A system is provided for detecting whether an application program executing in a secure enclave of a host computing system may be the target of a rewind attack. The system ensures that state information is consistent with messages that are received. The messages contain current ordering information, previous ordering information, and a related message identifier. When a message is received, the system determines whether the previous ordering information of the message and previous ordering information of the state information associated with the related message identifier are consistent. If not consistent, the system may indicate that a rewind attack is in progress because a malicious actor may have provided an out-of-date version of the state information. If consistent, the system updates previous ordering information of the state information that is associated with the related message identifier based on the current ordering information.

An authorization verification system, method, and apparatus for an application and storage medium is disclosed. A license key information corresponding to the application is generated according to description information of the application and information of the admission device, and before importing the application into the target device, the license key information corresponding to the application is used to perform authorization verification. It is determined whether to import the software package of the application into the target device based on a result of the authorization verification; after importing the software package of the application into the target device, secondary authorization verification is performed again on the target device according to the software package of the application, and it is determined whether to allow the target device to run the software package of the application based on a result of the secondary authorization verification.

A monitoring control device according to an embodiment includes a host-side storage unit and a host-side processor. The host-side storage unit is configured to store an HMI program configured to generate a monitoring operation screen, host-side remote monitoring software configured to establish connection between an own device and a client PC according to a remote desktop protocol and send the monitoring operation screen to the client PC, and a key code. The host-side processor is configured to execute the host-side remote monitoring software and the HMI program. The host-side remote monitoring software is configured to virtualize a dongle connected to the client PC, as a dongle connected to the monitoring control device. The HMI program is configured to end execution of the HMI program if the key code stored in the virtualized dongle does not match with the key code stored in the host-side storage unit.

A method and an intelligent apparatus for calling permission verification of a protected intelligent application are provided. Based on the present application, through the calling of the hardware decryption module by the device kernel application, the intelligent apparatus can decrypt the authentication ciphertext in the protected intelligent application by using the implanted-into-kernel key in the device kernel application and the burnt-into-hardware key in the write-protected storage medium, and only when the implanted-into-kernel key is the secondary authentication key obtained by encrypting the second controlled key with the first controlled key and the burnt-into-hardware key is the first controlled key, the correct second controlled key can be obtained to decrypt the authentication ciphertext and the decrypted plaintext consistent with the sample plaintext can be obtained after decryption, so that the protected intelligent application can grant the calling permission to the device kernel application through consistency verification. Thus, the use permission of the protected intelligent application can be limited to the intelligent apparatus with correct key configuration, so as to prevent the malicious piracy of the protected intelligent application running in the illegal apparatus.

The present disclosure relates to a method for determining a functional inventory of a functional unit, wherein in the functional unit at least one function that has already been installed can be enabled and thus activated in each case and/or at least one function can be subsequently installed and so that it can be activated in each case and wherein the functional inventory of the functional unit represents the set of functions that are actually activated. The current functional inventory of the functional unit is determined by a control device of the functional unit and an actual inventory specification is generated for the current functional inventory, which describes the determined functional inventory, and in an external server device, a target inventory specification relating to a target functional inventory is requested from a predetermined blockchain credit account and in the event that the determined actual inventory specification differs from the target inventory specification, a predetermined forcing measure for predetermining the target functional inventory is triggered.

A method for processing an application program includes steps for a non-service system to obtain a first running instruction from a user for running a target first service system. Sending, by a terminal, a key acquiring request to a digital rights management (DRM) server using the non-service system, requesting key information corresponding to the target first service system. The key information is fed back by the DRM server when the user has use permission of the target first service system. Decrypting, by the terminal, the target first service system based on the key information using the non-service system, and executing a service function corresponding to the target first service system.

A 3D data system includes: a storage means that stores a correspondence, for each of a plurality of 3D data sets, each including a data body representing 3D model, share restriction information describing restrictions on a scope for sharing the data body, the process restriction information describing restrictions on the processing of the 3D model, the correspondence being among the data identifier of the 3D data set, the user identifier of a user who is a subject in the data body included in the 3D data set, and a user identifier of another user who shares the 3D data set from the user; a request receiving means that receives a processing request including a user identifier from the service application; an authenticating means that authenticates the user who has made the request performs the processing; and a response transmitting means that transmits at least a part of the data body and at least a part of the processing limit information to the service application.

The deployment of a multi-enterprise application in a shared computing environment includes the generation of multiple different instances of a context management object from a genetically incorporated segment of a single collection of program code, the code having been arranged to restrict access to one or both of application features and application data according to a tokenized relationship between a requesting entity issuing a request to a corresponding application, and an owner of the corresponding application. Thereafter, requests targeting the corresponding application are processed through the creation of an instance of the context management object according to a token supplied with each request and the specification of the requesting entity and the corresponding application. The genetically incorporated segment then moderates the access to the application features and the application data irrespective of the corresponding application.

An aspect of the present teachings generally includes a data processing platform (e.g., a platform hosted by a remote computing resource) that analyzes and compiles information contained in a source spreadsheet, e.g., to ascertain how the source spreadsheet manipulates input data. The data processing platform may create an encrypted file related to the source spreadsheet that includes transformed input data and/or directives that define functionality of the source spreadsheet, e.g., where the encrypted file is specifically tailored for use on the data processing platform for a particular user or set of users. Also, or instead, the data processing platform may create or otherwise utilize one or more runtimes that, when executed in conjunction with the encrypted file, can mimic functionality of the source spreadsheet and/or other useful functionality applied to the input data or other disparate data.

Various example embodiments for supporting security for containerized applications may be configured to support security for containerized applications deployed to customer devices. Various example embodiments for supporting security for containerized applications that are deployed to customer devices may be configured to properly secure and validate containerized applications that are deployed to customer devices. Various example embodiments for supporting security for containerized applications that are deployed to customer devices may be configured to secure and validate containerized applications that are deployed to customer devices based on a framework configured to monitor and secure download of containerized applications to protect against the download of non-approved or malicious containers and to monitor and secure the run-time execution of containerized applications in various types of execution environments, thereby providing a capability to verify that the containerized applications are approved and authorized by the service provider and that the customer device has not been compromised.