Abstract: The disclosed computer-implemented method for preparing a secure search index for securely detecting personally identifiable information may include (i) receiving, at a computing device, a dataset including a record, where the record has a field including a value describing personally identifiable information and (ii) performing, at the computing device, a security action. The security action may include (i) generating, using a perfect hash function, a respective hashed key from the value and (ii) adding, to the secure search index (a) the respective hashed key or (b) a subsequent hashed key created from the respective hashed key. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for searching unstructured documents for structured data may include (1) receiving a request to search unstructured documents for a document that contains data (e.g., sensitive data) from a structured dataset, (2) generating a secure search index (e.g., a Bloom filter) for searching the unstructured documents for the sensitive data, (3) extracting a first token and a second token from an unstructured document, (4) generating a hashed key from the first token and the second token, (5) querying the secure search index to determine whether the second hashed key is contained in the secure search index, and (6) responding, upon determining that the second hashed key is contained in the secure search index, to the request with information about the unstructured document. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The present disclosure relates to using signatures in a data loss prevention system. According to one embodiment, a DLP system identifies an occurrence of a data loss prevention (DLP) incident triggered by content and a DLP rule. The DLP system generates a first signature representing the DLP incident based on a specific pattern inherent to the content which triggered the DLP incident. The DLP system compares the first signature to one or more second signatures generated from other DLP incidents associated with the DLP rule. Upon determining the first signature matches at least one of the second signatures, the DLP system assigns an event status of the second matching signature to the first signature.

Abstract: A computer-implemented method for scanning a file is described. A Golomb-Compressed Sequence (GCS) index may be queried to determine whether GCS data is associated with the scanned data. The GCS index may be stored in a first storage medium and the GCS data may be stored in a second storage medium. The second storage medium may be different from the first storage medium. Upon determining the GCS data is associated with the scanned data, the location of the GCS data associated with the scanned data may be identified. The GCS data may be retrieved from the identified location. At least a portion of the retrieved GCS data may be analyzed. Based on the analysis of the retrieved GCS data, it may be determined whether to perform additional data querying.

Abstract: A method and system for low-memory footprint fingerprinting and indexing for efficiently measuring document similarity and containment are described. A method may include extracting, by a processor, content from a set of one or more data files. The method may also determine a size of the content and apply a hash function to the content to generate multiple hashes. The method selects a constrained set of the hashes to generate a fixed-size fingerprint representative of the content when the size of the content is greater than a threshold size. The method stores the fixed-size fingerprint representative of the content in an endpoint index for at least partial file content matching by an endpoint device. The method may employ a statistical-based optimization to speed-up query time.

Abstract: A method of controlling access to a service over a network, including the steps of automatically identifying a service user and acquiring user information, thereby to control the access. Additionally, a method of providing service over a network, in which the service requires identification of a user, including the steps of automatically identifying the user; and associating the user with user information, thus enabling the service.

Abstract: The present invention provides a new syndication system allowing secure syndication of applications in conventional web aggregators of authorized users, and allowing secured and controlled access to privileged content by means of the syndicated applications. The system of the invention advantageously employs conventional web syndication servers and aggregators thereby allowing authorized users to securely add applications and access privileged content via their favorable web aggregation sites (e.g., personalized web pages) along with other non-privileged content syndicated therein.

Abstract: A method and system for securely handling privileged content in web syndication applications operating within a computer network and utilizing a web aggregator operating over a data network linked to a computer network and one or more web servers capable of receiving web feed requests and providing corresponding web feeds, wherein at least some of said web feeds comprise an identifier referencing privileged content, said identifier is provided in response to web feed requests relating to said privileged content, and wherein a proxy server located within said computer network is utilized for handling web feeds requests and for replacing the identifiers in the web feeds with corresponding privileged content, whenever such identifiers are received in response to web feed requests issued by authorized users within the computer network.

Abstract: A method and system for allowing a secure transaction system (STS) that includes an access system in communication with a network access provider (NAP) identification module to convey to a third party trusted persistent identification details relating to a customer computer station. A user identification request including a set of generally available persistent and transient IDs is received from the third party. The NAP ID module is requested to extract persistent IDs and information associated with the customer computer station and to verify the transient IDs of the customer computer station. The information is received from the NAP ID module and forwarded at least in part back to the third party.

Abstract: A system and a method for automatically acquiring the identity of a user requesting service from a service provider is provided. The method includes the service provider sending an identification request to a network access provider (NAP), the NAP including a NAP identification module and an access system in communication with the NAP identification module and the NAP ID module extracting information associated with the user, verifying the network address of the user and forwarding the information associated with the user to the service provider. The NAP identification module includes a controller and an address extractor in communication with the controller.

Abstract: A method of controlling access to a service over a network, including the steps of automatically identifying a service user and acquiring user information, thereby to control the access. Additionally, a method of providing service over a network, in which the service requires identification of a user, including the steps of automatically identifying the user; and associating the user with user information, thus enabling the service.