In general, one innovative aspect of the subject matter described in this specification may be embodied in methods that may include validating user data pages extracted from a digital identification in circumstances where a user device that includes the digital identification is either unavailable or presently lacks network connectivity. For instance, an authorized device may be used to extract user data pages from the digital identification by either exchanging communications with the user device using a proximity-based data exchange protocol, or by using a physical identification card to identify the digital identification on a user record. The user data pages may then be validated by comparing checksums associated with user data pages against the checksums within the user record, and decrypting the user data pages using a decryption key that is variably designated by a security status assigned to the digital identification.

Methods and systems for providing fast random access and/or inspection of records within an encrypted communication session are presented. The encrypted communication session may include encrypted records that were encrypted using rotating encryption keys. A key index is generated for the encrypted communication session. The key index includes the encryption keys used during the encrypted communication session and timestamps associated with the encryption keys. To access a particular record within the encrypted communication session, a particular encryption key is selected from the encryption keys stored in the key index. The particular record is decrypted using the selected encryption key.

An access control system comprising a reader configured to make an ingress or egress determination using information received from one or more mobile devices is described. The reader may be further configured to store information about ingress and egress events for analysis by a system administrator.

An indication that data packets of personal data that correspond to data packet types for data categories are approved for transfer between user accounts via the personal data sharing platform is provided. A first data packet identifying first personal data that is related to a first user of the first user account is received. The first data packet includes first personal data values that correspond to first attributes specified by a first data packet type and that have been individually encrypted at first user account. Whether the first data packet satisfies a condition that the first data packet include data values for each of the first attributes specified by the first data packet type for a first data category is determined. Responsive to determining that the first data packet satisfies the condition, the individually encrypted first personal data values and the corresponding first attributes are stored at a data store.

A method of securing data in an industrial processing facility (IPF) includes creating a private blockchain (PB) using a OPC UA standard functionality and storing the PB in an OPC UA address space adding it to an OPC UA communication protocol framework including edge-nodes coupled to a cloud-based or edge-located data storage. The edge-nodes are PB participant nodes, and a regulator or leader assigns them a single role as a blockmaker, block voter, or observer. The hash in the public ledger is updated once a new block is validated by a majority of the block voters, and the new block is propagated to all PB participant nodes. The regulator, leader or observer utilizes a time bound majority voting consensus to determine whether the PB participant nodes come to a consensus on a current state in the storage medium, and if a consensus the new block added to the public ledger.

Whenever users receive or transfer a copy of any of a set of documents, prior verification of the document is enforced by an administrative system, which associates verification metadata with the copy. As each copy is itself copied, possibly modified, and transferred, updated verification metadata is included with the previous verification metadata to form a verification lineage chain, which can later be examined to determine the circumstances of any verification failure. Documents are preferably verified by comparing the digital signature of the current copy with the signature of a reference copy. Documents may be signed by submitting them as transactions to a blockchain, with the blockchain receipt comprising the digital signature of the respective document.

Aspects of the present disclosure include a system comprising a computer-readable storage medium storing at least one program and a method for managing access permissions associated with data resources. Example embodiments involve evaluating user access permissions with respect to shared data resources of a group of network applications. The method includes receiving a request to access a data resource. The method further includes accessing a policy object linked to the data resource that includes an effective policy for the data resource. The method further includes evaluating a user's access permissions with respect to the data resource based on the policy object and communicating a response to the network application that includes the access permission of the user.

A computer-implemented method is described for authenticating an identity of a user requesting execution of a computerized transaction via a first client computing device. The first device and a second client computing device in proximity each execute applications for communicating with a server. The first and second devices contemporaneously capture voice sequences including at least one audible sound vocalized by the user, and a timestamp indicating when the sound is captured. The identity of the user is validated based upon a determination that the user vocalized the pass phrase, and a difference between the first timestamp and the second timestamp is below a predetermined threshold. The first device executes a computerized transaction with the server computing device upon receiving validation of the identity of the user.

A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is big data driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is big data driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.