Systems and methods in which multiple key servers operate cooperatively to securely provide authorization codes to requesting devices. In one embodiment, a server cloud receives a device authorization code request and selects an “A server”. The “A server” requests authorization from one or more “B servers” and authorizes the “B servers” to respond. The “B servers” provide authorization to the “A server”, and may provide threshold key inputs to enable decryption of device authorization codes. The “A server” cannot provide the requested device authorization code without authorization from the “B server(s)”, and the “B server(s)” cannot provide the requested server authorization code and threshold inputs without a valid request from the “A server”. After the “A server” receives authorization from the “B server(s)”, it can provide the initially requested device authorization code to the requesting device.

The technology relates to systems and methods for automatically determining, using an in-memory hierarchical data structure and traversal technique, the applicability of one or more sets of requirements for entities such as systems, processes, products, etc. Example embodiments represent selected sets of requirements in the in-memory hierarchical data structure based on which model objects representing various entities are evaluated.

Systems, methods, and software described herein provide enhancements for managing permissions in a shared graph. In one implementation, a graph management system identifies a request to classify a first subgraph in the graph for access by a tenant of a plurality of tenants, wherein the request indicates one or more vertex types and/or one or more edge types for the first subgraph. The graph management system further identifies one or more vertices and/or one or more edges in the graph that qualify for the first subgraph based on the indicated one or more vertex types and/or one or more edge types, and allocates permissions to at least one user associated with the tenant to access the first subgraph.

Organizing data in a cloud computing environment having a plurality of computing nodes is described. An authorization to service a request is received. The request may be from a user for launching an instance. In response to receiving the authorization and based on the request, an image list is determined. The image list includes information corresponding to a plurality of machine images. At least one machine image is identified from the image list associated with a functional requirement of the request. The instance is launched at the at least one computing node. The at least one machine image is updated after the instance has been launched.

Accessing privileged objects in a server environment. A privileged object is associated with an application comprising at least one process resource and a corresponding semi-privileged instruction. The association is filed in an entity of an operating system kernel. A central processing unit (CPU) performs an authorization check if the semi-privileged instruction is issued and attempts to access the privileged object. The CPU executes the semi-privileged instruction and grants access to the privileged object if the operating system kernel has issued the semi-privileged instruction; or accesses the entity if a process resource of the application has issued the semi-privileged instruction to determine authorization of the process resource to access the privileged object. Upon positive authorization the CPU executes the semi-privileged instruction and grants access to the privileged object, and upon authorization failure denies execution of the semi-privileged instruction and performs a corresponding authorization check failure handling.

Various embodiments include one or more of systems, methods, software, and data structures for validating a digital signature, wherein common information in a certification chain is maintained in one entry of a Document Secure Store (DSS). The DSS separates the Long Term Validation (LTV) information from the digital signature, allowing amendment of and addition to the LTV information in the DSS after a digital signature is applied to a document.

Startup of a program and generation or change of a program is detected, or a program is searched for. It is determined, based on program information of a program whose startup is detected or a program which is found, whether or not the program meets a predetermined criterion. The program determined to meet the predetermined criterion is registered in a white list or black list.

A method for sharing data in a multi-tenant database includes receiving, by a target account of a multiple tenant database, access rights of a share object in a first account of the multiple tenant database, wherein the share object having access rights to a database object of the first account and wherein access to the database object of the first account by the target account is based on the access rights of the share object. The method also includes receiving, by one or more processors of the target account, access rights to an alias object, wherein the alias object references the database object of the first account.

The disclosed embodiments can be used to manage access to a plurality of secure records, thus rendering access to the secure records more efficient and secure. In accordance with certain disclosed embodiments, the secure records access management system may be configured to grant and revoke access to secure records upon the occurrence of certain events. In some disclosed embodiments, a secure record may comprise a third-party mention to indicate to the system that a third party should be granted access to the secure record. After detecting such a third-party mention, the system may grant the third party temporary access to information in the secure record, where such temporary access comprises the same access permissions as other users having access to the same secure record. The system may revoke the third party's access to the secure record.

A method and apparatus for secured, peer-to-peer transfer of data rights over a computer network, the method being accomplished by a distributed computing system including a distributed ledger platform. Root rights are defined and delegated to wallets in a multilevel manner to thereby isolate wallets associated with the root right from cyber risk.