Abstract: Device-implemented methodology for enabling and/or performing crypto-erase via internal action and external action. In one illustrative aspect, a request to read data is received at a device configured to perform data operations on a storage medium, the data being stored on the storage medium in encrypted form. In one approach, a first key stored within the device is accessed. In another approach, a first key stored on and/or with the storage medium is retrieved. A second key is received from an external source. A media encryption key is generated using the first and second keys. The encrypted form of the data is read from the storage medium. The encrypted form of the data is decrypted using the media encryption key. The decrypted data is output. Methodology for writing encrypted data is also presented.

Abstract: Some embodiments provide a method for mobile device based user authentication. The method includes registering a session between a browser and a web application. The method also includes receiving a data object associated with the session and receiving a QR code from a mobile device that is captured from the browser. The method also provides for identifying the data object and sending the data object to the mobile device to retrieve user credentials. The method then receives an encrypted message comprising the user credentials from the mobile device. The encrypted message is then forwarded to the web application for authentication.

Abstract: The present disclosure is related to a system that may include a first computing device and a second computing device. The first computing device may send a request for identification data corresponding to one or more health properties associated with a user. The second computing device may receive the request for the identification data. In response to receiving the request, the second computing device may retrieve health data acquired by one or more sensors for monitoring the one or more health properties that correspond to the user and stored in a memory. The first computing device may receive the health data sent from the second computing device and authenticate an identity of the user based on the health data.

Abstract: A messaging server system receives a message creation input from a first client device that is associated with a first user registered with the messaging server system. The messaging server system determines, based on an entity graph representing connections between a plurality of users registered with the messaging server system, that the first user is within a threshold degree of connection with a second that initiated a group story in relation to a specified event. The messaging server system determines, based on location data received from the first client device, that the first client device was located within a geo-fence surrounding a geographic location of the specified event during a predetermined event window, the geo-fence and event window having been designated by the second user, and causes the first client device to present a user interface element, that enables the first user to submit content to the group story.

Abstract: A multitenant collaboration tool is instantiated over physical infrastructure operated by a hosting platform. The multitenant collaboration tool leverages interfaces of the hosting platform to provision and/or instantiate buckets and/or data lakes in particular physical locations, serving from those data lakes tenant data required to be stored within those specified locations. The multitenant collaboration tool includes a multitenant query gateway configured to route data queries from client devices to appropriate multitenant data lakes associated with multitenant collaboration tool.

Abstract: In an example, the eyewear includes an optical element, electronic components, and a support structure configured to support the optical element and the electronic components. The support structure defines a region for receiving at least a portion of a head of a user. The eyewear also includes a biometric sensor coupled to the electronic components and supported by the support structure. The biometric sensor is attached to the support structure and positioned to detect, in the region, a biometric signal representative of a biometric of the user for processing by the electronic components.

Abstract: It is desired to try to increase the security of a computing system running computer applications that may access data in a data storage system. In some embodiments, a token associates a user with a task that is being executed by a computing node. It may therefore be possible to determine which user executed which tasks. In some embodiments, the validity of a token is tied to the lifespan of a task associated with the token, rather than to a fixed amount of time. Therefore, if the task associated with the token is complete, the token may become invalid, rather than remaining valid for a duration of time that possibly exceeds the lifespan of the associated task. In some embodiments, a token is used to enforce data access control, e.g. to deny certain users access to certain data in the data storage system.

Abstract: A control apparatus is provided that includes: a communication unit configured to receive an access request transmitted from a first user; an analysis unit configured to analyze whether a second user whose use frequency of a network is equal to or higher than a threshold approves the access request by the first user or not; and a control unit configured to permit access by the first user to the network in a case where the access request by the first user is approved by a specific number or more of the second users, the specific number being two or more.

Abstract: An operating method of an interactive service platform including the steps of: communicating with a plurality of user end devices via an application software; receiving physiological measurement information of user from the user end devices via the application software; analyzing the physiological measurement information to identify a physical and mental state/lifestyle of an associated subscriber; and automatically responding content information associated with at least one associated subscriber according to requests from the user end devices.

Abstract: An apparatus includes at least one processing device configured to identify a logical storage volume stored across multiple storage nodes of a distributed storage system, to obtain address range distribution information for the logical storage volume from at least a subset of the storage nodes, the address range distribution information indicating, for each of a plurality of distinct address ranges of the logical storage volume, which of the storage nodes locally stores data for that address range, and to generate, from the obtained address range distribution information, a mapping of the distinct address ranges to particular ones of the storage nodes, wherein the mapping is utilized to select paths for delivery of input-output operations to the storage nodes. Obtaining address range distribution information for the logical storage volume may comprise, for example, sending log page commands to each of the storage nodes to obtain asymmetric range access and/or template information.

Abstract: Systems and methods for computer system security authorization interfaces are described, including a non-transitory computer readable medium having computer executable instructions that when executed cause a processor to direct a directory server to create a position group, the directory server storing position-access permissions assigned to a plurality of permission groups, and to assign the position group as a member within the permission groups; and to assign a username to the position group, thereby associating the position group with the person and assigning the position-access permissions to the person. The position groups contain no usernames and are each associated with no more than one person at any one time. An interface application may allow a user to communicate with a directory server to manage position-access permissions within a directory service domain based on positions within an organizational structure of an organization, rather than on usernames.

Abstract: Systems and methods are provided for obtaining a request for a data object or a data structure from a client; determining an access level of the client and one or more access permissions of the requested data object or data structure; determining whether to transmit the requested data object or data structure to the client based on the access level of the client and the one or more access permissions; and transmitting the requested data object or data structure to the client.

Abstract: A computer-implemented method for data segmentation to improve security is described. The method includes receiving a request, from a client device of a user, for authentication information; parsing the request; based on the parsing, determining an authentication score that represents a likelihood that the request is from an authenticated device; determining, from the authentication score, a number of segments into which the requested authentication information is divided; and for each of the segments, assigning one or more portions of the authentication information to that segment, in which each segment is associated with one or more times at which to transmit information assigned to that segment, and at one or more times specified by that segment, transmitting one or more portions of the authentication information assigned to that segment to the client device.

Abstract: The present disclosure describes a computer-implemented method that includes: detecting an incident that an outbound email violates a data leakage prevention (DLP) rule of an enterprise, wherein the DLP rule specifies contents that are reserved for within the enterprise; automatically alerting one or more members of the enterprise of the incident based on a report detailing the incident; and receiving a response from each of the one or more members of the enterprise.

Abstract: Methods and systems for facilitating authentication of a user with a plurality of applications are described. One method includes authenticating a user with a first secure application based on information received from a smart credential stored on a mobile device via a local wireless connection. The method includes obtaining a remote challenge from a remote authentication service and a mobile challenge, signing the mobile challenge with a private key, and transmitting a signed version of the mobile challenge, the remote challenge, and a public key to the mobile device. The method further includes receiving a signed version of the remote challenge and a certificate indicating validation of the mobile challenge, and transmitting the signed version of the remote challenge to the remote authentication service. Based on receiving an authentication result from the remote authentication service, access is granted to a remote secure application via the browser.

Abstract: Architecture that enables a user to designate acceptance to receiving social cards from other user in a social network using a personal digital assistant. A mapping component maintains the mappings of all users who have accepted to participate in card sharing and the acceptance level. A whitelist of users can be created that lists the users to whom a social card can be sent from an endpoint. The user can create local groups dynamically at runtime on the local endpoint, where the local groups enable the sharing of the personalized content with multiple users concurrently. The shared card is selected by the sending user and becomes available to the PDA on the proactive canvas of the recipient's PDA along with other cards. Based on the user engagement history, these cards can be ranked among other cards social or non-social PDA cards. Conflation, push notifications, and filtering are also provided.

Abstract: A computer-implemented method comprising receiving a first event request corresponding to a pending event between a first computing device and a second computing device, the first event request comprising a first set of event attributes corresponding to the pending event; transmitting, each of a plurality of first subsets of event attributes to a different set of nodes; receiving a second event request corresponding to the pending event between the first computing device and the second computing device; and transmitting each of the plurality of second subsets of event attributes to a different set of the plurality of sets of nodes, wherein each of the plurality of sets of nodes compares the first subset of event attributes that the set of nodes receives with the second subset of event attributes that the set of nodes receives; and a block instance corresponding to the pending event to a blockchain.

Abstract: Provided are an authentication processing method and device, a storage medium, and an electronic device. The method includes that: a terminal receives an authentication request message from an authentication function; and in cases where authentication on the authentication request message fails, the terminal feeds back an authentication failure message to the authentication function. In cases where the cause of the authentication failure is a Message Authentication Code (MAC) failure and in cases where a cause of authentication failure is a Synchronization (Sync) failure, the terminal feeds back authentication failure messages of the same type to the authentication function.

Abstract: An information processing device includes a display control means that displays a log-in screen for a service which is provided by a collaboration service after accessing the collaboration service, a first transmission means that transmits a request for verification data to the collaboration service, a communication control means that communicates with an authenticator before authenticating a user, a second transmission means that transmits a request including verification data to the authenticator when an instruction for log-in is received, and a third transmission means that transmits signature data received from the authenticator to the collaboration service. At least one of transmission of the request to the collaboration service from the first transmission means and communication of the communication control means with the authenticator is performed without waiting until the instruction for log-in is received from the user after accessing the collaboration service.

Abstract: A method includes a computing device of a computing infrastructure interpreting a request from a learning object owner computing device to make available for licensing a set of learning objects to produce an object basics record of a smart contract for the set of learning objects. The method further includes verifying, with an accreditation authority computing device of the computing infrastructure, validity of the object basics record. When the object basics record is valid, the method further includes establishing available license terms of the smart contract for the set of learning objects, establishing available payment terms of the smart contract for the set of learning objects, and causing generation of a non-fungible token associated with the smart contract in an object distributed ledger.

Abstract: A method of providing a preview version of a book over a computer network, the method comprising: apportioning the book into a plurality of content segments; modifying the book by rearranging at least a subset of the plurality of content segments to create a shuffled configuration of the book; initiating a preview session and displaying at least a first content segment from said shuffled configuration of the book in a preview window; displaying a next group of content segments from said shuffled configuration of the book during said preview session upon receiving a prompt from user to continue browsing; and controlling the availability of said shuffled configuration of the book during said preview session. A user may further customize preview version by providing a search input or by selecting a page range. Shuffled preview version may include one or more advertisements.

Abstract: In some implementations, a device may monitor a screenshot function of a user device. The device may receive, via an application, sensitive information associated with an operation of the application. The device may detect a screenshot instruction associated with the screenshot function capturing a screenshot of a graphical user interface of the application that is displaying the sensitive information. The device may control the screenshot function to suspend a capture of the screenshot of the graphical user interface. The device may identify a portion of the graphical user interface that includes the sensitive information. The device may mask portion of the graphical user interface to obfuscate the sensitive information. The device may enable the screenshot function to capture, according to the screenshot instruction, the screenshot with obfuscated sensitive information. The device may unmask the portion to enable the sensitive information to be displayed via the graphical user interface.

Abstract: Systems and methods to determine content to present based on interaction information of a given user are disclosed. Exemplary implementations may: store, in electronic storage, psychological profiles; obtain, in an ongoing manner, interaction information of users from the online platforms; determine psychological profiles of the users based on the interaction information for the individual users; update, in an ongoing manner, the determined psychological profiles as the interaction information is ongoingly obtained such that the first psychological profile is ongoingly updated as the first interaction information is ongoingly obtained; and provide, based on the psychological profiles, the individual users with content.

Abstract: Disclosed herein are system, method, and computer program product embodiments for generating a graphical user interface (GUI) with a consolidated user incident report. In some embodiments, a server receives a set of data comprising a first set of data elements. The server incorporates the set of data on a graphical user interface (GUI). The set of data is rendered in a first portion of the GUI and the different set of data is rendered in a second portion of the GUI. The server further receives a request to delete one or more data elements of the set of data or the different set of data from the GUI. As such, the server consolidates the first and second portion into a combined portion on the GUI. The combined portion comprises the set of data and the different set of data excluding the one or more data elements.

Abstract: A system for processing data that includes a first processor configured to operate one or more algorithms to provide a proxy for each of a plurality of external network communications segments and internal network communications segments associated with a specific use, the first processor configured to operate one or more algorithms to provide a firewall agent that performs firewall processing for each of the plurality of external network communications segments and the internal network communications segments and wherein the explicit proxy is installed using a proxy auto configuration file that is associated with the firewall agent.

Abstract: A computer-implemented method of determining an indication of whether a vehicle in a crash is a total loss. The method may include (1) receiving (i) image data, (ii) sensor data, and/or (iii) telematics or other data indicative of a direction of a crash force; (2) determining a type of geographic area in which the crash occurred; (3) determining a make, a model, and/or a year of the vehicle; and (4) determining the indication of whether the vehicle is a total loss based upon (i) (a) the image data, (b) the sensor data, and/or (c) the data indicative of the direction of the crash force, (ii) the type of geographic area, and (iii) the make, the model, and/or the year of the vehicle. By determining the indication of whether the vehicle is a total loss based upon such data and/or factors, time may be saved and resources may be conserved.

Abstract: A method is disclosed. The method comprises receiving, by an identity network computer, a query set including a plurality of test identity attributes. After receiving the query set, the identity network computer may retrieve derivatives of identity attributes associated with a user, and an encrypted trapdoor, then compute an obscured query set using the query set, and optionally the derivatives of identity attributes. The identity network computer may transmit the obscured query set (i) and the encrypted trapdoor to a user device associated with the user, which generates and transmits a first modified trapdoor and the obscured query set to a relying party computer, or (ii) and a second modified trapdoor to the relying party computer. The relying party computer may thereafter use the obscured query set, and the first modified trapdoor or the second modified trapdoor, to determine if the identity attributes is a member of the query set.

Abstract: The present disclosure provides an electronic device including a touch screen display, at least one processor, and a memory, in which the memory stores a first application program including a user interface, and stores instructions that, with regard to execution of the first application, cause the at least one processor to execute the first application program, and display content on the touch screen display in response to the execution of the first application program, receive a first user input for selecting at least a portion of the content using the user interface, receive a second user input for adding at least a portion of the selected content to a clipboard using the user interface, check whether or not the application program associated with the second user input is the first application program, and allow or block the addition of the selected content to the clipboard based at least in part on the check. In addition to the above, various embodiments identified through the specification are possible.

Abstract: Aspects of the disclosure relate to information masking. A user device may receive a request to access information that includes personal identifiable information (PII) and retrieve source data comprising the PII. The user device may mask, within the source data and based on a data management policy, the PII, resulting in masked information. The user device may display the masked information. The user device may receive a request to unmask the masked information and unmask the PII, resulting in unmasked PII. The user device may display the unmasked PII and send unmasking event information to a PII footprint modeling platform, which may cause the PII footprint modeling platform to: log the request to unmask the masked information in an unmasking event log, 2) apply a machine learning model to the unmasking event log to identify malicious events, and 3) trigger remediation actions based on identification of the malicious events.

Abstract: A computer system that includes one or more processors configured to execute a secure sovereign manager that controls remote execution of commands on a sovereign cloud computing platform. The secure sovereign manager is configured to create an escorted session for an unqualified user for invoking commands on the sovereign cloud computing platform. The unqualified user does not have sovereign-trusted credentials that define qualifications required for accessing the sovereign cloud computing platform. The escorted session is asynchronously supervised by a qualified user that has sovereign-trusted credentials. The secure sovereign manager is configured to receive an indication of approval or denial of invocation of a received command. Based on at least receiving an indication of approval, the secure sovereign manager invokes the received command on the sovereign cloud computing platform.

Abstract: A method for detecting an unauthorized copy of a content according to an embodiment of the present invention includes providing content including a plurality of images to a terminal device; collecting scroll inputs applied by a user to the terminal device when viewing the content, and generating scroll log information from the scroll inputs; and constructing a database by collecting the scroll log information according to each user account registered in the service server or identification information of the terminal device.

Abstract: A first copy of a heterogeneous program payload is provided to a first computing device. The heterogeneous program payload contains an unencrypted component and a set of one or more encrypted components. The set of encrypted components corresponding to a set of one or more programs. The unencrypted component of the heterogeneous program payload includes loader program code configured to receive a first license key. The loader program code is configured to, in response to receiving the first license key, perform a decryption action against the set of encrypted components of the heterogeneous program payload.

Abstract: A controlled content system for providing a controlled and contained environment that is remotely accessible is disclosed. An application on the end user device is modified to allow certain sites and services to be mediated in a mid-link server. The app uses policies to know when to access the mid-link server for the controlled and contained environment. Policies can specify the type of processing performed on the mid-link server. Some embodiments support the app selectively using the mid-link server for mediated sites and services. A client spoofer at the mid-link server spoofs direct interaction with the certain sites and the services as if the end user device was directly interacting with the plurality of remote services.

Abstract: Described herein are techniques for enabling remote implementation and enforcement of usage settings on one or more user devices. In some embodiments, a wireless carrier network maintains information on relationships between various user devices. Each relationship may be active under specified conditions (e.g., time and/or location) and is associated with usage settings that dictate one or more rules to be enforced while the relationship is active. In some embodiments, a set of usage settings may be generated for a particular user device based on all active relationships associated with that user device. The set of usage settings may be enforced by a mobile application installed upon a user device or by a wireless carrier network that blocks certain network traffic to and/or from the user device.

Abstract: Disclosed herein are system, method, and computer program product embodiments for preemptively evaluating whether roles are over-privileged within an (IAM) identity and access management system. Roles may be over-privileged when they are granted permissions to perform certain actions outside the scope granted to those roles. The evaluation occurs without submitting the certain actions to the IAM system and allows roles to be evaluated on a preemptive basis so that corrective actions may be taken to prevent unauthorized access to resources. Roles may be associated with policies which may each define different permissions for accessing resources. The evaluation may involve generating an effective policy from the policies associated with a role to provide a comprehensive view of all permissions associated with the role.

Abstract: Systems and methods are provided for automatic notifications of expired subscriptions. In various embodiments, a network function can request a subscription from a Unified Data Repository (UDR). The request for the subscription can include a request for a notification when the subscription expires or at a time prior to the expiration of the subscription. When the subscription expires or at the time prior to the expiration of the subscription, the UDR can provide a notification that the subscription has expired or is about to expire. Based on the notification, the network function can request to re-subscribe or request a new subscription from the UDR.

Abstract: One example method includes receiving, by a client computing device, a request to open a superfile stored in a memory device at the client computing device, the superfile comprising encrypted content, the request comprising user credential information; in response to receiving the request to open the superfile, communicating, by the client computing device, a request to a remote server to access the superfile, the request including a credential associated with the user account; receiving, from the remote server, cryptographic information; decrypting, using the cryptographic information, the encrypted content; accessing and presenting the decrypted content; and maintaining communications with the remote server while the decrypted content is accessed.

Abstract: System and method for facilitating account access delegation are provided. Login credentials are authenticated for a first account of a first funding source of a first user. A request from the first user to delegate, to a second account of a second user, access to the first funding source is received. A redirected login request from a merchant web application is further received. The redirected login request corresponds to the second account. A determination is made, based on the received request, that the second account is permissioned to use the first funding source. In response to the determination, a login of the first user account is caused on the merchant web application. The logging in of the first user account on the merchant web application causes the first funding source to be applied to an electronic transaction performed on the merchant web application under control of the second user.

Abstract: A cloud infrastructure is configured and deployed for managing services executed on a cloud platform. The cloud infrastructure includes a control datacenter configured to communicate with one or more service datacenters. The service datacenter deploys one or more application programming interfaces (API's) associated with a service. The service datacenter also deploys an administration agent. The control datacenter hosts an engine that receives requests from users to perform administration operations by invoking the administration API's. In this manner, the control datacenter functions as a centralized control mechanism that effectively distributes administration operation requests as they are received from users to service datacenters that can service the requests. The cloud infrastructure provides an auditable, compliant and secure management system for administering services for distributed systems running in the cloud.

Abstract: Systems and methods for digital property protection are disclosed. For example, indication may be received that an entity has applied for an insurance policy to insure against theft of digital property. The digital property may be registered and a valuation of the digital property may be generated. Due diligence processes may be performed, including assessment of physical and/or network security mechanisms to prevent theft of the digital property. A recommendation to issue the insurance policy may be generated and sent in examples where the due diligence processes return favorable results. Terms generation and/or identification may be performed, and claims processing based at least in part on loss matrixes may also be performed.

Abstract: A method for identity resolution and data enrichment is performed by at least one hardware processor and includes detecting at an account of a data provider, a shared data object that is shared by an account of a data consumer with the account of the data provider. An application executing at the account of the data consumer is enabled for an identity resolution process based on the detecting of the shared data object. A request for source data received from the application is detected at the account of the data provider. The source data is managed by the account of the data provider. The source data is communicated to the application executing at the account of the data consumer, based on a verification that the application is enabled for the identity resolution process. The identity resolution process is performed at the account of the data consumer using the source data.

Abstract: Evaluating computers, devices, or endpoints on a network, such as a large network of computers in an enterprise environment. Detecting computers, devices, or endpoints that may present a security risk to the network or may be compromised in some way. Generating network traffic that, in some cases, should be ignored or should prompt specific, known responses. Detecting endpoint(s) that respond to such network traffic in an anomalous way, or otherwise attempt to perform certain operations based on such network traffic.

Abstract: Methods, systems, and apparatus, including an apparatus for verifying the integrity of requests. In some aspects, a method includes receiving, from an application, a request including an attestation token of the application. The attestation token includes a set of data that includes at least a public key of the application and a token creation time that indicates a time at which the attestation token was created. The attestation also includes a signature of the set of data. The signature is generated using a private key that corresponds to the public key. The integrity of the request is verified using the attestation token. The verification includes determining that the integrity of the request is valid based on a determination that the token creation time is within a threshold duration of the time at which the request was received and a determination that the set of data has not been.

Abstract: A method, an electronic device, and a computer program product for storage management are provided. The method includes: acquiring a lock attribute record in a lock attribute record chain from a data protection network for backing up data, data protection servers of the data protection network reaching a consensus on the lock attribute record chain, the lock attribute record including a first attribute value of an attribute of a lock operation, the lock operation being used for preventing a backup of the data stored in a storage server from being tampered with; acquiring, based on the lock attribute record, a second attribute value of the attribute of the lock operation from the storage server; and generating, based on determining that the first attribute value does not match the second attribute value, an alarm indicating that the backup is tampered with. This solution can better prevent data from being tampered with.

Abstract: A system includes a processor and memory storing instructions that cause the processor to receive, from a client device, inputs defining associations between one or more control objectives and one more policies, wherein the one or more control objectives define one or more functions to be performed to comply with the one or more policies. The processor may map the one or more policies associated with the one or more control objectives to an application environment and receive, from the client device or a different client device, a change set to an application in the application environment, wherein the change set comprises one or more modifications to the application. The processor may then determine whether the change set adheres to the one or more policies and restrict implementation of the change set in response to determining that the change set does not adhere to the one more policies.

Abstract: Described herein are systems, methods, and non-transitory computer readable media for automating the transfer/syncing of datasets or other artifacts from one security domain (e.g., a low security side environment) to another security domain (e.g., a high security side environment) in a seamless manner that complies with requirements of a data transfer mechanism used to transfer data between the two security domains while ensuring data integrity and consistency between the two security domains.

Abstract: Systems and methods relate generally to associating confidential information with redactions are disclosed. In one such method, a login session is established with a programmed server. A document having the confidential information is uploaded to the programmed server. The confidential information in the document is detected by an artificial intelligence service. The confidential information is analyzed according to at least one rule by the artificial intelligence service. Suggestions for at least one redaction are generated by the artificial intelligence service. At least a portion of the confidential information is redacted responsive to the at least one redaction suggested by a redaction service. The document is stored in association with the at least one redaction though separate from the confidential information to provide at least one reversible redaction.

Abstract: A method comparing, by a user device, an observed characteristic with a determined characteristic, the observed characteristic indicating a current feature included in a current communication associated with a current entity with which the user device is communicating and the determined characteristic indicating an authentic feature included in an authentic communication associated with an authentic entity with which the user device intends to communicate; selectively matching, by the user device based on a result of comparing the observed characteristic with the determined characteristic, current communication information associated with the current communication with authentic communication information associated with the authentic communication; and determining, by the user device based on a result of selectively matching the current communication information with the authentic communication information, that the current entity is the authentic entity or that the current entity is not the authentic entity.

Abstract: Systems and methods are provided for efficient post-processing of object-based snapshots of block-storage volumes, which post-processing may include garbage collection, validation, or resource usage auditing for the snapshots. An object-based snapshot can be logically represented by a set of objects stored on an object storage service, which objects collectively represent a copy of the data of a corresponding block-storage volume at a given point in time. Each snapshot can further be represented by a full manifest that includes a full listing the set of objects representing the block-storage volume, and a differential manifest that includes a listing of objects unique to the snapshot relative to a prior snapshot of the same volume. Full manifests enable each snapshot to remain independently represented, while differential manifests enable efficient post-processing by reducing the amount of data retrieved and processed to identify an aggregate of all objects referenced across a group of snapshots.

Abstract: Systems, methods, and corresponding non-transitory computer readable media describe a proposed system adapted as a platform governing the loading of data in a multiparty secure computing environment. In the multiparty secure computing environment described herein, multiple parties are able to load their secure information into a data warehouse having specific secure processing adaptations that limit both access and interactions with data stored thereon.