A system is provided for end-to-end electronic data encryption using an intelligent homomorphic encrypted privacy screen. In particular, the system may be configured to use homomorphic encryption on sensitive data displayed on a screen of a computing device. An augmented reality (“AR”) device may be used (e.g., a user) with the privacy screen such that the sensitive data that appears on the screen may be selectively decrypted. In this way, an authorized user may be able to view and interact with the encrypted data whereas an unauthorized user may not.

A system and method mediate transfer of encrypted data files between local applications and external computer systems. Application containers perform cryptographic operations using stored credentials to decrypt data coming from these external systems and configurably forward them to the local applications, and to encrypt data sent from the local applications to the external systems. Access to this encryption-as-a-service (EaaS) functionality is gated by a fingerprint service that classifies requests by security level, and detects anomalous requests. Security classification is performed by a supervised machine learning algorithm, while anomalous request detection is performed by unsupervised machine learning algorithm. Stored keys are monitored, and when they near expiration or are damaged, embodiments proactively undertake key renewal and key exchange with the external computer systems. Containerization enables key storage in multiple vaults, thereby making such storage vendor-agnostic.

A protocol that is managed by a coordinating network element or third-party intermediary or peer network elements and utilizes tokens prohibits any subset of a union of the coordinating network element or third-party intermediary, if any, and a proper subset of the processors involved in token generation from substantively accessing underlying data. By one approach, processors utilize uniquely-held secrets. By one approach, an audit capability involves a plurality of processors. By one approach, the protocol enables data transference and/or corroboration. By one approach, transferred data is hosted independently of the coordinating network element. By one approach, the coordinating network element or third-party intermediary or a second requesting network element is at least partially blinded from access to tokens submitted by a first requesting network element. By one approach, a third-party intermediary uses a single- or consortium-sourced database. By one approach, network elements provisioned with tokens jointly manage the protocol.

Apparatuses, systems, methods, and software are disclosed for authorization delegation. In a participant device a derivative key is generated in dependence on a received key. An authenticity check value for a delegation information block is generated in dependence on the delegation information block and the received key. The derivative key is derived in dependence on the delegation information block and the received key. An extended certificate chain is created comprising a received certificate chain appended with a local certificate, which comprises the delegation information block and the authenticity check value.

A system, method, device, and platform for managing data. Data associated with a user received from one of a number of sources. The data is automatically confirmed as applicable to a user. The data is added to a data set associated with the user. A determination is made whether the data set is complete after adding the data to the data set. One or more tokens are created based on the data set of the user.

Techniques for managing licensing of a software application that includes a plurality of executables are presented. The techniques can include detecting an initiation of the software application on a client computer; obtaining a license for a usage of a first executable of the plurality of executables; detecting an initiation of at least a second executable; obtaining execution type data for the second executable specifying one of: a license for a usage of the second executable is not required if an instance of the second executable is executing on the client computer, or a license for a usage of the second executable is not required if at least one executable of the plurality of executables is executing on the client computer; determining, based on the execution type data, that a license for a usage of the second executable is not required; and executing the second executable.

Techniques for secure public exposure of digital data include extracting first digital data comprising one or more batches, each batch comprising a plurality of no more than a number T of packets, each packet containing a plurality of a number n of bits. A random binary matrix A consisting of T rows and n columns is generated. For a first batch, a first random n-bit temporary key is generated. For a packet in the first batch, a first packet vector key is generated based on random non-overlapping pairs of bit positions for both the temporary key and for a first packet-corresponding row of matrix A. An encrypted packet is generated for the packet based on the packet and the first packet vector key. The encrypted packet is exposed publicly.

A system for monitoring networked computing devices with integrated electronic data encryption and decryption mechanism is provided. In particular, the system may comprise one or more host applications which may interact with an API layer to transmit encrypted host-related data through a secure data rails to a consolidated data repository. One or more downstream monitoring applications may retrieve and decrypt the host-related data from the consolidated data repository for analysis. In this way, the system may provide a secure, scalable way to monitor host computing systems and flow of sensitive electronic data.

Techniques and technologies for providing a fully managed datastore for clients to securely store, discover, retrieve, remove, and share curated data, or features, to develop machine learning (ML) models in an efficient manner. The feature store service may provide clients with the ability to create and store feature groups that include features and associated metadata providing clients with a quick understanding of features so that they may determine which features are suitable for training ML models and/or use with ML models. The feature store service may provide first a data store configured to store the most recent values associated with a feature group, such that client can access the features and utilize ML models to make real-time predictions with low latency and high throughput, and a second datastore configured to store historical values associated with a feature group, such that a client can utilize the features to train ML models.

A method for device authentication comprises receiving, by processing hardware of a first device, a message from a second device to authenticate the first device. The processing hardware retrieves a secret value from secure storage hardware operatively coupled to the processing hardware. The processing hardware derives a validator from the secret value using a path through a key tree, wherein the path is based on the message, wherein deriving the validator using the path through the key tree comprises computing a plurality of successive intermediate keys starting with a value based on the secret value and leading to the validator, wherein each successive intermediate key is derived based on at least a portion of the message and a prior key. The first device then sends the validator to the second device.