Abstract: Mechanisms for providing point to point encryption and tokenization enabling decryption, tokenization and storage of sensitive encrypted data on one system are discussed.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for authenticating a first computing device to access a secure account. Receiving a request from a second computing device to be authorized to access the secure account. Providing, to the second computing, first data that represents a first machine-readable code for presentation by the second computing device. Receiving, from the first computing device, second data that represents a second machine-readable code as read by the first computing device. Authorizing the second computing device to access the secure account in response to determining that the second data accurately represents the first machine-readable code as sent to the second computing device.

Abstract: A multi-factored authentication system is provided to identify users. Accordingly, the authentication system may utilize a combination of multiple authentication methods to identify and authenticate a user, such as facial recognition, voice recognition, fingerprint/retinal recognition, detection of cards/chips or smartphones located with the user, PINs, passwords, cryptographic keys, tokens, and the like. The various authentication methods may be used to calculate a confidence value for the authentication system, where the confidence value reflects the degree of certainty of the user's identity. Each authentication method may, upon identifying a positive match for a user, increase the confidence value by a certain degree.

Abstract: A first wireless access point notifies a handoff management resource that a second wireless access point is a potential handoff candidate. Subsequent to authentication of the second wireless access point as being a valid handoff candidate, the handoff management resource notifies a mobile communication device that the second wireless access point is a valid handoff option to receive a communication session from the first wireless access point. To perform a handoff, the mobile communication device initiates termination of a wireless communication link with the first wireless access point and communicates with the second wireless access point to establish a new wireless communication link. In furtherance of providing uninterrupted network access, the handoff management resource conveys communication settings information associated with the handed off communication session to the second wireless access point for use over the new wireless communication link.

Abstract: According to one embodiment of the present invention, a system provides security for a device and includes at least one processor. The system monitors a plurality of networked devices for a security risk. Each networked device is associated with a corresponding security risk tolerance. In response to a monitored security risk for one or more of the plurality of networked devices exceeding the corresponding risk tolerance, a network service is initiated to perform one or more actions on each of the one or more networked devices to alleviate the associated security risk. Embodiments of the present invention further include a method and computer program product for providing security to a device in substantially the same manner described above.

Abstract: An authorization policy optimization method being performed by a computing device comprising at least one processor, includes receiving an authorization policy to be used to perform an authentication on a data access right of a user, obtaining authorization log information of a first preset authorization policy, from the authorization policy, extracting a log information feature, from the authorization log information, generating an authorization policy optimization model, using the log information feature, performing a policy reasonableness prediction on the authorization policy, using the authorization policy optimization model, to obtain a predicted reasonableness value corresponding to the authorization policy, and performing an optimization processing on the authorization policy, based on the predicted reasonableness value.

Abstract: A computer-implemented method comprises: committing a transaction amount of a transaction with a commitment scheme to obtain a transaction commitment value, the commitment scheme comprising at least a transaction blinding factor; generating a first key of a symmetric key pair; encrypting a combination of the transaction blinding factor and the transaction amount t with the first key; and transmitting the transaction commitment value T and the encrypted combination to a recipient node associated with a recipient of the transaction for the recipient node to verify the transaction.

Abstract: A content-lifecycle management system (CLMS) intercepts a request to perform an action upon a data object in a domain of a multi-domain computing environment during a certain phase of the object's lifecycle. The CLMS retrieves data and rules from a cross-domain distributed ledger that is accessible throughout the multi-domain environment. The retrieved information includes content-lifecycle management policies that control which actors can perform certain types of actions upon specific data objects during various lifecycle phases. The ledger also describes and classifies actors, dependency relationships between storage and infrastructure components of the environment, and the results of past requests.

Abstract: One embodiment provides a method comprising receiving general private data identifying at least one type of privacy-sensitive data to protect, collecting at least one type of real-time data, and determining an inference privacy risk level associated with transmitting the at least one type of real-time data to a second device. The inference privacy risk level indicates a degree of risk of inferring the general private data from transmitting the at least one type of real-time data. The method further comprises distorting at least a portion of the at least one type of real-time data based on the inference privacy risk level before transmitting the at least one type of real-time data to the second device.

Abstract: A method, and associated system, for security processing of a request for a resource in a network security system. The request for the resource and a duplicate of request for the resource are forwarded to a first proxy server and a second proxy server, respectively. A first output including the received request, and a second output including the duplicate of the received request, are received from first proxy server and the second proxy server, respectively. A determination is made that the first output and the second output differ and in response, a first alarm is generated and transmission to the web server of the received request and the duplicate of the received request is blocked.

Abstract: A digital optical data network system for improving information security in Passive Optical Networks (“PON”) by providing virtual information separation in the router, such as a premise router, or routers interfacing the entire PON, such as by utilizing virtual routing and forwarding, thus allowing safe data traffic between multiple carriers, service providers accessing the PON and multiple end users on the PON such as tenants in a building, employees of a business entity, or subscribers in a residential community.

Abstract: Technologies for protecting systems and data of an organization from malware include a data integrity server configured to receive a data file from an external source. The data integrity server analyzes the received data file with an anti-malware engine to determine whether the data file includes malware. The data integrity server discards the data file in response to a determination that the data file includes malware. Additionally, the data integrity server verifies the file type of the received data file. The data integrity server sanitizes the received data file in response to verification of the file type. Other embodiments are described and claimed.

Abstract: An Internet infrastructure delivery platform (e.g., operated by a service provider) provides an RSA proxy “service” as an enhancement to the SSL protocol that off-loads the decryption of the encrypted pre-master secret (ePMS) to an external server. Using this service, instead of decrypting the ePMS “locally,” the SSL server proxies (forwards) the ePMS to an RSA proxy server component and receives, in response, the decrypted pre-master secret. In this manner, the decryption key does not need to be stored in association with the SSL server.

Abstract: Methods, computer-readable media, software, and apparatuses may assist a consumer in keeping track of a consumer's accounts in order to prevent unauthorized access or use of the consumer's identified accounts. To discover the various accounts, the methods, computer-readable media, software, and apparatuses can monitor at least a consumer's email accounts, web browser history, and web cache. The discovered accounts may be displayed to the consumer along with recommendations and assistance for closing unused or unwanted accounts to prevent unauthorized access or use.

Abstract: The present specification discloses a computer tangible medium storing instructions for a collision resistant process for signing a digital message with a digital signature using different hash digests derived from the same message data with the same hashing algorithm by hashing the message data in different ways. The collision resistant process protects networks from hacking attacks based different files having the same hash digest, commonly referred to as birthday attacks.

Abstract: Described processes include: determining portions of instances of a cryptographic token to be allocated to record providers, like providers of an asset indicated by a record, wherein: the portions are determined based on network effects associated with the records the record provider supplied on performance of a computer-implemented network in which both record providers and record consumers participate, patterns indicative of inorganic consumption may be determined from one or more of interactions of individual consumers, interactions of collections of consumers, or consumer interactions in the aggregate for a given provider or record; and the effects on network performance are adjusted responsive to designation of one or more entities as exhibiting inauthentic behavior; and appending to a distributed ledger, records indicating the respective portions, and adjustments, are allocated to record providers.

Abstract: Data structures stored on a distributed ledger are accessed. The data structures identify registered smart contract components that include counterparties, schemas, and contract cryptlet. A first template smart contract data structure for a first smart contract is composed on the distributed ledger such that the first template smart contract data structure is a relational data structure that includes an identifier for the first smart contract, an identifier for at least two counterparties, an identifier for at least one schema, and an identifier for at least one contract cryptlet. A first smart contract ledger instance associated with the first ledger instance is caused to be deployed, such that the first smart contract ledger instance is based on the first template smart contract data structure. The first smart contract is caused to begin execution, such that the first smart contract is based on the first template smart contract data structure.

Abstract: A computer-implemented method, computer program product and computing system for: obtaining hardware performance information concerning hardware deployed within a computing platform; obtaining platform performance information concerning the operation of the computing platform; obtaining application performance information concerning one or more applications deployed within the computing platform; and generating a holistic platform report concerning the computing platform based, at least in part, upon the hardware performance information, the platform performance information and the application performance information.

Abstract: An example of a computing system is described herein. The computing system includes a plurality of network security devices. The computing system also includes a network switch configured to direct network traffic. The computing system further includes a controller coupled to the network switch. The controller is to instruct the network switch in directing network traffic to the plurality of network security devices.

Abstract: Disclosed herein are a three-way authentication apparatus and method in a cloud environment. The three-way authentication method in a cloud environment includes performing, by a control device and a service device, mutual authentication through an IF-1 interface, performing, by the control device and a function server, mutual authentication through an IF-2 interface, requesting, by the control device, the function server to issue an authentication token for authentication between the service device and the function server, and delivering an authentication token issued by the function server to the service device, and performing, by the service device, mutual authentication with the function server using the delivered authentication token through an IF-3 interface.