A system for and method of storing data comprising: encoding a file into a plurality of fragments; retrieving storage configuration data from a data management store including data associated with a plurality of remote storage volumes, the storage configuration data comprising an indication of a predefined data transmission size corresponding to each remote storage volume; using the storage configuration data to identify a storage strategy associating each fragment with a remote storage volume, wherein using the storage configuration data includes using the indications of the pre defined data transmission sizes; packaging one or more fragments each associated with a common identified remote storage volume as identified by the storage strategy to form a data bundle; communicating the data bundle to the respective common identified remote storage volume associated with the fragments in the data bundle; and storing the fragments at that identified remote storage volume.

A technique for performing authentication to a hybrid-cloud service includes selectively applying varying authentication requirements based on whether a client device can be confirmed to be connected to a private intranet. The technique includes operating a set of local agents on one or more computing machines on the intranet. When a client device requests access to the hybrid-cloud service, the client device attempts to contact one or more of the local agents. If the client device succeeds in contacting a local agent, then the client device is confirmed to be connected to the private intranet and receives relatively trusting treatment during authentication. However, if the client device fails to contact at least one local agent, the client device is not confirmed to be connected to the private intranet and receives relatively less trusting treatment.

A data intersection is assessed of data to be used between at least two parties. The data is to be used in an artificial intelligence (AI) application. Evaluation is performed of set of instructions required for the AI application, where the evaluation creates a modified set of instructions where operands are symbolically associated with corresponding privacy levels. Using the assessed data intersection and the modified set of instructions, a mapping is created from the data to operands with associated privacy metrics. The mapping treats overlapping data from the assessed data intersection differently from data that is not overlapping to improve privacy relative to without the mapping. The AI application is executed using the data to produce at least one parameter of the AI application. The at least one parameter is output for use for a trained version of the AI application. Apparatus, methods, and computer program products are described.

Techniques are described for sampling across trusted and untrusted distributed components. In accordance with embodiments, a first computing device receives a request from a second computing device, the first request including an operation identifier (ID) and a sampling ID that was generated by transforming a telemetry scope ID from a first value in a first domain to a second value in a second domain. The transformation may serve to anonymize and compress the telemetry scope ID. The first computing device determines whether or not to sample by comparing a ratio between the sampling ID and a size of the second domain with a sampling rate associated with the first computing device. The first computing device records telemetry about its processing of the first request in response to determining to sample and does not record any telemetry about its processing of the first request in response to determining not to sample.

Disclosed is a program for security management in a database, which is stored in a computer readable medium to allow a computer to perform steps including: reading one or more data encrypted at a column level from a persistent storage medium or a memory; decrypting one or more data encrypted at the column level to generate one or more decrypted data; generating an index table based on the one or more generated decrypted data; and performing an operation of encrypting the generated index table at a block level.

Methods of converting data are provided. In one embodiment, a data conversion method is provided that includes partitioning the data file into a plurality of file segments. The method also includes assigning a plurality of key values for each of the plurality of file segments. Also, the method includes forming a key value file from the plurality of key values.

Apparatuses, methods, and computer-readable media for a context-based access mediator (“CAM”) are described. The CAM may be configured to mediate access to computer-accessible resources by a user using a computing device after receiving a request from the computing device for the computing device to access a computer-accessible resource. The computer-accessible resource may be local or remote to the computing device. The CAM may be configured to receive the request and to mediate access to the requested resource. Such mediation may be performed through the CAM determining whether the resource may be accessed by the computing device and/or through the CAM determining which resources are available to the be accessed by the computing device. The CAM may be configured to mediate access to computer-accessible resources based on information about a context for the computing device and/or computer-accessible resource. Other embodiments are described and claimed.

A graphical platform enables users to leverage unstructured data in many different ways via access with many different types of devices that can be located practically anywhere with network connectivity. The graphical platform provides users with flexibility in how they create, maintain, and access the unstructured data, while providing powerful tools to enable the users to quickly extract meaningful information from the unstructured data. The graphical platform leverages location information in the unstructured data to enable providing a map and/or other graphical interfaces that show at least some of the records in the unstructured data. Users can then filter the information to narrow down the records to those of interest to respective different users. From the resulting display of records, users can select a specific record, access additional secure documents associated with the record, and/or perform other interactions with the data in the record.

A method provides a network-agnostic identity broker for retrieving identity records across heterogeneous identity networks. An identity broker receives a client request from a client to retrieve and evaluate user identity information for confirming an identity of a particular entity. The identity broker utilizes a group membership of the client to select a set of policies for handling the client request, and selects an identity network from multiple heterogeneous identity networks as a selected identity network to which the client request is to be sent. The identity broker sends the client request to the selected identity network, and then receives a response from the selected identity network. The identity broker evaluates the response according to the set of policies, such that the evaluated response conforms with the set of policies, and transmits the evaluated response to the client.

A system and method, for the assurance of authenticity, confidentiality and integrity of the executed programs, the analytic models and the processed data used by heterogeneous processing units such as graphic processing units (GPU), neural processing units (NPU) and video processing units (VPU), etc. that are connected to the central processing unit (CPU) through standard open interconnects such as Ethernet, USB and SPI, etc.