Techniques for securing user data in a healthcare data management system are described. A client system receives a request to authenticate a user. The user is associated with applications and roles. The user is authenticated, at the client system, for all applications and all roles. A login token relating to the authenticated user is maintained at the client system. A role is selected for the user, and an authorization token relating to the selected role is maintained at the client system. A session for the user is initiated. This includes generating an encrypted session cookie relating to the user and the session, storing the encrypted session cookie at the client system, and periodically updating a timestamp for the session cookie.

A vehicle includes: a plurality of seats; an authentication executing processor configured to perform authentication on a user; and a controller configured to provide a connected car service based on whether the authentication is completed, wherein the controller controls the authentication executing processor to distinguish a seat on which the user sits and to perform the authentication based on the distinguished seat.

A computing system includes a processor, a network interface controller; a a secure classified remote access as a service application including instructions; and an information technology service management application including instructions wherein the information technology service management application is accessible to the secure classified remote access as a service application via the network interface controller; and wherein the instructions of the secure classified remote access application cause the system to: perform systematic monitoring operations and maintain a virtual hosting environment; perform a network vulnerability analysis; remediate a finding; and notify a user. A method includes performing systematic monitoring; performing a network vulnerability analysis; remediating a finding; and notifying a user. One or more non-transitory computer readable media include program instructions that when executed, cause a computer to: perform systematic monitoring; perform a network vulnerability analysis; remediate a finding; and notify a user.

Systems and methods described herein support tag based request context in a cloud infrastructure environment. Cloud administrators do not generally have the ability to restrict resource usage in existing clouds. Granting a user permission to create resources allows them to create and/or terminate any number of resources up to a predefined account limit. Tags are associated with requests for resources for allowing administrators to restrict a user's handling of resources to the appropriate level by allowing fine-tuned control of access to the resources based on the context of the request for the resources. Request context information of the request is compared against a required credential gate level for permitting handling of resources in a tenancy having the first privilege level classification, and the request is selectively granted based on the request context information matching the first required credential gate level.

Computing systems and methods are provided for defining, within a data platform, a segment having constraints at a level of the segment, implementing the constraints or the classification rules within the segment while insulating resources within the segment from inheriting the constraints, and controlling an ingestion of an external resource into the segment based on the constraints.

In a case of receiving an access request to a target image, an image access management device can provide an appropriate access right holder with an appropriate range of information by determining a browsing level with respect to the target image according to an access authority or purpose included in the access request to the target image, by an access management unit, by generating a final image that corresponds to the access authority by processing the feature vector according to the browsing level, and providing the generated final image as a response to the access request, by an image generation unit.

A method of encrypting data, in particular encrypting data in dependence on a user verification confidence level. An encryption algorithm is provided, data is input into the encryption algorithm, along with a public key and an access structure comprising the user verification confidence level. The encryption algorithm is run to output a cypher text of encrypted data, whereby the access structure is embedded into the cypher text such that only an entity satisfying the access structure can decrypt the cypher text.

Disclosed herein is a system for enabling a default label to be configured for a network location created to store files. The default label can be assigned at a time when the files are uploaded to the network location. An owner of the network location can define the default label to be assigned to the files. Whenever an unlabeled file is uploaded to the network location, the unlabeled file automatically inherits the default label. Furthermore, the system is configured to consider an order of label priority when determining whether to assign a default label to a previously labeled file to be uploaded to the network location. The system is configured to upgrade a file with a preassigned label of lower priority to the default label, while permitting another file to be stored without a label change if the preassigned label is of higher priority compared to the default label.

A software defined (SD) process control system (SDCS) includes a control container having contents which are executable during run-time of the process plant to control at least a portion of an industrial process. The SDCS also includes a security service associated with the control container and including contents which define one or more security conditions. The security service executes via a container on a compute node of the SDCS to control access to and/or data flow from the control container based on the contents of the security container.

The system comprises an interface and a processor. The interface is configured to receive a request from an application for authorization to access, wherein access to the application is requested by a user, and receive a task request from the application for authorization to access a task, wherein access to the task is requested by the user. The processor is configured to authenticate the request from the application for authorization to access, determine that the task comprises a sensitive task, determine a user authentication device, provide a challenge for a digital credential to the user authentication device, wherein the digital credential is backed by data stored in a distributed ledger, receive a response from the user authentication device, determine the response is valid, and provide an authorization to access the sensitive task.