Abstract: Provided is a private and secure network that uses an authentication mechanism with a uniquely assigned private IP address and network credentials issued as part of a VPN certificate exchange. A first layer of authentication establishes a secure tunnel between user and VPN server, and a second layer of authentication connects that secure tunnel to the web site or resource, without passing the VPN certificate. Once authenticated, interaction between website or resource and user are automatically monitored for abnormal or malicious behavior and, if required, automatic verification and authentication response is generated.

Abstract: Provided is a process including: obtaining criteria to select plain-text values in a lower-trust database; selecting, based on the criteria, a first plain-text value; in response, determining a first reference value; storing the first plain-text value in a higher-trust database in a second entry identified by the first reference value; storing the first reference value in the first entry of the lower-trust database; selecting another instance of the first plain-text value stored requested to be stored in a third entry in the lower-trust database; and in response, storing the first reference value in the third entry.

Abstract: Techniques for managing data stored within a database, such as a decentralized database are provided. Some techniques involve managing some data within a lower-trust database and some other data within a higher-trust database. A higher-trust database may be a decentralize database including a blockchain. A lower-trust database may store references to data within the blockchain, and optionally other data in association with those references. Disclosed techniques include WHERE clause query handling in databases with reference values, replacement of distinct data in a relational database with a distinct reference to that data, number line storing for secure indexing, APIs for databases, and consensus operations for private blockchain networks.

Abstract: Provided is a process including: obtaining criteria to select plain-text values in a lower-trust database; selecting, based on the criteria, a first plain-text value; in response, determining a first reference value; storing the first plain-text value in a higher-trust database in a second entry identified by the first reference value; storing the first reference value in the first entry of the lower-trust database; selecting another instance of the first plain-text value stored requested to be stored in a third entry in the lower-trust database; and in response, storing the first reference value in the third entry.

Abstract: Provided is a private and secure network that uses an authentication mechanism with a uniquely assigned private IP address and network credentials issued as part of a VPN certificate exchange. A first layer of authentication establishes a secure tunnel between user and VPN server, and a second layer of authentication connects that secure tunnel to the web site or resource, without passing the VPN certificate. Once authenticated, interaction between website or resource and user are automatically monitored for abnormal or malicious behavior and, if required, automatic verification and authentication response is generated.

Abstract: Provided is a process including: obtaining, with a network controls engine, network traffic, wherein: the network traffic is sent across the network between source computing devices and destination computing devices; at least one of the source or destination computing devices are on a network carrying the network traffic; and the network has a plurality of computing devices causing the network traffic and which are assigned addresses on the network; applying, with the network controls engine, a plurality of rules to the network traffic to identify rules with criteria satisfied by the network traffic; and causing, with the network controls engine, one or more actions prescribed by one or more identified rules with criteria satisfied by the network traffic.

Abstract: Provided is a process including: obtaining, with a network controller, a current state of a network; causing, with the network controller, a graphical user interface to be presented that depicts at least part of the network graph and includes user-inputs by which a user requests changes to the network graph; receiving, with the network controller, a request input to modify the network graph; and modifying, with the network controller, the network graph and enforcing the modification.

Abstract: Provided is a process including: receiving a request to access a distributed data store, wherein the distributed data store stores a plurality of units of content that are each distributed among multiple computing entities hosting different subsets of data of the distributed data store; and causing, with one or more processors of a computing device configured to participate in combining the information from the plurality of computing entities to access units of content, logging of the request in an entry in a tamper-evident log.

Abstract: Provided is a process including: obtaining criteria to select plain-text values in a lower-trust database; selecting, based on the criteria, a first plain-text value; in response, determining a first reference value; storing the first plain-text value in a higher-trust database in a second entry identified by the first reference value; storing the first reference value in the first entry of the lower-trust database; selecting another instance of the first plain-text value stored requested to be stored in a third entry in the lower-trust database; and in response, storing the first reference value in the third entry.

Abstract: Provided is a process including: obtaining, with a network controls engine, network traffic, wherein: the network traffic is sent across the network between source computing devices and destination computing devices; at least one of the source or destination computing devices are on a network carrying the network traffic; and the network has a plurality of computing devices causing the network traffic and which are assigned addresses on the network; applying, with the network controls engine, a plurality of rules to the network traffic to identify rules with criteria satisfied by the network traffic; and causing, with the network controls engine, one or more actions prescribed by one or more identified rules with criteria satisfied by the network traffic.

Abstract: Provided is a process including: receiving a first write request from an application requesting to write data to a first remote database via a network; classifying the second value as higher-security; and in response to classifying the second value as higher-security, redirecting the second value from a destination specified by the application in the received first write request, wherein an attacker with full access to the first database does not have access to the second value classified as higher security, and wherein code of the application is not modified to interface with two databases in place of the first remote database.

Abstract: Provided is a process including: executing a virtual private network client application on a client computing device; communicating between the client computing device and a virtual private network server; sensing network conditions of a virtual private network connection; and selecting a set of configuration settings from among the different respective sets of configuration settings based on the network conditions.

Abstract: Provided is a process including: processing, with a permission-management application requests to manage permissions of one or more users to access resources with client computing devices, wherein: the permission-management application is configured to manage permissions for users of an organization to access a plurality of network-accessible applications; the plurality of different network-accessible applications have different permission-management application program interfaces; and the permission-management application is configured to manage permissions for users to access respective instances of a plurality of different native applications executing on the client computing devices.

Abstract: Provided is a process including: relaying, with a server at a first domain, at least part of a plurality application-layer messages between a client web browser and one or more destination servers; determining to terminate subsequent authenticated access by the client web browser; and sending, from the server at the first domain, instructions that cause the client web browser to delete or modify an access token stored in memory of the client web browser.

Abstract: Provided is a process including: receiving one or more write requests; selecting a first subset of the values as corresponding to higher-security fields; segmenting a first value in the first subset; instructing a first computing device to store a first subset of segments among the plurality of segments in memory; and instructing a second computing device to store a second subset of segments among the plurality of segments in memory.

Abstract: Provided is a process including: receiving one or more write requests; selecting a first subset of the values as corresponding to higher-security fields; segmenting a first value in the first subset; instructing a first computing device to store a first subset of segments among the plurality of segments in memory; and instructing a second computing device to store a second subset of segments among the plurality of segments in memory.

Abstract: Provided is a process including: receiving a first write request from an application requesting to write data to a first remote database via a network; classifying the second value as higher-security; and in response to classifying the second value as higher-security, redirecting the second value from a destination specified by the application in the received first write request, wherein an attacker with full access to the first database does not have access to the second value classified as higher security, and wherein code of the application is not modified to interface with two databases in place of the first remote database.

Abstract: Provided is a process including: relaying, with a server at a first domain, at least part of a plurality application-layer messages between a client web browser and one or more destination servers; determining to terminate subsequent authenticated access by the client web browser; and sending, from the server at the first domain, instructions that cause the client web browser to delete or modify an access token stored in memory of the client web browser.

Abstract: Provided is a process including: receiving one or more write requests; selecting a first subset of the values as corresponding to higher-security fields; segmenting a first value in the first subset; instructing a first computing device to store a first subset of segments among the plurality of segments in memory; and instructing a second computing device to store a second subset of segments among the plurality of segments in memory.

Abstract: Provided is a process including: receiving a request to access a distributed data store, wherein the distributed data store stores a plurality of units of content that are each distributed among multiple computing entities hosting different subsets of data of the distributed data store; and causing, with one or more processors of a computing device configured to participate in combining the information from the plurality of computing entities to access units of content, logging of the request in an entry in a tamper-evident log.