Techniques are described for managing devices using multiple virtual personal area networks (VPANs). A border router can receive a first request to join a network from a first device. The first device may be assigned to a first virtual personal area network (VPAN), which has an associated first group temporal key (GTK). The first GTK can be distributed to the first virtual device. The border router can also receive a second request to join a network from a second device. The second device may be assigned to a second VPAN, which has an associated second GTK. The second GTK can be distributed to the second virtual device.

In one embodiment, a device receives a set of actions for a low-code workflow specified via a user interface. The device determines authorization scopes for targets of the set of actions. The device compares the authorization scopes for the targets to authorization scopes needed for the set of actions. The device provides, to the user interface, an excessive authorization notification, when the authorization scopes for the targets exceed the authorization scopes needed for the set of actions.

A computing system may include a database disposed within a remote network management platform that manages a managed network, and a software application associated with the platform and configured to: obtain, from an external computing system, information about a function-application arranged to execute source code segment(s) on demand; determine that the obtained information relates to (i) a plurality of authorization-keys each respectively arranged to authorize on-demand execution of one of the source code segments, (ii) a first key-value string pair that enables establishment of connectivity to a service of the external computing system or of another computing system, and/or (iii) a second key-value string pair that enables establishment of connectivity to a data source of the external computing system or of another computing system, and responsively determine association(s) between the source code segment(s), the function-application, the service, and/or the data source; and store the association(s) in the database.

It is often necessary to securely transfer data, such as authenticators or authorization tokens, between programs running on the same end-user device. The teachings hereof enable the pairing of two programs executing on a given end-user device and then the transfer of data from one program to the other. In an embodiment, a first program connects to a server and sends encrypted data elements. A second program intercepts the connection and/or the encrypted data elements. The second program tunnels the encrypted data elements (which remain opaque to the second program at this point) to a server, using an encapsulating protocol. This enables the server to receive the data elements sent by the first program, decrypt them, and provide them to the second program via return message using control fields of the encapsulating protocol. Once set up, the tunneling arrangement enables bidirectional data transfer.

In various embodiments, once the client registers onto the system, a third party (a “requestor”) may transmit a request to the client for the client to provide the requestor with access to the client data. In at least one embodiment, a requestor may be an entity or person that desires to utilize client data for the requestor's business purposes. In one embodiment, upon registration with the application, the system generates and assigns the requestor a requestor key. In one or more embodiments, the system transmits the requestor key along with each requestor request. In some embodiments, the client may accept or reject the requestor's request. In many embodiments, if the client accepts the requestor's request, the system grants the requestor access to the client data.

Systems and methods are described for orchestrating a security object, including, for example, defining and storing a plurality of policies in a database coupled to a policy engine and receiving, by the policy engine, the security object and at least one object attribute associated with the security object. In addition, the policy engine determines the acceptability of the security object based, at least in part, on the at least one object attribute and at least one of the plurality of policies corresponding to the at least one object attribute. The security object to at least one communication device associated with the policy engine is distributed when the security object is determined to be acceptable. The at least one communication device establishes communication based, at least in part, on the security object.

Embodiments of this application relate to the communications field, and describe an alias management method and device. One example method includes the following operations: a functional alias management entity receives a management request message sent by a first client, where the management request message includes an identity of a user and information about an alias requested to be managed; and the functional alias management entity sends a management response message to the first client when the user has an alias management right, where the management response message includes the identity of the user, and information about an alias that is successfully managed.

Technologies for providing secure utilization of tenant keys include a compute device. The compute device includes circuitry configured to obtain a tenant key. The circuitry is also configured to receive encrypted data associated with a tenant. The encrypted data defines an encrypted image that is executable by the compute device to perform a workload on behalf of the tenant in a virtualized environment. Further, the circuitry is configured to utilize the tenant key to decrypt the encrypted data and execute the workload without exposing the tenant key to a memory that is accessible to another workload associated with another tenant.

Customers of a software platform, such as a unified communications as a service platform, are enabled to control their own encryption keys used to encrypt and decrypt data from various communication services in the software platform. A key broker server is employed to map encryption and decryption requests from servers in the platform to key management servers of customers based on user identifiers. Examples of data encrypted may includes conference recordings, webinar recordings, phone call recordings, voicemails, emails, and calendar tokens.

A system for generating and applying a secure token in a resource distribution network is provided. For example, a headend system generates a time-based token based on a time duration specified for a meter. The time-based token indicates the time duration for the meter. The time-based token is further generated based on an identifier of the meter. The headend system transmits the time-based token to the meter via at least a mesh network. After receiving the time-based token, the meter validates the time-based token to determine that the time-based token is generated for the meter based on information related to the identifier of the meter. If the meter determines that the time-based token is valid, the meter connects premises associated with the meter to a resource distribution network for at least the time duration specified in the time-based token.