A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

Systems and methods are provided for persistent login. Such persistent login may be based on linking user identity across accounts of different entities to allow each entity to maintain control over their respective sets of user data, while providing a streamlined user experience that avoids much of the repetitive need to login to different services with different login credentials (e.g., during periods of heavy use). Such persistent login may utilize a set of tokens issued and exchanged between devices of the partnering entities. Such tokens may include an access token, refresh token, and identity token. When a user associated with a first entity requests access to information secured by a second entity, such request may be associated with the access token. If the access token is determined to be expired, the refresh token may be used to refresh the access token, which may also trigger issuance of a new refresh token. The refreshed access token may be used in conjunction with the identity token to access the requested information secured by the second entity.

A system is provided for enforcing time-based user access levels in a computing infrastructure of an organization. The system includes a processor and a computer readable medium operably coupled thereto, to perform operations which include executing a synchronization of the time-based user access levels, obtaining a first login identifier (ID) of a plurality of login IDs for a group of employees of the organization, identifying a position ID and an employment status ID for the first login ID, determining a current time and a last login timestamp for the first login ID, determining a time-based access rule for the group of employees, determining whether a time period from the last login timestamp to the current time violates the time-based access rule, and setting, for the synchronization of the first login ID, at least a first access level of the first login ID to computing resources.

The present disclosure provides systems and methods for authenticating photographic data. In one embodiment, a method comprises providing an image authentication application for use on a client device, the application configured to control image capture and transmission; receiving an image data file from the application at the authentication server comprising a photographic image captured by the application and metadata associated therewith; applying a watermark to the photographic image to create a watermarked image; applying date and time information to the tagged image; applying location information to the tagged image; creating a web address associated with the image data file; uploading the photographic image, the tagged image, or both to the web address; and transmitting an authenticated image file to the client device, the authenticated image file comprising one or more of: the watermarked image, the photographic image, the date and time information, geographic information, and the web address.

A method, of authenticating a user with a service and a server having means to enable a user to be authenticated with a service. The method having the steps of, the user requesting a session with the service on a first device. The server requesting a unique code from a host server, the host server generating the unique code, associating it with a session-identifier. The session-identifier containing information relating to the code request. The host server then sending the unique code, which does not contain the session-identifier, to the service. The server then optically presents the unique code to the user on a display of the first device. The code is then acquired by a verification application running on a second device. Optionally the first device and the second device may be the same device. The second device is previously registered with the host server. The verification application sends the unique code, and device-identifying information of the second device, to the host server. The host server, on receiving the unique code and device-identifying information, uses the unique code to retrieve the session-identifier, and uses the device-identifying information to retrieve associated user-identifying information. This user-identifying information is stored on the host server. The host server then sends the user-identifying information to the service.

A system for monitoring actual access to data elements in an enterprise computer network and providing associated data, the system including an at least near real time data element audit subsystem providing audit output data including at least one of a time stamp, identification of an accessor, user depository stored data regarding the accessor, accessed data element data, affected data element data, type of access operation, source IP address of access and access outcome data, in at least near real time, relating to actual access to data elements in the enterprise computer network, and an additional data providing subsystem receiving in at least near real time at least a part of the audit output data and utilizing the at least part of the audit output data for providing additional data which is not part of the audit output data.

This disclosure is directed to monitoring a crypto-partitioned, or cipher-text, wide-area network (WAN). A first computing device may be situated in a plain-text portion of a first enclave behind a first inline network encryptor (INE). A second device may be positioned in a plain-text portion of a second enclave behind a second INE. The two enclaves may be separated by a cipher-text WAN, over which the two enclaved may communicate. The first computing device may receive a data packet from the second computing device. The first computing device may then determine contents of a header of the data packet. The first computing device may, based at least in part on the contents of the header of the data packet, determine a status of the cipher-text WAN.

A system and method detects and handles replay attacks using counters maintained for each of several different periods for various values of IP addresses and browser description attributes encountered.

A method and system for secure remote digital interactions through the use of biometric templates is disclosed. In one example, the method includes an interaction that prompts the use of obtaining a first biometric template and comparing it to a second biometric template to determine if they match. The match process is performed on a portable device.

A system and method for a computer system for the secure storage, transmittance and access of genetic data includes a coordinator server including a coordinator program arranged to update secure access information, the coordinator server being in communication with a genetic data sequencing server, a genetic data analysing server, and a genetic data storage server, whereby the coordinator server communicates the secure access information in a manner to allow the genetic data storage server to act as a proxy server between the genetic data sequencing server and the genetic data analysing server.