In an example embodiment, access to a data set in a data lake can be specified using several approaches, based on the metadata and information attached. The metadata may be replicated from the original data source of the underlying data, and additional metadata may be modeled and stored to construct linkage information between data types. This linkage information may be used to automatically grant access to users to additional objects that are linked to objects that the user has explicit access to.

The disclosed technology relates to a system configured to detect a modification to a node in a tree data structure. The node is associated with a content item managed by a content management service as well as a filename. The system may append the filename and a separator to a filename array, determine a location of the filename in the filename array, and store the location of the filename in the node.

An electronic apparatus is provided. The electronic apparatus according to the disclosure includes: a display, a communication interface comprising communication circuitry, a memory, and a processor. The processor may be configured to: based on acquiring a user command for executing an application stored in the memory, execute the application, based on acquiring a request for access for information stored in the memory through the communication interface while executing the application, acquire access control information of another electronic apparatus related to the electronic apparatus for the application and a relevance between the user and the user of the another electronic apparatus, acquire guide information for guiding a response to the request for access based on the access control information and the relevance, and control the display to display a message including the guide information.

A method for securely terminating a distributed trusted execution environment spanning a plurality of work accelerators. Each accelerator is configured to self-isolate upon determining that the distributed TEE is to be terminated across the system of accelerators. The data is also wiped from the processor memory of each accelerator, such that the data cannot be read out from the processor memory once the accelerator's links are re-enabled. The self-isolation is performed on each accelerator prior to the step of terminating the TEE on that accelerator. An accelerator only re-enables its links to other accelerators once the data is wiped from its processor memory such that the secret data is removed from the accelerator memory.

Systems, computer program products, and methods are described herein for implementing real-time redaction in a workflow configurable environment. The present invention is configured to electronically receive, from a user input device, a request to load at least one user interface associated with an application; initiate a real-time content redaction engine on contents of the one or more fields associated with the at least one user interface in response to receiving the request, wherein initiating further comprises: parsing one or more embedded structures associated with the one or more fields; identifying private information in the one or more fields based on at least parsing the one or more embedded structures; and masking the private information in the one or more fields; and load the at least one user interface associated with the application in response to masking the private information in the one or more fields.

A fully-automated, defensible and highly-scalable system for disposition decisioning and, where applicable deleting previously archived electronic communications. In this regard, the present invention is capable of determining, on an individual e-communication basis, whether an e-communication should be deleted/purged from archive or retained in archive taking into account applicable rules and policies based on the geographic location from which the e-communication was sent, received or posted, as well as, based on the status on the sender/poster and/or recipient.

A system and method are described. An illustrative system enables operations such as: receiving new associated content from a user device and quantifying the new associated content via generating at least one new attribute-value pair object according to a multi-dimensional namespace and including at least some quantified attribute-value pairs determined from implementations of recognition algorithms executed on at least some of the new associated content. The operations may further include linking the at least one new attribute-value pair object into the linked list data structure and recording publication of the new associated content and the at least one new attribute-value pair object on a notarized ledger.

An embodiment includes receiving, at database connectivity (DBC) layer, a request to access data of a data source, wherein the data source is registered with a data catalog that includes data governance artifacts, and wherein the request is made via a connection that bypasses the data catalog. The embodiment also includes comparing, by a governance manager at the DBC layer, an access privilege level for a credential associated with the request to access requirements of requested data included in data protection rules of the governance artifacts. The embodiment also includes masking, by the governance manager, a portion of the data provided in response to the request, wherein the portion of the data has an access requirement that is not met by the access privilege level for the credential associated with the request.

Virtual computing instance (VCI) agent authentication in a public cloud can include running a periodic task by an agent on a VCI created from a VCI base image on a public cloud backend, where the VCI base image includes the agent. The periodic task can include querying a basic input/output system (BIOS) identifier of the VCI and calculating a hash of a string of media access control (MAC) addresses associated with the VCI. In response to the BIOS identifier and/or the hash not being stored in association with the agent, the periodic task can include authenticating the agent with the public cloud backend.

Disclosed is an approach for dynamically applying roles and access levels to an actor based at least in part upon a set of conditions an object should meet for the role to be assumed. The approach may dynamically determine privileges based at least in part upon API endpoints and operations. A multi-factor approach may be taken for determining authorization based at least in part upon conditions, attributes, and policy.