Abstract: Systems, methods, and computer-readable media for fuzzy-searches on encrypted messages include maintaining, in an indexer, a dictionary of words appearing in a message history. Upon receiving a query including at least one search term, a fuzzy search of the dictionary using the at least one search term is performed to determine one or more fuzzy-matching words in the dictionary, and one or more search tokens are generated from the one or more fuzzy-matching words, the one or more search tokens including encrypted versions of the one or more fuzzy-matching words. The one or more search tokens are provided to a search service for searching a database of encrypted messages of the message history, where the at least one search term may not have an exact match with any of the words in the dictionary.

Abstract: A connectable floor tile has a flexible, top layer, a flexible, middle layer or core, and a flexible, bottom layer. The combination of the top layer and bottom layer has sidewall portions having opposed marginal perimeter portions. The sidewall portions have an interior sidewall surface that abuts the middle core. The central portion defines a land that has a support surface. A plurality of spaced-apart cleats extend upwardly to respective distal surfaces and define channels therebetween.

Abstract: An electrochemical cell comprising a membrane electrode assembly and a selectively permeable barrier layer comprising sulfonated polymer is disclosed. The selectively permeable barrier layer is arranged facing at least one electrocatalyst layer, e.g., anode or cathode. The sulfonated polymer layer aids in controlling the movement of fluids and/or their constituents into and out of the electrochemical cell assembly for separation or capture for subsequent use.

Abstract: The disclosure relates to laminate structures to cover or protect substrates or surfaces. The laminate structure comprises a support layer and a self-sterilizing/antimicrobial layer comprising a sulfonated polymer, capable of killing microbes within minutes and for an extended period of time. The sulfonated polymer has a sufficient degree of sulfonation to kill in less than 120 minutes at least 90% of microbes in contact with the surfaces, and for extended protection of the surfaces for at least one month. The laminate structure is particularly suitable for protecting high-touch surfaces such as door knobs, touch-screens, tables, as well as for use with facemasks, face shields, or as self-sterilizing wraps for surgical instruments and supplies. The laminates can also be used as garments or to cover/protect personnel having contagious diseases, etc., to decrease the transmission of microbes.

Abstract: A non-transitory computer readable medium comprising instructions stored thereon, the instructions effective to cause at least one processor to: establish trustworthiness of an application installed on a endpoint, the established trustworthiness is sufficient for an enterprise security infrastructure to treat the application installed on the endpoint and the endpoint as a trusted application and a trusted endpoint; negotiate with the trusted endpoint to determine a traffic inspection method for traffic flows originating at the trusted application that is destined for a service, the traffic inspection method is determined based on at least the trusted application, and the service; and instruct the trusted application of the determined traffic inspection method.

Abstract: This disclosure describes techniques for allowing an organization to manage user identities. In some examples, the management of user identities may be serverless. In some examples, serverless identity management may be enabled through a distributed application on user devices of the organization. The application may generate and/or store information related to the user identities on the user devices. Serverless identity management may further include storing at least some of the information at a location that is easily accessible to the user devices, such as a cloud computing location, while maintaining security for private data. Serverless identity management may therefore provide an organization with greater operational flexibility.

Abstract: Methods are provided for discovering related attributes with respect to an element in a customer data record, based on provided associations and for generating new associations between various elements of the customer data record. In these method, the context service system obtains, from a subscriber, a lookup request including a first blinded attribute. The first blinded attribute is obtained by applying an oblivious pseudo random function (OPRF) to a first element of a data record. The method further includes the context service system identifying at least one second blinded attribute associated with the first blinded attribute in a shared data partition of the context service system and providing, to the subscriber, at least one second element of the data record associated with the at least one second blinded attribute.

Abstract: An air conditioning (AC) system is provided, employing a sulfonated copolymer (SC) layer as a selectively permeable and ion exchanging membrane. The sulfonated block copolymer has an IEC greater than 0.5 meq/g. In embodiments, the sulfonated block copolymer is used to form the membrane itself, or bonded/coated onto a membrane or a foam. In embodiments, the AC employs a membrane electrode assembly, i.e., using electric field across a membrane in a dehumidifier to transport moisture generating a dry air stream, along with an evaporative cooler for latent heat removal via evaporation induced cooling of the dry air stream from the dehumidifier. The system operates as a closed loop wherein the room air after cooling is recycled or loop back to the dehumidifying membrane electrode assembly to generate dry air for the evaporative cooler, generating conditioned air.

Abstract: Systems, methods, and computer-readable media for fuzzy-searches on encrypted messages include maintaining, in an indexer, a dictionary of words appearing in a message history. Upon receiving a query including at least one search term, a fuzzy search of the dictionary using the at least one search term is performed to determine one or more fuzzy-matching words in the dictionary, and one or more search tokens are generated from the one or more fuzzy-matching words, the one or more search tokens including encrypted versions of the one or more fuzzy-matching words. The one or more search tokens are provided to a search service for searching a database of encrypted messages of the message history, where the at least one search term may not have an exact match with any of the words in the dictionary.

Abstract: Systems, methods, and computer-readable media for fuzzy-searches on encrypted messages include maintaining, in an indexer, a dictionary of words appearing in a message history. Upon receiving a query including at least one search term, a fuzzy search of the dictionary using the at least one search term is performed to determine one or more fuzzy-matching words in the dictionary, and one or more search tokens are generated from the one or more fuzzy-matching words, the one or more search tokens including encrypted versions of the one or more fuzzy-matching words. The one or more search tokens are provided to a search service for searching a database of encrypted messages of the message history, where the at least one search term may not have an exact match with any of the words in the dictionary.

Abstract: A computer system applies security policies to web traffic while maintaining privacy. A network security agent is authenticated by a client application to dynamically obtain one or more security policies, wherein the client application and the network security agent are configured to execute on a device and the network security agent is capable of communicating with a source of security policies. Connection information is obtained that includes a request to initiate an encrypted connection with a destination entity. The client application determines whether the encrypted connection between the client application and the destination entity is permitted according to the security policy and based on the connection information. The encrypted connection between the client and the destination entity is established in response to determining that the encrypted connection is permitted. Embodiments may further include a method and computer program product for applying security policies to web traffic.

Abstract: This disclosure describes techniques for authenticating one or more devices of a user in association with cloud computing services. The techniques include generating credential portions. The credential portions may be used in a signing protocol between one of the user devices and a cloud authenticator. The signing protocol may generate a signature that may be used in authentication with a cloud computing service. Furthermore, the user may be able to use any one of the user devices to log in to an online service after enrolling only a single user device with the online service. As such, the cloud authenticator may assist multiple user devices to authenticate with the cloud computing service.

Abstract: A method includes establishing an application layer transport layer security (ATLS) connection between a network device and a cloud server by sending, from the network device, TLS records in transport protocol (e.g., HTTP) message bodies to the cloud server, the ATLS connection transiting at least one transport layer security (TLS) proxy device, receiving, from the cloud server via the ATLS connection, an identifier for a certificate authority, establishing a connection with the certificate authority associated with the identifier and, in turn, receiving from the certificate authority credentials to access an application service different from the cloud server and the certificate authority, and connecting to the application service using the credentials received from the certificate authority.

Abstract: Methods are provided for discovering related attributes with respect to an element in a customer data record, based on provided associations and for generating new associations between various elements of the customer data record. In these method, the context service system obtains, from a subscriber, a lookup request including a first blinded attribute. The first blinded attribute is obtained by applying an oblivious pseudo random function (OPRF) to a first element of a data record. The method further includes the context service system identifying at least one second blinded attribute associated with the first blinded attribute in a shared data partition of the context service system and providing, to the subscriber, at least one second element of the data record associated with the at least one second blinded attribute.

Abstract: Systems, methods, and computer-readable media for fuzzy-searches on encrypted messages include maintaining, in an indexer, a dictionary of words appearing in a message history. Upon receiving a query including at least one search term, a fuzzy search of the dictionary using the at least one search term is performed to determine one or more fuzzy-matching words in the dictionary, and one or more search tokens are generated from the one or more fuzzy-matching words, the one or more search tokens including encrypted versions of the one or more fuzzy-matching words. The one or more search tokens are provided to a search service for searching a database of encrypted messages of the message history, where the at least one search term may not have an exact match with any of the words in the dictionary.

Abstract: A computer system applies security policies to web traffic while maintaining privacy. A network security agent is authenticated by a client application to dynamically obtain one or more security policies, wherein the client application and the network security agent are configured to execute on a device and the network security agent is capable of communicating with a source of security policies. Connection information is obtained that includes a request to initiate an encrypted connection with a destination entity. The client application determines whether the encrypted connection between the client application and the destination entity is permitted according to the security policy and based on the connection information. The encrypted connection between the client and the destination entity is established in response to determining that the encrypted connection is permitted. Embodiments may further include a method and computer program product for applying security policies to web traffic.

Abstract: A non-transitory computer readable medium comprising instructions stored thereon, the instructions effective to cause at least one processor to: establish trustworthiness of an application installed on a endpoint, the established trustworthiness is sufficient for an enterprise security infrastructure to treat the application installed on the endpoint and the endpoint as a trusted application and a trusted endpoint; negotiate with the trusted endpoint to determine a traffic inspection method for traffic flows originating at the trusted application that is destined for a service, the traffic inspection method is determined based on at least the trusted application, and the service; and instruct the trusted application of the determined traffic inspection method.

Abstract: A process for implementing temporary rules for network devices is described. In one embodiment, the process includes a controller receiving a manufacturer usage description (MUD) identifier from a first device. The controller retrieves a MUD file associated with the MUD identifier. The controller registers a device identifier associated with the first device with a delegated controller determined based on the MUD file. The delegated controller is configured to generate a dynamic policy for the first device. The controller receives a dynamic policy from the delegated controller for the first device. The dynamic policy may be configured to permit a communication session between the first device and a second device. The controller forwards the dynamic policy to an access control device in communication with the first device to enable the access control device to permit the communication session between the first device and the second device.

Abstract: A method includes establishing an application layer transport layer security (ATLS) connection between a network device and a cloud server by sending, from the network device, TLS records in transport protocol (e.g., HTTP) message bodies to the cloud server, the ATLS connection transiting at least one transport layer security (TLS) proxy device, receiving, from the cloud server via the ATLS connection, an identifier for a certificate authority, establishing a connection with the certificate authority associated with the identifier and, in turn, receiving from the certificate authority credentials to access an application service different from the cloud server and the certificate authority, and connecting to the application service using the credentials received from the certificate authority.

Abstract: A method for processing a first image having associated location data is provided. In one embodiment, the method comprises determining that a location alias exists for the location data of the first image, storing the location alias in memory in association with the first image, determining an identity of a person who appears in the first image via processing of facial data of the person from the first image, storing information of the identity of the person appearing in the first image in memory in association with the first image, outputting the first image to a display in response to a request, outputting the location alias to the display for viewing concurrently with the first image, and outputting the identity of the person who appears in the first image to the display for viewing concurrently with the first image.