Abstract: A centralized document system generates a document package in response to a request by an originating entity. The document package includes at least one document for execution by a first receiving entity. The first receiving entity can specify a set of permissions for a second receiving entity to perform actions to documents within the package on behalf of the first receiving entity. Accordingly, the system may provide the document package to both the first and second receiving entities for the first receiving entity to execute the at least one document. Before providing the document to the second receiving entity, system may determine whether there is a sensitive document in the package and whether to delegate the document to the second entity. Accordingly, the system may prevent a sensitive document package from being provided to the second receiving entity for execution.

Abstract: A protection device includes a memory, and processing circuitry coupled to the memory and configured to acquire a list of file paths of predetermined protection target files, and perform an operation of protecting data of a file corresponding to a file path included in the list.

Abstract: A content consumption system or device may implement device-enabled identification for automated user detection. An identifying device may be detected at a content consumption device as within proximity of the content consumption device. An identifying device may be a mobile or wearable computing device, in various embodiments. A user account associated with the identification device may be selected for accessing content at the content consumption device. Access to content may be provided according to the selected user account. In some embodiments, content recommendations or content filtering may be performed based on the automatically determined user account.

Abstract: Data records associated with an account may be used to track incidents in a supply chain. Incident records associated with a supply chain are accessible and modifiable by users with an active user account associated with an incident management application. The application may receive requests to perform user actions on multiple incidents. Each request may be validated according to account-specific permissions and user-specific privileges. Multiple users may be grouped according to user classes indicative of their status as internal users or external users. Non-users may be invited to perform user actions on incident data through access links generated by the application instance. Access links may allow a non-user to become an invited or registered external user. A registered external user may be promoted to a named external user. Various visibility groups may limit the user actions that any given user of a particular user class can perform on incident data.

Abstract: The present disclosure is directed to a stateless system to enable data breach lookup. The stateless system may include an infrastructure device and a user device. In some aspects, the infrastructure device and the user device may determine whether the private data associated with the user device has been compromised due to a breach. The infrastructure device and/or the user device may utilize a critical combination of one or more of fast hashing algorithms, slow hashing algorithms, secret keys, and salt values to conduct the data breach lookup. In this way, the data breach lookup may be conducted without the user device communicating the private data externally. Various other aspects are contemplated.

Abstract: A system and method uses different authentication techniques, including weak passive authentication techniques, to authenticate users by generating a score and comparing it to a threshold selected according to the feature the user is requesting.

Abstract: A hardware unit relies on non-flashable circuitry for improving security for a system connected to a public or private network. The hardware unit can be added to a network without substantial modifications to the other devices already connected to the network. The hardware unit includes a switch that has at least two positions. In one of the two positions, the hardware unit detects and blocks or drops data packets or frames that contain an instruction of a known file-sharing protocol other than a reading instruction when the instruction is not addressed to a runtime file but transmits all the data packets or frames when the instruction is addressed to a runtime file. Thus, a cyber attack may be prevented instantaneously by what it attempts to do, typically the creation, insertion, deletion, update, renaming, or writing of files to compromise code or data while retaining the usual browser functionality.

Abstract: Methods and systems for creating and extending a row-level security (RLS) policy are provided. In one embodiment, a method is provided that includes creating an RLS policy for a primary object and searching a relationship database for one or more child relationships of the primary object. The method may further include filtering the one or more child relationships to identify a valid child relationship of the primary object. A child object of the primary object may then be identified based on the valid child relationship. The method may further include receiving a request to extend the RLS policy to the child object, and extending the RLS policy to the child object.

Abstract: A method for authenticating a user identity linked to a user account may include receiving information that asserts a user identity including a user identifier, accessing external data stores to receive data rows that are associated with the user identity, and accessing monitoring systems to receive data vectors. The monitoring systems may monitor transmissions to receiving systems, the data vectors may include numerical target values for the receiving systems, and the data vectors may be accessed using the user identifier. The method may also include determining whether the data rows can be matched to the data vectors, and based on that determination, authenticating the user identity.

Abstract: A memory access tracking agent detects an access request directed to an in-memory representation of a target data structure. The agent obtains run-time context information pertaining to the request, including thread stack information. Indications of the occurrence of the access request and the context information are provided to a destination.

Abstract: A managed container may have a managed cache storing content managed by or through an application gateway server computer. The managed container may receive a request for content from an application running in a secure shell provided by the managed container on a client device. The managed container may determine whether the client device is within a specified geographical location. If not, the managed container may deny or restrict the application access to the requested content. The access denial or restriction may continue until a connection is made to the application gateway server computer or until the client device has returned to within the specified geographical location. If the client device is within the specified geographical location, the managed container may provide or restore access to requested content. Embodiments of the managed container can therefore perform geofencing by disabling or limiting access to content based on predetermined secure/insecure designations.

Abstract: A method of executing an instance of a smart contract through a blockchain shared among a plurality of nodes including the following first step of serializing in the blockchain of the instance of the smart contract, and the following steps in cyclical succession: a second step of serializing a plurality of status files each containing a state defined only by internal variables of the instance at an end of a respective plurality of executions of the instance, the plurality of status files are temporally ordered according to the respective plurality of executions of the instance, a third step of deserializing in a RAM of a last state of the instance by deserializing at least one last state file from the blockchain, and a fourth step of deserializing the instance by valuing a second state of the instance as a last state, a fifth step including further execution of the instance.

Abstract: A remote wipe message or notification may be sent from a server computer to one or more target client devices associated with a user. A managed container running on a target client device associated with the user and having a managed cache storing content managed by or through the server computer may, in response to the remote wipe message or notification, deleting the managed content or a portion thereof from its managed cache. The managed container may send back an acknowledgement or message to the server computer that it had completed the remote wipe. The remote wipe functionality can avoid having to deal with individual applications running on the client device and therefore can eliminate the complexity of having to deal with individual applications. Furthermore, the remote wipe can be done independently of the local operating system and without affecting non-managed information/applications on the client device.

Abstract: A computer implemented method for securing at least one of files and records related to a specific process, the method comprising obtaining interaction data comprising one or more persons and one or more files and/or records, said interaction data comprises a process interaction score between at least one user and the specific process; identifying, from the interaction data, one or more persons and one or more files and/or records related to the specific process; comparing a process threshold with a process interaction score between a target user and the specific process; and in response to the comparison satisfying a rule, performing a security operation on the one or more files and/or records related to the specific process.

Abstract: A computer system controls access to data. A request is received from an entity to access data comprising a primary data object corresponding to a physical item. One or more secondary data objects included in the primary data object are identified, wherein the one or more secondary data objects correspond to physical components of the physical item. Access requirements for the primary data object and the one or more secondary data objects are determined. In response to determining that the access requirements are satisfied by the entity, the entity is granted access to the data comprising the primary data object and the one or more secondary data objects. Embodiments of the present invention further include a method and program product for controlling access to data in substantially the same manner described above.

Abstract: A method of authenticating a user of a multifunction device to a server, the method comprising associating a user-supplied image with user login credentials, using a server; receiving, at the server, an image uploaded from the multifunction device; and comparing the uploaded image to the user-supplied image, using the server, and, only if the uploaded image matches the user-supplied image, allowing the user of the multifunction device to authenticate to the server by providing additional login credentials to the server using the multifunction device.

Abstract: Aspects of the invention include receiving a data erasure request associated with a user and identifying, based at least in part on the data erasure request, an entity associated with the user and one or more identifiers for the user. Aspects also include identifying, based at least in part on the one or more identifiers for the user, a cohort that includes the user and comparing the one or more identifiers for the user to identifiers of a plurality of users that are not members of the cohort. Aspects further include identifying a replacement user from the plurality of users based on the comparison and replacing the entity associated with the user in the cohort with an entity associated with the replacement user.

Abstract: A method, non-transitory computer readable medium, and device that assists with improving web scanner accuracy includes receiving a sitemap document associated with a webpage from an application security manager apparatus. The received sitemap document associated with the webpage is scanned. Next, one or more vulnerabilities are identified in the scanned sitemap associated with the webpage. A report including the identified one or more vulnerabilities is provided.

Abstract: Systems, methods, and machine-readable instructions stored on machine-readable media are disclosed for copying a first permission of a file to a second permission of the file, wherein the file is stored on a host file system. The first permission is changed to a third permission. A request is received to access the file from a container file system. In response to the request and before providing the container file system with access to the file, changing the third permission to the second permission. The file is provided to the container file system based on the second permission.

Abstract: An illustrative computing system for securely managing security information receives a request for security information. The computing system acquires the security information associated with the user and embeds the security information in a user selected image. The computing system modifies the image based on a user selected identifier to scramble the location of pixels. The computing system encrypts and transmits the image. The computing system decrypts the image at the user interface. The computing system modifies the image based on the user selected identifier to descramble the pixels. The computing system displays the image at the user interface with a plurality of images for user selection. Based on the image selected by the user, the computing system extracts security information from the image. The computing system displays the requested security information at the user interface.