation; and alternating between displaying the first image and the second image in a location within the display area so that the watermark image is imperceptible to a user viewing the display area.

Abstract: Methods, systems, and devices that support determining whether media data has been altered are described. Captured media data may be segmented into one or more subsets, and cryptographic representations (e.g., hashes) based on the subsets may be written to an immutable ledger, possibly along with metadata and other related data. A block of a blockchain may be created for each entry in the immutable ledger. A set of media data may be validated, if a corresponding immutable ledger exists, based on segmenting the set of media data into one or more subsets in accordance with the segmenting upon capture, creating candidate cryptographic representations (e.g., hashes) based on the subsets, and comparing the candidate cryptographic representations with contents of the corresponding immutable ledger.

Abstract: Selectively masking data in messages is provided. A masking expression is retrieved from a schema. The masking expression corresponds to a particular attribute within related messages generated by a producer application and sent to an immutable datastore for consumption by a consumer application of the computer that is registered to receive the messages related to a particular topic from the immutable datastore. A particular attribute value is masked only in those messages received from the immutable datastore that contain the particular attribute value during a time period when the particular attribute value is associated with the masking expression.

Abstract: A system includes a memory to store network-related security policies and procedures associated with an enterprise, a display and at least one device. The device is configured to monitor enterprise activity associated the enterprise's networked and determine, based on the enterprise activity, whether the enterprise is complying with the security policies and procedures. The device is also configured to calculate a risk exposure metric for an asset of the enterprise based on the enterprise activity and whether the enterprise is complying with the security policies and procedures, and output, to the display, a graphical user interface (GUI) identifying the risk exposure metric. The device may also be configured to receive, via the GUI, an input to initiate a change with respect to at least one of the enterprise's networked devices or initiate the generation of a plan to make a change to at least one of the networked devices.

Abstract: A distributed data integration device includes an acquisition unit configured to acquire, for a piece of analysis target data, an anchor data intermediate representation and an analysis target intermediate representation, the anchor data intermediate representation being an intermediate representation obtained by converting anchor data by a first function, the anchor data being data commonly used in integration of a plurality of the pieces of analysis target data that are distributed, the analysis target intermediate representation being an intermediate representation obtained by converting the analysis target data by the first function, an anchor data conversion unit configured to convert, for the piece of analysis target data, a plurality of the anchor data intermediate representations by a second function, a calculation unit configured to calculate, for the piece of analysis target data, the second function that minimizes a difference between the plurality of the anchor data intermediate representations, a

Abstract: Managing a storage system, including: receiving, over a first network, user credentials associated with an access request to a storage system; sending, over a second network to a cloud-based security module, the user credentials; receiving, over the second network from the cloud-based security module, a token representing that the user credentials were successfully authenticated by the cloud-based security module; and sending, over the first network to the storage system, the token with a management instruction, wherein the storage system is not coupled for data communications to the cloud-based security module.

Abstract: An activation function processing method includes processing a first activation function in a first mode by referring to a shared lookup table that includes a plurality of function values of the first activation function; and processing a second activation function in a second mode by referring to the shared lookup table, the second activation function being a different function than the first activation function.

Abstract: According to certain aspects of the present disclosure, a computer-implemented method is provided. The method includes receiving, at a manager device, data comprising at least one managed device. The method includes identifying, at the manager device, a website associated with the at least one managed device. The method also includes receiving, at a mobile device management server from the manager device, a first message to cause the mobile device management server to initiate transmission of a second message comprising a command that causes the at least one managed device to navigate to the website via a browser, restrict access to other websites other than the website, and enable a camera. Systems and machine-readable media are also provided.

Abstract: A method that includes receiving patient-generated event data over a network from a patient device associated with a patient having an active digital therapy prescription for treating an underlying disease or disorder. The patient-generated event data is encrypted by the patient device and includes at least one timestamped event related to the active digital therapy prescription. In response to receiving the patient-generated event data, the method includes decrypting, anonymizing, and storing the anonymized patient-generated event data on memory hardware. The method further includes receiving a patient record request over the network from a healthcare provider (HCP) system that requests the patient-generated event data and includes an authentication token. In response to receiving the patient record request, the method includes retrieving and encrypting the anonymized patient-generated event data from the memory hardware using the authentication token.

Abstract: A system, method, and apparatus for concealing searches for information stored on public networks, includes splitting of a search query, transforming the query into one or more related queries, and searching each of related queries separately.

Abstract: Techniques for auto-starting a VPN in a MAM environment are disclosed. A MAM-controlled application is launched on a computer system. Policy is queried and a determination is made as to whether to auto-start a VPN application based on the policy. Based on the policy, the VPN application is auto-started, and the VPN application initiates a VPN tunnel that is usable by at least the MAM-controlled application. Network communications transmitted to or from the MAM-controlled application then pass through the VPN tunnel.

Abstract: Methods for enabling passwordless authentication to ancillary devices and services of a user by utilizing a mobile device of that same user. Systems and machine-readable media are also provided.

Abstract: Disclosed is an orthogonal access control system based on cryptographic operations provided by multi-hop proxy re-encryption (PRE) that strictly enforces only authorized access to data by groups of users, scalable to large numbers of users. Scalable delegation of decryption authority can be shared with a plurality of members of a group whether those members be users or devices, and members of a group can further create sub groups and delegate decryption authority to those members, whether users or devices. Members are granted access via generation of transform keys, and membership or access can be revoked merely be deleting the transform key—no elimination of the encrypted data, regardless of its storage location, is needed.