Abstract: A Secure Access Gateway and Registry is provided for secure access to security related service information, to operate a security feature of a motor vehicle, by a validated Individual. The system is implemented with a general purpose computer, internet, mobile device, and secure data release Registry software application. An Individual is employed as a vehicle service professional. The Individual inputs a Registry Application data. The Registry uses the Registry Application data to generate a background search result data. The Registry uses the search result data to determine eligibility, and assign a Registered Vehicle Service Professional Identification code. The Individual uses the Registered Vehicle Service Professional Identification code to input a Form D1 authorization data, and to access an Automaker website. The Registry uses the D1 authorization data to determine a legal possessory interest in a motor vehicle, to be serviced.

Abstract: Computer systems and methods are disclosed to implement a role manager that automatically analyzes code accessing various resources to generate a role with the necessary resource permissions to execute the code. In embodiments, the role manager may be implemented as part of a workflow orchestration or resource provisioning system that employs code requiring access to different types of resources. In embodiments, the role manager may analyze a code segment to identify the different resources accessed by the code segment and the permissions needed for each access, and generate a role that has the needed permissions. In embodiments, the role manager may automatically manage these roles based on changes to associated code segments. Advantageously, the disclosed role manager removes the need to manually create roles need by code segments ahead of time, and creates roles with minimal privileges required for the code, thereby simplifying achievement of system security.

Abstract: An implementation of the present application provides a computer-implemented method to increase the security of a blockchain-implemented transaction, the transaction including participation from a plurality of participating nodes, each participating node participating as a message originator, selector, and propagator. The method, implemented at a participating node, includes: receiving ciphertext from a prior node and determining whether the participating node is a selector node for said ciphertext received from the prior node. When the participating node is the selector node for said ciphertext, the method includes selecting a subset of said ciphertext, decrypting the selected subset of said ciphertext to provide opted ciphertext and transmitting said opted ciphertext to the next node. When the participating node is other than the selector node for said ciphertext, the method includes decrypting said ciphertext received from the prior node and transmitting the decrypted ciphertext to the next node.

Abstract: A computer system for providing software over a network includes: a computer system for providing software over a network is provided. The system includes: a control unit configured to reside at a site, the control unit including a control unit identification (ID) that uniquely identifies the control unit to the network; a copy of the software, the software including sets of features; a license generator configured to create a features activation file containing the control unit ID and identifying at least one set of features to be activated by the control unit; a computer configured to download the features activation file to the control unit; and, the control unit configured for activating one of the sets of features according to the features activation file. A method and a computer program product are disclosed.

Abstract: Systems and methods for integrative legacy context management are disclosed herein. An example computer hardware system may include at least one processing unit coupled to a memory, and the memory may be encoded with computer executable instructions that when executed cause the at least one processing unit to receive a set of credentials associated with a user from a user device, cross-reference the set of credentials with a first set of credentials of an agent associated with the user to determine whether the set of credentials is valid; and if the set of credentials is valid, provide a second set of credentials of the agent to the user device in response to a request for the second set of credentials from the user device.

Abstract: This application discloses a Docker container based application licensing method, apparatus, device and medium, wherein the method includes identifying a Docker container which is in a startup state, obtaining an image file of the Docker container and obtaining a license file of the Docker container from the image file, and determining whether the Docker container is authorized to be licensed according to the license file. Thus, a problem is solved that a controllable protection cannot be done for a software provider due to replication and abuse of authorization.

Abstract: Disclosed examples include accessing a search term from a client device; accessing a first identifier, the first identifier corresponding to a first database proprietor, the first identifier to access first user information corresponding to a user of the client device; accessing a second identifier, the second identifier corresponding to a second database proprietor, the second identifier to access second user information corresponding to the user of the client device; providing the search term, the first identifier, and the second identifier in a message; and transmitting the message to a server.

Abstract: A method comprises fetching, by fetch circuitry, an encoded butterfly instruction comprising an opcode, a first source identifier, a second source identifier, a third source identifier, and two destination identifiers, decoding, by decode circuitry, the decoded butterfly instruction to generate a decoded butterfly instruction, and executing, by execution circuitry, the decoded butterfly instruction to retrieve operands representing a first input polynomial-coefficient from the first source, a second input polynomial-coefficient from the second source, and a primitive nth root of unity from the third source, perform, in an atomic fashion, a butterfly operation to generate a first output polynomial-coefficient and a second output polynomial-coefficient, and store the first output coefficient and the second output coefficient in a register file accessible to the execution circuitry.

Abstract: A computer-implemented method of obfuscating a computer code comprises receiving (1201) an original computer program comprising a plurality of code blocks with computer instructions, the original computer program operable on input data within an input space, the original computer program operable to follow an execution path through the plurality of code blocks when receiving the input data, wherein the input space is segmented into at least one segment according to a segmentation, each segment comprising a subset of the input space containing inputs that correspond to a same execution path. A plurality of updated code blocks is included (1302) in the updated computer program. Selection code is operable 1303, during execution of the updated computer program, to select an updated code block of the plurality of updated code blocks in dependence on the input data. The selection code is included (1304) in the updated computer program.

Abstract: Systems and methods for a multitenant computing platform. Original data is generated through operation of a computing platform system on behalf of an account of the computing platform system, and the original data is moderated according to a data retention policy set for the account. The moderated data is stored at the computing platform system. The computing platform system moderates the generated data by securing sensitive information of the generated data from access by the computing platform system, and providing operational information from the generated data. The operational information is accessible by the computing platform system during performance of system operations.

Abstract: Techniques for sharing private data objects in a trusted execution environment using a distributed ledger are described. The techniques described herein may enable sharing of data objects, referred to herein as private data objects (PDOs), between individuals and organizations with access and update policies mediated by execution of code (referred to herein as a “smart contract”) carried with the PDO in a secure enclave. A distributed ledger may serve as a “public commit log” to ensure that there is a single, authoritative instance of the object and provide a means of guaranteeing atomicity of updates across interacting objects.

Abstract: In an approach to auditing of multi-factor authentication, one or more computer processors receive a request for a multi-factor authentication for a service from at least one device associated with a user. One or more computer processors retrieve information associated with the at least one device. One or more computer processors log the request and the information associated with the at least one device. One or more computer processors calculate a strength of the multi-factor authentication based on the request and the information associated with the at least one device. One or more computer processors log a multi-factor authentication audit trail.

Abstract: Techniques are described for runtime checking of function metadata prior to execution of a function in an environment. An application may include any appropriate number of components at one or more levels in a hierarchical arrangement, and each component may be packaged with metadata that describes the component. A function, or any component, may be packaged with metadata that includes term(s) governing the usage of the function. The term(s) may be checked, at runtime, during execution of the application to determine whether the function is to be executed. A function may also be hashed at runtime for verification of function version. Function(s) may be individually and independently executed as containerized nano functions within the environment.

Abstract: Systems and methods for a multitenant computing platform. Original data is generated through operation of a computing platform system on behalf of an account of the computing platform system, and the original data is moderated according to a data retention policy set for the account. The moderated data is stored at the computing platform system. The computing platform system moderates the generated data by securing sensitive information of the generated data from access by the computing platform system, and providing operational information from the generated data. The operational information is accessible by the computing platform system during performance of system operations.

Abstract: Controlling access to nodes in a relational graph at query time by using an approximate membership query (AMQ) filter and ordered queries based on historic grants or denials of access according to security context enables a more efficient querying of the relational graph while preserving access controls. Security contexts that grant or deny access to a node are stored in an associated AMQ filter and are queried according to the subject's security context in an order based on the frequency at which the security contexts have previously granted or denied access to nodes in the relational graph.

Abstract: Embodiments of a secure communication network are disclosed. For secure communication of data packets, a method implemented in a core node, is presented. The method includes receiving a double encapsulated data packet associated with a first layer and a second layer of encapsulation/encryption. The method further includes decapsulating/decrypting a second layer of encapsulation/encryption to access a portion of the data packet and re-encapsulating/re-encrypting at least the accessed portion with another second layer of encapsulation/encryption. The method further includes transmitting the re-encapsulated/re-encrypted data packet to a subsequent node based on the accessed portion.

Abstract: A method, apparatus and computer program product are disclosed to provide for the selective establishment and use of secure communication channels to facilitate the exchange of data objects containing potentially sensitive information in a network environment. In some example implementations, upon detection that the processing of a network entity request implicates the exchange of non-public information amongst one or more other network entities, one or more secure communication channels are established between a secure transfer system and the relevant network entities such that non-public information neither passes to nor resides on system components associated with non-secure network entities.

Abstract: Systems and methods for endpoint context-driven, dynamic workspaces are described.

Abstract: A networking system includes a pluggable security device comprising at least one port interface that is insertable into at least one physical port, memory that stores a security key used to provide security over a network link, and processing circuitry coupled with the at least one port interface and with the memory. The processing circuitry utilizes the security key to verify security of a point-to-point connection established over the network link and after verifying the security of the point-to-point connection, provides a data integrity check function for data packets received at the at least one port interface.

Abstract: There is disclosed in one example a gateway apparatus, including: a hardware platform including a processor and a memory; and instructions stored within the memory to instruct the processor to: provide a domain name system (DNS) server, the DNS server to provide an encrypted DNS service, and to cache resolved domain names; receive an outgoing network packet; determine a destination address of the outgoing network packet; and upon determining that the destination address was not cached, apply a security policy.