Abstract: Systems, methods and non-transitory computer readable media for initiating actions based on an ongoing customer journey are provided. Customer journey data associated with an ongoing customer journey may be received. The ongoing customer journey may involve an individual and a device associated with the individual in a retail store, such as a shopping cart. The customer journey data may indicate a trajectory of the device in the retail store generated based on data captured using an indoor positioning instrument associated with the device. While the ongoing customer journey is in progress, the customer journey data may be analyzed to determine information associated with the individual. The information associated with the individual may be used to select an action associated with the individual. A digital signal configured to initiate the selected action may be generated.

Abstract: Systems, methods and non-transitory computer readable media for selecting content for presentation in retail stores are provided. Location data associated with a device associated with an individual in a retail store, such as a shopping cart, may be obtained. A data structure including a plurality of data records may be accessed. Each data record may associate a content provider, a region of the retail store and a modifiable bid amount. A group of data records that match the location data of the plurality of data records may be identified. A particular data record of the group may be selected based on the bid amounts. The particular data record may be associated with a particular content provided and a particular bid amount. Content associated with the particular content provider may be presented. An account associated with the particular content provider may be updated based on the particular bid amount.

Abstract: Disclosed embodiments relate to providing dynamic and least-privilege access to network resources. Techniques include receiving a request from a network identity to access a network resource, authenticating the network identity using a native client and communication protocol, authorizing the network identity based on one or more access policy, generating a least privilege ephemeral account having ephemeral credentials, accessing the network resource using the ephemeral credentials, and enabling the network identity to access the network resource using the least-privilege ephemeral account using the native client and communication protocol. The techniques may further include matching an existing account to the network identity based on the one or more access policy and enabling the network identity to access the network resource using the matched existing account using the native client and communication protocol.

Abstract: Described herein are methods, systems, and computer-readable storage media for using a network identity. Techniques may include obtaining and encrypting a first data element using an encryption key and storing the encrypted first data element mapped to a network identity. Techniques may further include receiving a request from the network identity to perform an action on a resource and authenticating the network identity using an existing protocol, decrypting the first data element using a second data element calculated based on standard fields of the existing protocol, and enabling the action on the resource using the first data element.

Abstract: Disclosed embodiments relate to providing dynamic and least-privilege access to network resources. Techniques include receiving a request from a network identity to access a network resource, authenticating the network identity using a native client and communication protocol, authorizing the network identity based on one or more access policy, generating a least privilege ephemeral account having ephemeral credentials, accessing the network resource using the ephemeral credentials, and enabling the network identity to access the network resource using the least-privilege ephemeral account using the native client and communication protocol. The techniques may further include matching an existing account to the network identity based on the one or more access policy and enabling the network identity to access the network resource using the matched existing account using the native client and communication protocol.

Abstract: The disclosed embodiments include systems and methods for performing operations using least-privilege access to and control of target network resources. Operations may include identifying a prompt associated with a least-privilege requesting identity to initiate an action on a target network resource; executing, in response to the prompt, a first set of executable code; initiating, based on the first set of executable code, execution of a second set of executable code on the target network resource, wherein the second set of executable code executes using a least-privilege credential or using least-privilege permissions, the least-privilege credential and the least-privilege permissions being determined according to a least-privilege security policy associated with a type of activity expected to be performed on the target network resource; and instructing the second set of executable code to perform the action remotely on the target network resource through a remote session.

Abstract: The disclosed embodiments include systems and methods for implementing least-privilege access to, control of, and/or code execution on target network resources. Operations may include identifying a prompt associated with a least-privilege requesting identity to initiate a remote session on a target network resource; executing, in response to the prompt, a first agent; retrieving, from a secure storage location, a second agent; initiating, by the first agent, execution of the second agent on the target network resource, wherein the second agent executes using a least-privilege credential or using least-privilege permissions associated with the least-privilege requesting identity; and instructing the second agent to perform an action remotely on the target network resource through the remote session using the least-privilege credential or using the least-privilege permissions.

Abstract: The disclosed embodiments include systems and methods for implementing least-privilege access to, control of, and/or code execution on target network resources. Operations may include identifying a prompt associated with a least-privilege requesting identity to initiate a remote session on a target network resource; executing, in response to the prompt, a first agent; retrieving, from a secure storage location, a second agent; initiating, by the first agent, execution of the second agent on the target network resource, wherein the second agent executes using a least-privilege credential or using least-privilege permissions associated with the least-privilege requesting identity; and instructing the second agent to perform an action remotely on the target network resource through the remote session using the least-privilege credential or using the least-privilege permissions.