Abstract: Disclosed embodiments relate to systems and methods for discovering and controlling sensitive data stored in temporary access memory. Techniques include identifying an application configured to perform one or more secure functions using sensitive data, wherein the application is configured to store or access the sensitive data in a temporary access memory accessible to the application; analyzing one or more processes associated with runtime activity of the application; detecting, based on the analyzing, an instance of the sensitive data, wherein the detecting is based on at least one of: analyzing input from a user to the application, or analyzing attributes of the application; and automatically implementing, based on the detecting, a control action to limit the accessibility of the sensitive data in the temporary access memory.

Abstract: Disclosed embodiments relate to systems and methods for securely verifying encoded visual codes together with network address information. Techniques include: obtaining a first capture of a visual display, the visual display being generated on a display medium; applying a display detection technique based on the obtained first capture; determining, based on the display detection technique, whether a boundary of the display medium is identified; identifying, within the first capture, an encoded visual representation of a data element and a network address; determining whether the network address is valid; and determining whether to validate the encoded visual representation based on the determination of whether the network address is valid.

Abstract: Disclosed embodiments relate to systems and methods for dynamically providing coupling between auxiliary computing devices and secure endpoint computing resources. Techniques include identifying a request for an identity to access an endpoint computing resource; obtaining a unique session identifier in response to the request; transmitting the unique session identifier via short-range communications from the endpoint computing resource to an auxiliary computing device associated with the identity; obtaining, in response to the auxiliary computing device transmitting the unique session identifier and the identification data, authentication data sufficient to comply with the authentication requirement of the endpoint computing resource; and dynamically coupling the identity to the endpoint computing resource based on the authentication data and consistent with the authentication requirement.

Abstract: Disclosed embodiments relate to systems and methods for securely communicating data via encoded scannable codes. Techniques include identifying data to be communicated, identifying fictive data, accessing a manipulation factor, generating a scannable code comprising codes corresponding to the data and fictive data manipulated according to the manipulation factor, and making the code available for decoding by a scanning device. Further techniques include scanning a scannable code via a scanning device, separating the scannable code into multiple codes according to a manipulation factor, decoding the code(s) corresponding to the data to obtain the data, and refraining from decoding the code(s) corresponding to the fictive data.

Abstract: Disclosed embodiments relate to securely caching and provisioning secrets for use in an offline process. Techniques include accessing, at an endpoint computing resource storing a secret, a first cryptographic key; encrypting the secret using the first cryptographic key; receiving, from an auxiliary device, a second cryptographic key; encrypting the encrypted secret with the second cryptographic key to produce an encrypted block; sending, without using a network connection, the encrypted block to the auxiliary device for decryption; receiving, from the auxiliary device and without using a network connection, a decrypted version of the encrypted block; and decrypting the encrypted secret with a cryptographic key corresponding to the first cryptographic key.

Abstract: Disclosed embodiments relate to systems and methods for securely and efficiently enabling activation of access-limited software to permitted identities. Techniques include receiving, from a personal computing device associated with an identity, a software identifier associated with access-limited software available on an endpoint computing resource; identifying a tenant identifier associated with the identity; identifying a prompt to activate the access-limited software available on the endpoint computing resource; determining that the identity is permitted to utilize the access-limited software based on at least the software identifier and tenant identifier; and enabling, based on the determining, activation of the access-limited software for use by the identity at the endpoint computing resource.

Abstract: Disclosed embodiments relate to secure and distributed provisioning of a secret required to access a secure resource. Techniques include identifying a request for a user to access a secure resource; accessing a first portion and a second portion of the secret; providing the first portion of the secret to the computing device; and providing at least the second portion of the secret to an auxiliary device physically accessible to the user. The second portion of the secret may be configured to be conveyed by the user from the auxiliary device to the computing device and combined with at least the first portion of the secret to form the secret. The first portion and the second portion of the secret, after being combined, may enable the user to access the secure resource.

Abstract: Disclosed embodiments relate to adaptively and dynamically monitoring and managing a proximity status between securely communicating devices. Techniques include identifying a secure connection session established between an endpoint computing resource and an auxiliary computing device associated with a user; receiving real-time proximity data associated with at least one of the user or the auxiliary computing device; receiving proximity data associated with the endpoint computing resource; determining, based on the real-time proximity data associated with at least one of the user or the auxiliary computing device and the proximity data associated with the endpoint computing resource, whether at least one of the auxiliary computing device or the user has left the proximity to the endpoint computing resource; and implementing, based on the determining, an automatic session control action for the secure connection session.

Abstract: Disclosed embodiments relate to securely caching and provisioning secrets for use in an offline process. Techniques include accessing, at an endpoint computing resource storing a secret, a first cryptographic key; encrypting the secret using the first cryptographic key; receiving, from an auxiliary device, a second cryptographic key; encrypting the encrypted secret with the second cryptographic key to produce an encrypted block; sending, without using a network connection, the encrypted block to the auxiliary device for decryption; receiving, from the auxiliary device and without using a network connection, a decrypted version of the encrypted block; and decrypting the encrypted secret with a cryptographic key corresponding to the first cryptographic key.

Abstract: Disclosed embodiments relate to systems and methods for distributed transmission of divisible and reconstructible data among network resources. Techniques include identifying data to be securely transmitted across a network to a receiving network resource; applying a splitting scheme to form one or more data portions; obtaining a unique session identifier; selecting a distribution scheme; accessing one or more cryptographic keys; encrypting one or more data portions to form a plurality of corresponding encrypted blocks; transmitting, according to the selected distribution scheme, the one or more of the plurality of encrypted blocks to one or more of the constituent network nodes, en route to the receiving network resource. The receiving network resource may be configured to, upon obtaining the one or more data portions, and with reference to the unique session identifier, combine and validate the one or more data portions.

Abstract: A method for assessing a risk level of a remote desktop access connection includes establishing a remote desktop access connection session between a target machine and the client machine over a network. The remote desktop access connection is established in response to a request received from the client machine. The remote desktop access connection is used acquire, from the client machine, information pertaining to a system environment of the client machine during the connection session. The acquired information is analyzed by comparing the acquired information to information indicative of a defined use of the client machine. Based on the analysis, an assessment is generated of the risk level of the connection session and/or to identify suspicious use of the remote desktop access connection by the client machine.

Abstract: A method for assessing a risk level of a remote desktop access connection includes establishing a remote desktop access connection session between a target machine and the client machine over a network. The remote desktop access connection is established in response to a request received from the client machine. The remote desktop access connection is used acquire, from the client machine, information pertaining to a system environment of the client machine during the connection session. The acquired information is analyzed by comparing the acquired information to information indicative of a defined use of the client machine. Based on the analysis, an assessment is generated of the risk level of the connection session and/or to identify suspicious use of the remote desktop access connection by the client machine.