A system and method for managing access to entity identity data are described. The system comprises a communications module; a processor coupled with the communications module; and a memory coupled to the processor and storing processor-executable instructions which, when executed by the processor, configure the processor to authenticate a remote device as being associated with an entity; receive, via the communications module and from the remote device, pre-consent data identifying one or more third parties permitted to access entity identity data for the entity; store, in the memory, the pre-consent data in association with the entity; receive, via the communications module and from a digital identity network, a signal representing a request to release the entity identity data to the third party; determine, based on the pre-consent data, that the entity identity data is to be released to the third party; and initiate release of the entity identity data to a computing device associated with the third party.

Methods, systems, and computer storage media for providing access to computing environments based on a multi-environment policy are provided. The a multi-environment policy is configurable to define rules that have provider-controlled and customer-controlled computing environment parameters for approving access to provider-controlled computing environments and customer-controlled computing environments. In operation, a request associated a computing environment are received. The computing environment is associated with a multi-environment policy. The multi-environment policy is configurable to define the rules based on access vectors having grouped computing environment aspects for control and visibility associated with accessing computing environments. Based on the request, a determination whether the request is for a provider-controlled or a customer-controlled computing environment is made. Based on the multi-environment policy, approval-request parameters of an approval-request are communicated to receive approval-request response values. And, based on receiving the approval-request response values, a request response indicating approval or denial of the request is communicated.

Techniques for securing access to protected resources are provided. In the method and apparatus, an access key and proof of successful completion of a first authentication is obtained in connection to a request. The proof of completion of the first authentication and the access key are verified. The access key is then used to generate a determination that information in the access key indicates that a second authentication was successfully completed prior to allowing the request to be fulfilled.

A method of managing authorizations to operate a software tool. The method comprises maintaining a count of available authorizations and an authorization allocation list that identifies what authorizations for executing the software tool are allocated to what computers by an authorization resource manager application executing on a computer system, for each of a plurality of computers, determining periodically by the authorization resource manager application if the computer is currently executing the software tool, for each computer determined to be executing the software tool, determining by the authorization resource manager application if an authorization for executing the software tool is allocated to the computer in the authorization allocation list, and, in response to determining that a computer is executing the software tool without being identified as being allocated an authorization in the authorization allocation list, invalidating an authorization identity being used by the computer.

In one embodiment, a method comprises: establishing, by a first executable resource in a network device having joined a secure peer-to-peer data network, a registry providing a mapping between one or more network entities associated with a tag object by an identified user entity, each network entity represented by a federation identifier of a user entity or a corresponding data object; receiving a search request for one or more identified network entities having been tagged with the tag object, and in response generating a search result based on identifying the network entities having been mapped relative to tag object, the search result identifying one or more of an identified federation identifier or an identified unique identifier for the identified network entities; and providing the search result by the first executable resource, the search result causing an endpoint device to attract the identified network entities for presentation by the endpoint device.

Provided is a method for assigning a time-to-live (“TTL”) value for a domain name system (“DNS”) record at a recursive DNS server. The method comprises obtaining, from a client, the TTL value for the DNS record; and storing, in a memory of the recursive DNS server, the TLL value, an identifier of the client, and the DNS record.

A method of preventing exploitation of a vulnerability of a computing system includes generating a deprivation token to cause disabling of a selected one or more features of a component of the computing system to prevent an exploit of a vulnerability affecting the selected one or more features; and publishing the derivation token to at least one of a computing system manufacturer computing system and an enterprise information technology (IT) computing system for distribution to affected computing systems.

Methods, systems and computer products provide access to historical data over a real-time tunnel in an architecture including an operational technology (OT) network, a de-militarized zone (DMZ) and an information technology (IT) network. The OT network interleaves real-time data and historical data over a first tunnel connection, a first firewall and a second firewall in conjunction with a DMZ and an IT network by (a) performing pull replication of the historical data, (b) daisy chaining the historical data, or (c) a combination of (a) and (b).

Techniques for adjusting a duration of an authenticated user device session. A baseline session duration is determined for a session for which a user account is authorized in response to a request for authentication. A first session is established on behalf of a user device associated with the user account based at least in part on the user account performing a first authentication. A posture associated with the user device is determined. The baseline duration is then adjusted to a dynamic duration based at least in part upon the posture associated with the user device. Based at least in part on the dynamic duration the user can be required to re-authenticate.

Embodiments of this application provide example permission negotiation methods and apparatuses during communication, and electronic devices. An example first electronic device displays an interface of a currently running communication application, and obtains, in response to the first operation, a permission item restricted for use in a process of communication with a second electronic device. Then, the first electronic device sends a first request to the second electronic device that includes the permission item restricted for use. The first electronic device receives confirmation information of the second electronic device for the permission item restricted for use, and restricts, based on the confirmation information, a locally installed application on applying for the permission item restricted for use. After communication with the second electronic device ends, the first electronic device restores settings of the permission item of the locally installed application to settings preceding the communication with the second electronic device.