Abstract: Examples described herein include receiving a key request from a requestor, determining a validity of the key request, and sending the key to the requestor based on the determination of the validity of the key request. In some examples, the key request is for a key to an encrypted disk partition of a protected computing device and comprises a unique identifier associated with the encrypted disk partition.

Abstract: Examples described herein include receiving a key request from a requestor, determining a validity of the key request, and sending the key to the requestor based on the determination of the validity of the key request. In some examples, the key request is for a key to an encrypted disk partition of a protected computing device and comprises a unique identifier associated with the encrypted disk partition.

Abstract: A method for secure distribution of data in an interchange network, comprises having a network in which data records stored on at least one computer; and including an authorization service, where the authorization service grants a contractor access to at least a portion of the data records; and a watermarking module that adds one or more artificial records to said portion. The artificial records cannot be distinguished from the data records by the contractor and are valid for processing in the same way as the data records.

Abstract: A functional model of a business process which is annotated with security requirements is provided. Platform-specific executable code and at least one configuration file for a given security enforcement component to enforce the security requirements of the model are then generated automatically.

Abstract: Data assurance capabilities are received that are related to at least one individual persistent object type in a plurality of persistent object types linked to persistent objects stored on the service provider server. In addition, data assurance specifications are received from a customer, the data assurance specifications being based on the data assurance capabilities. Computer-readable data assurance policies for the at least one persistent object type are generated based on the received data assurance specification. The computer-readable data assurance policies then are combined with a corresponding template of data assurance capabilities for the at least one individual persistent object type to generate an enforceable customer-specific data policy.

Abstract: Systems and methods of configuring process variants for on-boarding customers for information technology (IT) outsourcing are provided. An example method includes modeling roles, responsibilities, and business context for a standard process template. The method also includes developing cause-and-effect rules affecting outcome of the standard process template. The method also includes adjusting the standard process template for process variants across different customer on-boarding scenarios.

Abstract: An encryption key may be fragmented into n encryption key fragments such that k<n fragments are sufficient for reconstructing the encryption key. The encryption key fragments may be distributed across data stores located within first and second geographic regions. For example, at least k of the encryption key fragments may be distributed across data stores realized at N different availability zones within the first geographic region such that less than k of the encryption key fragments are distributed to each of the N availability zones within the first geographic region. Similarly, at least k of the encryption key fragments may be distributed across data stores realized at M different availability zones within the second geographic region such that less than k of the encryption key fragments are distributed to each of the M availability zones within the second geographic region.

Abstract: Disclosed is a system for protecting security of a provisionable network, comprising: a network server, a network client communicatively coupled with the server, a pool of resources coupled with the server for employment by the client, a resource management system for managing the resources, and an intrusion detection system enabled to detect and respond to an intrusion in said network.

Abstract: A method comprises receiving, by a processor, a copy of a database containing records, each record having a plurality of attributes. The method also comprises determining, by the processor, whether a first attribute in each record results in a predetermined value in modulo P when hashed with a key and determining, by the processor, whether a second attribute in each record results in the predetermined value in modulo P when hashed with a key. For a first record whose first attribute results in the predetermined value in modulo P when hashed with a key and a second record whose second attribute also results in the predetermined value in modulo P when hashed with a key, the method further comprises swapping by the processor the second attributes between the first and second records.

Abstract: A method comprising fingerprinting, by the at least one processor, a first copy of a database with a fingerprint. The fingerprint has at least one part in common with another fingerprint used in another copy of the database, and at least one part unique to the first copy of the database. The fingerprinting comprises swapping attributes between multiple records in the first copy of the database.

Abstract: An encryption key may be fragmented into n encryption key fragments such that k<n fragments are sufficient for reconstructing the encryption key. The encryption key fragments may be distributed across data stores located within first and second geographic regions. For example, at least k of the encryption key fragments may be distributed across data stores realized at N different availability zones within the first geographic region such that less than k of the encryption key fragments are distributed to each of the N availability zones within the first geographic region. Similarly, at least k of the encryption key fragments may be distributed across data stores realized at M different availability zones within the second geographic region such that less than k of the encryption key fragments are distributed to each of the M availability zones within the second geographic region.

Abstract: A method comprises receiving a database containing records. The method further comprises determining a number of artificial records to add to the database to achieve a false negative mark detection rate less than a specified threshold. The method also comprises marking the database by adding the determined number of artificial records to the database. Each artificial record contains at least one value that, when used, is detectable by a third party. The false negative rate comprises a probability of failing to detect the mark in a discovered subset of the database.

Abstract: A functional model of a business process which is annotated with security requirements is provided. Platform-specific executable code and at least one configuration file for a given security enforcement component to enforce the security requirements of the model are then generated automatically.

Abstract: Data assurance capabilities are received that are related to at least one individual persistent object type in a plurality of persistent object types linked to persistent objects stored on the service provider server. In addition, data assurance specifications are received from a customer, the data assurance specifications being based on the data assurance capabilities. Computer-readable data assurance policies for the at least one persistent object type are generated based on the received data assurance specification. The computer-readable data assurance policies then are combined with a corresponding template of data assurance capabilities for the at least one individual persistent object type to generate an enforceable customer-specific data policy.

Abstract: A method comprising fingerprinting, by the at least one processor, a first copy of a database with a fingerprint. The fingerprint has at least one part in common with another fingerprint used in another copy of the database, and at least one part unique to the first copy of the database. The fingerprinting comprises swapping attributes between multiple records in the first copy of the database.

Abstract: A modelling system to provide a computer based business process for an enterprise, allows the enterprise to input values for a plurality of non functional requirements (760) for the deployment, and allows at least some of the values to be varied independently of others of the values, and creates a design of software application components (770) and a design of computing infrastructure (780), for running the software application components, so that the business process operates according to the values input for the non functional requirements of the business process. By modelling the underlying computing infrastructure, it becomes feasible to create models with greater certainty that they will deploy successfully, and with greater predictability of how well they will meet given non functional requirements. This enables more freedom to be allowed to vary the values of these non functional requirements and get greater customisation to suit the needs of the enterprise.

Abstract: A method of automated deployment managed by a service provider, of a computer based business process, involves generating a model (730) of the business process including a design of computing infrastructure, and deploying the model on hardware (770) dedicated to the enterprise, with an interface for the service provider to enable ongoing management of the deployed process by the service provider. Having dedicated hardware means the location of the hardware can be arranged to suit the enterprise. This means limitations such as bandwidth or latency of WAN links, can be addressed by choosing the location of the dedicated hardware appropriately. Trust of security can also be increased compared to that of the shared data centres. The automated model driven deployment can help enable the service provider to provide such deployments on different types of hardware. The need for the enterprise to maintain specialist expertise in house is reduced.

Abstract: A method comprises receiving, by a processor, a copy of a database containing records, each record having a plurality of attributes. The method also comprises determining, by the processor, whether a first attribute in each record results in a predetermined value in modulo P when hashed with a key and determining, by the processor, whether a second attribute in each record results in the predetermined value in modulo P when hashed with a key. For a first record whose first attribute results in the predetermined value in modulo P when hashed with a key and a second record whose second attribute also results in the predetermined value in modulo P when hashed with a key, the method further comprises swapping by the processor the second attributes between the first and second records.

Abstract: A method comprises receiving a database containing records. The method further comprises determining a number of artificial records to add to the database to achieve a false negative mark detection rate less than a specified threshold. The method also comprises marking the database by adding the determined number of artificial records to the database. Each artificial record contains at least one value that, when used, is detectable by a third party. The false negative rate comprises a probability of failing to detect the mark in a discovered subset of the database.

Abstract: A system for generating a model representing an existing computer based business process involves analysing existing source content (910) which has annotations (920) added, to provide information for the modelling. Static analysis of the annotations can provide some of the information. Other information can be discovered at run time if the annotations alter the run time behaviour to generate monitoring events showing the behaviour. The annotations need not be restricted to codes or symbols or structures of the language of the source content, and can use concepts closer to those in the model being generated. Using annotations rather than manual modelling can reduce errors and lead to better predictions of performance from the model, and result in better reconfiguration of the software or the computing infrastructure to make more efficient usage of shared resources.