A method for detection and use of device identifiers to enhance the security of data transfers between electronic devices. A first electronic device can transmit access data to a second electronic device. The access data can be associated with a first access code that can be generated based at least in part on data representing a device identifier of the first electronic device. A device identifier can uniquely identify the first electronic device from a plurality of electronic devices. Transferring the access data can involve transforming the first access code into a second access code that can include data representing a device identifier associated with the second electronic device. Transforming the first access code into the second access code can facilitate access to a resource associated with the access data for a second user, but not for a first user.

Blood glucose control systems are disclosed. A blood glucose control system can receive a glucose level signal from a glucose sensor operatively coupled to a subject. The system can decode encoded data of the glucose level signal to obtain the glucose level of the subject and the indication of the glucose trend. The system can automatically calculate the dose control signal using a control algorithm configured to calculate regular correction boluses of glucose control agent in response to at least the glucose level of the subject. The system can select a dose control signal encoding profile from a plurality of dose control signal encoding profiles and, based on the dose control signal encoding profile, encode the dose control signal such that the pump controller can read the dose control signal. The system can transmit an encoded dose control signal to the pump controller.

Systems, methods, and computer-readable storage media utilized for determining access to a financial account held by a customer of a financial institution. One method includes establishing a communication session with a sensor device, wherein the financial institution computing system continuously receives sensor data over the communication session and receiving, from a point-of-sale (POS) terminal, a payment request. The method further includes retrieving, from the user device via an application programming interface (API), device data including at least application data and receiving, from the sensor device, the sensor data including at least one of geolocation data or biometric data of the sensor device. The method further includes determining the customer experienced an adverse event based on the sensor data and the device data and determining automatically an access level. The method further includes authorizing, by the processor, the payment request utilizing the financial account held by the customer to a designee.

A method including receipt of information indicative of a first viewer being able to visually perceive at least part of a display and information indicative of a second viewer being able to visually perceive at least part of the display, determination of first viewer private content associated with the first viewer, receipt of information indicative of the second viewer being unable to visually perceive at least part of the display, causation of display of the first viewer private content based, at least in part, on the second viewer being unable to visually perceive at least part of the display, receipt of information indicative of the second viewer being able to visually perceive at least part of the display, and termination of display of the first viewer private content based, at least in part, on the second viewer being able to visually perceive at least part of the display is disclosed.

A computer security architecture applies selected rules from among a set of rules defining one or more security policies to a given set of security context parameters to produce security verdicts, each representing whether a certain action requested by a subject entity is permissible. Each security policy is associated with a corresponding communication interface. A plurality of gateway engines are each associated with at least one of the subject entities and dedicated to interfacing with the security server. Each of the gateway engines carries out monitoring of requested actions by the associated subject entity and, for each requested action, identifies a security context. A security policy is determined for the requested action based on a corresponding security context, and a security verdict is obtained via a communication interface corresponding to the applicable security policy.

Methods, systems, and apparatus, including computer programs encoded on computer storage media, for identifying network security risks. One of the methods includes receiving organizational hierarchy data and receiving access privilege data for a network, generating an adjacency matrix that represents connections between individuals within the organizational hierarchy and various groups, and that represents connections between the individuals and various access privileges, selecting an analytic technique for analyzing the adjacency matrix, determining, for each individual, an individual score that represents a security risk associated with the individual's network account, and in response to determining that the individual score meets a threshold, applying security controls.

A method according to one embodiment includes monitoring, by an access control device, for changes to a first access control database stored on the access control device, wherein the first access control database is associated with a first security ecosystem having a first set of security protocols; automatically updating a mediation database stored on the access control device to identify a change to the first access control database in response to a determination that the change occurred; and automatically updating a second access control database stored on the access control device based on the change identified in the mediation database and in response to the automatic update of the mediation database, wherein the second access control database is associated with a second security ecosystem different from the first security ecosystem and having a second set of security protocols different from the first set.

Systems, methods and computer program products for controlling access to data owned by an application subscriber using two-factor access control and user partitioning are disclosed. In one embodiment, applications are executed on a multi-tenant application platform in which user partitions designate associated users and authentication services for those users. Tenants may subscribe to the applications and may allow access to the subscriptions through designated entry points. Users that are authenticated according to the corresponding user partition and access the application through the designated entry point are allowed to access the application through the tenant's subscription.

Systems and methods for endpoint context-driven, dynamic workspaces are described. In some embodiments, an Information Handling System (IHS) of a workspace orchestration service, the IHS comprising a processor and a memory coupled to the processor, the memory having program instructions stored thereon that cause the IHS to: receive initial context information from a local management agent; produce a first workspace definition based upon the initial context information, where the local management agent is configured to instantiate a first workspace based upon the first workspace definition; receive updated context information from the local management agent; and in response to the updated context information being noncompliant with attributes of the first workspace definition, select a second workspace definition, where the updated context information complies with the attributes of the second workspace definition, and the local management agent is configured to instantiate a second workspace based upon the second workspace definition.

Disclosed herein are system, method, and computer program product embodiments for preemptively evaluating whether roles are over-privileged within an (IAM) identity and access management system. Roles may be over-privileged when they are granted permissions to perform certain actions outside the scope granted to those roles. The evaluation occurs without submitting the certain actions to the IAM system and allows roles to be evaluated on a preemptive basis so that corrective actions may be taken to prevent unauthorized access to resources. Roles may be associated with policies which may each define different permissions for accessing resources. The evaluation may involve generating an effective policy from the policies associated with a role to provide a comprehensive view of all permissions associated with the role. The specified solution operates to generate an effective permission for accessing a resource and evaluating whether that effective permission is outside of a permissible scope of access for the role.