Disclosed are examples of systems, apparatus, devices, computer program products, and methods implementing aspects of a decentralized content fabric. In some implementations, one or more processors are configured to provide fabric nodes of an overlay network, including one or more fabric nodes that receive a client’s request to access digital content on the overlay network. The request includes an authorization token digitally signed by or on behalf of a user of the client. The fabric node(s) extract a user identifier (ID) from the authorization token, then determine that one or more rules maintained on the overlay network are satisfied. The one or more rules condition access to the digital content upon the extracted user ID matching an ID associated with an owner of a digital instrument. The digital instrument, which can be a non-fungible token, is stored in a blockchain ledger as a unique representation of the digital content.

Techniques discussed herein relate to implementing a distributed computing cluster (the “cluster”) including a plurality of edge devices (e.g., devices individually configured to selectively execute within an isolated computing environment). One edge device may be configured to operate as a head node of the cluster at a given time. A request for virtual resources of the cluster may be received from a user device and directed to the first edge device of the cluster. The first edge device may determine it is not operating as a head node of the cluster. The first edge device may determine that a second edge device of the cluster is operating as the head node. In response, the first edge device may forward the request to the second edge device, wherein forwarding the request to the second edge device causes the second request to be processed by the cluster.

Auditing data containing sensitive data are stored in a data structure comprising data objects. Each data object comprises one or more pairs of a name and a value. Pairs that are flagged or identified as containing sensitive data are partially encrypted; the value is encrypted using an asymmetric key and the name corresponding to the encrypted value remains unencrypted. Some pairs that are not flagged or identified as containing sensitive data are left unencrypted. Unencrypted data may be stored in the partially encrypted auditing data as plain text. The auditing data may be analyzed to generate business metrics and identify application errors. The auditing data may also be queried, and data objects containing unencrypted pairs and/or partially encrypted pairs may be returned based on matching unencrypted names and/or values to the data query.

In overview, a computer-implemented method of transmitting data in a data stream from a first device to a second device is disclosed. The data stream is encrypted before transmission from the first device to the second device, and a location of the data in the data stream is indicated to the second device. The location may be a pre-shared location between the first and second devices, or the first device may transmit the location of the data to the second device. The second device decrypts the encrypted data stream, identifies the data in the data stream based on the location, and encrypts the identified data in the data stream.

Techniques discussed herein relate to providing in-memory workflow management at an edge device (e.g., a computing device distinct from and operating remotely with respect to a data center). The edge device can operate as a computing node in a computing cluster of edge devices and implement a hosting environment (e.g., a distributed data plane). A work request can be obtained by an in-memory workflow manager of the edge device. The work request may include an intended state of a data plane resource (e.g., a computing cluster, a virtual machine, etc.). The in-memory workflow manager can determine the work request has not commenced and initialize an in-memory execution thread to execute orchestration tasks to configure a data plane of the computing cluster according to the intended state. Current state data corresponding to the configured data plane may be provided to the user device and eventually displayed.

An apparatus configured to construct an email message addressed to a plurality of recipients. The apparatus is further configured to apply a cipher and a first encryption key to a first portion of the email message, which will be viewable by each of the recipients. The apparatus applies the cipher and a second encryption key to a second portion of the email message, which will be viewable by a first recipient from among the recipients. The apparatus further applies the cipher and a third encryption key to a third portion of the mail message, which will be viewable by a second recipient from among the recipients. The apparatus then transmits the email message to a server.

Embodiments of a secure communication network are disclosed. For secure communication of data packets, a method implemented in a core node, is presented. The method includes receiving a double encapsulated data packet associated with a first layer and a second layer of encapsulation/encryption. The method further includes decapsulating/decrypting a second layer of encapsulation/encryption to access a portion of the data packet and re-encapsulating/re-encrypting at least the accessed portion with another second layer of encapsulation/encryption. The method further includes transmitting the re-encapsulated/re-encrypted data packet to a subsequent node based on the accessed portion.

A system for interfacing with a decisioning service from a third-party domain. A backend system may receive a request to interface with the decisioning service to generate a prequalification result for a user for a specified product, in response to the actuation of a button included in a third-party web domain rendering a product. The backend system may execute a call on a website of the decisioning service. The backend system may receive the product information from the button. The backend system may generate the website within the third-party domain, including a request for information about the user, in response to executing the call to the website. The backend system may transmit a request for generating prequalification result for the product to the decisioning service. The backend system may receive the prequalification result from the decisioning service.

A system for providing policy-controlled communication over the Internet includes a client endpoint function that executes on a client device while coupled to a first VPN tunnel, a service endpoint function that operates a remote service of a plurality of remote services, and a mid-link server coupled to the first VPN tunnel and a second VPN tunnel. The client endpoint function includes a first VPN endpoint component, and the service endpoint function includes a second VPN endpoint component. A router component operates to route network packet traffic between the first and second VPN tunnels via a route specified by a plurality of policies, an inspection component that analyzes network packet traffic in accordance with the plurality of policies. The plurality of policies for the network packet traffic and the content mediation selected dynamically on the basis of one or more of a user, an application, an endpoint, and a session.

Improvements to publish-subscribe protocols are provided, including a method for communicating data in a network comprising publisher devices, a broker and subscriber devices, comprising one of the publisher devices: i-a. receiving a public key from the broker; i-b. determining, based on one or more attributes of data to be published to the broker, whether a sensitivity level of the data is low; and ii. following completion of both of steps i-a and i-b, publishing the data to the broker, wherein: when step i-b results in a determination that the sensitivity level of the data is low, step ii comprises transmitting the data to the broker unencrypted; and when step i-b results in a determination that the sensitivity level of the data is not low, step ii comprises encrypting the data then transmitting resulting encrypted data to the broker, wherein the step of encrypting the data uses the public key.