One embodiment provides a method, including: receiving, from a user, a dataset for encryption before its storage at a data storage location, wherein the dataset comprises a plurality of portions; identifying (i) attributes of the dataset and (ii) dataset dependencies; generating a recommendation for an encryption scheme to be used for the dataset, wherein the generating comprises (i) generating, based upon the attributes and the dataset dependencies, a recommendation of an encryption scheme for each portion of the dataset and (ii) identifying, based upon the dataset dependencies, a key label for each portion of the dataset, wherein the key label identified for a portion of the dataset that is dependent on another portion of the dataset is the same as the key label identified for said another portion of the dataset; and providing, to the user, (i) the generated recommendation and (ii) a description identifying reasons for the generated recommendation.

A continuous authentication system and related methods are provided. The system detects requests to perform user actions. A security value is associated with each user action. The system determines a subsequent session security level in response to an adjustment to a session security level by a security value of a requested user action. The requested user action is permitted and the session security level is adjusted based on the security value of the requested user action in response to a determination by the system that the subsequent session security level is greater than or equal to a threshold session security level. A user authentication challenge is caused (e.g., prompted) in response to a determination by the system that the subsequent session security level is less than the threshold session security level. The requested user action is permitted and the session security level is adjusted based on the security value of the requested user action in response to a successful user authentication challenge. The requested user action is rejected in response to an unsuccessful user authentication challenge.

Methods, systems, and apparatus, including computer programs encoded on computer-storage media, for enforcing policies for computing devices. In some implementations, content for presentation by an electronic device is received. Context data indicating a current context of the electronic device is obtained. Policy data indicating a policy corresponding to at least one of the electronic device, a user of the electronic device, the content for presentation, or data associated with the content is accessed. The policy indicates one or more context-dependent limitations on presentation of the content by the electronic device. Presentation of the content by the electronic device is managed based on a set of actions the policy permits for the current context.

A data management method comprises: receiving, at a first node of a plurality of nodes for collaboratively data processing, a request to perform a target operation at the first node from a second node of the plurality of nodes; obtaining a privilege of the second node from a third node of the plurality of nodes; determining a threshold privilege for performing the target operation based on a type of the target operation; and performing the target operation in accordance with a determination that the privilege of the second node is higher than the threshold privilege. In this manner, the security of data may be improved.

In some examples, a system receives input information relating to a security level for an information technology (IT) stack comprising a plurality of layers including a hardware layer and a software layer, where the input information is technology and product agnostic. The system discovers components of the plurality of layers of the IT stack, accesses a knowledge base that maps the security level and the discovered components to configuration instructions relating to security controls, and configures the IT stack with the security controls using the configuration instructions.

A data storage device and method to selectively enable access to stored user data files. The method includes receiving authentication credential from a user and, in response, retrieving a unique user identifier associated with the authentication credential. The stored user data files on the data storage device each has respective data file identifier. The method includes, for each user, enumerating a directory of stored data files where the data file identifier matches the unique user identifier of that user. This enables selective access of files corresponding the user. Multiple users can be registered to the same data storage device and selective access prevents one user from accessing another user's data files.

A plurality of different types of resource access events are identified. For example, a resource access event may be an administration event where a user is given certain access rights to view/modify a resource, such as, a database record. A plurality of blocks are generated, where each block is associated with an individual one of the plurality of different types of resource access events. The plurality of blocks are added to a first resource access blockchain. The blockchain can be used to track the various types of resource access events.

Provided are a system and a method for controlling transaction data access. A system for controlling transaction data access comprising: a transaction management module configured to determine a plurality of security levels for transaction data; a data encryption module configured to perform multiple level encrypting the transaction data according to the plurality of security levels; and a data storage module configured to store the encrypted data as a block, and provide the block to a peer-to-peer (P2P) network.

A system includes a privacy vault storing user-associated contents. The vault also stores access permissions defined for third-parties with whom the user has a sharing relationship. An access permission defines, for at least one third party, procurement and utilization policies for vault contents accessed by the third-party. The system may access a user account to recover user-associated contents stored by the accessed account and stores the recovered contents in the privacy vault. The system receives a request from a third-party to access identified contents stored in the privacy vault and determines if the contents are procurable by the third party based on an access permission defined, in the privacy vault, for the third-party. The system provides procurable contents to the third party along with indication of any constraints on the contents defined by utilization policies of the access permission defined for the third party.

Methods, apparatuses, and non-transitory machine-readable media associated with sharing data with a particular audience are described. Examples can include receiving first data at a processing resource, determining whether the first data comprises a combination of bits associated with text or an image, or both, and comparing the combination of bits to second data stored on a memory resource. Examples can include identifying one or more words or one or more images represented by the first data, or both, based on the comparison and assigning to the first data first metadata representative of a first security categorization and a first confidence level and second metadata representative of a second security categorization and a second confidence level Examples can include transmitting an output that comprises the first data or third data that comprises a modified combination of bits relative to the combination of bits of the first data.