Abstract: A method of authenticating a user of a multifunction device to a server, the method comprising associating a user-supplied image with user login credentials, using a server; receiving, at the server, an image uploaded from the multifunction device; and comparing the uploaded image to the user-supplied image, using the server, and, only if the uploaded image matches the user-supplied image, allowing the user of the multifunction device to authenticate to the server by providing additional login credentials to the server using the multifunction device.

Abstract: A computer system controls access to data. A request is received from an entity to access data comprising a primary data object corresponding to a physical item. One or more secondary data objects included in the primary data object are identified, wherein the one or more secondary data objects correspond to physical components of the physical item. Access requirements for the primary data object and the one or more secondary data objects are determined. In response to determining that the access requirements are satisfied by the entity, the entity is granted access to the data comprising the primary data object and the one or more secondary data objects. Embodiments of the present invention further include a method and program product for controlling access to data in substantially the same manner described above.

Abstract: Aspects of the invention include receiving a data erasure request associated with a user and identifying, based at least in part on the data erasure request, an entity associated with the user and one or more identifiers for the user. Aspects also include identifying, based at least in part on the one or more identifiers for the user, a cohort that includes the user and comparing the one or more identifiers for the user to identifiers of a plurality of users that are not members of the cohort. Aspects further include identifying a replacement user from the plurality of users based on the comparison and replacing the entity associated with the user in the cohort with an entity associated with the replacement user.

Abstract: A method, non-transitory computer readable medium, and device that assists with improving web scanner accuracy includes receiving a sitemap document associated with a webpage from an application security manager apparatus. The received sitemap document associated with the webpage is scanned. Next, one or more vulnerabilities are identified in the scanned sitemap associated with the webpage. A report including the identified one or more vulnerabilities is provided.

Abstract: Systems, methods, and machine-readable instructions stored on machine-readable media are disclosed for copying a first permission of a file to a second permission of the file, wherein the file is stored on a host file system. The first permission is changed to a third permission. A request is received to access the file from a container file system. In response to the request and before providing the container file system with access to the file, changing the third permission to the second permission. The file is provided to the container file system based on the second permission.

Abstract: An illustrative computing system for securely managing security information receives a request for security information. The computing system acquires the security information associated with the user and embeds the security information in a user selected image. The computing system modifies the image based on a user selected identifier to scramble the location of pixels. The computing system encrypts and transmits the image. The computing system decrypts the image at the user interface. The computing system modifies the image based on the user selected identifier to descramble the pixels. The computing system displays the image at the user interface with a plurality of images for user selection. Based on the image selected by the user, the computing system extracts security information from the image. The computing system displays the requested security information at the user interface.

Abstract: A system and method for electronic signature validation is provided. Embodiments may include analyzing at least one government identification document, wherein analyzing includes authenticating the at least one government identification document. Embodiments may further include extracting personally identifiable information pertaining to a user from the at least one government identification document and displaying a digital copy of a document to be signed to the user. Embodiments may also include capturing an electronic signature of the document by the user and receiving personally identifiable information, wherein the personally identifiable information pertains to the user and enables the user to be uniquely identified. Embodiments may further transmitting a document signing transaction session.

Abstract: A set of methods are proposed to increase data security, both in motion and at rest, by creating microshard data fragments. Microshard data fragments are subsets of a data file which are smaller than a defined atomic unit of value (e.g. a fraction of the size of a social security number or valuable password that one seeks to protect). These microshard data fragments are then dispersed across several physical locations, obscuring the value. Additional techniques are proposed to further frustrate unauthorized reassembly attempts and to create system efficiencies.

Abstract: Systems, methods, and computer-readable media for shared electronic documents are disclosed. The systems and methods may involve enabling access to an electronic word processing document including blocks of text, wherein each block of text has an associated address; accessing at least one data structure containing block-based permissions for each block of text, and wherein the permissions include at least one permission to view an associated block of text; receiving from an entity a request to access the electronic word processing document; performing a lookup in the at least one data structure to determine that the entity lacks permission to view at least one specific block within the electronic word processing document; and causing to be rendered on a display associated with the entity, the electronic word processing document with the at least one specific block omitted from the display.

Abstract: The invention relates to systems and methods that implement an interactive contractor dashboard. An embodiment of the present invention is directed to aggregating contingent labor data (firm-wide and globally) into a single consolidated infrastructure from multiple data feeds and systems. Once the data is aggregated, an embodiment of the present invention may apply entitlements, reduce the dataset accordingly and dynamically provide a customized interactive interface where the user may generate reports and access analytics for one or more contractors associated with the user.

Abstract: Embodiments of an application gateway architecture may include an application gateway server computer communicatively connected to backend systems and client devices operating on different platforms. The application gateway server computer may include application programming interfaces and services configured for communicating with the backend systems and managed containers operating on the client devices. The application gateway server computer may provide applications that can be centrally managed and may extend the capabilities of the client devices, including the ability to authenticate across backend systems. A managed container may include a managed cache and may provide a secure shell for applications received from the application gateway server computer. The managed container may store the applications in the managed cache and control access to the managed cache according to rules propagated from at least one of the backend systems via the application gateway server computer.

Abstract: Embodiments herein describe using visual passwords to control access to secure information. When a user attempts to access the secure information, she can provide her username to an authentication agent which identifies the visual password corresponding to the received username and selects a first set of images that contains the visual password and a second set of images that does not. The first and second sets of images are then transmitted to a user device. The user device can display the first and second sets of images to the user who selects which images have the visual password. An indication of which images the user selected is then transmitted to the authentication engine which determines whether the user selected all the images in the first set and none of the images in the second set. If so, the user is granted access to the secure information.

Abstract: A cybersecurity infrastructure command validation system is provided herein for validating asset commands issued within an infrastructure network. The cybersecurity infrastructure command validation system can be integrated into an infrastructure network to monitor and validate infrastructure asset commands in real-time or while the infrastructure network is active. The cybersecurity infrastructure command validation system can receive or intercept commands issued by asset controllers. The cybersecurity infrastructure command validation system can validate the commands based on a command validation model. The command validation model can represent normal operating behavior of the infrastructure network. The cybersecurity infrastructure command validation system can provide valid commands to the intended infrastructure asset, or can reject invalid commands. The cybersecurity infrastructure command validation system can store validation results for use in updating the command validation model.

Abstract: Techniques for providing hybrid access control in a cloud-services computing environment are provided. In one embodiment, a method for providing hybrid access control is provided at a host computing device. The method includes obtaining access control settings including at least a first user's role-based access settings with respect to a first sub-system of a hierarchical computing-resource system. The method further includes propagating the access control settings from the first sub-system to a second sub-system; obtaining user group domains assigned to a plurality of sub-systems; and obtaining a group membership associated with the first user. The method further includes determining, based on the obtained user group domains and the obtained group membership associated with the first user, whether the first user's role-based access settings propagated to the second sub-system are to be adjusted; and making adjustments accordingly.

Abstract: A method and a system for aggregating users' consents for use of automotive data by data services are provided herein. The method may include the following steps: obtaining, from a plurality of data sources, a plurality of automotive data records associated with connected vehicles having respective users; determining for each request for automotive data made by said data services, which of the data records require consent; aggregating consent data for each data records, responsive to an indication that the respective user have been authenticated by the data sources; and providing the data services with access to automotive data based on the aggregated consent data. The system may implement the aforementioned steps in a form of a server on a computer network.

Abstract: This disclosure relates to systems and methods for managing access to data through enforcement of one or more associated rules. In various embodiments, a directory may be used to manage and/or otherwise record various relationships between objects, that may include governed objects such as data sets, and associated rules and rule sets. Access requests involving governed objects may be compared with relevant rules to determine whether the requested access should be allowed and what, if any, restrictions should be applied in connection with such access. Various embodiments of the disclosed systems and methods may allow for a data governance model that is flexible, allows for use across multiple complex organizations, and is highly extensible.

Abstract: In general, one innovative aspect of the subject matter described in this specification may be embodied in methods that may include designating specific information within a digital identification as secure user information and designating other specific information as non-secure user information, and provisioning user-specific authentication techniques to restrict unauthorized access to the secure user information. For instance, the secure user information may be prevented from being displayed on the digital identification without the submission of an access credential such as a user-specified code or a user biometric identifier.

Abstract: A new and novel system and method for reliably, securely, and affordably isolating and securing remote access to a secure cloud-based server and database, specifically, a NicheRMS police database, through a secured application, such as the NicheRMS application, over a secure network connection, such as a Citrix Independent Computing Architecture (ICA) connection, wherein the data in the sensitive database is accessed, and only present in a secured workspace and never transmitted locally to the endpoint devices.

Abstract: A method of managing access to protected file content is disclosed. The method includes: receiving a request to open a first file stored on the computing device; determining that the first file is a protected file; in response to determining that the first file is a protected file: identifying a first application that is suitable for opening the first file; determining that the first application is an unsecured application; and in response to determining that the first application is an unsecured application, locking the first application to prevent unauthorized access of application data of the first application in a locked state.

Abstract: Techniques are described for managing access to data stored in a blockchain, and for managing the communication of blockchain data to other entities. A private key may be generated and issued to an external entity to enable the external entity to access an internal (e.g., private blockchain). The external entity may be an external (e.g., public) blockchain, device, process, or user that is outside an internal network. The key may be associated with metadata that includes constraints, conditions, or rules governing access to the blockchain. An authorized entity may employ the key to request access to the blockchain via access management module(s), and the access management module(s) may employ the metadata to determine whether to approve the request. The access management module(s) may also employ rules governing outbound communication of data from internal blockchain(s) to external entities.