A computer-implemented method for team-sourced anomaly vetting via automatically-delegated role definition. The method may include automatically determining that an event of the computing system corresponding to activity of an end user is anomalous. Based on the anomalous event, a permission store of the computing system may automatically be edited to include an access restriction on the end user, and a notification may be automatically generated and transmitted to one or both of the end user and another end user. The notification may provide access to an executable statement including code configured to be executed to remove the access restriction. A call to the executable statement by the other end user may be automatically received. Further, the permission store may be automatically edited to remove the access restriction on the end user.

A system that includes a tagging engine and a routing engine. The tagging engine is configured to link a data element with an access control tag. The tagging engine is configured to apply context rules to the access control tag array based on the content of the data element to change the access control tag value for one or more of the access control tags. The tagging engine sends the data element with the access control tag array to a target network node within an end user group. The routing engine is configured to identify an access control tag value in the access control tag array corresponding with the end user group and to forward the data element to the target network node in response to determining that the access control value is greater than or equal to the access control level associated with the end user group.

A policy-controlled access security system for managing access security to electronic agents in cloud based multi-tenant systems includes a client device, a mid-link server, and a web server. A local application running on the client device requests for access to an electronic agent of a remote application of the web server. Policies are determined corresponding to the electronic agent for controlled access to the electronic agent. A token for the electronic agent is correlated with a plurality of tokens for identifying a user application associated with the token. The remote application corresponding to the token from the request is compared with the user application. Based on the comparison an authorization is determined by the mid-link server corresponding to the token for accessing the electronic agent. The policies are enforced on the client device and the access to the electronic agent is provided based on the policies via the web server.

Described systems and methods enable protecting client devices (e.g., personal computers and IoT devices) implementing encrypted DNS protocols against harmful or inappropriate Internet content. A DNS proxy intercepts an attempt to establish an encrypted communication session between a client device and a DNS server. Without decrypting any communications, some embodiments of the DNS proxy determine an identifier of the respective session and an identifier of the client device, and send a query tracer connecting the session identifier with the client identifier to a security server. In some embodiments, the security server obtains the domain name included in an encrypted DNS query from the DNS server and instructs the DNS server to allow or block access of the client device to the respective Internet domain according to a device- and/or user-specific access policy.

A demand response system includes a mobile application of a mobile device that is configured to initiate altering an operating condition of a network device disposed at a site using location based services. A demand response application interface module is configured to enable access between a utility company and the network device to communicate energy management information therebetween. The network device is configured to be remotely altered by each of the demand response application interface module and the mobile application separately based on the location based services and the energy management information. A method of managing a demand response system includes detecting a user being disposed away from a site, detecting energy management information from a utility company associated with the site, and initiating a reduction in energy use at the site in response to the relative location of the user and the energy management information.

A method for determining a storage location includes one or more processing modules of one or more computing devices of a storage network (SN) receiving a data object to store in a storage network (SN) and determining whether the data object is subject to a legal restriction, where a data object is subject to a legal restriction based on the data object requiring storage in a jurisdiction that subjects the data object to a retention policy. The method continues by determining one or more attributes of a first storage location of a plurality of storage locations and based on a determination that the data object is subject to a legal restriction and at least one attribute of the one or more attributes of the first storage location, transmitting a write threshold number of write requests to a plurality of SUs at the first storage location.

Provided is adaptive authentication that utilizes relational analysis, sentiment analysis, or both relational analysis and sentiment analysis to facilitate an authentication procedure. The relational analysis evaluates a transactional profile and a behavioral profile of the user. The sentiment analysis evaluates available user information that is obtained from various forms of Internet activity related to the user. A level of authentication is selectively modified based on a result of the relational analysis and/or the sentiment analysis.

Systems and techniques for determining data assessment scores indicative of potential security vulnerabilities and enacting measures to protect sensitive information by controlling permissions and access to sensitive information and systems are provided herein. A data assessment model receives inputs of user access data, user role type, baseline permissions for the user role type, and produces a score. The score is useful for identifying potential security vulnerabilities and enacting proactive security measures to lock down potential vulnerabilities by blocking or changing permissions to reduce risk scores.

Systems and methods are disclosed with respect to using a blockchain for managing the subrogation claim process related to a vehicle collision, in particular, utilizing evidence oracles as part of the subrogation process. An exemplary embodiment includes receiving recorded data from one or more connected devices at a geographic location; analyzing the recorded data, wherein analyzing the recorded data includes determining that an collision has occurred involving one or more vehicles; generating a transaction including the data indicative of the collision based upon the analysis; and transmitting the transaction to at least one other participant in the distributed ledger network.

In general, this disclosure describes a multi-zone secure AI exchange. The multi-zone secure AI exchange may be implemented in a multi-cloud, multi-data center environment, where each zone may be in a different cloud or data center. The multi-zone secure AI exchange may include a data repository, a data exchange, and shared services. The data repository may be configured to store algorithms and datasets, each having a respective owning user. The data exchange may receive datasets and algorithms from the data repository, and may perform the algorithms to produce output data. Each of the data repository, data exchange, and shared services may have a different level of security. The data repository may implement the highest level of security, allowing the owner user, and only the owning user, to control how their data and algorithms move in and out of the data repository, or are changed while in the data repository.