Diffusing a root identity of an entity among association and event covenants in a multi-dimensional computing security system involves generating a first generation of diffusion of identities of entities participating in mediated association and generating a second generation of diffusion of identities of the entities through recombinant mediated association of the entities and at least one other entity. The second generation of diffusion of identities facilitates securely constraining a computing system action associated with one of the entities.

Embodiments enforce user access rights to a data view, by initially generating a replication table of the view. The replication table may include all view data to which any user is entitled. This replication table may be generated during a first database session having a first value for a session variable. Next, a data access control structure is applied to the replication table to produce output comprising a subset of the view data for a specific user. This output may be produced during a second database session having a second value for the session variable. By initially generating the view replication table up front, processing resources are conserved in later stages when access control structures are applied to grant view access rights to particular users. Alternative embodiments may implement access control to data views, through the creation and storage of derived views.

In some embodiments, a method includes: generating, by the computing device, different variations of text based on a source document, the different variations to convey the same meaning as the source document while including content different than that of the source document; generating, by the computing device, copies of the document that include at least one of the different variations of the text, so that individual copies of the document are traceable based on the different variation of the text included within that copy of the document; and determining, by the computing device, a recipient of a copy of the document based on a different variation of the text included with the copy.

A method, system, and computer-readable storage medium are disclosed for identifying binary signatures in a selected set of files and assigning at least one of the binary signatures to a file format name or file format type for use in a security policy generator. In certain embodiments, the method for generating an electronic security policy for a file format type, includes: identification of a plurality of files stored in electronic memory, where the plurality of files include files having the same file format type; providing a file format name that is to be associated with the file format type; accessing the plurality of files from the electronic memory; identifying a common binary signature for the file format type included in the plurality of files; correlating the file format type with the common binary signature; and generating the security policy for the file format type using the file format name.

Provided is a system and method for hybrid windowing for string-matching of input patterns to a corpus. The method including: establishing a first window size and a hash function; performing hashing on input patterns having a size within a given range using dynamic-sized windows to determine a dynamic-windowed hash set, the given range established using the first window size; performing hashing on input patterns having a size outside the given range using fixed-sized windows to determine a fixed-windowed hash set; combining the dynamic-windowed hash set and the fixed-windowed hash set to determine a combined hash set; and outputting the combined hash set for use in the confidential string-matching.

Embodiments relate to a computer system, computer program product, and method to prevent unauthorized file dissemination and replication. A file parameter is defined, with the defined file parameter including a file dissemination characteristic. The file is encoded with the defined file parameter as file metadata. Dissemination and replication of the file is managed responsive to the encoded file parameter. The defined parameter is assessed along with a physical replication destination. The file is selectively replicated or transmitted responsive to the file parameter and the destination assessment.

An information computer system is provided for securely releasing time-sensitive information to recipients via a blockchain. A submitter submits a document to the system and a blockchain transaction is generated and submitted to the blockchain based on the document (e.g., the document is included as part of the blockchain transaction). An editor may edit the document and an approver may approve the document for release to the recipients. Each modification and/or approval of the document is recorded as a separate transaction on the blockchain where each of the submitter, editor, approver, and recipients interact with the blockchain with corresponding unique digital identifiers—such as private keys.

Disclosed is a zero-knowledge distributed application configured to securely share information among groups of users having various roles, such as doctors and patients. Confidential information may be encrypted client-side, with private keys that reside solely client side. Encrypted collections of data may be uploaded to, and hosted by, a server that does not have access to keys suitable to decrypt the data. Other users may retrieve encrypted data from the server and decrypt some or all of the data with keys suitable to gain access to at least part of the encrypted data. The system includes a key hierarchy with multiple entry points to a top layer by which access is selectively granted to various users and keys may be recovered.

Techniques for secure sharing of stage data include generating a listing in a first data exchange of a data provider. The listing includes stage data stored in a stage of the data provider and metadata associated with the stage data. A secure view of the listing is configured in a second data exchange based on posting the listing from the first data exchange to the second data exchange. The stage data is retrieved in response to a request from a client device to view the stage data received in the second data exchange. A security function is applied to the stage data to generate modified stage data. The modified stage data is stored at a second location in the stage. The metadata is updated to reference the second location in the stage.

One example method includes connecting to a fileserver of a data protection system, initiating, at a client, an operation that is associated with a master pseudofs of the fileserver, creating, at the client, a client-specific pseudofs based upon the master pseudofs, and the client-specific pseudofs includes only those nodes of the master pseudofs that the client is authorized to access, and performing the operation using the client-specific pseudofs.