Abstract: A message management platform may receive, from an application operator, a configuration of a message flow. The message flow includes one or more messages associated with trigger conditions. The platform may receive, from a code snippet incorporated in an application of a user computing device, a notification that the user computing device has used the application. The platform may associate a user identifier with the user computing device. The platform may subscribe to, on behalf of the application operator, one or more API notification channels of the application builder platform. The platform may receive an API notification from the application builder platform. The platform may determine that the application builder platform's user is associated with the user identifier used by the message management platform. The platform may determine that the event described in the payload matches the trigger condition and transmit the first message to the user computing device.

Abstract: A message management platform may receive, from an application operator, a configuration of a message flow. The message flow includes one or more messages associated with trigger conditions. The platform may receive, from a code snippet incorporated in an application of a user computing device, a notification that the user computing device has used the application. The platform may associate a user identifier with the user computing device. The platform may subscribe to, on behalf of the application operator, one or more API notification channels of the application builder platform. The platform may receive an API notification from the application builder platform. The platform may determine that the application builder platform's user is associated with the user identifier used by the message management platform. The platform may determine that the event described in the payload matches the trigger condition and transmit the first message to the user computing device.

Abstract: A message management platform may receive, from an application operator, a configuration of a message flow. The message flow includes one or more messages associated with trigger conditions. The platform may receive, from a code snippet incorporated in an application of a user computing device, a notification that the user computing device has used the application. The platform may associate a user identifier with the user computing device. The platform may subscribe to, on behalf of the application operator, one or more API notification channels of the application builder platform. The platform may receive an API notification from the application builder platform. The platform may determine that the application builder platform's user is associated with the user identifier used by the message management platform. The platform may determine that the event described in the payload matches the trigger condition and transmit the first message to the user computing device.

Abstract: A computing device, such as a personal computing device (e.g., laptop, smartphone, etc.) or server, is configured to utilize environmental factors in generating public/private key pairs to access restricted data or operations. The environmental factors can include location, time, barometric pressure, acceleration, temperature, humidity, and the like. An initial key pair may be used to encrypt data and enable other conventional security features. A key pair can be subsequently generated based on the same environmental factors as with the initial key pair generation and used to access the data or operations which have been restricted using the initial key pair.

Abstract: Techniques are disclosed for implementing system calls in a virtualized computing environment. An interface is configured to abstract partitions in the virtualized computing environment. A system call is received that is to be executed across a system boundary in a localized computing environment. Based on a declarative policy, one or more of a device type, device path, or process identity associated with the system call is determined. The system call is executed in the virtualized computing environment.

Abstract: The present disclosure relates to devices and methods for protecting data from physical attacks. The devices and methods may establish an encryption protocol to encrypt data transmitted over a bus to one or more removable devices in communication with a computer device. The devices and methods may use the encryption protocol to communicate with the removal devices and perform storage requests at the removal devices. The devices and methods may also perform another layer of encryption on the data stored at the removal devices using a data at rest key stored on the removal devices.

Abstract: Examples of the present disclosure describe systems and methods for configuring and executing per-service TLS settings in a forward proxy. In examples, a proxy device receives a connection request from a client device to access a service. The proxy device identifies service connection information included in the connection request and selects a connection scheme for connecting to the service. The service connection information is compared to a static mapping of connection data in the connection scheme. If the service connection information matches the static mapping of connection data, a TLS type is determined for the connection request. If the service connection information does not match the static mapping of connection information, the service connection information is compared to a dynamic mapping of session information. Based on the comparison of the service connection information to the dynamic mapping of session information, a TLS type is determined for the connection request.

Abstract: Devices and methods for protecting server devices from physical attacks use an encrypted overlay network to securely communicate between a trusted network and one or more host computer devices in communication with the trusted network. The devices and methods may generate VPN tunnels to communicate directly with individual host computer devices. The devices and methods may securely transmit data packets between the trusted network and the host computer devices using the VPN tunnels.

Abstract: A message management platform may receive, from an application operator, a configuration of a message flow. The message flow includes one or more messages associated with trigger conditions. The platform may receive, from a code snippet incorporated in an application of a user computing device, a notification that the user computing device has used the application. The platform may associate a user identifier with the user computing device. The platform may subscribe to, on behalf of the application operator, one or more API notification channels of the application builder platform. The platform may receive an API notification from the application builder platform. The platform may determine that the application builder platform's user is associated with the user identifier used by the message management platform. The platform may determine that the event described in the payload matches the trigger condition and transmit the first message to the user computing device.

Abstract: Inducements are provided to customers to regularly connect back to a service provider and report usage that is expressed using a count of requests from a local computing device for cloud-based operations such as packet routing, container instantiation, virtual machine (VM) utilization, calls to a service or application, and the like. The count information is reported within a secure context, such as a trusted execution environment (TEE), using public-private key pair cryptography by which key derivation is dependent on some form of counting. For example, a customer computing device that is subject to a usage license encrypts an operation count and reports it to the service provider.

Abstract: A method, apparatus, and system are provided for correlating real-time reservation capacity information received from a plurality of this party devices, with dynamically generated variable discounts. A deal inventory database, consumer profiles database, historical database, and deal rules and definitions database are accessed and/or updated in real-time to enable correlating the real-time reservation capacity information received from a third party device. Dynamically generated variable discounts are provided to user devices based on at least the user device real-time location, and other factors. Selections made via the user device are updated in multiple databases and communicated to the respective third party device in real-time.

Abstract: The disclosure herein describes securing access to a service resource within a security boundary. A security gateway instance receives a request from an edge deployment outside the security boundary. The request includes identity data identifying the edge deployment. The identity data is validated based on allowed identity data of the security gateway instance and based on a validation handler associated with the service resource. Based on validating the identity data and validating the request, the identity data is transformed using security data specific to the security gateway instance. The transformed identity data indicates the request has been validated by the security gateway instance. Based on transforming the identity data of the request, the transformed identity data and the request are forwarded to the service resource via a network link within the security boundary, wherein the service resource is configured to process the request based on identifying the transformed identity data.

Abstract: Examples described herein generally relate to hosting virtual memory backed kernel isolated containers. A server includes at least one physical processor and at least one physical computer memory addressable via physical memory addresses. The at least one physical computer memory stores executable code configured to provide at least one host including a kernel and at least one kernel isolated container within the at least one host. The host allocates virtual memory having virtual memory addresses to a respective container of the at least one kernel isolated container. The host pins a subset of the virtual memory addresses to a subset of the physical memory addresses. The host performs a direct memory access operation or device memory-mapped input-output operation of the respective container on the subset of the physical memory addresses. At least part of the physical computer memory that is not pinned is oversubscribed.

Abstract: Examples described herein generally relate to a server for hosting process isolated containers within a virtual machine. The server includes at least one physical processor; at least one physical computer memory storing executable code for execution by the at least one physical processor, and a physical network interface controller, NIC. The executable code may be configured to provide a host virtual machine and at least one process isolated container within the host virtual machine. The physical NIC includes a physical NIC switch configured to distribute incoming data packets to a plurality of functions including a physical function and virtual functions. At least one of the virtual functions is assigned to an individual process isolated container within the virtual machine. The virtual function assigned to the individual process isolated container allows the physical NIC switch to distribute incoming data packets for the individual process isolated container at a hardware level.

Abstract: The disclosure herein describes securing access to a service resource within a security boundary. A security gateway instance receives a request from an edge deployment outside the security boundary. The request includes identity data identifying the edge deployment. The identity data is validated based on allowed identity data of the security gateway instance and based on a validation handler associated with the service resource. Based on validating the identity data and validating the request, the identity data is transformed using security data specific to the security gateway instance. The transformed identity data indicates the request has been validated by the security gateway instance. Based on transforming the identity data of the request, the transformed identity data and the request are forwarded to the service resource via a network link within the security boundary, wherein the service resource is configured to process the request based on identifying the transformed identity data.

Abstract: Techniques are disclosed for implementing system calls in a virtualized computing environment. An interface is configured to abstract partitions in the virtualized computing environment. A system call is received that is to be executed across a system boundary in a localized computing environment. Based on a declarative policy, one or more of a device type, device path, or process identity associated with the system call is determined. The system call is executed in the virtualized computing environment.

Abstract: A computing device, such as a personal computing device (e.g., laptop, smartphone, etc.) or server, is configured to utilize environmental factors in generating public/private key pairs to access restricted data or operations. The environmental factors can include location, time, barometric pressure, acceleration, temperature, humidity, and the like. An initial key pair may be used to encrypt data and enable other conventional security features. A key pair can be subsequently generated based on the same environmental factors as with the initial key pair generation and used to access the data or operations which have been restricted using the initial key pair.

Abstract: Techniques are disclosed for implementing system calls in a virtualized computing environment. An interface is configured to abstract partitions in the virtualized computing environment. A system call is received that is to be executed across a system boundary in a localized computing environment. Based on a declarative policy, one or more of a device type, device path, or process identity associated with the system call is determined. The system call is executed in the virtualized computing environment.

Abstract: A computing device, such as a personal computing device (e.g., laptop, smartphone, etc.) or server, is configured to utilize environmental factors in generating public/private key pairs to access restricted data or operations. The environmental factors can include location, time, barometric pressure, acceleration, temperature, humidity, and the like. An initial key pair may be used to encrypt data and enable other conventional security features. A key pair can be subsequently generated based on the same environmental factors as with the initial key pair generation and used to access the data or operations which have been restricted using the initial key pair.

Abstract: The present disclosure relates to devices and methods for protecting server devices from physical attacks. The devices and methods may use an encrypted overlay network to securely communicate between a trusted network and one or more host computer devices on network racks in communication with the trusted network. The devices and methods may generate VPN tunnels to communicate directly with individual host computer devices on the network racks. The devices and methods may securely transmit data packets between the trusted network and the host computer devices using the VPN tunnels.