Abstract: A method, node, wireless device and installation device are disclosed. In one or more embodiments, a node configured to operate a security virtual local area network (VLAN) and a customer VLAN independent from the security VLAN is provided. The security VLAN is configured to operate using a first network partition different from a second network partition used by the customer VLAN. The node includes processing circuitry configured to receive information from a first device requesting access to the node, determine whether to add a first device to the security VLAN based at least on the received information from the first device meeting a predefined criterion, and configure the first device to access one of the security VLAN and customer VLAN based at least on the determination.

Abstract: A method and system to communicate VPN server information to a client application without providing a full list of VPN server IP addresses. Instead, the method includes VPN server selection criteria that can be requested by client applications, such as “Free or Premium servers”, “Geolocation”, “Load”, “Streaming and protocol capabilities”, etc. A tagged data payload (e.g., JSON) can be used to provide these criteria, upon a request by a client application. Various groupings of VPN servers can be represented by the above criteria. The method provides a means for communicating the available VPN servers to a client application without sending and revealing the full list of VPN servers stored in the VPN infrastructure. This makes the VPN server selection efficient, reduces network load and VPN tunnel establishing time, also, ensures confidentiality of VPN server lists that is important for any of VPN service providers and users.

Abstract: A method of and system for utilizing an access token to authenticate a client device for accessing a resource server include generating a session key for a communication session between the device and a resource server, deriving a nonce from the session key, and transmitting a request to an identity platform for authenticating the device to access the resource server, where the request includes the nonce. Upon confirmation of authentication, the method and system may include receiving an access token from the identity platform, the access token including information that confirms authentication of the device, and transmitting the access token to the resource server to enable access to the resource server, where the access token includes the nonce.

Abstract: A computing system is provided that implements a system classifier including a first artificial intelligence model configured to classify each of a plurality of elements a computer system into one or more defined security categories, and a threat classifier including a second artificial intelligence model configured to classify each of a plurality of identified cybersecurity threats into the one or more defined security categories. The computing system further includes a threat analyzer configured to perform an analysis of a risk posed by each cybersecurity threat to each element of the target computer system based at least on the security categories of the classified cybersecurity threats and the security categories of classified elements of the target computer system, and output a security recommendation based on the analysis.

Abstract: The present embodiments relate to implementing change data on no-master NoSQL data stores. An optimized node can be identified from a plurality of NoSQL data storage nodes and a specialized node can be connected (e.g., collocated) to the optimized node. The specialized node can maintain change data capture (CDC) data provided by client nodes in a hash map that can be used as a point of truth for coordinating CDC data across the plurality of NoSQL data storage nodes. The plurality of NoSQL data storage nodes can identify and coordinate all read/write data obtained from multiple client devices in a geographically separated large-scale (e.g., planet scale) system to identify change data in a distributed data store. The specialized data can provide read data to devices in the large-scale system to reconcile inconsistencies in change data across nodes in the large-scale system.

Abstract: Systems, devices, and methods are discussed for limiting exposure of internal network operations beyond the boundary of a secure network.

Abstract: A multi-tenant authentication system facilitates packaging and installing of integrations for authentication services of system tenants. The integrations include cloud resources of one or more cloud services. In order to package an integration, the multi-tenant authentication system retrieves resource manifests for cloud resources from corresponding cloud services. The multi-tenant authentication system generates the resource manifests to describe the cloud resource and any dependencies of the cloud resource, and also generates a package manifest including instructions for using the resource manifests to install the corresponding integration. The multi-tenant authentication system further facilitates installation of integration packages for tenants of the multi-tenant authentication system. The multi-tenant authentication system communicates with cloud services associated with resource manifests to install corresponding cloud resources to consistently replicate integrations for different tenants.

Abstract: Techniques are described herein for performing authentication, and also “eager” or “lazy” fetch of data, for restricted webpages based on the restricted webpages being associated with an authentication tier in an AASD registry. Inclusion of a restricted webpage in the AASD registry enables AASD-based authentication for the webpage. According to embodiments, information for a restricted webpage included in the AASD registry includes one or more of the following for the webpage: an identifier, an authentication level, allowed fields, eager fetch fields, one or more sources for one or more fields, etc. When information for a webpage is included in the AASD registry, that information is used to perform eager fetch for one or more fields of the webpage that are not associated with authentication requirements indicated in the AASD registry information, or whose authentication requirements are already fulfilled by the requesting client.

Abstract: Embodiments described herein disclose methods and systems for encryption and decryption of data. In some implementations, an encryption and decryption system can protect private information of a user in documents with an artificial reality device. The encryption and decryption system can determine the portion of a document containing private information and encrypt that portion of the document. In some implementations, the encryption and decryption system can receive a document and identify the protected (e.g., encrypted) portion of the document. In some cases, the protected portion of the document can contain a security token that the encryption and decryption system can extract. The system can compare the security token to an authentication token associated with the user and determine whether the security and authentication token match. If the tokens match, the system can decrypt the protected portion of the document and display the decrypted data as a virtual object.

Abstract: A system can receive, from user input, request data indicative of a request to create a file with a first filename. The system can, based on the request data, determining a second filename for the file. The system can store an association between the first filename and the second filename. The system can create the file in a file system with the second filename.

Abstract: Some embodiments provide a method for providing a resource to a particular virtual private cloud that is deployed in a set of datacenters that host multiple virtual private clouds. At a resource issuer, the method receives a resource request from a particular machine deployed in the particular virtual private cloud, the resource request including a first set of cloud-specific data. The method obtains a cloud identifier for the particular machine from a registry service of the particular virtual private cloud that interacts with a datacenter-set cloud service that deploys machines in the datacenter set for different virtual private clouds. The method uses the obtained cloud identifier to obtain a second set of cloud-specific data for the particular machine from the datacenter-set cloud service. Upon determining that the first and second sets of cloud-specific data match, the method authenticates the particular machine and issues the resource for the particular machine.

Abstract: One or more implementations of the present specification provide an invoice access method and apparatus based on a blockchain, and an electronic device. The method includes: generating first ciphertext data by encrypting plaintext data of the target invoice based on a first key corresponding to an invoice issuer; generating second ciphertext data by encrypting the plaintext data of the target invoice based on a second key corresponding to an invoice receiver; adding the first ciphertext data and an user identifier of the invoice issuer to the blockchain as related to one another; and adding the second ciphertext data and an user identifier of the invoice receiver to the blockchain as related to one another.

Abstract: Disclosed herein are various embodiments for a sensitive data management system. An embodiment operates by receiving an HTTP request for an interface. A plurality of tiles, including both tiles associated with sensitive data and non-sensitive data, are identified for display on the interface. An access profile associated with providing access to the sensitive data is identified, the access profile including one or more requirements, associated with the HTTP request. Request information in the HTTP request corresponding to the one or more requirements of the access profile is identified. The identified request information is compared to the one more requirements of the access profile. A determination is made whether the identified request information satisfies the one more requirements of the access profile based on the comparing. At least one of: the second tile or the first tile and the second tile are provided for display on the interface based on the determination.

Abstract: A method including receiving, at a processor, credential requests for accessing the VPN environment from a first user device using a first interface and from a second user device using a second interface; transmitting, to the first user device, a first credential based at least in part on the first user device using the first interface; and transmitting, to the second user device, a second credential based at least in part on the second user device using the second interface, the first credential being different from the second credential. Various other aspects are contemplated.

Abstract: User system authentication includes a service infrastructure system receiving, from the user system, an authentication request including a user account identifier, generating a first validation code by performing a hash algorithm on the user account identifier and a first timestamp associated with the authentication request, sending to an email account associated with the user account identifier, an email message including the first validation code, receiving from the user system, a verification code, in response to receiving the verification code, generating a second timestamp, validating the second timestamp, in response to determining that the second timestamp is valid, generating a second validation code by performing the hash algorithm on the user account identifier and the first timestamp associated with the authentication request, comparing the verification code and the second validation code, and authenticating the user system, in response to a determination that the verification code and the second v

Abstract: A system can include: a plurality of processing Cores; a Package Interconnect communicatively coupled with the plurality of processing Cores; a Configurable LFSR PRV Generator Hardware Array means communicatively coupled with the Package Interconnect; a Galois Multiplication Hardware Accelerator means communicatively coupled with the Package Interconnect; an Extended Euclidian Algorithm Hardware Accelerator means communicatively coupled with the Package Interconnect; and a Fischer-Yates Shuffle Algorithm Hardware Accelerator means communicatively coupled with the Package Interconnect.

Abstract: An Internet Key Exchange protocol message indicating a first Internet Protocol Security traffic flow is to be established via a first device is obtained at the first device. The Internet Key Exchange protocol message is forwarded from the first device to a second device. An encryption key used to transmit traffic via the first Internet Protocol Security Traffic flow is received at the first device from a key value store. The key value store is populated with the encryption key in response to the second device obtaining the Internet Key Exchange protocol message. A first data packet to be transmitted via the first Internet Protocol Security traffic flow is obtained at the first device. The first device provides the first data packet encrypted with the encryption key of the first Internet Protocol Security traffic flow.

Abstract: An entity may generate digital account credentials when a new account is approved for generation by an authorizing entity that controls or issues new accounts. A user may contact an authorizing entity to open a new account with the authorizing entity. The authorizing entity may authenticate the user and may approve a new account to be generated for the user. The user may wish to conduct transactions immediately upon approval. However, the authorizing entity may not immediately generate a physical identification device along with an actual account identifier associated with the new account. An intermediary entity may generate digital account credentials for the new account immediately after the authorizing entity approves generation of the new account, provide the digital account credentials to the account holder, and process transactions using the digital account credentials.

Abstract: A device may determine that a first link of the device is active. The device may determine whether a Media Access Control Security (MACsec) session is established on the first link. The device may selectively enable or disable a second link of the device based on determining whether the MACsec session is established on the first link.

Abstract: Devices, systems, and methods for storing and managing sensitive information in a connected environment are provided. The system comprises a master controller and a sensitive information storage device (“SIS device”). The SIS device has an island that can be activated by user interaction with the SIS device. In general, the island is deactivated by default and when the island is deactivated, sensitive information that is stored on the SIS device cannot be accessed. Only when the island is activated by user interaction can the stored sensitive information be accessed.