Systems and methods for authenticating a peripheral device prior to allowing the peripheral device access to components and data stored on user equipment. In some examples, the user equipment may include an authorization component that is configured to physically decouple a hardware interface from other components of the user equipment until the authorization component is able to authenticate the peripheral device. Both authorized peripheral devices and the user equipment may be provisioned with authorization data and/or credentials from a system outside the control of the individual users of the user equipment.

A method and system for providing a data analysis in the form of a customized geographic visualization on a graphical user interface (GUI) on a remote client computing device using only a web browser on the remote client device. The system receives a user's selected data analysis to be performed by the system for display on the remote client device. The system verifies the data access permissions of the user to render a data analysis solution customized to that particular user, and automatically prevents that user from gaining access to data analysis solutions to which that user is prohibited. The system is configured to respond to the user's data analysis request, perform the necessary computations on the server side on the fly, and send a dataset interpretable by the client device's web browser for display on the client device or on a device associated with the client device.

Techniques for securing displayed data on computing devices are disclosed. One example technique includes upon determining that the computing device is unlocked, capturing and analyzing an image in a field of view of the camera of the computing device to determine whether the image includes a human face. In response to determining that the image includes a human face, the technique includes determining facial attributes of the human face in the image via facial recognition and whether the human face is that of an authorized user of the computing device. In response to determining that the human face is not one of an authorized user of the computing device, the technique includes converting user data on the computing device from an original language to a new language to output on a display of the computing device, thereby securing the displayed user data even when the computing device is unlocked.

This application relates to apparatus and methods for automatically determining and enforcing user permissions for applications and application features. In some embodiments, a system includes a server and a user device. The server may determine a user of the user device based on receiving login credential data. The server may further obtain user attributes for the user including, in some examples, a location of the user. The server may further obtain an attribute-based control policy that identifies relationships between a plurality of possible user attributes. For example, the control policy may identify attribute requirements that must be met for enablement of a particular application feature. Additionally, the server may determine user permissions for the user based on the control policy and the user attributes. The server may transmit the user permissions to the user device, and the user device configures the corresponding application according to the user permissions.

Techniques are described herein for determining whether a particular user is authorized to access data, corresponding to a particular field, in a farmland database. A method includes: receiving a location history corresponding to a user, the location history including historical location data that indicate, for each time of a plurality of times, a location of the user at the time; applying the historical location data as inputs across a trained machine learning model to predict a persona corresponding to the user; receiving, from the user, a request to access data; in response to receiving the request to access the data, determining that the request is authorized based on the predicted persona corresponding to the user; and in response to determining that the request is authorized, providing access to the data.

A container includes a user program and data generated by the user program within a regulatory jurisdiction. Before the container leaves the regulatory jurisdiction, the data is validated by the jurisdiction to ensure the data complies with privacy laws of the jurisdiction. Upon ingress to a second regulatory jurisdiction, the data is signed locally to provide for confirmation that the data can leave the second regulatory jurisdiction, since it was not generated within the second jurisdiction. By allowing the user program to move from the first regulatory jurisdiction to a second regulatory jurisdiction, the disclosed embodiments overcome limitations in current solutions that restrict access to local data based on what a public application programming interface (API) can provide. By operating within the regulatory jurisdiction, albeit subject to access controls imposed by that jurisdiction, flexibility in the processing of sensitive data is improved.

An individual data unit for enhancing the security of a user data record is provided that includes a processor and a memory configured to store data. The individual data unit is associated with a network and the memory is in communication with the processor. The memory has instructions stored thereon which, when read and executed by the processor cause the individual data unit to perform basic operations only. The basic operations include communicating securely with computing devices, computer systems, and a central user data server. Moreover, the basic operations include receiving a user data record, storing the user data record, retrieving the user data record, and transmitting the user data record. The individual data unit can be located in a geographic location associated with the user which can be different than the geographic locations of the computer systems and the central user data server.

A method of operating a user device includes: receiving a command from a user to power on the user device, wherein the user device includes information on a restricted zone associated with the user device; detecting, by a monitoring entity of the user device without involvement of any device external to the user device, whether the user device is located within the restricted zone in response to the user device being powered on and before an operating system of the user device is executed; and granting access of the user to the user device by the monitoring entity in response to detecting the user device as being within the restricted zone.

A job request is transmission data transmitted from the vehicle cloud server 30 to the in-vehicle terminal 20 and includes at least: data collection condition information and collection data designation information indicative of contents of a process to be performed by the in-vehicle terminal 20; and deletion prohibition flag indicative of prohibiting the in-vehicle terminal 20 from deleting the job request under a predetermined condition.

A disclosed apparatus obtains emergency data for multiple device types from a plurality of emergency data sources and provides a jurisdictional map view to a plurality of emergency network entities, where each emergency network entity corresponds to a given geographic boundary. The jurisdictional map view corresponds to a respective emergency network entity's geographic boundary. The apparatus determines portions of the emergency data corresponding to emergencies occurring within each respective emergency network entity geographic boundary, and provides location indicators within each respective jurisdictional map view, with each location indicator corresponding to an emergency.