A computer-implemented method is disclosed. The method includes: receiving transfer parameters associated with a request for a first transfer of resources, the transfer parameters including an identifier of a designated transferor associated with the first transfer; determining that the transferor is eligible to access at least one protected data source based on the transfer parameters; generating a request message for the request including reference data for accessing the at least one protected data source; and providing, to a computing device associated with the transferor, the request message.

Persistent storage contains a parent table and one or more child tables, the parent table containing: a class field specifying types, and one or more filter fields. One or more processors may: receive a first request to read first information of a first type for a first entity; determine that, in a first entry of the parent table for the first entity, the first type is specified in the class field; obtain the first information from a child table associated with the first type; receive a second request to read second information of a second type for a second entity; determine that, in a second entry of the parent table for the second entity, the second type is indicated as present by a filter field that is associated with the second type; and obtain the second information from a set of additional fields in the second entry.

Secure communication in a geographic incident area is disclosed. Computer-implemented methods are also disclosed, one of which is for restricting access to a resource and includes generating a key and splitting it into N key parts (where N is an integer greater than two). The method also includes encrypting the N key parts. The method also includes transmitting, over a network, to a device: the N encrypted key parts; and identifying information for N secret objects expected to be visible within the area. Each of the N encrypted key parts is decryptable based on at least one video analytics-discernable object attribute for each respective secret object of the N secret objects. The method also includes allowing an additional entity to access the resource only by presentation of a complete key formed from decrypted versions of less than all of the N key parts.

Some embodiments provide a local controller on a set of host computers that reduce the volume of data that is communicated between the server set and the set of host computers. The local controller executing on a particular host computer, in some embodiments, receives a portion of the namespace including only the policies (e.g., opcode) that are relevant to API-authorization processing for the applications executing on the particular host computer provided by a local agent executing on the computer to authorize the API requests based on policies and parameters. The local controller analyzes the received policies (e.g., policy opcodes) and identifies the parameters (e.g. operands), or parameter types, needed for API-authorization processing (e.g., evaluating the policy opcode upon receiving a particular API request) by the local agent. In some embodiments, the local controller performs this analysis for each updated set of policies (e.g., policy opcodes).

In some examples, in response to a request from a client device for information relating to a transaction stored by a blockchain, a system identifies, using information stored in a distributed storage system that stores data for the blockchain, multiple data owner entities from which permissions are to be obtained for access of the information, and determines an authorization requirement for the information based on a smart contract. The system sends authorization information based on the authorization requirement to trigger a retrieval of authorization tokens from the identified data owner entities for access of the information, and sends the information to the client device in response to receiving the authorization tokens.

An application gateway including application service programming positioned at a user premises can provide voice controlled and managed services to a user and one or more endpoint devices associated with the application gateway. The application gateway can be controlled remotely by the application service provider through a service management center and configured to execute an application service provided from the application service provider. The application gateway can execute the application service at the user premises upon voice command by a user and independent of application services executing on the application service provider's network. An application service logic manager can communicate with an application service enforcement manager to verify that the request conforms with the policy and usage rules associated with the application service in order to authorize execution of the application service on the application gateway, either directly or through endpoint devices.

Methods and systems for cross cluster replication are provided. Exemplary methods include: periodically requesting by a follower cluster history from a leader cluster, the history including at least one operation and sequence number pair, the operation having changed data in a primary shard of the leader cluster; receiving history and a first global checkpoint from the leader cluster; when a difference between the first global checkpoint and a second global checkpoint exceeds a user-defined value, concurrently making multiple additional requests for history from the leader cluster; and when a difference between the first global checkpoint and the second global checkpoint is less than a user-defined value, executing the at least one operation, the at least one operation changing data in a primary shard of the follower cluster, such that an index of the follower cluster replicates an index of the leader cluster.

An electronic device is disclosed. The electronic device includes a memory, a camera module, a communications module, and a processor that is configured to: receive, from the camera module, image data associated with a machine-readable optical label, the optical label encoding transaction details of a transfer of data to a recipient account, wherein the transaction details do not indicate an identity of the recipient account; receive a user input indicating authorization to initiate a transfer of data, via a protected resource, from an account associated with the user to the recipient account; and in response to receiving the user input, generate a request for initiating the transfer of data based on the transaction details, the request including an access token for use in authenticating the user on requests to access the protected resource.

Examples described herein include systems and methods for multi-tenant event sourcing and audit logging in a cloud-based computing infrastructure. In an example method, an event package can be received from a first microservice of an application. The event can describe any action performed within the computing infrastructure and can include various types of information. For example, it can include an event type, event ID, object type, object ID, and parent event ID. The event package can be associated with a tenant and only provided to tenant-approved recipients. The recipient can use the event package to automatically carry out steps to recreate and configure an object, or to determine the source of an event or failure within the system.

Techniques for providing network slice-based security in mobile networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for network slice-based security in mobile networks in accordance with some embodiments includes monitoring network traffic on a service provider network at a security platform to identify a new session, wherein the service provider network includes a 5G network or a converged 5G network; extracting network slice information for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the network slice information.