Abstract: Embodiments of the present invention are directed toward systems, methods, and computer storage media for using a neural network language model to identify semantic relationships between file storage specifications for replication requests. By treating file storage specifications (or at least a portion thereof) as “words” in the language model, replication vectors can be determined based on the file storage specifications. Instead of determining the relationship of the file storage specifications based on ordering within a document, the relationship can be based on proximity of the replication requests in a replication session. When a replication request is received from a user, the replication vectors can be used to determine a semantic similarity between the received replication request and one or more additional replication requests.

Abstract: Techniques for authentication for online content using an access token are described. According to various embodiments, online content (e.g., webpages and other types of web content) can be served across a variety of different online resources. According to one or more embodiments, an access token is leveraged to enable a user to authenticate with multiple different distributed content resources for access to online content, and without requiring the user to input authentication credentials for each of the content resources.

Abstract: Certain embodiments involve controlling the timing of digital publication of sensitive data over a data network, especially in a case where a requirement exists to publish the sensitive data within an established timeframe. For instance, a computing system receives from a client device a request to publish sensitive data. The computing system provides to the client device a challenge useable as input to a verifiable delay function (VDF), responsive to the request. The computing system receives a response to the challenge along with the sensitive data and verifies that the response is a solution to the VDF applied to the challenge. Based on verifying the solution, the computing system publishes the sensitive data.

Abstract: Embodiments of the present invention provide systems, methods, and computer storage media for facilitating user-centric identity management. In this regard, various aspects of identity management are designed to be more transparent to users to bolster user assurance with respect to “behind-the-scenes” procedures of identity management. Generally, indications of data flow between service providers, identity providers, and/or user devices can be provided to the user device for presentation to the user. As a result, visual representations of data flow, notifications of data flow, or the like, can be presented to the user to expose various aspects of identity management. In some embodiments, users may be able to control aspects of identity management, for example, by confirming or preventing data flow between providers.

Abstract: A computer system generates a similarity-optimized hierarchy for hierarchical data to improve data access performance and content discovery. An example method includes receiving hierarchical data in an original hierarchy having a plurality of nodes and a depth of d, generating a respective embedding for each node of the plurality of nodes, and determining, for each node of the plurality of nodes, respective k-nearest neighbors based on the respective embedding. Starting with nodes at depth din the original hierarchy, the method includes generating sibling groups, each sibling group having at least one node at depth d, identifying, for each node at depth d, a similarity-optimized parent from depth d?1, and associating each node at depth d with its respective similarity-optimized parent in a similarity-optimized hierarchy. The method also includes completing the similarity-optimized hierarchy by repeating the generating, identifying and associating with nodes at depth d?1 until reaching the hierarchy root.

Abstract: In various implementations, an embedded document receives untrusted content from a containing document, where the embedded document is in the containing document. In some cases, the untrusted content is received by the containing document from a server and is forwarded to the embedded document without rendering the untrusted content in the containing document. Instead, the untrusted content is rendered in the embedded document. A sandbox policy is enforced on the embedded document such that the rendered untrusted content is restricted from accessing data associated with the containing document. The untrusted content may comprise malicious code that when rendered executes an XXS attack that attempts to access the data associated with the containing document. However, because the untrusted content is rendered in the embedded document, the malicious code may be denied access to the data, thereby preventing the XSS attack from succeeding.

Abstract: Certain embodiments involve controlling the timing of digital publication of sensitive data over a data network, especially in a case where a requirement exists to publish the sensitive data within an established timeframe. For instance, a computing system receives from a client device a request to publish sensitive data. The computing system provides to the client device a challenge useable as input to a verifiable delay function (VDF), responsive to the request. The computing system receives a response to the challenge along with the sensitive data and verifies that the response is a solution to the VDF applied to the challenge. Based on verifying the solution, the computing system publishes the sensitive data.

Abstract: A computer system generates a similarity-optimized hierarchy for hierarchical data to improve data access performance and content discovery. An example method includes receiving hierarchical data in an original hierarchy having a plurality of nodes and a depth of d, generating a respective embedding for each node of the plurality of nodes, and determining, for each node of the plurality of nodes, respective k-nearest neighbors based on the respective embedding. Starting with nodes at depth din the original hierarchy, the method includes generating sibling groups, each sibling group having at least one node at depth d, identifying, for each node at depth d, a similarity-optimized parent from depth d?1, and associating each node at depth d with its respective similarity-optimized parent in a similarity-optimized hierarchy. The method also includes completing the similarity-optimized hierarchy by repeating the generating, identifying and associating with nodes at depth d?1 until reaching the hierarchy root.

Abstract: Systems and methods are disclosed herein for publishing sensitive content at a future time, where prior to the future time, receiving an encrypted version of the sensitive content is received and a sequence of proof rules are applied to random portions of the encrypted version of the sensitive content. Upon successful application of the sequence of proof rules, the encrypted version of the sensitive content is prepared for publication and optionally published in encrypted form. At the future time, an encryption key is received for the encrypted version of the sensitive content and the encrypted version of the sensitive content is decrypted with the encryption key to produce the sensitive content.

Abstract: Embodiments of the present invention are directed toward systems, methods, and computer storage media for using a neural network language model to identify semantic relationships between file storage specifications for replication requests. By treating file storage specifications (or at least a portion thereof) as “words” in the language model, replication vectors can be determined based on the file storage specifications. Instead of determining the relationship of the file storage specifications based on ordering within a document, the relationship can be based on proximity of the replication requests in a replication session. When a replication request is received from a user, the replication vectors can be used to determine a semantic similarity between the received replication request and one or more additional replication requests.

Abstract: Techniques for automatically generating an integrity check hash value for a content asset served by a third-party server when the content asset is added to a template in a user interface. The techniques include displaying, by the user interface, a visual layout of web content, the UI configured to receive modifications to a component of the web content. The component comprising a template for generating hypertext markup language (HTML) embodying the component. The techniques further include receiving a modification to the component of the web content, wherein the modification includes instructions to include a content asset in the component of the web content and detecting that the content asset is hosted on a third-party server. Additionally, the techniques include generating HTML for the web content, the HTML including an integrity hash value for the content asset based on the template.

Abstract: Embodiments of the present invention are directed toward systems, methods, and computer storage media for using a neural network language model to identify semantic relationships between file storage specifications for replication requests. By treating file storage specifications (or at least a portion thereof) as “words” in the language model, replication vectors can be determined based on the file storage specifications. Instead of determining the relationship of the file storage specifications based on ordering within a document, the relationship can be based on proximity of the replication requests in a replication session. When a replication request is received from a user, the replication vectors can be used to determine a semantic similarity between the received replication request and one or more additional replication requests.

Abstract: Techniques are disclosed for providing copy/paste support for web conference content. Methods and systems allow copy/paste operations in web conference sessions with multimedia content based on data extracted from conference content transmitted during the web conference. The web conference can connect clients for live sharing of documents, audio, video, applications such as web applications, and web pages. In one embodiment, a conference application can receive content from a first client participating in the web conference. The conference application can extract data items from the content. The conference application can store the extracted data items. The conference application can also receive, from a second client participating in the web conference, a selection of a portion of the conference content.

Abstract: Techniques for authentication for online content using an access token are described. According to various embodiments, online content (e.g., webpages and other types of web content) can be served across a variety of different online resources. According to one or more embodiments, an access token is leveraged to enable a user to authenticate with multiple different distributed content resources for access to online content, and without requiring the user to input authentication credentials for each of the content resources.

Abstract: A digital medium environment includes a computing device (e.g., a mobile device), a digital signage device, and a server. The computing device is coupled to the digital signage device via a first communication channel, e.g., according to a low emissions protocol. The digital signage device is coupled to the server via a second communication channel that is encrypted. Security is achieved using a one-time-use token and a resolution provided by the computing device that proves the computing device knows a factorization, known to both the digital signage device and the server, without exposing the factorization in the resolution. The token is communicated from the server to the digital signage device, and is not exposed to the computing device. Thus, the authentication techniques described herein are robust and secure to an attack of communication between the computing device and the digital signage device, and are seamless to the user.

Abstract: Techniques for authentication for online content using an access token are described. According to various embodiments, online content (e.g., webpages and other types of web content) can be served across a variety of different online resources. According to one or more embodiments, an access token is leveraged to enable a user to authenticate with multiple different distributed content resources for access to online content, and without requiring the user to input authentication credentials for each of the content resources.

Abstract: Systems and methods are disclosed herein for publishing sensitive content at a future time, where prior to the future time, receiving an encrypted version of the sensitive content is received and a sequence of proof rules are applied to random portions of the encrypted version of the sensitive content. Upon successful application of the sequence of proof rules, the encrypted version of the sensitive content is prepared for publication and optionally published in encrypted form. At the future time, an encryption key is received for the encrypted version of the sensitive content and the encrypted version of the sensitive content is decrypted with the encryption key to produce the sensitive content.

Abstract: Systems and methods are disclosed herein for publishing sensitive content at a future time, where prior to the future time, receiving an encrypted version of the sensitive content is received and a sequence of proof rules are applied to random portions of the encrypted version of the sensitive content. Upon successful application of the sequence of proof rules, the encrypted version of the sensitive content is prepared for publication and optionally published in encrypted form. At the future time, an encryption key is received for the encrypted version of the sensitive content and the encrypted version of the sensitive content is decrypted with the encryption key to produce the sensitive content.

Abstract: A digital medium environment includes a computing device (e.g., a mobile device), a digital signage device, and a server. The computing device is coupled to the digital signage device via a first communication channel, e.g., according to a low emissions protocol. The digital signage device is coupled to the server via a second communication channel that is encrypted. Security is achieved using a one-time-use token and a resolution provided by the computing device that proves the computing device knows a factorization, known to both the digital signage device and the server, without exposing the factorization in the resolution. The token is communicated from the server to the digital signage device, and is not exposed to the computing device. Thus, the authentication techniques described herein are robust and secure to an attack of communication between the computing device and the digital signage device, and are seamless to the user.

Abstract: Methods and systems for controlling access to content include an authentication process that provides for increased speed by reducing, or eliminating in some cases, steps in the authentication process. In particular, the systems and methods can encode content paths previously authenticated for a particular user into an authentication token. When the user attempts to access one of the top content paths, the systems and methods can verify the user based on the encoded authentication token rather than following a complete authentication process.