Abstract: A computer system is disclosed that provides purpose-based control of user actions and access to electronic data assets. For example, the computer system may perform operations including: receiving, from a user, a request to perform an action; determining any checkpoint config objects associated with the action; displaying checkpoint dialog based on checkpoint config object; determining whether criteria associated with the checkpoint object are satisfied; and in response to determining that the criteria associated with the checkpoint object are satisfied: generating a checkpoint record object; and proceeding to perform the action.

Abstract: A computer system provides transaction-level data retention policy inheritance. The system may perform operations including storing a first dataset comprising a plurality of transactions, each of the plurality of transactions comprising one or more data items; receiving a first transaction to the first dataset, the first transaction comprising one or more data items; determining a first retention policy for the first transaction; and storing the first retention policy with the first transaction. The system may further perform operations including calculating a deletion date for the first transaction based on the first retention policy; and storing the deletion date with the first transaction in the first dataset.

Abstract: A cryptography administration system facilitates secure, user-friendly and auditable cryptography. The system can generate an encrypted data value from raw data values with a user-selected cryptography algorithm. The encrypted data value can comprise a pointer configured to access a location in storage comprising a cryptography key for decrypting the encrypted data value. The system can generate a license comprising one or more permissions of a user to decrypt the encrypted data value. The system can store the license in the location in storage accessible by the pointer of the encrypted data value.

Abstract: A computer-implemented method, system and computer program is disclosed. The method may comprise providing an image comprising a plurality of pixels, identifying at least one portion of the image to be obfuscated, modifying pixels of the at least one image portion using a key for producing an updated image in which the at least one image portion is obfuscated, providing the key, or a link to the key, in an access profile for the identified at least one image portion and allocating permissions to one or more users for enabling them to view the at least one image portion, by use of the key, when viewing the updated image.

Abstract: A cryptography administration system facilitates secure, user-friendly and auditable cryptography. An administrator may create channels with associated cryptographic keys and algorithms for performing cryptographic operations such as encryption and decryption. The channel may be associated with licenses which may include permissions to perform cryptographic operations. The licenses may be shared with one or more users. A user may perform cryptographic operations using the channel according to the permissions and operations included in the licenses, to which the user has access, associated with the channel. The user does not need a technical understanding of the cryptographic system (e.g., keys and algorithms) to perform the cryptographic operations and does not need access to the keys to perform the operations. The cryptographic operations may be stored in an audit log that can be reviewed by user.

Abstract: Systems and methods for lineage-aware data retention are provided. An example method includes receiving information of a committed transaction. The committed transaction is configured to add or change data to a dataset. The example method further includes receiving one or more lineages for the committed transaction, determining one or more parent transactions based at least in part on the one or more lineages, obtaining one or more parent retention dates that correspond to the one or more parent transactions respectively, and determining a transaction retention date for the committed transaction based at least in part on the one or more parent retention dates.

Abstract: An apparatus, computer-implemented method and computer program are disclosed for performing a cryptographic operation in a high-trust (HT) environment. The HT environment including a compute service and key storage service. The compute service receives from a user device, a user request for performing a cryptographic operation on at least a portion of a large-scale dataset. The user request including a user token associated with a user of the user device. The compute service sends to the key storage service, a cryptographic key access request corresponding to the received user request. The cryptographic key access request including data representative of the user token and/or a compute service token.

Abstract: A computer system provides transaction-level data retention policy inheritance. The system may perform operations including storing a first dataset comprising a plurality of transactions, each of the plurality of transactions comprising one or more data items; receiving a first transaction to the first dataset, the first transaction comprising one or more data items; determining a first retention policy for the first transaction; and storing the first retention policy with the first transaction. The system may further perform operations including calculating a deletion date for the first transaction based on the first retention policy; and storing the deletion date with the first transaction in the first dataset.

Abstract: A cryptography administration system facilitates secure, user-friendly and auditable cryptography. An administrator may create channels with associated cryptographic keys and algorithms for performing cryptographic operations such as encryption and decryption. The channel may be associated with licenses which may include permissions to perform cryptographic operations. The licenses may be shared with one or more users. A user may perform cryptographic operations using the channel according to the permissions and operations included in the licenses, to which the user has access, associated with the channel. The user does not need a technical understanding of the cryptographic system (e.g., keys and algorithms) to perform the cryptographic operations and does not need access to the keys to perform the operations. The cryptographic operations may be stored in an audit log that can be reviewed by user.

Abstract: Systems and methods are provided for processing an input dataset or running an inference. The systems and methods may be configured to accept an input dataset, access one or more predefined logic plugins for processing the input dataset, process the input dataset based at least in part on a first predefined logic plugin, and generate the one or more outputs based at least in part of the processing of the input dataset. The one or more outputs may have a different format than a format of the input dataset.

Abstract: A computer system is disclosed that provides purpose-based control of user actions and access to electronic data assets. For example, the computer system may perform operations including: receiving, from a user, a request to perform an action; determining any checkpoint config objects associated with the action; displaying checkpoint dialog based on checkpoint config object; determining whether criteria associated with the checkpoint object are satisfied; and in response to determining that the criteria associated with the checkpoint object are satisfied: generating a checkpoint record object; and proceeding to perform the action.

Abstract: Example methods and systems for software bug reproduction. One example method may comprise obtaining log information associated with multiple transactions processed by a control-plane node to configure a set of data-plane nodes and transform an initial network state to a first network state; and configuring a replay environment that is initialized to the initial network state, and includes a mock control-plane node and a set of mock data-plane nodes. The method may also comprise, based on the log information, replaying the multiple transactions using the mock control-plane node to configure the set of mock data-plane nodes and transform the replay environment from the initial network state to a second network state. Based on a comparison between the first network state and the second network state, a determination may be made as to whether a software bug is successfully reproduced in the replay environment.

Abstract: Example methods and systems for software bug reproduction. One example method may comprise obtaining log information associated with multiple transactions processed by a control-plane node to configure a set of data-plane nodes and transform an initial network state to a first network state; and configuring a replay environment that is initialized to the initial network state, and includes a mock control-plane node and a set of mock data-plane nodes. The method may also comprise, based on the log information, replaying the multiple transactions using the mock control-plane node to configure the set of mock data-plane nodes and transform the replay environment from the initial network state to a second network state.

Abstract: Systems and methods are provided for migrating a source ontology for a source stack to a destination stack. The source ontology may define source objects that are associated with source data sets. The source data sets may correspond to destination data sets on a destination stack. The destination data set identifiers for the source data sets may be different from the destination data sets. Translation of the destination data set identifiers may enable migration of the source ontology to the destination stack.