In some instances, the disclosure provides a method for identifying access anomalies using network graphs. The method comprises obtaining access data for an entity, generating a network graph baseline profile based on the plurality of data elements, generating a network graph current profile based on the plurality of data elements, generating comparison data based on comparing the plurality of baseline network graphs with the one or more current network graphs and comparing the plurality of baseline nodes and the plurality of baseline edges with the plurality of current nodes and the plurality of current edges, determining, based on the comparison data, anomaly data comprising one or more flagged network accesses to the enterprise system, and providing the anomaly data indicating the flagged network accesses to an authentication system.

Systems and methods for providing secure communication between an inmate and an outside user are disclosed. In various aspects, account information of both the user and the inmate is stored. A message transmission is received from a first device that includes a header portion and an encrypted payload portion. The system verifies that confidential communication between the inmate and the outside user is permitted based on the header portion and the stored account information. Once verified, the message is transmitted to a second device without decrypting the payload portion of the message.

Apparatus, systems, processes, and computer-readable mediums for facilitating the use of drones are described. For one embodiment, such a system includes a user element having a user application computer program configured to instruct a user interface device to facilitate use of user data and use of mission parameter(s) for a proposed drone mission. An owner element includes an owner application computer program configured to facilitate use of owner data and use of at least one drone parameter. A fleet system element is communicatively coupled to the user element and to the owner element and includes a computer system processor configured to facilitate use of a fleet record and use of at least one fleet parameter.

A data management and storage (DMS) cluster of peer DMS nodes manages data of a tenant of a multi-tenant compute infrastructure. The compute infrastructure includes an envoy connecting the DMS cluster to virtual machines of the tenant executing on the compute infrastructure. The envoy provides the DMS cluster with access to the virtual tenant network and the virtual machines of the tenant connected via the virtual tenant network for DMS services such as data fetch jobs to generate snapshots of the virtual machines. The envoy sends the snapshot from the virtual machine to a peer DMS node via the connection for storage within the DMS cluster. The envoy provides the DMS cluster with secure access to authorized tenants of the compute infrastructure while maintaining data isolation of tenants within the compute infrastructure.

In a building communication system for a building, a server device is provided which has a processor device and a storage device connected thereto, the storage device storing data sets in which display information that is predetermined for visitors is provided. An optical code is provided on the building, which optical code can be read by a mobile device of a visitor. In order to contact a resident of the building, the visitor scans the optical code with a mobile device. If the visitor is known in the system, the server device sends the display information predetermined for the visitor to their mobile device, which displays the personalized display information on a display of the mobile device.

Disclosed are a method and apparatus for controlling a device in the Internet of Things, and a gateway device and a storage medium, which relate to the technical field of the Internet of Things. The method comprises: acquiring remote access attribute information of all resource links, wherein the remote access attribute information is used for indicating whether a corresponding resource link is allowed to be remotely accessed; when there is a first resource link, remote access attribute information corresponding to the first resource link indicates that the first resource link is allowed to be remotely accessed, and an operation request sent by a client device on the basis of the first resource link is received, triggering a server device to execute a functional operation corresponding to the first resource link.

A method for data processing is performed by an operation data recording device. The method includes: in response to a data access request sent by a client for a target vehicle, generating symmetric keys for symmetrically encrypting operation data of the target vehicle, in which the symmetric keys are generated based on a user ID and a primary public key for a third party, and the user ID is carried in the data access request; obtaining target encrypted data by symmetrically encrypting the operation data using the symmetric keys; and sending the target encrypted data to the client.

A system and method are provided for authenticating client devices communicating with an enterprise system. The method includes providing a policy enforcement interceptor to intercept API calls and enabling the policy enforcement interceptor to communicate with a policy information point to query the at least one endpoint for entitlements associated with an account. The method also includes intercepting an API call to the application API, communicating with the policy information point to determine entitlements associated with the account by having the policy information point query an entitlements database and, when the entitlements returned to the policy enforcement interceptor are valid, invoking a policy decision point to validate the client device. The method also includes, when the client device is validated, permitting invocation of the API. The method also includes providing an API response to the client device to permit access to the application via the API.

Disclosed are methods, systems, and non-transitory computer-readable medium for managing IDs in identity access management (IAM)/resource policies. For instance, the method may include obtaining a request regarding a target identification in a set of IAM/resource policies, the request including an action request; pulling the set of IAM/resource policies from a service; for each policy of the set of IAM/resource policies, traversing a data structure of the policy to return keypath(s) that include the target identification; and modifying each policy that includes the target identification by performing the action request using the keypath(s).

A system allows for higher security guarantees on public or shared or even compromised equipment, which may be designated as untrusted equipment, without a need to install additional software on it or connect to it outside of general browser interactions. Based on this system, even if it is compromised, proper information separation may ensure security of the sensitive parts of data. That is, trusted information will only go to (outputs) or come from (inputs) trusted devices and insensitive information can go to or come from both trusted and untrusted devices.