Abstract: Systems and methods are disclosed for providing host-independent data operations. In certain embodiments, a data storage device includes a non-volatile memory; a pinhole button configured to be pressed; and a controller configured to: detect that the pinhole button is pressed; detect that the data storage device is coupled to a direct-current (DC) power supply; and initiate a disk operation for the data storage device. In some embodiments, the controller can be configured to initiate a data operation, such as an authentication or data accessibility operation, a data security operation, etc., for example, in addition to or instead of a disk operation.

Abstract: Methods and systems for controlling users' access to data available on blockchains are described herein, comprising: determining a first right for a first user to first data; determining a location in a permissioned blockchain comprising the first data, the location being a first fork of the permissioned blockchain; determining a first privilege required to access the first fork; determining that the first user corresponds to a first cryptographic address; and assigning the first privilege to the first cryptographic address.

Abstract: Disclosed are a system and method for detecting an unauthorized Internet of things (IoT) device in a private computer network. Packets of network traffic are collected in the private computer network. An IoT packet is identified from among the collected packets. IoT data is extracted from the IoT packet and encrypted. The encrypted IoT data is transmitted to an artificial neural network in the cloud over the public Internet. The artificial neural network infers, based on the encrypted IoT data, a device type of an IoT device that transmitted the IoT packet in the private computer network. The IoT device is detected to be unauthorized in response to detecting that the device type of the IoT device is not a recognized IoT device type in the private computer network.

Abstract: Methods, systems, and computer storage media for providing a smart-contract-based watermarking service. A smart-contract-based watermarking service includes smart contract programming for displaying and removing digital watermarks on NFTs. In operation, a request to execute a watermark-mining operation on a digital asset is accessed. The request comprises a set of digital watermarking request attributes. Based on the set of digital watermarking request attributes, a digital asset and a digital watermark are accessed. The digital asset is minted as a non-fungible token associated with the digital watermark and a smart contract that controls display of the digital watermark associated with the digital asset. A notification is communicated, the notification indicating that the watermark-minting operation has been executed.

Abstract: Disclosed are systems, servers and methods for a novel, multifactor-token based framework for securely executing electronic transactions while protecting user and transactional data related to and/or communicated during the transactions. The disclosed systems and methods enable an on-demand multifactor token to be generated for electronic transactions, whereby the tokens can be specific to a type of transaction, a type of entity and/or other party involved, and the like. The disclosed tokens can be relayed between users and the parties they are interacting with rather than personally identifiable information, which ensures a user's data is securely maintained and prevented from undesired exposure on a network.

Abstract: Distribution of data in a neural network data set is used to determine an optimal compressor configuration for compressing the neural network data set and/or the underlying data type of the neural network data set. By using a generalizable optimization of examining the data prior to compressor invocation, the example non-limiting technology herein makes it possible to tune a compressor to better target the incoming data. For sparse data compression, this step may involve examining the distribution of data (e.g., in one example, zeros in the data). For other algorithms, it may involve other types of inspection. This changes the fundamental behavior of the compressor itself. By inspecting the distribution of data (e.g., zeros in the data), it also possible to very accurately predict the data width of the underlying data.

Abstract: Embodiments of the present disclosure provide a firmware updating method, an apparatus and a data system. The firmware updating method is applied to the first apparatus, the first apparatus contains at least one PCI configuration space for configuring functions for the first apparatus, and the method specifically includes: configuring firmware updating capability in the first PCI configuration space in the at least one PCI configuration space, and updating the first firmware to the first apparatus based on the firmware updating capability.

Abstract: Methods, apparatus, and processor-readable storage media for authenticating usage data for processing by machine learning models are provided herein. An example method includes receiving, by a machine learning application installed in a user space of an operating system of a user device, a message from a software component, wherein the software component is: configured to collect usage data associated with the user device; signed with using private key corresponding to a digital certificate by an application installed on the user device; and deployed in a kernel space of the operating system, and wherein the message comprises usage data signed using the private key; authenticating, by the machine learning application, the usage data based on a public key corresponding to the digital certificate; and processing, by the machine learning application in response to a result of the authenticating, at least a portion of the authenticated usage data.

Abstract: Disclosed are techniques for linking information about individual entities across multiple datasets. A target dataset with some information corresponding to at least one attribute of an entity is received. Semantic processing is performed on the target dataset to extract semantic representations of the information and corresponding attributes, which is utilized to search at least one other dataset for additional information that is absent from the target dataset, corresponding to at least one attribute of the entity, which are used to augment the target dataset with additional information corresponding to the entity. This is repeated iteratively, with each subsequent iteration including semantic representations of information found in the searches of previous iterations until no additional information about the entity is found when searching the multiple datasets with semantic representations of the now augmented target dataset.

Abstract: A computerized method for a symmetric encryption cipher with steganographically embedded access controls includes generating a data structure relating to a cryptographic key of an invariant size and a variable encryption strength. The data structure is configured to dynamically allocate a plurality of adjacent data stores containing: an initialization vector (IV) for deriving a cryptographic key; a variable-length padding space dynamically coupled and inversely related to the variable encryption strength of the cryptographic key; and a seed array relating to the cryptographic key. User-authentication information, such as biometric data and/or access control information, may be steganographically embedded in the variable padding space of the cryptographic key.

Abstract: Systems and methods for decryption of payloads are disclosed herein. In various embodiments, systems and methods herein are configured for decrypting thousands of transactions per second. Further, in particular embodiments, the systems and methods herein are scalable, such that many thousands of transactions can be processed per second upon replicating particular architectural components.

Abstract: When the speed of head movement exceeds the processing capability of the system, a reduced depiction is displayed. As one example, the resolution may be reduced using coarse pixel shading in order to create a new depiction at the speed of head movement. In accordance with another embodiment, only the region the user is looking at is processed in full resolution and the remainder of the depiction is processed at lower resolution. In still another embodiment, the background depictions may be blurred or grayed out to reduce processing time.

Abstract: A method of labeling video to provide authentication acquires an instruction to apply timestamp labeling. Each recorded video is labeled with a timestamp based on the instruction. The first mark information is generated based on a content of each recorded video as a hash value and is uploaded into a blockchain. Second mark information is generated based on a content of at least one video under investigation. By comparing the first mark information and the second mark information, a video under investigation is found to be undistorted and authentic when the first mark information is the same as the second mark information. The video under investigation is found to be non-authentic when the first mark information is different from the second mark information. A terminal device and a computer readable storage medium applying the method are also disclosed.

Abstract: Social media networking applications, web sites, and services creates implicit relationships between users based on their interest or participation in real-world and optionally virtual or online activities in addition to explicitly defined peer relationships. User profiles, activity entities, and expressions may be associated with metadata to assist in searching and navigation. Metadata is implicitly associated with user profiles, activity entities, expressions, or other data entities based on user behavior using metadata collector. A metadata collector is a poll, survey, list, questionnaire, census, test, game, or other type of presentation adapted to solicit user interaction. A metadata collector is associated with metadata elements. When users interact with a metadata collector, their user profiles and the data entities included in their interactions become associated with the metadata elements of the metadata collector. These metadata element associations may then be used for any purpose.

Abstract: The present invention relates to a security policy and audit log two-way inquiry, collation, and tracking system and method capable of effectively inquiring and confirming various pieces of log information generated due to setting and change of various security policies, and capable of inquiring and confirming a security policy related to log information based on the collected log information. According to the present invention, it is possible to inquire, collate, and track logs generated and recorded by the various security policies, it is possible to inquire, collate, and track the security policy applied to the collected log, and it is possible to inquire, collate, and track the security policy and the log in two ways and in real time.

Abstract: Methods, computer program products, computer systems, and the like are disclosed that provide for scalable deduplication. Such methods, computer program products, and computer systems can include, in response to receiving a request to perform a lookup operation, performing the lookup operation and, in response to the signature not being found, forwarding the request to a remote node. Further, in response to receiving an indication that the signature was not found at the remote node, processing the subunit of data as a unique subunit of data.

Abstract: Cryptographic information is compiled by: (a) determining a first portion of the cryptographic information based on an input and a randomness: (b) checking a rejection criterion based on the first portion; (b1) re-starting step (a) with a different randomness if the rejection criterion is fulfilled; (b2) if not all portions of the cryptographic information have been generated, determining a subsequent portion of the cryptographic information based on the input and the randomness and continuing with step (b) or, otherwise, continuing with step (c); (c) determining the first portion of the cryptographic information based on the input and the randomness; (d) conveying the respective portion of the cryptographic information; and (e) if not all portions of the cryptographic information have been generated, determining a subsequent portion of the cryptographic information based on the input and the randomness and continuing with step (d).

Abstract: Systems, methods and apparatuses to configure a computing device for identification and authentication are described. For example, a key management server (KMS) has a certificate generator and is coupled to a registration portal. A copy of secret implemented into a secure component during its manufacture in a factory is stored in the KMS. After leaving the factory, the component can be assembled into the device. The portal receives registration of the component and a hash of software of the device. The certificate generator generates, independent of the device, public keys of the device, using the copy of the secret stored in the KMS and hashes of the software received via the registration portal, and then sign a digital certificate of the public key of the device. Authentication of the device can then be performed via the private key of the device and the certified public key.

Abstract: A computing device includes a non-volatile memory (NVM) interface and a processor. The NVM interface is to communicate with an NVM. The processor is to store in the NVM at least a Type-Length-Value (TLV) record including one or more encrypted fields and one or more non-encrypted fields, the non-encrypted fields including at least a validity indicator of the TLV record, to read the TLV record from the NVM, and to invalidate the TLV record by modifying the validity indicator stored in the non-encrypted fields, without decryption of any of the encrypted fields.

Abstract: A facility for updating software installed on a media device in connection with installation of the media device in customer premises is described. Outside the customer premises, the facility transfers a later-issued version of the software installed on the media device from a server to a portable storage device. Within the customer premises, the facility transfers the later-issued version of the software installed on the media device from the portable storage device to the media device for installation on the media device.

Abstract: Methods, systems, and devices for memory operations are described. First scrambling sequences may be generated for first addresses of a memory device after an occurrence of a first event, where the first addresses may be associated with commands received at the memory device. Portions of the memory array corresponding to the first address may be accessed based on the first scrambling sequences. After an occurrence of a subsequent event, second scrambling sequences may be generated for the first addresses, where the second scrambling sequences may be different than the first set of scrambling sequences. After the occurrence of the subsequent event, the portions of the memory array may be accessed based on the second scrambling sequences.

Abstract: A system and method for identifying authorized job step programs. The process identifies a plurality of job step programs. It then identifies authorized program facility (APF) authorized programs from the plurality of job step programs. An output table of APF authorized program is generated. This table is used to submit at least one batch job using the output table. A list identifying which parameters in a parameter string contain an address for each APF program in the output table is generated. This list is then provided for program testing.

Abstract: Aspects of the subject disclosure may include, for example, obtaining, from a user device, a master-slave agreement and a first network configuration for a federated blockchain network, transmitting to a cloud service provider (CSP) node the first network configuration, generating first credentials, and transmitting the first credentials to the CSP node. The CSP node configures a first group of blockchain nodes according to the first network configuration and the first credentials. Further embodiments include transmitting the first credentials to a public server that sends it to a public blockchain node and an indication to generate a portion of the federated blockchain network. The public blockchain node configures a second group of blockchain nodes according to a second network configuration based on a public blockchain smart contract. The federated blockchain network comprises the first group of blockchain nodes and the second group of blockchain nodes. Other embodiments are disclosed.

Abstract: The present disclosure provides a method for anti-tampering apparatus servicing data implemented by a calculation device connected to a target device, the method comprising: identifying a contract identification code and obtaining a contract package file and a contract authentication code from at least one remote device; obtaining a microservice file corresponding to the target device from the remote device when a device embedded code of the calculation device is matching the contract authentication code; performing the microservice file to enable the target device according to the contract package file and generate an execution report; publishing the execution report to the remote device to obtain an acceptance certification code; and combining and hashing the device embedded code, the contract authentication code and the acceptance certification code to generate a hash value, and sending the hash value to a blockchain.

Abstract: A method and system are described for storing and retrieving an encrypted master encryption key at multiple distinct physical servers in such a way as to prevent discovery of the master encryption key by any single one of the multiple holders. A retrieval mechanism is provided that facilitates a simple retrieval of the multiple pieces of the master encryption key from the multiple holders. The described system utilizes a combination of encryption algorithms, data storage, and transmission methods to carry out the new way of retrieving and storing the master encryption key.

Abstract: Techniques for sanitizing personally identifiable information (PII) from audio and visual data are provided. For instance, in a scenario where the data comprises an audio signal with speech uttered by a person P, these techniques can include removing/obfuscating/transforming speech-related PII in the audio signal such as pitch and acoustic cues associated with P's vocal tract shape and/or vocal actuators (e.g., lips, nasal air bypass, teeth, tongue, etc.) while allowing the content of the speech to remain recognizable. Further, in a scenario where the data comprises a still image or video in which a person P appears, these techniques can include removing/obfuscating/transforming visual PII in the image or video such as P's biological features and indicators of P's location/belongings/data while allowing the general nature of the image or video to remain discernable. Through this PII sanitization process, the privacy of individuals portrayed in the audio or visual data can be preserved.

Abstract: Forensic analysis on consistent system footprints relates to a system and method for rootkit detection based on forensic analysis performed on consistent system footprints, such as application events, application network communications and application files. The system includes a security system periodically monitoring one or more applications of a computing system. The security system includes a threat detection unit for collecting and storing system memory dumps, a machine learning module trained on clean and infectious memory dump, a similarity scanner to identify similarity between suspicious memory block and consistent system footprints, and a forensic analyzer to perform forensic analysis and detect infection, if any, based on the similarity found. The suspicious memory block is identified by the threat detection unit based on the analysis performed by the machine learning model. Upon rootkit detection an alert and forensic analysis report are generated.

Abstract: Disclosed are various embodiments for augmented intelligent machine for systematic attribution of data security. A set of global regulations is received by the system. Next, at least one decision rule for mapping one or more data elements is output based at least in part on the set of dynamic global regulations. A data input is received from at least one data source. Next, the data input is parsed to determine at least one sensitive data elements. Then, a confidentiality level of at least one sensitive data element is determined. The ingesting table is joined with a drive mapping data set. Finally, at least one security policy is applied to a type of data input based at least in part on the drive mapping data set or the confidentiality level.

Abstract: Systems and methods for power system switching element (PSSE) anomaly detection are disclosed. An example PSSE anomaly detection unit may include a power system switching element position estimator (PSSEPE) and a comparison unit. The PSSEPE may be configured to receive a set of measurements and a set of control commands associated with a PSSE, calculate an anomaly confidence score based on the set of measurements and the set of control commands, and estimate a calculated PSSE position based on the set of measurements and the set of control commands. The comparison unit may be configured to receive the calculated PSSE position from the PSSEPE, receive the set of measurements and the set of control commands from the PSSEPE, receive a reported PSSE position associated with the PSSE, and determine a PSSE anomaly decision based on a difference between the reported PSSE position and the calculated PSSE position.

Abstract: Systems and methods for providing secure motherboard replacement techniques are described. In one embodiment, an Information Handling System (IHS) may include computer-executable instructions to, during a bootstrap process, obtain a remodeled vendor tracking certificate from a replacement motherboard in which the remodeled vendor tracking certificate comprising inventory information associated with a previous motherboard, and determine that the vendor tracking certificate includes information indicating that the replacement motherboard has replaced a previous motherboard.

Abstract: Systems, methods, and apparatuses relating to circuitry to implement an instruction to create and/or use data that is restricted in how it can be used are described. In one embodiment, a hardware processor comprises a decoder of a core to decode a single instruction into a decoded single instruction, the single instruction comprising a first input operand of a handle including a ciphertext of an encryption key (e.g.

Abstract: A computer-implemented method of providing proof that a data item of a blockchain transaction exists on a blockchain, wherein the method comprises: obtaining, from a requesting party, target data item of a target blockchain transaction; obtaining the target blockchain transaction; obtaining a target Merkle proof for the target blockchain transaction, wherein a corresponding target Merkle root is contained within a block of the blockchain, and wherein obtaining the target Merkle proof comprises calculating an index of a target transaction identifier of the target blockchain transaction within a leaf layer of a corresponding target Merkle tree; and outputting at least the target Merkle proof for use by the requesting party as proof that the target data item exists as part of the target blockchain transaction on the blockchain.

Abstract: A server system sends, via a linearly ordered communication orbit, to computational machines at a first subset of nodes in a computer network, a set of local environment verification tests and a set of mappings that map results of the local environment verification tests into a set of risk scores. Requests sent by the server system cause the computational machines at the plurality of nodes to: locally evaluate the set of local environment verification tests to produce test results, and locally map the test results using the set of mappings into a set of risk scores. Queries sent by the server cause the computational machines at the plurality of nodes to return to the server system at least a portion of the test results and risk scores. The server, identifies, based on the received test results and risk scores, computational machines and/or control categories having risk scores satisfying predefined criteria.

Abstract: This disclosure relates to systems and methods for enabling the use of secret digital or electronic information without exposing the sensitive information to unsecured applications. In certain embodiments, the methods may include invoking, by a client application executing in an open processing domain, a secure abstraction layer configured to interface with secret data protected by a secure processing domain. Secure operations may be securely performed on the secret data by the secure abstraction layer in the secure processing domain based on an invocation from a client application running in the open processing domain.

Abstract: Various implementations described herein may refer to a compliance platform for use with identity data. In one implementation, a method may include receiving a compliance data package from a user, where the compliance data package includes encrypted evidence data corresponding to digital identity data of the user. The method may also include encrypting the compliance data package using a first cryptographic key. The method may further include generating a user key shard, a requestor key shard, and a regulator key shard based on the first cryptographic key. The method may include generating an unlock data package that includes the requestor key shard and encrypting the unlock data package using a second cryptographic key. The method may also include transmitting the user key shard, the encrypted unlock data package, and the encrypted compliance data package to the user. The method may include transmitting the regulator key shard to a regulator.

Abstract: An apparatus includes a cryptographic key for encrypting content to be written to a storage media. The apparatus includes a control circuit configured to determine that the storage media has been physically moved, and, based on the determination that the storage media has been physically moved, erase the storage media by deleting the cryptographic key.

Abstract: A method begins by identifying a plurality of encoded data slices requiring rebuilding. The method continues by determining an amount of memory required for rebuilding the plurality of encoded data slices and allocating memory in one or more storage units for the rebuilding the plurality of encoded data slices as reserve memory. The method continues by obtaining a plurality of rebuilt encoded data slices associated with the plurality of encoded data slices requiring rebuilding and storing the plurality of rebuilt encoded data slices in the reserve memory.

Abstract: Disclosed herein are systems and methods for storing patient medical information on a local processing device, anonymizing a portion of that medical information and storing it on a second processing device, exposing that anonymized medical information to a third processing device coupled to the second processing device through a network, and restricting users of the third processing device to only accessing HIPAA compliant medical information. Alarms are included for indicating the improper transfer of HIPAA data.

Abstract: In an approach for enabling communication between offline devices to perform secure transaction, a processor sends information in an optically recognizable first code including a response type, an identity of the first device and a type of optical reader associated with the first device. A processor receives encoded information in an optically recognizable second code. A processor extracts a user identifier and the one-time password associated with the registered second device. A processor determines that a user certificate associated with the user identifier exists in a local repository. A processor validates the one-time password associated with the registered second device with the user certificate using a public certificate associated with the first device, the one-time password associated with the registered second device and the one-time password seed. A processor authenticates the user.

Abstract: The present disclosure is related to systems and methods for hashing-based assessment of electronic clinical trial outcomes. Such systems and methods may advantageously enable secure, rapid, efficient, and cost-effective reuse of pre-built eCOA assessments for clinical trials. In an aspect, the present disclosure provides a computer-implemented method for validation of an electronic clinical trial outcome assessment (eCOA), comprising: (a) obtaining an assessment of an eCOA, the assessment comprising a plurality of files generated by performing a first validation of the eCOA; (b) obtaining a first hash value associated with the assessment of the eCOA, the first hash value generated by hashing the plurality of files of the assessment of the eCOA; (c) hashing the plurality of files of the assessment of the eCOA to generate a second hash value; and (d) validating the eCOA when the second hash value is equal to the first hash value.

Abstract: A method, apparatus and computer program product for privacy-preserving homomorphic inferencing. In response to receipt of encrypted data, a ciphertext of real numbers is generated. Each real number has an associated sign that is desired to be maintained. A mask is then identified, preferably via an iterative algorithm that works on a trial and error basis to locate an appropriate solution. The mask comprises set of values randomly distributed over a given positive range and that remain positive after encoding under a fixed-point arithmetic and with a low scale value. Under homomorphic encryption, the ciphertext is then multiplied by the mask to generate a result comprising values corresponding to the real numbers in the ciphertext and that maintain their associated signs. The result is provided as a response to the encrypted data.

Abstract: A method for compressing a flow of CAN-bus messages, which comprises: (A) during a training stage: (a) determining at least one series-type pattern; (b) defining a compressed series-type command for each of said patterns, each command comprising parameters of: (b.1) a timestamp of a first message; (b.2) a message-ID; (b.3) a type of pattern; (b.4) an indication of a field within the messages; (b.5) a parameter value at the first message; (b.6) period between messages; and (b.7) number of messages; (B) during a compression stage: (c) dividing a record of CAN-bus messages into groups of a same message-ID; (d) within each group, finding messages of a same pattern; (e) for each series, forming a compressed command in a form as defined with values for at least several parameters; and (C) during a decompression stage: (f) using the series-type compressed commands to reconstruct the content of the series of messages.

Abstract: Provided herein may be an electronic device and a method of operating the same. The electronic device may include a memory device including a replay protected memory block (RPMB) configured to store security data, a memory controller configured to control the memory device, and a host device configured to verify, using a password, an external device coupled thereto wherein the memory controller controls the memory device to read, when the external device is verified, the security data, and wherein the host device is further configured to encrypt the read security data, and transmit, to the verified external device, the encrypted security data, a decryption key for decrypting the encrypted security data, and an RPMB key for accessing the security data.

Abstract: An aspect of the present disclosure relates to one or more data decryption techniques. In embodiments, an input/output operation (IO) stream including one or more encrypted IOs is received by a storage array. Each encrypted IO is assigned an encryption classification. Further, each encrypted IO is processed based on its assigned encryption classification.

Abstract: One or more aspects of the present disclosure relate to enhancing modular device snapshot-to-encryption-key associations. In embodiments, an input/output (IO) workload can be received at a storage array. The IO workload can include an IO request to write encrypted data on the storage array. The IO request's metadata can also be parsed for information such as snap parameters. Further, an encryption key identifier (ID) can be received from a host, and snapshots of a storage unit can be created with the parsed information and the key ID.

Abstract: Methods and systems are described for facilitating blockchain operations based on network congestion. The system may facilitate blockchain operations by generating recommendations for blockchain operations based on values for one or more blockchain operation characteristics that are determined based on a likelihood that a given blockchain operation will be completed in a timely manner. The system thus ensures accounts for transient congestion in a blockchain network, while also minimizing a burden on a user device attempting to perform a blockchain operation.

Abstract: Technologies for secure device configuration and management include a computing device having an I/O device. A trusted agent of the computing device is trusted by a virtual machine monitor of the computing device. The trusted agent securely commands the I/O device to enter a trusted I/O mode, securely commands the I/O device to set a global lock on configuration registers, receives configuration data from the I/O device, and provides the configuration data to a trusted execution environment. In the trusted I/O mode, the I/O device rejects a configuration command if a configuration register associated with the configuration command is locked and the configuration command is not received from the trusted agent. The trusted agent may provide attestation information to the trusted execution environment. The trusted execution environment may verify the configuration data and the attestation information. Other embodiments are described and claimed.

Abstract: The present disclosure involves systems, software, and computer implemented methods for integrated data privacy services. An example method includes receiving a request to initiate a data privacy integration protocol for applications in a multiple-application landscape. Voting responder group configurations are identified that group the applications into multiple voting responder groups for performing voting for the protocol. A voting request for the protocol is sent to applications in a first voting responder group. Data privacy integration protocol votes are received from the applications in the first voting responder group and a determination is made as to whether any application in the first voting responder group provided a veto vote for the protocol. If at least one application in the first voting responder group provided a veto vote for an object, the protocol is ended for the object without sending a voting request to applications in a second voting responder group.

Abstract: An intrusion detection apparatus, including: a printed circuit board (PCB), including: an electrical switch, the electrical switch including: conductive pads positioned on a top layer of the PCB, and a conductive ground ring positioned on the top layer and surrounding the conductive pads; and a mechanical pin coupled to a first portion of a chassis of the information handling system at a first end of the mechanical pin, the mechanical pin including a conductive gasket positioned at a second end of the mechanical pin, the first end opposite to the second end, wherein the ground ring provides an intrusion signal when a foreign conductive object is in contact with the ground ring to indicate a presence of the foreign conductive object.

Abstract: Methods and systems disclosed herein describe a universal access layer that allows a plurality of applications to obtain data and/or information from a plurality of heterogeneous data stores. The universal access layer may include one or more application data objects to validate requests, transform a format of the request, determine which data stores comprise the requested data and/or information, encrypt the request, combine responses into a single response, and retransform the response prior to sending it to the requesting application. By using the universal access layer, applications may improve the speed with which they access data and/or information from the plurality of heterogeneous data stores.