The present disclosure describes clinical workflows, methods, and systems used to perform an indirect to direct subjective refraction to a patient with a mobile smartphone application that works as a encrypted remote administration tool in any portable electronic device and interconnect both systems via by 4G, 5G, 6G, or Wifi. According to various embodiments, an eye doctor may utilize a remote administration tool (RAT) or (RAS) remote access software application on a portable electronic device (PED) (smartphone, tablet, or laptop) to view and control the main control base (MCB) anywhere in the world to interconnect both systems. The eye doctor can perform an on-demand live subjective vision refraction via RAT technology. Furthermore, the eye doctor can control the (MCB) that can control, exam chair, digital phoropter, vision chart software, robotic phoropter arm, exam chair height, exam room lights, and near robotic chart arm anywhere in the world.

Systems and methods for authorizing rendering of objects in three-dimensional spaces are described. The system may include a first system defining a virtual three-dimensional space including the placement of a plurality of objects in the three-dimensional space, and a second system including a plurality of rules associated with portions of the three-dimensional space and a device coupled to the first system and the second system. The device may receive a request to render a volume of three-dimensional space, retrieve objects for the volume of three-dimensional, retrieve rules associated with the three-dimensional, and apply the rules for the three-dimensional space to the objects.

Nested namespaces for selective content sharing.

A DNS server receives from a receiving email system, a DNS query for an email domain stored at the DNS server, the DNS query including identifying information of a sender of an email. The DNS server extracts the identifying information of the email sender from the DNS query and identifies one of a plurality of delivering organizations from the information. The DNS server determines whether the identified delivering organization is authorized to deliver email on behalf of the email domain. In response to determining that the identified delivering organization is authorized to deliver email on behalf of the email domain, the DNS server generates a target validation record based on the identity of the authorized delivering organization and the email domain, the target validation record including one or more rules indicating to the receiving email system whether the delivering organization is an authorized sender of email for the email domain.

Modifying computer program output in a voice or non-text input activated environment is provided. A system can receive audio signals detected by a microphone of a device. The system can parse the audio signal to identify a computer program to invoke. The computer program can identify a dialog data structure. The system can modify the identified dialog data structure to include a content item. The system can provide the modified dialog data structure to a computing device for presentation.

A method and system for determining whether a consensus has been achieved for adding a block to a distributed ledger. The system receives a candidate block to add to the distributed ledger and receives block approvals of approving participants for the candidate block. The system calculates a total block approval stake that the approving participants have in the distributed ledger. The system identifies a total stake that participants have in the distributed ledger. When the total block approval stake is at least a threshold fraction of the total skate, the system indicates that the consensus has been achieved for adding the candidate block to the distributed ledger.

Methods in a cloud object store facilitate strong data encryption, customer-management of object (encryption) keys, reductions in latency, globally-distributed object storage, and handling of streamed uploads. A method for encrypting objects stored in a cloud includes encrypting each object with a unique encryption (object) key. The plaintext object keys are generated in advance of uploads. The plaintext object keys can be stored in an object database in the cloud. Alternatively, the plaintext object keys can be provided to a customer's HSM, encrypted, and returned to the cloud, such that encrypted object keys, encrypted by the customer, are stored in the cloud. The cloud can alternatively encrypt the customer's object keys with a master key for the customer, which is then encrypted by the customer's HSM before being stored in the cloud. Proxies are also deployed for efficiently communicating with customer security modules.

Access to data and resources in a multi-tenant computing system is managed by tagging the data and resources with attributes, as well as by tagging users with attributes. Tenant-specific access policies are configured. When an access request is received from a workload, a policy decision engine processes the attributes that are tagged to the requesting workload (e.g., user, application, etc.) as well as those tagged to the requested data or resource, given a relevant tenant-specific policy. An access decision is provided in response to the access request, and the access decision can be enforced by a tenant-specific enforcement system.

A security solution having a system, a method, or a computer program for protecting contents in a target storage device that is arranged to be removable from a storage system having a unique combination of a system complex key (SCK) and a system identification (SID). The solution includes receiving a request to remove the target storage device from the storage system, where the storage system may have a plurality of storage devices each containing the identical combination of system complex key (SCK) and system identification (SID), and receiving a system complex key password (SCKP). The solution includes comparing the system complex key password (SCKP) to the system complex key (SCK) in the storage system, determining whether the system complex key password (SCKP) matches the system complex key (SCK) in the storage system, and suspending all read or write operations to the target storage device when the system complex key password (SCKP) matches the system complex key (SCK) in the storage system.

According to examples, an apparatus may include a memory on which is stored machine-readable instructions that may cause a processor to determine, for each of a plurality of members in a group, a respective least privilege level for a resource and determine, based on the determined respective least privilege levels, a privilege level to be assigned to the group for the resource. The instructions may also cause the processor to assign the determined privilege level to the group for the resource and apply the assigned privilege level to the members of the group for the resource.