In one embodiment, a method comprises receiving a request for a particular user identification (ID) to perform a particular operation on a particular data object. An entitlement cache associates each operation that the particular user ID is entitled to perform with a first encoding of a tuple of a plurality of tuples. An object mapping cache associates each tuple of the plurality of tuples with a second encoding of each tuple of the plurality of tuples. An object mapping is used to determine a first tuple. The object mapping cache is used to determine a first vector of one of more left values based on the first tuple. The entitlement cache is used to determine a second vector of one or more value pairs. In response to identifying a match between the first vector and the second vector, the particular user ID is granted access to the particular data object.

Data security and privacy are improved by a client providing a hashed version of collected data to a remote analysis service, and having the analysis service determine the relevancy of the data from the hashes before requesting the plaintext of the data. In one example, a browser plug-in obtains data which is divided into overlapping three-character sequences, and the sequences are hashed to produce a sequence of hashes. The sequence of hashes is sent by the plug-in to the remote service, which uses the hashes to determine if the associated data is relevant to the analysis performed by the remote service, without requiring access to the associated plaintext. After making the determination, the remote service may request that relevant data be provided to the service in plaintext form, while data that is not relevant need not be sent to the remote service.

Providing quantum file permissions is disclosed herein. In one example, a quantum computing device includes a permissions database that stores permissions information for a plurality of quantum files. A quantum file permissions service, executing on a processor device of the quantum computing device, receives from a requestor a permissions query for a permissions status (i.e., a read permission indicator, a write permission indicator, and/or an execute permission indicator, as non-limiting examples) of a quantum file including a plurality of qubits. In response, the quantum file permissions service accesses permissions information for the quantum file from the permissions database. The quantum file permissions service uses the permissions information from the permissions database to determine a permissions status of the quantum file. The quantum file permissions service then sends a response to the requestor indicating the permissions status of the quantum file.

The present invention relates to a computer-implemented method for obscuring sensitive data. The method comprises: acquiring, by a processor, image data; extracting, by the processor, structured data from the image data, the structured data being sensitive data and having a defined functional format and a defined visual format; generating, by the processor, artificial data that is different from the structured data, the artificial data having the same functional format as the structured data; generating, by the processor, artificial image data based on the image data in which the structured data is replaced with the artificial data, the artificial data being based on the visual format of the structured data; and outputting, by the processor, the artificial image data.

An example method of enforcing granular access policy for embedded artifacts comprises: detecting an association of an embedded artifact with a resource container; associating the embedded artifact with at least a subset of an access control policy associated with the resource container; and responsive to receiving an access request to access the embedded artifact, applying the access control policy associated with the resource container for determining whether the access request is grantable.

A collection apparatus that collects a URL of a Web page that leads to user operation and includes a search query generation unit that generates a search query by combining a digital content name and an associated keyword of the digital content. There is a fitness prediction unit that predicts a degree to which a Web page that leads to user operation is output as a search result when a search is performed by using the generated search query, a determination unit that searches for a Web page by using a search query in a search order that is based on the predicted degree, and determines analysis priority of a URL of a Web page on the basis of the degree and search result information. Further, there is a communication unit that outputs the URL of the retrieved Web page and the analysis priority of the URL.

A method includes obtaining, by a consumer computing device of a data communication network, a temporary credential in accordance with a temporary credential protocol. The method continues with accessing, by the consumer computing device, a temporary vault in accordance with the temporary credential, where the temporary vault stores or is to store a set of shareable data records. The method continues with facilitating, by the consumer computing device, execution of a data analysis function on the set of shareable data records to produce an analytical result. The method continues with receiving, by the consumer computing device from the temporary vault, the analytical result. The method continues with storing, by the consumer computing device, the analytical result in memory associated with the user computing device.

A method for user-defined validation of content stored in a storage system, the method may include receiving a request to execute a user-defined validation process (UDVP) on the content that is stored in the storage system; wherein the request is associated with means for executing the UDVP, and a content identifier; scheduling, by the storage system, at least one execution of the UDVP; executing the UDVP according to the scheduling to provide one or more validation results; and finding that the one or more validation results are indicative of potential security issues and performing one or more validation-triggered security measures.

The technology disclosed relates to streamlined analysis of security posture of a cloud environment. In particular, the disclosed technology relates to accessing permissions data and access control data for pairs of compute resources and storage resources in the cloud environment, tracing network communication paths between the pairs of the compute resources and the storage resources based on the permissions data and the access control data, accessing sensitivity classification data for objects in the storage resources, qualifying a subset of the pairs of the compute resources and the storage resources as vulnerable to breach attack based on an evaluation of the permissions data, the access control data, and the sensitivity classification data against a set risk criterion, and generating a representation of propagation of the breach attack along the network communication paths, the representation identifying relationships between the subset of the pairs of the compute resources and the storage resources.

A search interface is displayed in a table format that includes one or more columns, each column including data items of an event attribute, the data items being of a set of events, and a plurality of rows forming cells with the one or more columns, each cell including one or more of the data items of the event attribute of a corresponding column. Based on a user selecting one or more of the cells, a list of options if displayed corresponding to the selection, and one or more commands are added to a search query that corresponds to the set of events, the one or more commands being based on at least an option that is selected from the list of options and the event attribute for each of the one or more of the data items of each of the selected one or more cells.