In one aspect, the present disclosure relates to a method for improved security in a networked computing environment, the method comprising: receiving, from a user device, a registration request comprising a user identifier for a user; receiving, from the user device, user credentials to access one or more online accounts associated with the user; accessing the one or more online accounts to retrieve user activity data for the user; analyzing the retrieved user activity data to determine one or more merchants associated with the user; storing, in a database coupled to a server device, a mapping between the user and the one or more merchants; receiving, from a monitoring service, an indication that a first merchant of the one or more merchants has experienced a data breach; and sending a notification to the user in response to determining that the first merchant has experienced a data breach.

A coordinating network element manages a protocol that prohibits the coordinating network element from substantively accessing data content that, at least in part, underlies received protocol-compliant requests. By one approach, these teachings provide for preventing substantive access to data information that is included within the protocol-compliant request in tokenized form, wherein the tokens are generated using secrets, at least one of which is unavailable to the coordinating network element.

Techniques are disclosed relating to data management. A computer system may evaluate network traffic to extract and group data objects based on their content satisfying similarity criteria, and to identify baseline behavior with respect to those data objects. The computer system may generate data-defined network (DDN) data structures that include a content class and one or more behavioral classes. The content class may be indicative of one or more of the data objects that have been grouped based on them satisfying the similarity criteria. The one or more behavioral classes may indicate baseline behavior of those data objects within the content class as determined from evaluation of the network traffic. The computer system may detect, using the DDN data structures, anomalous data behavior within network traffic. In response to detecting anomalous data behavior, the computer system may prevent network traffic corresponding to the anomalous data behavior from being communicated.

A method of managing file permissions in a remote file storage system includes defining permissions for the remote file storage system and controlling access to objects on the remote file storage system according to the permissions of the remote file storage system. The permissions are transferred to a client file storage system remote from the remote file storage system, and access to objects on the client file storage system is controlled according to the permissions of the remote file storage system. A remote file storage system includes a permissions file generator operative to generate a permissions file, which is transmitted to a client file storage system for enforcement at the client file storage system.

The present disclosure generally relates to controlling access to resources by selectively processing requests stored in a task queue to prioritize certain requests over others, thereby preventing automated scripts from accessing the resources. More specifically, the present disclosure relates to a normalization and prioritization system for controlling access to resources by queuing resource requests based on a client-defined normalization process that uses one or more data sources.

Embodiments are directed to techniques for chaining, triggering, and/or enforcing entitlements in a constrained environment. A constrained environment may be provided within with shielded assets are required to exist or execute. An entitlement may be granted on a variety of shielded assets, including datasets, computations scripts, data privacy pipelines, and intermediate datasets generated by an intermediate step of a data privacy pipeline. Thus, a beneficiary may use a granted entitlement as an input into other data privacy pipelines, without the need for the grantor to approve each specific downstream operation. The constrained environment may enforce an entitlement by fulfilling applicable constraints upon accessing the entitlement, restricting the output of the entitlement to the constrained environment, and fulfilling applicable policies when executing downstream operations. Data may be exported from the constrained environment when the data consumer seeking to export has sufficient ownership rights or export permission and applicable policies are fulfilled.

The disclosed computer-implemented method for detecting potentially malicious content in decentralized machine-learning model updates may include (i) receiving messages communicated within a group of client devices for performing an update of a shared machine-learning model, (ii) determining a bias of a target message in the messages communicated from a target client device in the group with respect to a remaining number of the messages in the messages communicated from the other client devices in the group, (iii) assigning a confidence score to each of the other client devices based on the bias determined for the target message, the confidence score representing a likelihood of potentially malicious content in the target message, and (iv) performing, based on the confidence score, a security action that prevents the potentially malicious content from compromising the update of the shared machine-learning model. Various other methods, systems, and computer-readable media are also disclosed.

Techniques are disclosed relating to sharing data. A first computer system may receive data shared by a second computer system to permit the first computer system to perform processing of the data according to a set of policies. The first computer system may instantiate a verification environment in which to process the shared data. The first computer system may process a portion of the shared data by executing a set of processing routines to generate a result based on the shared data. The verification environment may verify whether the result is in accordance with the set of policies. The verification environment may determine whether to output the result based on the verifying and may send an indication of an outcome of the determining to the second computer system. The indication may be usable to determine whether to provide the first computer system with continued access to the shared data.

A method, system and computer program product assess risk of an unauthorized API login and mitigate damage from an unauthorized API login. The method includes collecting in a database license attributes of a user license, user profile attributes, and database content change attributes; receiving an API login request; comparing features of the API login request to at least one of the database license attributes, user profile attributes, and database content change attributes against a predetermined threshold; assessing a risk of the an unauthorized API login request based on a result of the comparison; and based on a level of the assessed risk, implemented protective action to mitigate harm that may result from an unauthorized user from accessing information or services from a computer system by way of an API.

An apparatus includes a memory that stores a plurality of records and a hardware processor. The processor receives a request for a first record and a second record of the plurality of records and divides, based on a type of the first record and a type of the second record, the first record into a first portion and a second portion and the second record into a third portion and a fourth portion. The processor also creates a first chunk using the first portion of the first record and the third portion of the second record and creates a second chunk using the second portion of the first record and the fourth portion of the second record. The processor further scrubs the first chunk to create a first message, scrubs the second chunk to create a second message, and communicates the first and second messages to an external device.