Abstract: Aspects discussed herein may relate to methods and techniques for scanning application programming interface requests and responses to more readily identify data issues. The system may aggregate one or more data requests and/or responses according to correlated data transactions between devices. The system may then analyze traffic associated with those requests to determine if the responses are consistent with data policies. If a response is out of line with such policies, a system for reporting and correction are described.

Abstract: Techniques are disclosed for performing scanning and profiling of stored data to identify the location of data entries that comprise sensitive data that require storage in accordance with enhanced security requirements. The techniques advantageously move a portion of the scanning and profiling operations closer to the data storage locations, and involve deploying processing resources near the locations at which the data is stored rather than relying solely upon centralizing processing at a separate location. This approach has the advantages of reducing network traffic and latency, which can help improve performance and reduce costs, and may also facilitate organizations to better take advantage of distributed computing architectures, which can scale more effectively than centralized processing.

Abstract: Systems, methods, and apparatuses are described for securely federating data processing tasks on remote client devices. A computing device may cause one or more remote client devices to securely execute algorithms. The computing device may then receive, from one of those algorithms, a request for secure material usable to process data using the algorithm. The computing device may generate and transmit an encrypted challenge token, and the algorithm may respond with an updated request comprising a processed form of the challenge token. The computing device may then validate the request and, if validation succeeds, transmit the sensitive material. The computing device may then cause the remote client device to process data using the algorithm and the sensitive material.

Abstract: Systems, methods, and apparatuses are described for secure transfer of tokenized data from a sender to a recipient without disclosing tokenization schemas of either party. A computing device may receive a detokenization algorithm associated with a sender and tokenized data. The computing device may generate plain data by processing the first tokenized data using the detokenization algorithm. The computing device may clear memory, receive a tokenization algorithm associated with a recipient, and generate tokenized data by processing the plain data using the tokenization algorithm. The computing device may then send the tokenized data to the recipient.

Abstract: Systems, methods, and apparatuses are described for generating deterministic crypto-random values for cryptographic operations such as tokenization. A computing device may receive a plurality of unique character strings by receiving such strings from a server and/or by generating such strings based on a seed value. The computing device may define a seed table comprising a plurality of rows and a plurality of columns such that each row of the plurality of rows corresponds to a different character of the set of characters and each column of the plurality of columns corresponds to a different character of a unique character string, of the plurality of unique character strings, corresponding to the different character. The table may be expanded by processing sequential rows of the seed table to generate a tokenization table. That tokenization table may be used to generate tokenized versions of input data.

Abstract: Disclosed are systems and methods for node management performed by a client driver of a client device comprising receiving cluster topology data from the cluster system; transmitting, a data request to each of a plurality of nodes in a cluster system; receiving a reply from each of the nodes that are responsive; assigning, by the client driver, based on the received replies, a responsive status for each of the nodes that are responsive or a non-responsive status for each of nodes that are non-responsive; updating a listing of management data, wherein the management data includes: an identification of each of the plurality of nodes, and a current status of each of the plurality of nodes; and routing, by the client driver, a client request to one of the plurality of nodes that are responsive based on the cluster topology data.

Abstract: Systems, methods, and apparatuses are described for securely federating data processing tasks on remote client devices. A computing device may cause one or more remote client devices to securely execute algorithms. The computing device may then receive, from one of those algorithms, a request for secure material usable to process data using the algorithm. The computing device may generate and transmit an encrypted challenge token, and the algorithm may respond with an updated request comprising a processed form of the challenge token. The computing device may then validate the request and, if validation succeeds, transmit the sensitive material. The computing device may then cause the remote client device to process data using the algorithm and the sensitive material.

Abstract: Disclosed herein are system, method, and computer program product embodiments for tokenization by obfuscating a length of personal information through addition of one or more digits and modifying a base of the input string before encryption. In one process, a security string is added to a user information input string of a first length and first base to generate a second string of a longer length, a format preserving encryption (FPE) is performed to generate a new string of the another length and base, and converted into a token of the first length but different base.

Abstract: Methods and systems disclosed herein describe tokenizing data to generate a secure token that is limited in scope (e.g., directed to a specific recipient) and limited in time (e.g., valid for only a specified period of time). A detokenization process may be employed to recover encrypted data of the secure token without the need for any relational database lookup processes, thereby reducing cost while maintaining robust protection against unintended recipients that attempt to recover the encrypted data.

Abstract: Systems, methods, and apparatuses are described for crypto-material life-cycle management for tokenization and/or encryption. A computing device may generate cryptographic material comprising one or more blobs. Each of the blobs may be usable for encryption and/or tokenization for different field types and via various different encryption/tokenization algorithms. Multiple cryptographic blobs might be generated in advance for the same field type/algorithm, such that the cryptographic blobs are quickly available for use. In response to computing device requests for such cryptographic blobs, a cryptographic blob for a particular field/algorithm may be identified and transmitted. The cryptographic material may be refreshed periodically, when most and/or all of the cryptographic blobs are used up, or upon detection of a security breach. The cryptographic material may be appended based on new fields and/or algorithms such that the cryptographic material is backwards- and forwards-compatible.

Abstract: In some implementations, a system may obtain a first model that is trained to identify feature data associated with a client system using one or more services of a service platform. The system may train, based on the feature data, a second model to identify anomalies associated with devices accessing the one or more services in association with a client identifier of the client system. The system may receive access data associated with an acting device accessing a service of the service platform. The system may determine, using the second model, that the acting device accessing the service corresponds to potential anomalous activity based on the access information. The system may obtain, from a verification device, a verification that the acting device accessing the service is anomalous activity. The system may perform, based on obtaining the verification, an action associated with the acting device.

Abstract: Techniques are disclosed for performing scanning and profiling of stored data to identify the location of data entries that comprise sensitive data that require storage in accordance with enhanced security requirements. The techniques advantageously move a portion of the scanning and profiling operations closer to the data storage locations, and involve deploying processing resources near the locations at which the data is stored rather than relying solely upon centralizing processing at a separate location. This approach has the advantages of reducing network traffic and latency, which can help improve performance and reduce costs, and may also facilitate organizations to better take advantage of distributed computing architectures, which can scale more effectively than centralized processing.

Abstract: In some embodiments, reducing authentication delays related to security module processing may be facilitated. In some embodiments, a first authentication code may be generated based on a first verification code associated with an account. The first authentication code may be stored in association with the account. An authentication request may be obtained to authenticate an action, and the authentication request may comprise a second verification code. A security module request may be generated for a security module response related to the second verification code. A second authentication code may be generated based on the second verification code. Based on a determination that the second authentication code corresponds to the first authentication code, an authentication response for the authentication request may be provided.

Abstract: Systems, methods, and apparatuses are described for secure transfer of tokenized data from a sender to a recipient without disclosing tokenization schemas of either party. A computing device may receive a detokenization algorithm associated with a sender and tokenized data. The computing device may generate plain data by processing the first tokenized data using the detokenization algorithm. The computing device may clear memory, receive a tokenization algorithm associated with a recipient, and generate tokenized data by processing the plain data using the tokenization algorithm. The computing device may then send the tokenized data to the recipient.

Abstract: Systems, methods, and apparatuses are described for generating deterministic crypto-random values for cryptographic operations such as tokenization. A computing device may receive a plurality of unique character strings by receiving such strings from a server and/or by generating such strings based on a seed value. The computing device may define a seed table comprising a plurality of rows and a plurality of columns such that each row of the plurality of rows corresponds to a different character of the set of characters and each column of the plurality of columns corresponds to a different character of a unique character string, of the plurality of unique character strings, corresponding to the different character. The table may be expanded by processing sequential rows of the seed table to generate a tokenization table. That tokenization table may be used to generate tokenized versions of input data.

Abstract: Certain aspects of the present disclosure provide techniques for handover timelines and power optimization for user equipment (UE) in multiple subscriber identity module (MSIM) dual receive (DR) scenarios. An example method, performed by a UE, includes entering a DR mode in which a first subscriber identity module (SIM) is active in a first radio access technology (RAT) and a second SIM is idle in a second RAT, identifying one or more channel frequencies, of a neighbor channel frequency list, that are incompatible with the DR mode, and performing a channel measurement procedure with the second SIM, on a subset of the neighbor channel frequency list that does not include the one or more channel frequencies that are incompatible with the DR mode.

Abstract: In some embodiments, reducing authentication delays related to security module processing may be facilitated. In some embodiments, a first authentication code may be generated based on a first verification code associated with an account. The first authentication code may be stored in association with the account. An authentication request may be obtained to authenticate an action, and the authentication request may comprise a second verification code. A security module request may be generated for a security module response related to the second verification code. A second authentication code may be generated based on the second verification code. Based on a determination that the second authentication code corresponds to the first authentication code, an authentication response for the authentication request may be provided.

Abstract: Techniques are disclosed for performing scanning and profiling of stored data to identify the location of data entries that comprise sensitive data that require storage in accordance with enhanced security requirements. The techniques advantageously move a portion of the scanning and profiling operations closer to the data storage locations, and involve deploying processing resources near the locations at which the data is stored rather than relying solely upon centralizing processing at a separate location. This approach has the advantages of reducing network traffic and latency, which can help improve performance and reduce costs, and may also facilitate organizations to better take advantage of distributed computing architectures, which can scale more effectively than centralized processing.