Abstract: A method may include obtaining, by a processing device, a workflow object that includes a plurality of workflow entity objects and one or more data objects, and executing a workflow by identifying, from the application objects, an application object that corresponds to a first application, wherein the workflow associates the application with at least one of the data objects, determining, whether the first application has permission to access the data object according to a data policy associated with the data object, wherein the data policy specifies one or more data access criteria, wherein the first application has permission to access the data object in response to one or more of the workflow entity objects that are associated with the data object satisfying the data access criteria, and responsive to determining that the first application has permission to access the data object, executing the first application in a secure enclave.

Abstract: A method may include obtaining, by a processing device, a workflow object that includes a plurality of workflow entity objects and one or more data objects, and executing a workflow by identifying, from the application objects, an application object that corresponds to a first application, wherein the workflow associates the application with at least one of the data objects, determining, whether the first application has permission to access the data object according to a data policy associated with the data object, wherein the data policy specifies one or more data access criteria, wherein the first application has permission to access the data object in response to one or more of the workflow entity objects that are associated with the data object satisfying the data access criteria, and responsive to determining that the first application has permission to access the data object, executing the first application in a secure enclave.

Abstract: A request associated with one or more privileges assigned to a first entity may be received. Each of the one or more privileges may correspond to an operation of an integrated circuit. Information corresponding to the first entity and stored in a memory that is associated with the integrated circuit may be identified. Furthermore, the memory may be programmed to modify the information stored in the memory that is associated with the integrated circuit in response to the request associated with the one or more privileges assigned to the first entity.

Abstract: A request may be received from an application for a performance of an operation associated with a cryptographic key that is stored at a secure enclave. A plugin of the secure enclave may be identified from the request for performance of the operation. The operation associated with the cryptographic key may be performed by using the plugin of the secure enclave to generate an output within the secure enclave. The output generated within the secure enclave and based on the plugin may be provided to the application.

Abstract: An encrypted search query may be received from a requesting client system at a secure enclave of a processing device. The encrypted search query may be decrypted to form a decrypted search query. One or more index entries of a metadata index that correspond to the decrypted search query may be identified, such that each identified index entry is associated with a content reference that identifies a content item located outside the secure enclave. The index entries that correspond to the decrypted search query may include one or more index entries having one or more associated index metadata items that correspond to the decrypted search query. One or more secure search results may be generated, such that each secure search result corresponds to one of the index entries and comprises the content reference associated with the corresponding index entry. The secure search results may be sent to the requesting client system.

Abstract: A container corresponding to executable code may be received. In response to receiving the container, a container manager resident in a memory of a computation environment may be executed to verify the container. The container manager may be verified by a boot loader of the computation environment. Permissions of the container to access the resources of a computation environment may be determined after the verification of the container by the container manager. Access to one or more resources of the computation environment may be provided by transferring control to the one or more resources from the container manager to the container based on the permissions of the container for the resources of the computation environment.

Abstract: A first entity may provide a request to transmit data from the first entity to a second entity. The first entity may receive a session key from the second entity in response to the request where the session key is encrypted by a second key that is based on a combination of a public key and a location associated with the second entity. A location associated with the first entity may be identified. Furthermore, a first key may be generated based on a combination of the location associated with the first entity and a private key that corresponds to the public key. The first key may decrypt data encrypted by the second key when the location associated with the first entity corresponds to the location associated with the second entity.

Abstract: The present invention relates to a process for purifying olefin feed comprising R-5 1234yf, R-40, R-134a, R-134, R-1225zc, and OFCB, comprising the step of separating different ternary and binary azeotrope compositions comprising 1234yf. The olefin feed is obtained from the pyrolysis of tetrafluoroethylene/chlorodifluoromethane with chloromethane/methane, optionally in presence of initiator.

Abstract: A symmetric key that is stored at a device may be received. A public key from a remote entity may also be received at the device. Furthermore, a derived key may be generated based on a one way function between the symmetric key that is stored at the device and the public key that is received from the remote entity. The derived key may be encrypted with the public key and transmitted to the remote entity. The encryption of the derived key with the public key may provide secure transmission of the derived key to an authorized remote entity with a private key that may be used to decrypt the encrypted derived key.

Abstract: A container from a first root of trust associated with a first root entity may be received. The container may correspond to a mapping of a resource of an integrated circuit that is associated with the first root entity. The container may be verified based on a key that corresponds to the first root of trust and that is stored in the integrated circuit at manufacturing of the integrated circuit. An identification may be made that an assignment of the resource from the container corresponds to assigning the resource from the first root of trust to a new root of trust. A new key corresponding to the new root of trust may be generated. Information corresponding to the new key may be stored into a memory of the integrated circuit. Furthermore, the new key may be used to delegate the resource to a subsequent container.

Abstract: A container corresponding to executable code may be received. The container may be executed in a secure computation environment by performing one or more operations specified by the executable code of the container. An instruction to terminate the executing of the container may be received from a high level operating system (HLOS) that is external to the secure computation environment. A determination may be made as to whether the container is associated with a preemption privilege and the executing of the container may be terminated after receiving the instruction from the HLOS based on the determination of whether the container is associated with the preemption privilege.

Abstract: A base key that is stored at a device may be received. A network identification may further be received. A device identification key may be generated based on a combination of the network identification and the base key. Furthermore, the device identification key may be used to authenticate the device with a network that corresponds to the network identification.

Abstract: A request to execute an application at a secure cryptographic environment of a server may be received. A tag that has been assigned to the application may be received. An attribute of the server may be identified. A determination may be made as to whether the attribute of the server satisfies the tag that has been assigned to the application. In response to determining that the attribute of the server satisfies the tag that has been assigned to the application, an indication may be provided to execute the application at the secure cryptographic environment of the server.

Abstract: Encrypted first data and encrypted second data may be received, where each data is from different client servers. A request to perform an operation with the first data and the second data may be received. Whether the operation is authorized to be performed with the first data and the second data at an enclave may be verified. In response to verifying that the operation is authorized to be performed with the first data and the second data at the enclave, the encrypted first data and the encrypted second data may be decrypted to the first data and the second data, respectively. Furthermore, the operation may be performed with the first data and the second data at the enclave.

Abstract: The present invention provides azeotropic or azeotrope-like compositions comprising 1234yf and at least one component selected from a group comprising of R-134, and R-134a. The compositions of the present invention are useful as refrigerants, heat transfer fluids, foam blowing agents, aerosol propellants, and fire suppression and fire extinguishing agents.

Abstract: A network service may be identified. One or more attributes of the network service may be determined. An attribute manifest for the network service may be generated based on the determined one or more attributes of the network service. Furthermore, the attribute manifest may be transmitted based on the determined one or more attributes to the network service.

Abstract: A first entity may provide a request to transmit data from the first entity to a second entity. The first entity may receive a session key from the second entity in response to the request where the session key is encrypted by a second key that is based on a combination of a public key and a location associated with the second entity. A location associated with the first entity may be identified. Furthermore, a first key may be generated based on a combination of the location associated with the first entity and a private key that corresponds to the public key. The first key may decrypt data encrypted by the second key when the location associated with the first entity corresponds to the location associated with the second entity.

Abstract: The present invention relates to a process for purifying olefin feed comprising R-5 1234yf, R-40, R-134a, R-134, R-1225zc, and OFCB, comprising the step of separating different ternary and binary azeotrope compositions comprising 1234yf. The olefin feed is obtained from the pyrolysis of tetrafluoroethylene/chlorodifluoromethane with chloromethane/methane, optionally in presence of initiator.

Abstract: A symmetric key that is stored at a device may be received. A public key from a remote entity may also be received at the device. Furthermore, a derived key may be generated based on a one way function between the symmetric key that is stored at the device and the public key that is received from the remote entity. The derived key may be encrypted with the public key and transmitted to the remote entity. The encryption of the derived key with the public key may provide secure transmission of the derived key to an authorized remote entity with a private key that may be used to decrypt the encrypted derived key.

Abstract: A request associated with one or more privileges assigned to a first entity may be received. Each of the one or more privileges may correspond to an operation of an integrated circuit. Information corresponding to the first entity and stored in a memory that is associated with the integrated circuit may be identified. Furthermore, the memory may be programmed to modify the information stored in the memory that is associated with the integrated circuit in response to the request associated with the one or more privileges assigned to the first entity.