An operating system of a mobile device defines an interface for an MDM to ensure security of the device. A private personal MDM (PPMDM) instead interfaces with the operating systems and one or more enterprise MDMs (EMDM) implement security policies through the PPMDM subject to user control. Data may be flagged as associated with an EMDM based on source or location to enable deletion due to theft or disassociation with an enterprise. Blocks or threat detection according to an EMDM policy may be reported to an EMDM in a non-invasive manner.

In general, the invention relates to a method for managing data. The method includes obtaining a data set from a local data system, identifying an audit tag associated with the data set, generating a table entry for a data registration table based on the data set and the audit tag, and storing the table entry in the data registration table, wherein the data registration table is stored in a data tracking service.

A method for learning a shared machine learning model while preserving privacy of individual participants is provided. The method includes: receiving, from each of a group of users, an encrypted user input; when a number of user inputs is greater than or equal to a threshold, transmitting, to each user, a list of the group of users; receiving, from each user, a message indicating a mutual agreement regarding a shared secret among the group; and when a number of received messages indicating the mutual agreement is greater than or equal to the threshold, determining information about the shared machine learning model by combining the received encrypted user inputs. The shared machine learning model facilitates a secure multi-party computation of a function that generates an updated version of the shared machine learning model.

Systems and methods for stalling a host processor. In some embodiments, the host processor may be caused to initiate one or more selected transactions, wherein the one or more selected transactions comprise a bus transaction. The host processor may be prevented from completing the one or more selected transactions, to thereby stall the host processor.

An apparatus is configured to protect the privacy of shared objects by loading shared object into a user memory of a rich execution environment. The shared object has an encrypted segment and metadata. A request for decryption is sent to a trusted execution environment and the encrypted segment is decrypted based on the metadata and a predetermined platform key to produce a decrypted segment. The decrypted segment is written into the shared object. A request to lock the shared object is sent and a memory occupied by the shared object is locked or set to execute only. The lock of the memory region occupied by the decrypted shared object maps the memory region to be non-readable and non-writable to applications executing at a first privilege level and to the operating system kernel executing at a second privilege level.

A method and device for non-fungible token (NFT)-based software is disclosed. A method of running the NFT-based software performed on the device includes: running the NFT-based software in response to an execution request for executing the NFT-based software; loading NFT metadata including identification information indicating the NFT-based software, identification information indicating an owner of the NFT-based software, and specified engraving data, in response to the execution request; and outputting the engraving data included in the NFT metadata based on an event occurring as the NFT-based software runs.

An automatically predetermined credential system for a remote administrative operating system (OS) authorization and policy control is disclosed. Administrative activities are packaged in single-use downloaded software program. When executed, the administrative access to the OS is activated before completing the administrative activities. The single-use downloaded software program has policies that performs checks on a user computer executing the software program. The policies include checking firewall settings, confirming virus checking, interrogating software to confirm patches or updates have been performed, checking for key loggers or other surveillance software or devices The single-use downloaded software is protected with a passcode to prevent activation in an unauthorized way.

A system and method for securely storing, retrieving and sharing data using PCs and mobile devices and for controlling and tracking the movement of data to and from a variety of computing and storage devices.

Systems and methods are provided for efficient and automated control of software permissions and access to network resources across a complex enterprise environment. User access is may be governed by software bundles. Such bundles and bundles may or may not include all programs or access to all systems needed by the user. An access request management tool is provided that includes new process flows and artificial intelligence for automated refining of software access across a complex and large network of computer servers. The management tool may eliminate conventional intermediary systems needed when utilizing centralized access request management. The management tool may check which user has access to a software bundle and may assign the bundle to other users. The management tool may revoke or grant access to a software bundle.

Novel tools and techniques for an IoT shell are provided. A system includes an internet of things (IoT) device, a database, and a license manager. The database may include one or more sets of authorized licenses, each set of authorized licenses associated with a respective vendor software. The license manager may be in communication with the IoT device and the database, and further include a processor and a non-transitory computer readable medium comprising instructions executable by the processor. The license manager may be configured to receive a request to reserve a license for a first vendor software, determine an availability of the license associated with the first vendor software, register a unique identifier of the IoT device in association with the license, and grant the license to the IoT device.