Disclosed herein are system, method, and computer program product embodiments for multi-cluster access. In some embodiments, the server receives a first request to bind one or more cluster roles associated with a user to each of one or more secondary computing clusters. The server binds the user's credentials with the one or more cluster roles corresponding to each of one or more secondary computing clusters. Furthermore, the server receives a second request for providing the user access to the primary computing cluster. Moreover, the server receives a third request from the user interface intended for at least one secondary computing cluster. The server forwards the third request to the at least one secondary computing cluster while impersonating at least one cluster role of the one or more cluster roles corresponding to the at least one secondary computing cluster.

A method for secure online collaboration is provided. The method includes receiving, at a server of a cloud-based storage system, first encrypted data from a first client device. The cloud-based storage system stores a plurality of documents in an encrypted form. The method also includes determining a document of the plurality of documents that is associated with the first encrypted data. The document is not accessible to the server in a decrypted form. The first encrypted data represents an edit to a portion of the document. The method further includes determining a plurality of user accounts of collaborators of the document. The plurality of user accounts includes a first user account associated with the first client device. Moreover, the method includes providing the first encrypted data to one or more other client devices that are each associated with one of the plurality of user accounts, excluding the first user account.

A computer implemented method in a system comprising an actor authorization node, an access right storage node and a file record node. The method comprises receiving, from a computing device, a request to access a file, the request comprising information identifying an actor making the request and a file to be accessed, obtaining an indication from the actor authorization node whether or not the identified actor is recorded on the actor authorization node as trustworthy, obtaining an indication from the access right storage node of the access right the identified actor has to the identified file, if the identified actor has been indicated by the actor authorization node as being trustworthy and by the access right storage node as having access rights, obtaining file storage and access details from the file record node and sending the file storage and access details to the computing device or using the file storage and access details to access the stored file and sending the accessed file to the computing device. The file storage and access details comprise at least one of a file storage location, a file encryption key, a calculated characteristic of the stored file and a calculated characteristic of an encrypted version of the stored file.

In particular embodiments, a data processing consent management system may be configured to utilize one or more age verification techniques to at least partially authenticate the data subject's ability to provide valid consent (e.g., under one or more prevailing legal requirements) in order to collect, store, and or process the subject's personal data. For example, according to one or more particular legal or industry requirements, an individual (e.g., data subject) may need to be at least a particular age (e.g., an age of majority, an adult, over 18, over 21, over 13, or any other suitable age) in order to provide valid consent. Data processing systems may generate and store one or more consent records memorializing valid consent for data processing from data subjects in response to confirming that the data subject is old enough to provide such consent.

A storage node that maintains separate storage objects for storage of data for different host applications protects those storage objects against ransomware attacks by recognizing variations in data reducibility. Separate data reducibility profiles are generated for each protected storage object. In response to new data being written to one of the protected storage objects, the reducibility of the new data is compared with the data reducibility profile of the protected storage object to which the new data is being written. A mismatch indicates a ransomware attack. Counter-measures may include halting generation or overwriting of snaps, halting replication, and halting backups of the storage object, and generating ransomware attack alert messages. Decryption keys are provided to the storage node if new data is normally provided in an encrypted state.

Apparatuses, methods, systems, and program products are disclosed for watermark security. An apparatus includes a watermark module configured to generate a digital watermark to be presented as part of a graphical interface based on data presented on the graphical interface. A digital watermark verifies an authenticity of data to be presented in a graphical interface. An apparatus includes a presentation module configured to embed the digital watermark into the graphical interface prior to the data being presented in the graphical interface such that the digital watermark is graphically imperceptible to a user, dynamically update the digital watermark during runtime in response to detecting a change in the at least a portion of the data that is encoded into the digital watermark, and re-embed the digital watermark into the graphical interface in response to the digital watermark being updated.

This disclosure provides high-definition maps and their generation and usage methods and systems. In an implementation, a high-definition map comprises: a plurality of map elements, wherein each of the plurality of map elements comprises an ID corresponding to the map element, wherein at least one of the plurality of map elements comprises general data and sensitive data, the general data comprises data disclosable according to law, wherein the sensitive data comprises data not disclosable according to the law, and wherein general data and sensitive data in a same map element have a same identifier ID.

An example operation may include one or more of marking a document, by a user node, to be included into a collection of documents, determining, by the user node, a business process step associated with the document based on a user mark, and executing a transaction to store a hash of the document onto a ledger of a blockchain, wherein a Merkle tree hash is generated and tagged on the ledger with details of the business process step.

A two-dimensionality detection method for industrial control system attacks: collecting data; transmitting the data to a PLC and an embedded attack detection system; uploading, by the PLC, received data to an SCADA system; transmitting, by the SCADA system, the data to the embedded attack detection system after classifying and counting the data; before starting detection, directly reading, by the embedded attack detection system, the data measured by sensors; refining data association relationships and probability distribution characteristics of the sensors of normal operation to complete storage of health data model; after starting detection, in first dimensionality, comparing the data collected directly by the sensors with statistical data of the SCADA system to judge the attacked condition of the SCADA system, and in second dimensionality, comparing the characteristics of the data collected directly by the sensors and counted online with the health data model to judge the attacked condition of the sensors.

A method of authenticating the legitimacy of a request for a resource from a resource provider by a user, including providing an authentication process in which a resource provider message is received and de-assembled, the integrity of the user request message is confirmed, a result indicator as to the legitimacy of the resource provider message is created by performing two or more authenticity checks, and an authentication result is sent.