A method for partially unmasking an object in a video stream comprises: displaying a first video stream in which objects are covered by privacy masks; receiving user input regarding a selection of an object being covered by a privacy mask, wherein the object has a first portion being associated with a first privacy level and a second portion being associated with a second, higher, privacy level; checking that a permission associated with the user input grants access to video data depicting object portions being associated with the first privacy level; giving access to video data depicting the first portion of the object; and displaying a second video stream which differs from the first video stream in that it includes the video data depicting the first portion of the object, while the second portion of the object is still covered by a privacy mask.

A fully-automated, defensible and highly-scalable system for disposition decisioning and, where applicable deleting previously archived electronic communications. In this regard, the present invention is capable of determining, on an individual e-communication basis, whether an e-communication should be deleted/purged from archive or retained in archive taking into account applicable rules and policies based on the geographic location from which the e-communication was sent, received or posted, as well as, based on the status on the sender/poster and/or recipient.

A system management mode (SMM) runtime resiliency manager (SRM) augments computing resource protection policies provided by an SMM policy shim The SMM shim protects system resources by deprivileging system management interrupt (SMI) handlers to a lower level of privilege (e.g., ring 3 privilege) and by configuring page tables and register bitmaps (e.g., I/O, MSR, and Save State register bitmaps). SRM capabilities include protecting the SMM shim, updating the SMM shim, protecting a computing system during SMM shim update, detecting SMM attacks, and recovering attacked or faulty SMM components.

In example implementations, a computing device is provided. The computing device includes a basic input/output system (BIOS), a memory, and a controller. The memory is to store a BIOS password, wherein the BIOS password includes a first part and a second part. The controller is to associate a first device with the first part and a second device with the second part.

In one aspect, a device may include at least one processor and storage accessible to the processor. The storage may include instructions executable by the processor to identify a threshold amount of time related to authentication failure based on an activity for which the device is currently being used and at least one method of authentication to be used for authenticating a user while the user performs the activity. The instructions may also be executable to take at least a first action based on an interruption that prevents repeated authentication not exceeding the threshold amount of time, and to take at least a second action based on successful authentication resuming subsequent to the interruption but within the threshold amount of time. The instructions may also be executable to take at least a third action based on the interruption exceeding the threshold amount of time.

Disclosed is an approach for dynamically applying roles and access levels to an actor based at least in part upon a set of conditions an object should meet for the role to be assumed. The approach may dynamically determine privileges based at least in part upon API endpoints and operations. A multi-factor approach may be taken for determining authorization based at least in part upon conditions, attributes, and policy.

In an example there is provided a method for initiating an auxiliary access protocol in an authentication session. The method comprises providing attestation data attesting to a cause of an outcome of an authentication attempt in an authentication session, accessing a policy to initiate an auxiliary access protocol, determining if the attestation data fulfils a criterion according to the policy and initiating the auxiliary access protocol on the basis of said determination.

A unique hardware key is recorded a secure hardware environment. A first logic circuit of the secure hardware environment is configured to generate a unique derived key from said unique hardware key and at least one piece of information. The at least one piece of information relates to one or more of an execution context and a use of a secret key. The secure hardware environment further includes a first encryption device that performs a symmetric encryption of the secret key using the unique derived key. This symmetric encryption generates an encrypted secret key for use outside of the secure hardware environment.

To resolve a conflict between CMIS secondary types and certain ECM features such as content server categories and allow the underlying ECM system to be fully CMIS-compliant, an ECM-independent ETL tool comprising a CMIS-compliant, repository-specific connector is provided. Operating on an integration services server at an integration tier between an application tier and a storage tier where the repository resides, the connector is particular configured to support CMIS secondary types and specific to the repository. On startup, the connector can import any category definition from the repository. The category definition contains properties associated with a category in the repository. When the category is attached to a document, the properties are viewable via a special category object type and a category identifier for the category. Any application can be adapted to leverage the ECM-independent ETL tool disclosed herein.

An information processing apparatus includes a processor configured to: display a process reception screen in which plural processes included in a workflow are displayed in order of execution and that receives selection of at least one of the plural displayed processes; receive, for the at least one process received by the process reception screen, disclosure information indicating whether to disclose workflow-related information relating to the workflow; and set whether to disclose the workflow-related information in accordance with the received disclosure information.