Abstract: When instantiating a requesting process that publishes a request for a response from a responding process, a method of implementing an event-based distributed messaging service includes identifying a response topic of a distributed messaging service and generating subscriptions for the response topic where each subscription includes a subscription identifier. During runtime for the requesting process, the method publishes a request message to a request topic subscribed to by the responding process where the request message includes a unique message identifier and generates a subscriber using a respective subscription identifier of a respective subscription selected from the subscriptions where the subscriber includes the unique message identifier.

Abstract: Methods, systems, computer-readable media, and apparatuses may provide management of messaging for one or more devices of a user according to the user's configurable presence schedule. A messaging management server may receive notifications of messages and the messages themselves from a messaging service provider. The messages may have originated from a first user and be intended for receipt by a second user. After a preset time period has elapsed, a notification of the message may be sent from the messaging management server to each of the second user's devices in accordance with the second user's presence schedule. Subsequent messages from the first user and intended for the second user may be routed from the messaging management server to the device on which the second user responded to the notification of the initial message and might not be routed to the second user's other devices.

Abstract: When instantiating a requesting process that publishes a request for a response from a responding process, a method of implementing an event-based distributed messaging service includes identifying a response topic of a distributed messaging service and generating subscriptions for the response topic where each subscription includes a subscription identifier. During runtime for the requesting process, the method publishes a request message to a request topic subscribed to by the responding process where the request message includes a unique message identifier and generates a subscriber using a respective subscription identifier of a respective subscription selected from the subscriptions where the subscriber includes the unique message identifier.

Abstract: When instantiating a requesting process that publishes a request for a response from a responding process, a method of implementing an event-based distributed messaging service includes identifying a response topic of a distributed messaging service and generating subscriptions for the response topic where each subscription includes a subscription identifier. During runtime for the requesting process, the method publishes a request message to a request topic subscribed to by the responding process where the request message includes a unique message identifier and generates a subscriber using a respective subscription identifier of a respective subscription selected from the subscriptions where the subscriber includes the unique message identifier.

Abstract: A process for optimal query scheduling includes receiving in an information retrieval data processing system, a request to accelerate query execution of a specified query to a time prior to a scheduled time. A specific field corresponding to data in a database is then identified in the query and a freshness of data requirement for the specific field retrieved along with a frequency of change the data corresponding to the specific field. Then, if execution of the specific query at the time prior to the scheduled time instead of the scheduled time is determined not to violate the freshness of data requirement based upon the frequency of change of the data corresponding of the specific field, the specific query is scheduled for execution at the time prior to the scheduled time. But otherwise, the scheduled time may be maintained for executing the specific query.

Abstract: Key management for encrypted data includes establishing a cache of key decryption keys and periodically evicting the keys from the cache. A pool of key encryption keys also is created and periodically, selected key encryption keys are removed from service. Notably, the rate of removal of the encryption keys differs from the rate of cache eviction for the decryption keys. Thereafter, clear data is encrypted with a cipher to produce cipher text, and the cipher is encrypted with a selected key encryption key from the pool. Finally, in response to an access request for the clear data, an attempt to locate in the cache a key decryption key for the encrypted cipher is made. If attempt fails, the key decryption key is retrieved from remote memory. Finally, the encrypted cipher is decrypted with the located key, and the cipher text decrypted to produce the clear data.

Abstract: Securing at rest data on a cloud hosted server includes, for each cloud hosted instance of a computer program, creating a key encrypted key (KEK) using a unique customer master key (CMK) corresponding to the instance, but only an encrypted form of the KEK is persisted in a database for the corresponding instance whereas the unencrypted KEK is retained in memory of the encryption process only. Thereafter, in response to a request to persist data by a corresponding instance of the computer program, a data key (DK) is randomly generated and encrypted with the KEK in memory for the corresponding instance. The data itself also is encrypted with the DK and an envelope with the encrypted DK and the encrypted data returned to the requestor, thus ensuring that the data and the encryption keys are never moved or persisted in an un-encrypted form.

Abstract: The present disclosure provides a method, system and computer program product for optimal query scheduling for resource utilization option. In an embodiment of the disclosure, a process for optimal query scheduling includes receiving in an information retrieval data processing system at a contemporaneous time, a request for deferred query execution of a specified query to a future time after the contemporaneous time. The method additionally includes determining a frequency of change of data corresponding to a field referenced in the specified query. Then, on condition that the frequency of change is below a threshold value, an intermediate time prior to the future time but after the contemporaneous time can be identified and the specified query scheduled for execution at the intermediate time instead of the future time. But, otherwise the specified query can be scheduled at the future time as originally requested.

Abstract: A process for optimal query scheduling includes receiving in an information retrieval data processing system, a request to accelerate query execution of a specified query to a time prior to a scheduled time. A specific field corresponding to data in a database is then identified in the query and a freshness of data requirement for the specific field retrieved along with a frequency of change the data corresponding to the specific field. Then, if execution of the specific query at the time prior to the scheduled time instead of the scheduled time is determined not to violate the freshness of data requirement based upon the frequency of change of the data corresponding of the specific field, the specific query is scheduled for execution at the time prior to the scheduled time. But otherwise, the scheduled time may be maintained for executing the specific query.

Abstract: Key management for encrypted data includes establishing a cache of key decryption keys and periodically evicting the keys from the cache. A pool of key encryption keys also is created and periodically, selected key encryption keys are removed from service. Notably, the rate of removal of the encryption keys differs from the rate of cache eviction for the decryption keys. Thereafter, clear data is encrypted with a cipher to produce cipher text, and the cipher is encrypted with a selected key encryption key from the pool. Finally, in response to an access request for the clear data, an attempt to locate in the cache a key decryption key for the encrypted cipher is made. If attempt fails, the key decryption key is retrieved from remote memory. Finally, the encrypted cipher is decrypted with the located key, and the cipher text decrypted to produce the clear data.

Abstract: Embodiments of the present invention provide a method, system and computer program product for optimal query scheduling for resource utilization option. In an embodiment of the invention, a process for optimal query scheduling includes receiving in an information retrieval data processing system at a contemporaneous time, a request for deferred query execution of a specified query to a future time after the contemporaneous time. The method additionally includes determining a frequency of change of data corresponding to a field referenced in the specified query. Then, on condition that the frequency of change is below a threshold value, an intermediate time prior to the future time but after the contemporaneous time can be identified and the specified query scheduled for execution at the intermediate time instead of the future time. But, otherwise the specified query can be scheduled at the future time as originally requested.

Abstract: Embodiments of the present invention provide a method, system and computer program product for optimal query scheduling for resource utilization option. In an embodiment of the invention, a process for optimal query scheduling includes receiving in an information retrieval data processing system at a contemporaneous time, a request for deferred query execution of a specified query to a future time after the contemporaneous time. The method additionally includes determining a frequency of change of data corresponding to a field referenced in the specified query. Then, on condition that the frequency of change is below a threshold value, an intermediate time prior to the future time but after the contemporaneous time can be identified and the specified query scheduled for execution at the intermediate time instead of the future time. But, otherwise the specified query can be scheduled at the future time as originally requested.

Abstract: A process for optimal query scheduling includes receiving in an information retrieval data processing system, a request to accelerate query execution of a specified query to a time prior to a scheduled time. A specific field corresponding to data in a database is then identified in the query and a freshness of data requirement for the specific field retrieved along with a frequency of change the data corresponding to the specific field. Then, if execution of the specific query at the time prior to the scheduled time instead of the scheduled time is determined not to violate the freshness of data requirement based upon the frequency of change of the data corresponding of the specific field, the specific query is scheduled for execution at the time prior to the scheduled time. But otherwise, the scheduled time may be maintained for executing the specific query.

Abstract: Methods and systems for securely entering credentials via a head-mounted display device are described herein. A head-mounted device may select a first type of graphical user interface (GUI) elements and a second type of GUI elements based on capabilities of the head-mounted device. A display of the head-mounted device may display the first type of GUI elements. A first user selection of a first GUI element of the first type of GUI elements may be selected. The second type of GUI elements may be displayed. A second user selection of a second GUI element of the second type of GUI elements may be received. Based on the first user selection and the second user selection, whether to grant user access to a resource may be determined.

Abstract: Key management for encrypted data includes establishing a cache of key decryption keys and periodically evicting the keys from the cache. A pool of key encryption keys also is created and periodically, selected key encryption keys are removed from service. Notably, the rate of removal of the encryption keys differs from the rate of cache eviction for the decryption keys. Thereafter, clear data is encrypted with a cipher to produce cipher text, and the cipher is encrypted with a selected key encryption key from the pool. Finally, in response to an access request for the clear data, an attempt to locate in the cache a key decryption key for the encrypted cipher is made. If attempt fails, the key decryption key is retrieved from remote memory. Finally, the encrypted cipher is decrypted with the located key, and the cipher text decrypted to produce the clear data.

Abstract: Methods and systems for securely entering credentials via a head-mounted display device are described herein. A display of a head-mounted device may display, in a first arrangement, a plurality of graphical user interface (GUI) elements. Each of the plurality of GUI elements may indicate a different character of a plurality of characters. The head-mounted device may receive a first user selection of a GUI element from the plurality of GUI elements displayed in the first arrangement. The method may comprise storing the first user selection of the GUI element. After receiving the first user selection of the GUI element, the plurality of GUI elements may be displayed on the display of the head-mounted device and in a second arrangement different from the first arrangement. The head-mounted device may receive a second user selection of a GUI element from the plurality of GUI elements displayed in the second arrangement.

Abstract: Methods and systems for optimized caching of data in a network of nodes are described herein. A server node of a plurality of server nodes may receive, from a device (e.g., a client device), a request for data. The request may be transmitted to the server node via a load balancing device. The server node may retrieve the data requested by the device. The server node may cache, at a cache location internal to the server node, the data requested by the device. The method may comprise transmitting, by the server node, a request to update a data mapping table to indicate a mapping of the server node and the data requested by the device.

Abstract: Securing at rest data on a cloud hosted server includes, for each cloud hosted instance of a computer program, creating a key encrypted key (KEK) using a unique customer master key (CMK) corresponding to the instance, but only an encrypted form of the KEK is persisted in a database for the corresponding instance whereas the unencrypted KEK is retained in memory of the encryption process only. Thereafter, in response to a request to persist data by a corresponding instance of the computer program, a data key (DK) is randomly generated and encrypted with the KEK in memory for the corresponding instance. The data itself also is encrypted with the DK and an envelope with the encrypted DK and the encrypted data returned to the requestor, thus ensuring that the data and the encryption keys are never moved or persisted in an un-encrypted form.

Abstract: Methods, systems, and computer-readable media for using derived credentials to enroll a mobile computing device with an enterprise mobile device management system are described herein. In various embodiments, a mobile computing device, responsive to a command to enroll with an enterprise mobile device management server, may launch an enrollment application; send an enrollment request message to the enterprise mobile device management server; switch to a certificate management system application on the mobile computing device; request one or more derived credentials from a certificate management system server; store the one or more derived credentials in a shared vault on the mobile computing device; switch to the enrollment application; retrieve a derived credential of the one or more derived credentials stored in the shared vault; and, provide the derived credential to the enterprise mobile device management server to enroll the mobile computing device with at least one mobile device management service.

Abstract: Technology for providing secure communications between a user device and a secure server, in which a user device performs a certificate pinning operation by requesting and receiving a set of public key certificates for the secure server from a dynamic host configuration protocol (DHCP) server. The user device requests and receives a current public key certificate of the secure server from the secure server. The current public key certificate of the secure server is compared with the set of public key certificates for the secure server received from the DHCP server. In response to the current public key certificate of the secure server matching one of the public key certificates in the set of public key certificates for the secure server received from the DHCP server, the authenticity of the secure server is confirmed and communications are permitted between the user device and the secure server.