Abstract: A lightweight intrusion detection method includes obtaining a feature data set of the internet of vehicles and pre-processing data; dividing pre-processed data into an initial training set, an initial verification set and an initial test set according to a preset proportion, performing data balance on the initial training set to obtain a balanced training set, performing feature selection on the balanced training set, the initial verification set and the test set; obtaining a teacher model by training with the model training set and the model verification set; using the teacher model, the model training set and the model verification set for distillation training to obtain a student model; testing a size and complexity of the student model and the performance of the student model, and saving the student model that passes the test as a lightweight intrusion detection model; and deploying the lightweight intrusion detection model.

Abstract: A tokenization system receives a request for data anonymization, the request referencing structured data containing values of interest. Responsively, the tokenization system performs a tokenization operation on the structured data, generates a corresponding token, and replaces a value of interest with the corresponding token to produce an anonymized version of the structured data. The tokenization system stores the value of interest with the corresponding token in a secure data vault. Subsequently, the tokenization system may receive a request for revealing the anonymized version of the structured data containing the corresponding token. In response, the tokenization system can perform a reveal operation on the anonymized version of the structured data by querying the secure data vault for the corresponding token and retrieving the value of interest from the secure data vault using the corresponding token.

Abstract: An inspection apparatus includes a conveyer configured to convey a medium having a plurality of printing areas in a conveying direction, a reader configured to read images printed in the printing areas, and a controller. When a plurality of images, each of which a printing position of a code in the printing area is the same as the other images, are respectively printed in the printing areas, the controller causes the reader to read a prescribed image, inspects whether the code satisfies a prescribed condition, acquires position information for specifying a printing position of the code, causes the reader to read an upstream image in a printing area upstream of the prescribed image, extracts a processing range in which the code is included from a read image of the upstream image based on the position information, and inspects whether the code included in the processing range satisfies the prescribed condition.

Abstract: In one aspect, an illustrative methodology implementing the disclosed techniques includes, by a computing device, determining that an application process includes use of a first image and a second image, one of the first and second images being generated as part of the application process, and detecting a difference in content of the first image or the second image based on a comparison of the first and second images. The method also includes, by the computing device, revoking access to a file that includes at least one of the first and second images based on the detection of the difference in content of one of the first and second images.

Abstract: In one aspect, a method of classifying a computer object as malware includes receiving at a base computer data about a computer object from each of plural remote computers on which the object or similar objects are stored. The data about the computer object received from the plural computers is compared in the base computer. The computer object is classified as malware on the basis of said comparison. In one embodiment, the data about the computer object includes one or more of: executable instructions contained within or constituted by the object; the size of the object; the name of the object; the logical storage location or path of the object on the respective remote computers; the vendor of the object; the software product and version associated with the object; and, events initiated by or involving the object when the object is created, configured or runs on the respective remote computers.

Abstract: There is provided a method performed by an encryption node for provisioning storage in a system. The encryption node is associated with an application node and the application node is configured to run at least part of one or more applications. In response to an unencrypted storage volume becoming available to the encryption node from a storage provisioning node of the system, an encrypted storage volume is generated (20) from the unencrypted storage volume and provisioning of the encrypted storage volume is initiated (22) to make the encrypted storage volume available at a compute node of the system for use by the application node.

Abstract: A storage device includes a substrate, at least one data storage element, a case, and at least one sensing pin. The substrate includes at least one security pad. The data storage element is mounted on the substrate. The case surrounds the substrate and the data storage element, and includes at least one contact structure for an electrical connection with the security pad. The sensing pin receives an electrical signal. A level of the electrical signal varies by detecting a change in a resistance according to whether the security pad is electrically connected to the contact structure. When at least a part of the case is removed, a level change of the electrical signal is detected, and a secure erase process for data stored in the data storage element is performed.

Abstract: A recording control system includes a storage medium and a control device that is detachably connectable to and controls reading/writing of data to/from the storage medium. The storage medium stores a first authentication code corresponding to at least one first attribute of the storage medium among attributes regarding reading and writing. The control device includes: a readout unit that outputs first request information to the storage medium to read therefrom at least one common authentication code each corresponding to a respective one of at least one common attribute of the first authentication code and the first request information, the first request information corresponding to at least one second attribute of the control device; an identification unit that identifies the at least one common attribute according to the at least one common authentication code; and a control unit that controls the reading/writing according to the at least one common attribute.

Abstract: Secured automated or semi-automated systems are provided herein. In one embodiment, a sensor system includes a sensor, a legacy computing environment that is configured to communicate with the sensor and process sensor raw data output, and transmit the processed sensor output to a first network node over the network, and a trusted computing environment configured to receive raw sensor output directly from the sensor and transmit the raw sensor output to an additional network node or the first network node over the network.

Abstract: Methods and apparatus for extracting a setting of configuration bits to create an exclusion configuration for providing protection against peek and poke attacks in a multi-tenant usage model of a configurable device is provided. The device may host multiple parties that do not trust each other. Peek and poke attacks are orchestrated by tapping (peeking) and driving (poking) wires associated with other parties. Such attacks may be disabled by excluding the settings of configuration bits that would allow these attacks by other parties. This set of configuration bits that should be excluded for preventing all peek and poke attacks creates the exclusion configuration. Methods are described that disable a particular class of peek and/or poke attacks through the use of partial reconfiguration. Methods and apparatus are described to dynamically detect peek and/or poke attacks.

Abstract: Systems, devices, and techniques are disclosed for cryptographic key migration. A tenant host may determine a first Key Management Service (KMS) indicated as storing a cryptographic key associated with the tenant host from a new KMS mapping. The tenant host may send a request for the cryptographic key associated with the tenant host to the first KMS. The tenant host may receive an indication from the first KMS that the first KMS does not store the cryptographic key. The tenant host may determine a second KMS indicated as storing the cryptographic key associated with the tenant host from an original KMS mapping. The tenant host may receive the cryptographic key associated with the tenant host from the second KMS. The tenant host may send a request to the second KMS that the cryptographic key associated with the tenant host be replicated from the second KMS to the first KMS.

Abstract: Disclosed are systems, methods, and non-transitory computer-readable media for a customizable cloud-based software platform. A customizable cloud-based software platform provides functionality that enables a user (e.g., individual user, organization, etc., that has created an account with the customizable cloud-based software platform) to modify a base version of a cloud-based software application to the specific user's needs. For example, the customizable cloud-based software platform provides a base version of a cloud-based software application that includes a base set of functionalities, settings, user interfaces, etc., which a user may modify to meet the user's specific needs. A user may therefore use a client device to interact with the customizable cloud-based software platform to access their customized instance of the cloud-based application.

Abstract: Methods, systems, and devices for data processing are described. Some systems may support data processing permits and cryptographic techniques tying user consent to data handling. By tying user consent to data handling, the systems may comply with data regulations on a technical level and efficiently update to handle changing data regulations and/or regulations across different jurisdictions. For example, the system may maintain a set of data processing permits indicating user consent for the system to use a user's data for particular data processes. The system may encrypt the user's data using a cryptographic key (e.g., a cryptographic nonce) and may encrypt the nonce using permit keys for any permits applicable to that data. In this way, to access a user's data for a data process, the system may first verify that a relevant permit indicates that the user complies with the requested process prior to decrypting the user's data.

Abstract: Implementations of the present disclosure are generally directed to activating features in power machines. More particularly, implementations of the present disclosure are directed to remote activation of features in power machines.

Abstract: A computing device may receive, from an electronic device and via a wireless connection, a request to securely transmit user information using a secure data exchange module of the computing device. The computing device may configure the secure data exchange module for conducting a secure transmission of the user information and transmit a notification to the electronic device. The computing device may provide a user interface on the computing device for conducting the secure transmission of the user information. The computing device may receive and/or send, via the secure data exchange module, the user information. The computing device may transmit, via the wireless connection, the user information to the electronic device. The computing device may receive, from the electronic device, confirmation of a successful processing of the user information. The computing device may provide an indication of the confirmation of the successful processing of the user information.

Abstract: Method, system, device, and non-transitory computer-readable medium for data management. In some examples, a computer-implemented method includes: collecting a plurality of personal data sets continually; collecting a plurality of sensor data sets continually via one or more sensing modules, and generating and continually updating an operator profile, determining and continually updating one or more telematics interferences; generating and continually updating a data profile; and receiving one or more access policies associated with the data profile; and listing and continually updating the data profile onto a telematics marketplace according to the one or more access policies such that only marketplace consumers having one or more consumer classifications satisfying the one or more access polices can access the data profile.

Abstract: Sensitive information is identified. For example, the sensitive information may be a set of medical records. A request is received to send the sensitive information from a first domain to a second domain. For example, the request may be to send the sensitive information from a first corporation to a second corporation. The sensitive information is encrypted. The encrypted sensitive information comprises an authentication field. The authentication field identifies one or more authentication factors that are required to unencrypt the sensitive information. For example, the authentication field may indicate that a user is required to provide a username/password and a fingerprint scan to access the sensitive information. The encrypted sensitive information is sent to the second domain. The user in the second domain is required to authenticate using the one or more authentication factors to access the sensitive information.

Abstract: A method that manages sensitive data. A computer system identifies the sensitive data for a group of application containers using configuration information for the group of application containers. The computer system encrypts the sensitive data identified for the group of application containers to form encrypted sensitive data. The computer system saves the encrypted sensitive data to a shared storage used by the group of application containers when the group of application containers is deployed.

Abstract: Aspects of the subject technology relate to electronic devices that can provide protected use of user-related information to applications, for generating user-specific outputs. The protected access may allow an application to process the user-related information within a processing environment of a processor that is separate from a primary processor of an electronic device. Within that processing environment, the application can utilize the user-related information to generate a user-specific output from the device. However, the application is prevented from extricating the user-related information, and information derived from the user-related information, from that processing environment.

Abstract: Systems, apparatuses and methods may provide for technology that generates a first set of scrambler bits based on a destination page number associated with data, generates a second set of scrambler bits based on a programmable nonlinear function, and combines the first set of scrambler bits and the second set of scrambler bits into a scrambler seed. In one example, the technology also randomizes the data based on the scrambler seed to obtain outgoing randomized data and writes the outgoing randomized data to a non-volatile memory.

Abstract: Computer technology for combining an encryption/decryption (e/d) key with additional information to obtain a specialized e/d key. The additional information one or more of the following types of additional information: client UUID (universally unique identifier), FQDN (fully qualified domain name), database hardware information, data physical position on the hard disk and/or stored data creation date. By combining the basic key with these kind(s) of operational information and/or software/hardware identifier information, the security of the underlying encrypted data can be meaningfully enhanced.

Abstract: Products, systems and methods for removing a first item from a client computing system, in response to detecting the first item is declared as belonging to a first class in a database; preventing editing of a second item by the client computing system, in response to detecting the second item is declared as belonging to a second class in the database, a record declared as belonging to the first class or the second class by an application executed on the client computing system, the client computing system remotely connected, via a communications network, to a content management system associated with the database; and queuing a third item for transfer to the client computing system over the communications network, in response to detecting a synchronization event initiated by the client computing system or a server computing system connected to the client computing system over the communications network.

Abstract: Metadata including an encrypted file name can be attached to a directory entry for a file. For example, a method may include a processing device performing operations. The operations may include receiving, from a client system, a request to generate a directory entry in a distributed file system for a file. The operations may include generating the directory entry in a storage node of the plurality of storage nodes. The directory entry may include a file name and an index number. The operations may include encrypting the file name to generate an encrypted file name. The operations may include attaching the encrypted file name to the directory entry as metadata, the metadata being distinct from the file name and the index number. The metadata may be usable by the client system for decrypting the encrypted file name.

Abstract: Techniques are described for a system document management comprising one or more processors having access to a memory. The system is configured to determine an attribute for an input document for execution by a signer. The system is also configured to generate a similarity score for each of a plurality of candidate documents using a machine learning model, wherein using the machine learning model comprises providing the attribute as an input to the machine learning model. The system is also configured to generate data for a graphical user interface comprising an indication of at least a subset of the candidate documents based on the similarity scores generated for each of the plurality of candidate documents. The system is configured to output, for display, the data to a user device.

Abstract: Provided are techniques for performing edge processing by selecting edge devices based on security levels. A security policy is identified for a job to determine a security level for the data. A number of the edge devices that are to be included in a participating group to execute the job is identified. A subset of edge devices that meet the security level are identified by comparing security data of each of the edge devices with the security level. In response to determining that the subset of edge devices includes that number of edge devices, the edge devices from the subset are added to the participating group. The job is executed using the edge devices in the participating group and the one or more cloud nodes, while maintaining the security level in processing the data and in communications across the edge devices and the one or more cloud nodes.

Abstract: The present application describes a system that uses endpoint data and network data to detect an anomaly. Once an anomaly is detected, the system may determine a severity of the anomaly by comparing the anomaly to a global database of known anomalies. The system may then initiate preventative measures to address the anomaly.

Abstract: The disclosure relates to systems, devices, and methods for authenticating users of any device requiring authentication, such as a medical device. The systems, devices, and methods can convert a standard USB mass storage device into a unique USB based authentication device that authenticates a user. The device can be programmed to grant access to one or more functions only upon verification of a user by inserting the USB based authentication device into the medical device.

Abstract: A system access a blockchain network and conducts a blockchain transaction on a task log in the blockchain network. The system stores the blockchain transaction in a blockchain ledger. The system determines whether the blockchain transaction is associated with an anomaly. The anomaly indicates that the result of the blockchain transaction is unexpected. If it is determined that the blockchain transaction is associated with an anomaly, the blockchain transaction is rejected and removed from the blockchain ledger. Otherwise, the blockchain ledger is updated to indicate that the blockchain transaction is not associated with an anomaly.

Abstract: An anomaly detection device is provided with a learning unit that generates a detection model using a communication log during normal operation of a communication apparatus as learning data and an anomaly detection unit that detects anomaly of the communication apparatus using the generated detection model. The anomaly detection device is further provided with a data acquisition unit that acquires a communication log (second communication log) generated during a predetermined period later than a first communication log and a determination unit that instructs relearning using the second communication log when there is difference information between the learning data (first communication log) of the current detection model and the second communication log and when the number of pieces of additional information (information on the additional flow) or the number of pieces of deletion information (information on the delete flow) included in the difference information satisfies predetermined evaluation criteria.

Abstract: Systems and methods for sharing secrets including passwords, keys, and other confidential information used in computing environments. A secrets record generated at a secrets vault client device is encrypted using an application key associated with a computing environment. The encrypted secrets record is stored in the secrets vault server. The secrets vault client device configures a sharing client device and associated with an access token. The secrets vault client device hashes the access token and sends to the secrets vault server as a client identifier. The sharing client device performs a first-time authentication using a hashed access token with the secrets vault server. Upon successful authentication, the sharing client device requests secrets records from the secrets vault server using the client identifier.

Abstract: Methods and systems are presented for stolen cookie detection. An authentication request is received for a user to access a website using a web browser executable at the user's device. A series of storage locations available on the device for storing web cookies is identified and sorted in order of increasing fraud risk starting from a first storage location. A cookie value for each storage location is retrieved from the device. For each storage location after the first: an expected cookie value is calculated based on the cookie value of a preceding storage location; the expected cookie value is compared with the value retrieved for the storage location; and a score representing a level of fraud risk for the storage location is assigned. The authentication request is processed based on whether the assigned score for at least one of the storage locations exceeds a predetermined risk tolerance for fraud detection.

Abstract: A computer implemented cyber security method for preventing and removing undesired modifications of a protected file may include: generating a virtual file object via an authorized handler associated with the protected file, and when a write request to the protected file is received, the write request is redirected to the virtual file object causing the write request to store the change to the data of the protected file as data in the virtual file object; receiving a read request of the protected file; determining if there is data on the virtual file object associated with the protected file; and determining if the data on the virtual file object comprises a change to the data of the protected file; and, based on the determination, the authorized handler returns one of: (i) the data of the protected file changed by the write request and (ii) the data of the protected file unchanged by the write request.

Abstract: A blockchain-based system and method for secure and auditable sharing of medical image studies between providers, patients, and authorized recipients. The system has modules for verifying identities of trusted healthcare providers as issuers of medical data, managing secure storage of medical images and metadata, minting non-fungible tokens (NFTs) representing patient ownership of studies, authenticating patient consent for data sharing, and controlling access to shared data by authorized parties. Trusted issuer registration authenticates healthcare providers permitted to submit studies by verifying credentials against authoritative sources. Secure data management employs hierarchical deterministic cryptographic wallets and smart contracts to ensure only verified issuers can create new medical data NFTs on the blockchain. Automated processing extracts image files and metadata upon upload for separate secure storage, with metadata references encrypted in the associated NFT.

Abstract: The present disclosure provides a system architecture for designing and monitoring privacy-aware services and improving privacy regulation compliance. A privacy-preserving knowledge graph (PPKG) system provides functionality for modelling and analyzing processes that use, share, or request sensitive data from users and the outcomes of such functionality may be utilized to modify the design of the processes (e.g., to improve security of the process, regulatory compliance of the process, and the like). The PPKG system may also be used to modify the process, such as to write code that may be compiled into executable form and deployed to a run-time environment. A privacy-preserving posture (PPP) system monitors the run-time environment and analyzes where processes obtain, store, and share sensitive data. The PPP system may identify run-time vulnerabilities that may pose risks with respect to the sensitive data, as well as areas where modifications could be made to improve regulatory compliance.

Abstract: This document describes systems and techniques for protecting the security of information in content selection and distribution. In one aspect, a method includes receiving, by a first computing system of MPC systems, a digital component request including distributed point functions that represent a secret share of a respective point function that indicates whether a user of the client device is a member of a first user group. Selection values are identified. Each selection value corresponds to a respective digital component, a set of contextual signals, and a respective second user group identifier for a respective second user group to which the respective digital component is eligible to be distributed. A determination is made, for each selection value and using the distributed point functions in a secure MPC process, a candidate parameter that indicates whether the second user group identifier matches a user group that includes the user as a member.

Abstract: Systems and methods for processing erasure requests are provided, namely requests from users to have their user data erased from a system. The system maintains user data in multiple components which may not be in communication with each other. With the provided system, certain entities, referred to herein as erasure control entities, are informed of details of received erasure requests, and are given the opportunity to provide input on whether they should be executed or note. For example, one erasure control entity, such as a credit card server, may not want an erasure request executed for a user with a large outstanding debt, while another erasure control entity, such as a legal component, may be unaware of this and may not be concerned with the erasure request being executed. The system and method ensure that erasure requests are not executed in situations that are premature or inappropriate.

Abstract: Authorization and delivery of content may employ uniform resource signing packages. A uniform resource signing package may comprise access parameters for a content item, user, and/or device, and may be sent to the client as a uniform resource query parameter. The client may include the uniform resource signing package in future requests associated with the content item.

Abstract: Methods for network aware endpoint data loss prevention (DLP) in web transactions are performed by systems and devices, which includes implementing DLP on endpoint devices and focuses on web traffic events from web browsers, while also associating the events to the network source entity. File download and upload events are intercepted from the operating system by a file system filter that determines the process creating events is a web browser based on process identifiers and comparing process names and process executable signatures. A uniform resource locator (URL) from a current tab or session is retrieved for the web browser. Policies for events are evaluated via a policy server or via cache, and additional data from the file is provided for policy decisions when necessary. DLP actions taken via the file system filter to block or allow events, including encrypting file data, are based on the policy decisions.

Abstract: A system and method reduces use of restricted operations in a cloud computing environment during cybersecurity threat inspection. The method includes: detecting an encrypted disk in a cloud computing environment, the encrypted disk encrypted utilizing a first key in a key management system (KMS); generating a second key in the KMS, the second key providing access for a principal of an inspection environment; generating a snapshot of the encrypted disk; generating a volume based on the snapshot, wherein the volume is re-encrypted with the second key; generating a snapshot of the re-encrypted volume; generating an inspectable disk from the snapshot of the re-encrypted volume; and initiating inspection for a cybersecurity object on the inspectable disk.

Abstract: A method and associated system for matching and delivering digital work metadata to one or more digital service providers including modifying one or more digital work metadata files, which includes removing non-critical data or segment-erroneous data or performing a language translation; reformatting the one or more digital work metadata files for compatibility with a transformer model-based AI matching operation; performing a block grouping operation on the one or more digital work metadata files, where data associated with the one or more digital work metadata files is grouped in blocks and analyzed for one or more pairs of data records; performing the transformer model-based AI matching operation to determine whether each pair of the one or more pairs of data records comprise a matching pair of data records; and transmitting output data from the transformer model-based artificial intelligence matching operation to the one or more digital service providers.

Abstract: Embodiments of the present disclosure provide a method and apparatus for security assurance of a network function or service. The method comprises: generating security requirements for a network function based on a security profile and a deployment and runtime environment of the network function; generating a security policy and a security test specification for the network function based on the security requirements; deploying the network function based on the security policy; validating security compliance of the network function with the security test specification; and activating the network function or service, in response to the network function being in compliance with the security policy.

Abstract: An intrusion detection circuit may use an element that produces non-repeatable values of a characteristic of the non-repeating element in order to prevent system manipulation. An information handling system may determine a first value for a first characteristic of the non-repeating element coupled to a secure boundary of the information handling system to activate the non-repeating element when the secure boundary is breached; retrieve a second value for the first characteristic of the non-repeating element, where the second value is a previous value compared to the first value; and determine whether an intrusion event occurred by comparing the first value of the first characteristic of the non-repeating element with the second value of the first characteristic of the non-repeating element.

Abstract: An authentication system includes an authentication server, a management server, and a terminal that the user possesses. The authentication server stores first biometric information of the user and performs biometric authentication of the user using the first biometric information. The management server stores the personal information of the user. When the biometric authentication of the user is successful, the authentication server transmits, to the terminal, a notification of authentication that indicates the biometric authentication of the user was successful. In response to the notification of authentication received, the terminal acquires the intent of the user regarding whether or not to accept the provision of stored personal information to a third person. When the user accepts the provision of stored personal information to the third person, the terminal transmits a notification of acceptance to the management server.

Abstract: In one embodiment, a device of a data mesh generates a first metadata layer for the data mesh that comprises metadata regarding a dataset having a plurality of data sources. The device identifies user role-specific metadata associated with a particular user role and based at least in part on the metadata regarding the dataset. The device generates a second metadata layer for the data mesh that comprises the user role-specific metadata associated with the particular user role. The device provides the user role-specific metadata for presentation to a user associated with the particular user role.

Abstract: Methods and systems are presented for collectively storing, managing, and analyzing data associated with different data sources. A data management system defines an enterprise data model schema based on different data model schemas associated with the different data sources. The data management system generates, for each data source, an enterprise data model instance based on the enterprise data model schema. Data is ingested from the different data sources, and then transformed and stored in a corresponding enterprise data model instance based on a mapping between a corresponding data model schema and the enterprise data model schema. Upon ingesting the data from the data sources, one or more consolidated data views are generated that combine at least portions of data from different enterprise data model instances. The data arranged according to the one or more consolidated data views is presented on a device and/or further analyzed to produce an analysis outcome.

Abstract: Systems and methods are disclosed for generating blockchain-based dynamic non-fungible tokens (NFTs) for user authentication. The method includes receiving a request from a mobile device associated with a user. Capturing, via one or more sensors, images and/or videos of the user and/or identification data associated with the user. Processing the images and/or the videos to detect biometric data unique to the user. Encoding the detected biometric data for generating the dynamic NFTs. Storing the dynamic NFTs on a transaction block of a distributed blockchain, wherein the dynamic NFTs are associated with a programmatically defined smart contract written to the distributed blockchain. Transmitting the dynamic NFTs to a plurality of service providers for authenticating the user.

Abstract: An anomaly detection device is provided with a learning unit that generates a detection model using a communication log during normal operation of a communication apparatus as learning data and an anomaly detection unit that detects anomaly of the communication apparatus using the generated detection model. The anomaly detection device is further provided with a data acquisition unit that acquires a communication log (second communication log) generated during a predetermined period later than a first communication log and a determination unit that instructs relearning using the second communication log when there is difference information between the learning data (first communication log) of the current detection model and the second communication log and when the number of pieces of additional information (information on the additional flow) or the number of pieces of deletion information (information on the delete flow) included in the difference information satisfies predetermined evaluation criteria.

Abstract: Systems and methods are disclosed for generating blockchain-based dynamic non-fungible tokens (NFTs) for user authentication. The method includes receiving a request from a mobile device associated with a user. Capturing, via one or more sensors, images and/or videos of the user and/or identification data associated with the user. Processing the images and/or the videos to detect biometric data unique to the user. Encoding the detected biometric data for generating the dynamic NFTs. Storing the dynamic NFTs on a transaction block of a distributed blockchain, wherein the dynamic NFTs are associated with a programmatically defined smart contract written to the distributed blockchain. Transmitting the dynamic NFTs to a plurality of service providers for authenticating the user.

Abstract: Methods and systems are disclosed for a digital signature system using scalable servers. The system includes scalable frontend servers to communicate with applications servers and scalable backend servers to communicate with remote security devices. When a user, and their remote security device(s), is registered with the system, the remote security device(s) is/are assigned to a backend server. A total public key is generated by cryptographically embedding the unique identifier of the assigned backend server into a combined public key associated with the remote security device(s). When a signature request including the total public key is received at the frontend server, the unique identifier is extracted and the signature request is forwarded to the backend server that corresponds with the unique identifier.

Abstract: Embodiments described include systems and methods of an encrypted cache. An embedded browser of a client application executing on a client device may provide access to a network application accessed via the client application. The embedded browser may detect an event at the client device that causes the network application to send or request application data. The embedded browser may access a copy of the application data from encrypted cache of the embedded browser. The encrypted cache may be maintained for the user and store application data for network application(s) accessed by the user. The embedded browser may use the cached application data for establishing or updating a user interface of the network application for display at the client device.