A method includes receiving, at a control node of a cloud computing network, a first enterprise policy specific to the first enterprise and a second enterprise policy specific to the second enterprise, and managing communications between at least one user device of the first enterprise and the at least one enterprise application hosted on behalf of the first enterprise based on the first enterprise policy. The method also includes managing communications between at least one user device of the second enterprise and the at least one enterprise application hosted on behalf of the second enterprise based on the second enterprise policy.

Methods, systems, and apparatus, including computer-readable media, for a hierarchical multi-tenant data access platforms. In some implementations, the a server system stores data collected through a multi-tenant data access platform configured to collect data for each of multiple tenant organizations and to selectively make the collected data available according to policies associated with the respective tenant organizations. The server system receives a request associated with a user, and the server system generates and provides a response according to the organization hierarchy data and policy data for the unit of the organization that has data that would be used in generating the response to the request.

Implementations of a system and method of generating and using bilaterally generated variable instant passwords are disclosed. The system is used to secure electronic transactions (e.g., an auction in which one or more bidders are unknown to the auctioneer). In this system an Internet Service Provider (ISP), on request from a USER (e.g., a bidder), facilitates an authentication process with a SERVICE PROVIDER (e.g., an auctioneer). The SERVICE PROVIDER may send a sub-folder, containing a USER name, a temporary sub variable character set, and a CALL, to the USER through the ISP. The password used to access the sub-folder is transmitted directly to the USER by the SERVICE PROVIDER. The USER gets authenticated to the SERVICE PROVIDER by using the USER name, the temporary sub variable character set, and the CALL retrieved from the sub-folder. After USER's authentication, further transactions (e.g., bids) are performed using a password for each transaction.

An authentication assurance level associated with an entity, for instance a user equipment, may be computed periodically or in response to an event. The authentication assurance level is compared to an authentication threshold. Based on the comparison, it is determined whether a fresh performance of at least one authentication factor needs to be performed. Thus, appropriate authentication factors and functions may be invoked on a periodic basis to maintain a certain authentication assurance level, which is referred to herein as the assurance threshold. The authentication assurance level may change, for instance decay, over time and may be refreshed periodically.

A method may include obtaining a request to unblock a predetermined website in a network and that is associated with a predetermined list. The predetermined list may be used to determine whether a respective user device among various user devices can access one or more websites. The method may further include determining an impact level of the predetermined website for an organization using a machine-learning algorithm and website gateway data. The method may further include determining a probability of a security breach using the machine-learning algorithm and threat data. The method may further include determining whether to unblock the predetermined website based on the impact level and the probability of a security breach. The method may further include transmitting, in response to determining that the predetermined website should be unblocked, a command that modifies the predetermined list to enable the respective user device to access the predetermined website.

The present disclosure relates to a communication technique for converging a 5G communication system for supporting a higher data rate beyond a 4G system with an IoT technology, and a system therefor. The present disclosure can be applied to intelligent services on the basis of a 5G communication technology and an IoT-related technology (for example, smart home, smart building, smart city, smart car or connected car, healthcare, digital education, retail, security and safety-related service, and the like). The present invention provides a method for enhancing data security, comprising: when a request message including information related to a first privacy level is received from a user device, authenticating the user device; when the user device is an authenticated device as a result of the authentication, verifying the information related to the first privacy level; and when the verification of the information related to the first privacy level is completed, transmitting, to the user device, an image processed on the basis of the first privacy level among images processed on the basis of a plurality of privacy levels.

Disclosed herein are systems and methods for classifying organizational structure for implementing data protection policies. In one exemplary aspect, a method may comprise retrieving a plurality of data files of an organization, wherein the plurality of data files are stored in a data storage; retrieving structural information of the organization, the structural information comprising details of user accounts, organizational roles, and file metadata within the organization; classifying the structural information into an organization type of a plurality of organization types; classifying each respective data file of the plurality of data files into a respective topic of a plurality of topics, wherein the plurality of topics are associated with the organization type; generating a data protection policy for the organization based on each respective topic of the plurality of data files and the organization type; and executing the data protection policy on the data storage.

Methods and systems disclosed herein relate generally to temporally prioritizing queries of queue-task partitions based on distributions of flags assigned to bits corresponding to access rights.

A user verification apparatus may perform user verification using multiple biometric verifiers. The user verification apparatus may set a termination stage of one or more biometric verifiers. Multiple biometric verifiers may be used to generate outputs, for which separate termination stages are set to establish a particular combination of set termination stages associated with the multiple biometric verifiers, and the user verification apparatus may fuse outputs of the biometric verifiers based on the particular combination of set termination stages. The user verification apparatus may verify a user based on a result of the fusing, and an unlocking command signal may be generated based on the verifying. The unlocking command signal may be generated to selectively grant access, to the verified user, to one or more elements of a device. The device may be a vehicle.

Techniques for configuring a network based on a Domain Name System (DNS) or network metadata policy for network control are disclosed. In some embodiments, a system, process, and/or computer program product for a DNS or network metadata policy for network control includes receiving a DNS or network metadata update at a DNS server (e.g., an authoritative or recursive DNS server) or an IP Address Management (IPAM) server, in which the DNS or network metadata update is determined to be relevant to the DNS or network metadata policy for network control; and sending the DNS or network metadata update to a network controller for a network, in which the network controller configures a plurality of network devices on the network based on the DNS or network metadata policy for network control.