Time recovery techniques are described. A method comprises receiving messages from the first device by the second device in the first network domain, the messages to comprise time information to synchronize a first clock for the first device and a second clock for the second device to a network time, determining the second clock is to recover the network time for the second device without new messages from the first device, retrieving a first set of timestamps previously stored for events in the first network domain using the network time from the second clock, retrieving a second set of timestamps previously stored for the events in the first network domain using a redundant time from a third clock, where the third clock is not synchronized with the first and second clocks, and recovering the network time using a regression model and the redundant time from the third clock.

In one aspect, a first device may include at least one processor and storage accessible to the at least one processor. The storage may include instructions executable by the at least one processor to receive, from a second device, a partial hash of a domain name. The instructions may also be executable to use the partial hash and a probabilistic data structure to identify an Internet protocol (IP) address associated with the domain name. Responsive to identifying the IP address, the instructions may be executable to transmit the IP address to the second device.

An authentication process that provides secure and verified access to content, such as content presented on websites. At a first instance, users may be validated using a first token, at a second instance, users may be validated or authorized using the first token and an email address, and at a third instance, users may be validated or authorized using the first token, the email address, and the second token. Therein users are authenticated and provided access to the websites. During the authentication process and the during separate instances (or times), if the multiple token(s) are invalid and/or the email address is associated with an unauthorized user, access to the website may be denied.

The current embodiments offer a method to generate, send, and authenticate users through validations codes without the need for data retention. Codes are generated each time they are sent and received based on original and identifiable inputs. They are then compared to authenticate a user. Eliminating the need for data retention or persistence removes the risks associated with keeping data on the service provider's storage as can be maliciously accessed.

A risk management system deploys an anomaly detection method for a target data instance without explicitly storing data processing architectures in memory. The anomaly detection method determines whether the target data instance is an anomaly with respect to a reference set of data instances. In one embodiment, the anomaly detection method mimics traversal through one or more trees in an isolation forest without explicitly constructing or storing the trees of the isolation forest in memory. This allows the risk management system to avoid unnecessary storage and retrieval of parts of each tree that would not be traversed if the tree were constructed. Moreover, the anomaly detection method allows anomaly detection to be efficiently performed within memory-constrained systems.

A system, method, and computer-readable media for providing contextual data loss prevention (DLP) within a group-based communication system. At least a portion of a DLP policy may be suspended within a DLP engine based on a context for which a user input is to be displayed. Accordingly, the user input may be displayed without interference from the DLP engine.

Disclosed are methods, systems, and non-transitory computer-readable media for determining a trust score associated with a user, comprising detecting entities near a user device operated by the user; calculating the trust score for the user based on a policy that incorporates data about the entities near the user device, the trust score being a score that is indicative of a trust worthiness of data received from the user device, wherein trusted entities near the user device result in an increased trust score, and untrusted entities near the user device result in a decreased trust score; and permitting access to a resource when the trust score is above a threshold.

Examples of the present disclosure describe systems and methods for verifying the location of a device using blockchain technology and zero-knowledge proofs (ZKPs). In one example aspect, a system may receive raw geolocation and timestamp data from a device. The geolocation data may be corroborated by other third-party trusted devices in a network. Upon receiving the raw geolocation and timestamp data, the system may construct at least one ZKP. In one example, the ZKP involves determining whether the geolocation of the device is within an authorized region from a database of authorized regions. If the geolocation is determined to be in an authorized region, then a ZKP predicate stating that the device was in an authorized region may be constructed. This ZKP predicate may be written to a blockchain so that a verifier may read the block and verify the device's location without receiving the raw, underlying geolocation/timestamp data.

A method of providing a map with imbedded, authenticated data is described. A geographic feature is represented on a map with one or more of points, lines and polygons in a first layer of the map. Data corresponding to the geographic feature is provided. The provided data is encoded, in a first block, with the one or more of points, lines and polygons from the first layer of the map. The block is combined with other blocks of a blockchain. The blockchain is associated with the geographic feature on the map as represented by the one or more of points, lines and polygons in the first layer of the map.

Network communication events are filtered to remove the network communication events having a predicted unrelatedness to beaconing. Each network communication event has a timestamp, a source entity, and a destination entity. The filtered network communication events are aggregated by unique source entity-destination entity pairs. For each unique source entity-destination entity pair, the network communication events are timestamp-sorted, time differentials between the timestamps of adjacent network communication events are calculated, and a beacon likelihood metric is calculated from the calculated time differentials. Which of the unique source entity-destination entity pairs are indicative of beaconing are identified based on the beacon likelihood metric calculated for each unique source entity-destination entity pair.