Abstract: Methods, systems, and apparatuses, including computer programs encoded on computer-readable media, for secure document management including receiving, at a kernel level of an operating system, a document access instruction for a document from a user level application. A document identifier associated with the document is retrieved. Document access permissions associated with the document identifier are determined. Whether the document access instruction for the document is allowable is determined based on the document access permissions. The document access instruction is allowed to proceed if the document access instruction is allowable. The document access instruction is denied if the document access instruction is not allowable.

Abstract: A system including: a storage; and a processor configured to: receive a data packet; and process the data packet without an instruction input to perform a definite task. The data packet may be encrypted. The processor may be configured to process the data packet based on a decryption mechanism required to decrypt the data packet.

Abstract: A method can include receiving a read request from a client program. The method can further include obtaining, in response to receiving the read request, one or more secrets from a secrets store. The obtaining can include storing the one or more secrets in a storage location. The method can further include initiating, in response to the read request, a transmission of the one or more secrets to the client program. The method can further include deleting the one or more secrets from the storage location.

Abstract: Systems and methods for discovering data related to information privacy are described. A server computing system may receive data from a first computing system, the first computing system verified to store personal information of customers of an entity. The server computing system may associate a second computing system with the entity based on the data from the first computing system referencing the second computing system. The server computing system may generate a live data map for the entity, the live data map configured to include at least information about whether the first computing system and the second computing system store the personal information of the customers of the entity, the live data map used to search for the personal information in response to personal information verification requests received by the entity.

Abstract: Methods, systems, computer-readable media, and apparatuses method for performing single sign on for a user device to the Internet. A hosted desktop may monitor activity on one or more ports on a local host interface. The hosted desktop may detect a call to initiate a single-sign-on from the hosted desktop into a website. The website may be associated with a one-time-use token. A public key of the website may be retrieved based on verification of the one-time-use token. An identity token corresponding to a user may be obtained and the identity token may be encrypted based on the public key of the website. The encrypted identity token may be provided to the website to establish the single-sign-on on behalf of the user with the website.

Abstract: Systems, devices, and methods are provided for end-to-end tagging and tracking of event signals subject to privacy policies. User events comprising event source data may be collected. A user may be associated with a segment, and the segment may be mapped to data lineage information corresponding to the events that were used to determine that the user is in segment. A segment cache may be generated comprising portions that correspond to different data lineages subject to different privacy policies. Bid requests may be received and processed according to applicable privacy policies.

Abstract: Aspects of the disclosure relate to real-time dynamic securitization of blockchain records. A computing platform may receive record retrieval data comprising record data identifying one or more requested records. The computing platform may decrypt the first requested record to generate a decrypted requested record. The computing platform may parse the decrypted requested record to generate parsed record data. The computing platform may determine that the parsed record data comprises a subset of predetermined textual content. The computing platform may mark one or more predetermined textual content of the subset of predetermined textual content for securitization. The computing platform may generate a securitized record by redacting, from the decrypted requested record, each of the one or more predetermined textual content marked for securitization.

Abstract: Systems and methods are disclosed for preventing relay or replay attacks using time-stamped, localized footprint data. An access device may receive, from one or more beacon transmitters, a plurality of broadcast messages, each broadcast message, of the plurality of broadcast messages, comprising a timestamp and a unique identifier for a beacon transmitter, of the one or more beacon transmitters. The access device may store the timestamps and the unique identifiers. The access device may receive, from a user device, an access request comprising timestamps and unique identifiers corresponding to a subset of the broadcast messages received by the access device. The access device may verify that the stored timestamps and unique identifiers match the timestamps and unique identifiers received from the user device. Based on the verifying, the access device may authenticate the access request.

Abstract: Software development kit (“SDK”) applications may be implemented with user data on an enterprise end-user or shared device subsequent to a single check-out process on the device. A user profile and a context ID for a user can be accessed based on user provided credentials. An agent application can set a value of an agent context ID to a server context ID corresponding to the context ID for the user profile. A status of a local context ID (“LCID”) of an SDK application can be determined in response to an application launch. Using the LCD, a context ID comparison can be performed on the device with a value of a context ID from one of the SDK application, the server, and the agent application based on the LCID status. The SDK application can be implemented with user specific user data obtained from one of the SDK application and the agent application based on a result of the context ID comparison.

Abstract: Media, system, and method for providing encryption key management to an automated workflow within a group-based communication system. The automated workflow is encrypted using an organization-specific encryption key and is stored in a data store. Responsive to a triggering event, the encrypted workflow is retrieved from the data store to be decrypted and a corresponding decryption key is retrieved from a key store. The decrypted workflow performs a series of steps responsive to determining that a trigger condition has been met. The steps may be associated with at least one of sending a form and sending a message to a user within the group-based communication system.

Abstract: The disclosed technology addresses the need in the art for a content management system that can be highly flexible to the needs of its subjects. The present technology permits any object to be shared by providing a robust and flexible access control list mechanism. The present technology utilizes a data structure that is highly efficient that both minimizes the amount of information that needs to be written into any database, but also allows for fast reads and writes of information from authoritative tables that are a source of truth for the content management system, while allowing for maintenance of indexes containing more refined data that allow for efficient retrieval of certain information that would normally need to be calculated when it is needed.

Abstract: Systems and techniques for detecting suspicious file activity are described herein. System for identifying anomalous data events is adapted to monitor a networked file system and receive an indication of a suspicious event associated with a user and a file. The system is further adapted to perform a pattern of behavior analysis for the user, perform an adjacency by time analysis based on a set of events before the suspicious event and a set of events after the suspicious event, and perform an adjacency by location analysis using a set of files located in a location of the file. The system is further adapted to determine whether the suspicious event is an anomalous event based on the pattern of behavior analysis, the adjacency by time analysis, and the adjacency by location analysis and display a report for the user including the anomalous event.

Abstract: Software development kit (“SDK”) applications may be implemented with user data on an enterprise end-user or shared device subsequent to a single check-out process on the device. A user profile and a context ID for a user can be accessed based on user provided credentials. An SDK application can be identified as one application of an application cluster including at least two applications. A status of a local context ID (“LCID”) of the SDK application can be determined, and a value for the LCID can be established based on the status and a value of a comparison context ID obtained from a server or an agent application. The LCID and a context ID for a keychain for the application cluster can be compared, and the SDK application can be implemented with user specific user data obtained from the agent application or the keychain based on a result of the comparison.

Abstract: A data processing system and a data processing method are capable of concealing files and folders. The data processing system of the invention includes a data storage device and at least one processor. When an application process is started and executed by the at least one processor to search a designated folder in the data storage device through a storage device driver residing in a kernel mode of an operating system, a storage filter driver residing in the kernel mode of the operating system judges if there are any files in the designated folder which have not been searched, and if any, the storage filter driver retrieves a next file in the designated folder through the storage device driver. If the storage filter driver determines that the application process is untrusted and determines that the next file is a concealed file, the storage filter driver does not return the next file.

Abstract: A facility for proxying NFT is described. The facility intercepts a request directed to a user to prove possession of a particular NFT. In response to this intercepting, the facility determined that the NFT is a shared NFT, and that the user is among a group of users entitled to use the shared NFT. In response to this determining, the facility automatically uses information available by virtue of possession of the shared NFT to satisfy the intercepted request on behalf of the distinguished user.

Abstract: Some embodiments provide a method for a first data compute node (DCN) operating in a public datacenter. The method receives an encryption rule from a centralized network controller. The method determines that the network encryption rule requires encryption of packets between second and third DCNs operating in the public datacenter. The method requests a first key from a secure key storage. Upon receipt of the first key, the method uses the first key and additional parameters to generate second and third keys. The method distributes the second key to the second DCN and the third key to the third DCN in the public datacenter.

Abstract: Disclosed techniques provide a permission framework to control access to operations performed by cryptoprocessor. The techniques can identify a permission policy linked to a cryptographic operation. The permission policy can include data identifying the cryptographic operation and data identifying permission information for the cryptographic operation. The permission policy can be evaluated to determine whether to allow or deny execution of the cryptographic operation.

Abstract: A collection of documents or other files and the like within an enterprise network are labelled according to an enterprise document classification scheme, and then a recognition model such as a neural network or other machine learning model can be used to automatically label other files throughout the enterprise network. In this manner, documents and the like throughout an enterprise can be automatically identified and managed according to features such as confidentiality, sensitivity, security risk, business value, and so forth.

Abstract: A method of data acquisition includes activating a local server proxy in a preset application program; acquiring a preset connection function, and replacing a destination address in the preset connection function with a target address corresponding to a local server proxy, to establish a connection between the preset application program and the local server proxy; establishing a connection between the local server proxy and a real server corresponding to the target address based on connection information received from the preset application program via the local server proxy; acquiring data during a procedure of data forwarding between the real server and the preset application program via the local server proxy.

Abstract: A method includes: accessing a corpus of messages previously sent from a user account; correlating sequences of words, in the corpus of messages, with behavior signals; aggregating the behavior signals into a behavioral model representing combinations of behavior signals characteristic of behavior in messages sent from the user account; later, accessing a message outbound from the user account to a recipient account, the message including a document associated with a document tag; correlating sequences of words, in the message, with behavior signals; retrieving a data access policy including a threshold at which access to a document associated with the document tag is restricted; and in response to detecting a difference between the behavioral signals from the message and the behavioral model exceeding the threshold, restricting access, by the recipient account, to the document in the message.