Abstract: Embodiments for deleting encryption keys in a data storage system by storing a current encryption key in a key table, the current key encrypting at least some data in one or more data containers of a filesystem of the data storage system. A key table maintains a starting container ID and an ending container ID for each container encrypted by the current encryption key, and a deleted container count counting a number of containers of the one or more data containers deleted from the file system. The process determines if the number of containers in the deleted container count equals a number of containers having data encrypted by the encryption key as determined by the starting container ID and ending container ID, and if so, marks the key for deletion in a garbage collection operation, which then deletes the key from the key table.

Abstract: In various embodiments, an entity may provide a WebView where a transaction between an entity and a data subject may be performed. As described herein, the transaction may involve the collection or processing of personal data associated with the data subject by the entity as part of a processing activity undertaken by the entity that the data subject is consenting to as part of the transaction. Additionally, the entity may provide a native application where the transactions between the entity and a data subject may be performed. In some embodiments, the system may be configured to share consent data between the WebView and the native application so data subjects experience a seamless transition while using either the WebView or the native application, and the data subjects are not required to go through a consent workflow for each of the WebView and the native application.

Abstract: Methods and systems for retrieving information from secondary computing systems using network access tokens are disclosed. The system can provide a user interface that lists a plurality of secondary computing systems to a client application executing at a client device associated with a user profile of the primary computing system. The system can receive, from the client device, a network token identifying a permission for accessing a second profile maintained at the secondary computing system, and retrieve the subset of data records from the secondary computing system according to a retrieval policy. The system can then update the user interface at the client application to present the subset of data records of the second profile.

Abstract: A facility applies a received query containing identifying information for a person to both (1) first accounts in a first information system each authorizing access to a resource among a set, to obtain a first result identifying any matching first accounts; and (2) second accounts in a second information system that each authorize access to a resource among the set, to obtain a second result identifying any matching second accounts. For each resource of the set whose access is authorized by at least one identified first account or one identified second account, the facility creates an entry representing any identified first account authorizing access to the resource and any identified second account authorizing access to the resource. The facility causes the created entries to be displayed, and solicits input selecting a displayed entry for administrative action with respect to at least one of the accounts it represents.

Abstract: A computing device includes a processor and a machine-readable storage storing instructions. The instructions are executable by the processor to: receive an input string including sensitive data to be encrypted; identify a first portion and a second portion of the input string, the first portion comprising the sensitive data; select, from a plurality of hash functions, a hash function based on the second portion; and generate a hash value of the first portion using the selected hash function.

Abstract: Methods performed by a processor of a computing device for managing functionality of the computing device to interact with field equipment may include determining by the processor a location of field equipment based on information obtained by the processor proximate to the field equipment, determining by the processor a location of the computing device based on geolocation information, determining whether the location of the field equipment based on information obtained by the processor proximate to the field equipment and the location of the computing device based on geolocation information are within a threshold distance, verifying the location of the field equipment in response to determining that the location of the field equipment based on information obtained by the processor proximate to the field equipment and the location of the computing device based on geolocation information are within the threshold distance, and enabling functionality of the computing device to interact with the field equipment i

Abstract: The present disclosure provides generally for systems and methods of authenticating one or more aspects of electronic communication. According to the present disclosure, authenticable communications may allow for authentication of at least a portion of the content of the electronic communication, which may limit potential damage caused by fraudulent communications. In some aspects, an authenticable communication may allow a recipient to confirm that the indicated source is the actual source of the authenticable communication. In some embodiments, the authentication may not require an exchange of encrypted communications or an exchange of communications solely within the same communication system. Authenticable communications may provide a separate layer of security that may allow a recipient to review the contents with confidence that the communication is not fraudulent. Further, authenticable communications may provide the additional security without requiring specialized software.

Abstract: A system and method is described that sends multiple simulated phishing emails, text messages, and/or phone calls (e.g., via VoIP) varying the quantity, frequency, type, sophistication, and combination using machine learning algorithms or other forms of artificial intelligence. In some implementations, some or all messages (email, text messages, VoIP calls) in a campaign after the first simulated phishing email, text message, or call may be used to direct the user to open the first simulated phishing email or text message, or to open the latest simulated phishing email or text message. In some implementations, simulated phishing emails, text messages, or phone calls of a campaign may be intended to lure the user to perform a different requested action, such as selecting a hyperlink in an email or text message, or returning a voice call.

Abstract: One variation of a method for verifying email senders includes: intercepting an email addressed to a target recipient within an organization, the email received from a sender at an inbound email address and including an inbound display name; accessing a whitelist including a verified display name and a set of verified email addresses corresponding to an employee within the organization; characterizing a display name difference between the inbound display name and the verified display name; in response to the display name difference falling below a threshold difference, comparing the inbound email address to the set of verified email addresses; in response to identifying the inbound email address in the set of verified email addresses, authorizing transmission of the email to the target recipient; and, in response to the set of verified email addresses omitting the inbound email address, withholding transmission of the email and flagging the email for authentication.

Abstract: A system and a method are disclosed for detecting an unacceptable HTTP requests by scanning the headers of the HTTP requests.

Abstract: A method includes receiving, by a data processing apparatus and from a content distribution system, a message comprising a probabilistic data structure representing a set of content items that should not be provided to a user device, content item data for content items available to be provided, and a request to determine whether any content item data is invalid, determining that the content item data for a given content item is invalid because the given content item may be in the set of content items represented by the probabilistic data structure, including removing the content item data for the given content item that was determined to be invalid; and preventing distribution of content items including the given content item.

Abstract: A micro data capture device can be configured to operate as a unidirectional connection from a first computing device to a second computing device. The micro data capture device can include a data capture side comprising a first universal serial bus (USB) interface configured to connect to the first computing device so as to extract data from the first computing device. The micro data capture device can further include a monitoring apparatus comprising an interceptor configured to copy data from the data capture side so as to define the unidirectional connection. Further, the micro data capture device can define a data storage side comprising a second USB interface configured to connect to the second computing device so as to transfer data to the second computing device. The data storage side can be configured to receive data from the data storage side via the monitoring apparatus. In some cases, the data capture side has only volatile memory, and the data storage side includes non-volatile memory.

Abstract: Described herein are systems and methods for a distributed Java Keystore, in accordance with an embodiment. This KeyStore can provide a secure place for a distributed queue to persist credentials, private keys, and other sensitive information. Such a KeyStore can be utilized within other distributed systems that require scaling (in and out) in runtime.

Abstract: Embodiments secure data on a cloud based network that comprises one or more machine learning (“ML”) notebooks. Embodiments monitor activity on each of the ML notebooks, the activity including one or more commands. Embodiments classify each of the commands, the classifying including generating input parameters. Based on the input parameters, embodiments determine a risk score for each of the ML notebooks. When the risk score exceeds a predetermined threshold, embodiments generate an alert.

Abstract: A system for real-time authenticated obfuscation of electronic data provides real-time visual obfuscation of the data by transforming displayed data into undecipherable data when viewed by an unauthorized user while maintaining access for an authorized user. The system may further provide application-level obfuscation of electronic data via cryptographic keys such that only authorized applications may decrypt the encrypted data. In this way, the system provides secure access control of electronic data within a networked environment.

Abstract: Systems and methods of the disclosure include: receiving, by a node of a distributed ledger network, first transaction data, wherein the first transaction data comprises an alert derived from a state of a computer system; storing the first transaction data in a first block of the distributed ledger network; receiving, by the node, second transaction data, wherein the second transaction data comprises an identifier of a remedial action performed on the computer system in response to the alert and a result of performing the remedial action; and storing the second transaction data in a block of the distributed ledger network, wherein the block is provided by one of: the first block or a second block.

Abstract: Network traffic collectively associated with a set of communications made between a client device and a respective first and second resource during a usage of a program executed on the client device is monitored. At least of the monitored traffic associated with the second resource is encrypted. The encrypted traffic is categorized. A respective first and second policy to apply to the respective first and second communications is determined. The second policy is based at least in part on the categorization of the encrypted traffic.

Abstract: Systems and methods are described for receiving at an intermediary entity a token from a data provider that enables access to a user's data at a data provider, where the token is received without an intermediary entity receiving user credentials. A request is received from a data recipient to receive data from the data provider, where the token is required to access the data. Data may be received from the data provider using the token, and the received data may be filtered based on a data directive associated with the data provider, to identify which data the data recipient is permitted to access. The identified data may be provided to the data recipient.

Abstract: A process of filtering a wireless service provided to at least one wireless device from a wireless network includes receiving identification of the at least one wireless device in a filtering server from an administrator and receiving filtering instructions from the administrator in the filtering server. The process further including receiving a request for an internet resource from at least one wireless device, comparing the request for the internet resource to the filtering instructions to determine whether the requested internet resource is allowable in view of the filtering instructions or not allowed based on the filtering instructions. The disclosure also provides a system as well.

Abstract: Data that includes user data and application data that is generated during a remote desktop session to a cloud computing system is stored in cloud storage according to a risk level of the remote desktop session. The storage device has provisioned therein a plurality of storage containers, including first and second storage containers, where the first storage container stores less percentage of the user data than the second storage container. The first storage container is selected for storing the user data if the determined risk level of the remote desktop session is at a first level and the second storage container is selected for storing the user data if the determined risk level of the remote desktop session is at a second level that is lower than the first level.