Abstract: An example operation may include one or more of connecting, by a recipient node, to a source node via a blockchain network, receiving, by the recipient node, a data block, a digest of the data block encrypted by a private key of the source node, a public key paired to the private key and an IP address of the source node, calculating, by the recipient node, a digest of the data block, decrypting, by the recipient node, the digest of the data block by the public key, comparing, by the recipient node, the decrypted digest against the digest, and in response to a match, storing the encrypted digest, the public key and the IP address of the source node onto a ledger of the recipient node.

Abstract: The present disclosure provides techniques for data transmission. According to one technique, a request from a data sender for sending data to a data receiver is received, wherein the request comprises a content indicating a verification code. Then, a first solution to the verification code based on the request can be obtained. The verification code can be sent to the data receiver. A second solution to the verification code can be received from the data receiver, wherein the second solution is generated by the data receiver. Transmission of the data from the data sender to the data receiver can be enabled in response to the first solution consistent with the second solution.

Abstract: A topic based conversation retrieval system and method may include receiving a first conversation between a first plurality of users a second conversation between the first plurality of users or a second plurality of users, the second conversation being conducted on a second communication mode different than the first communication mode, analyzing the first conversation and the second conversation, determining one or more topics of discussion in the first conversation and the second conversation, and retrieving a portion of each of the first conversation and the second conversation, where the portion is related to a topic chosen to be retrieved.

Abstract: The present disclosure provides techniques for data transmission. According to one technique, a request from a data sender for sending data to a data receiver is received, wherein the request comprises a content indicating a verification code. Then, a first solution to the verification code based on the request can be obtained. The verification code can be sent to the data receiver. A second solution to the verification code can be received from the data receiver, wherein the second solution is generated by the data receiver. Transmission of the data from the data sender to the data receiver can be enabled in response to the first solution consistent with the second solution.

Abstract: An example operation may include one or more of connecting, by a recipient node, to a source node via a blockchain network, receiving, by the recipient node, a data block, a digest of the data block encrypted by a private key of the source node, a public key paired to the private key and an IP address of the source node, calculating, by the recipient node, a digest of the data block, decrypting, by the recipient node, the digest of the data block by the public key, comparing, by the recipient node, the decrypted digest against the digest, and in response to a match, storing the encrypted digest, the public key and the IP address of the source node onto a ledger of the recipient node.

Abstract: A topic based conversation retrieval system and method may include receiving a first conversation between a first plurality of users a second conversation between the first plurality of users or a second plurality of users, the second conversation being conducted on a second communication mode different than the first communication mode, analyzing the first conversation and the second conversation, determining one or more topics of discussion in the first conversation and the second conversation, and retrieving a portion of each of the first conversation and the second conversation, where the portion is related to a topic chosen to be retrieved.

Abstract: A topic based conversation retrieval system and method may include receiving a first conversation between a first plurality of users a second conversation between the first plurality of users or a second plurality of users, the second conversation being conducted on a second communication mode different than the first communication mode, analyzing the first conversation and the second conversation, determining one or more topics of discussion in the first conversation and the second conversation, and retrieving a portion of each of the first conversation and the second conversation, where the portion is related to a topic chosen to be retrieved.

Abstract: A method, computer program product, and a device for establishing a direct communications connection between gateways of two computing systems includes a processor(s) of a first system receiving configuration instructions in a generic format and translating the configuration instructions into a first set of gateway configuration commands that are in a format compatible with a first gateway of the first system. The processor(s) executes the first set to configure the first gateway. The processor(s) transmits, via a communication protocol, the configuration instructions, to a program(s) of a second computing systems, the program(s) translates the configuration instructions into a second set of gateway configuration commands, in a format compatible with the second gateway, and executes the second set to configure the second gateway. The processor(s) establishes a direct communications connection between the first gateway and the second gateway, based on the configurations matching.

Abstract: A topic based conversation retrieval system and method may include receiving a first conversation between a first plurality of users a second conversation between the first plurality of users or a second plurality of users, the second conversation being conducted on a second communication mode different than the first communication mode, analyzing the first conversation and the second conversation, determining one or more topics of discussion in the first conversation and the second conversation, and retrieving a portion of each of the first conversation and the second conversation, where the portion is related to a topic chosen to be retrieved.

Abstract: A method, computer program product, and a device for establishing a direct communications connection between gateways of two computing systems includes a processor(s) of a first system receiving configuration instructions in a generic format and translating the configuration instructions into a first set of gateway configuration commands that are in a format compatible with a first gateway of the first system. The processor(s) executes the first set to configure the first gateway. The processor(s) transmits, via a communication protocol, the configuration instructions, to a program(s) of a second computing systems, the program(s) translates the configuration instructions into a second set of gateway configuration commands, in a format compatible with the second gateway, and executes the second set to configure the second gateway. The processor(s) establishes a direct communications connection between the first gateway and the second gateway, based on the configurations matching.

Abstract: An authentication and authorization plug-in model for a cloud computing environment enables cloud customers to retain control over their enterprise information when their applications are deployed in the cloud. The cloud service provider provides a pluggable interface for customer security modules. When a customer deploys an application, the cloud environment administrator allocates a resource group for the customer's application and data. The customer registers its own authentication and authorization security module with the cloud security service, and that security module is then used to control what persons or entities can access information associated with the deployed application. To further balance the rights of the various parties, a third party notary service protects the privacy and the access right of the customer when its application and information are deployed in the cloud.

Abstract: An authentication and authorization plug-in model for a cloud computing environment enables cloud customers to retain control over their enterprise information when their applications are deployed in the cloud. The cloud service provider provides a pluggable interface for customer security modules. When a customer deploys an application, the cloud environment administrator allocates a resource group for the customer's application and data. The customer registers its own authentication and authorization security module with the cloud security service, and that security module is then used to control what persons or entities can access information associated with the deployed application. To further balance the rights of the various parties, a third party notary service protects the privacy and the access right of the customer when its application and information are deployed in the cloud.

Abstract: An authentication and authorization plug-in model for a cloud computing environment enables cloud customers to retain control over their enterprise information when their applications are deployed in the cloud. The cloud service provider provides a pluggable interface for customer security modules. When a customer deploys an application, the cloud environment administrator allocates a resource group (e.g., processors, storage, and memory) for the customer's application and data. The customer registers its own authentication and authorization security module with the cloud security service, and that security module is then used to control what persons or entities can access information associated with the deployed application.

Abstract: This disclosure describes a secure and computationally-efficient method to establish a single authentication context for multiple identities. The method is implemented in an authentication system using a key exchange protocol, namely, the Diffie-Hellman key exchange. One or more entities that desire to authenticate (either individually or jointly) register with the authentication system and receive private Diffie-Hellman keys (the PINs). Later, during an authentication operation, each entity provides the PIN to the authentication system, preferably over a secure transport. The authentication system, using Diffie-Hellman key exchange artifacts, generates a Diffie-Hellman cryptographic value for each PIN, although the value need not be maintained private. The authentication system orders the Diffie-Hellman values as a “partially ordered set” to form a lattice. An authentication context is derived from the Diffie-Hellman values in the lattice.

Abstract: Multiple security domains can be created and associated with various scopes within the cell allowing security configurations of each scope to be managed collectively. Examples of scopes include the entire cell, one or more application servers, one or more applications, one or more clusters, one or more service integration buses, one or more nodes, etc. Security configurations associated with the security domains can be applied to the scopes based on a hierarchy of the security domains. In addition, new security domains may be created automatically based on security requirements of newly installed applications.

Abstract: An authentication and authorization plug-in model for a cloud computing environment enables cloud customers to retain control over their enterprise information when their applications are deployed in the cloud. The cloud service provider provides a pluggable interface for customer security modules. When a customer deploys an application, the cloud environment administrator allocates a resource group (e.g., processors, storage, and memory) for the customer's application and data. The customer registers its own authentication and authorization security module with the cloud security service, and that security module is then used to control what persons or entities can access information associated with the deployed application.

Abstract: This disclosure describes a secure and computationally-efficient method to establish a single authentication context for multiple identities. The method is implemented in an authentication system using a key exchange protocol, namely, the Diffie-Hellman key exchange. One or more entities that desire to authenticate (either individually or jointly) register with the authentication system and receive private Diffie-Hellman keys (the PINs). Later, during an authentication operation, each entity provides the PIN to the authentication system, preferably over a secure transport. The authentication system, using Diffie-Hellman key exchange artifacts, generates a Diffie-Hellman cryptographic value for each PIN, although the value need not be maintained private. The authentication system orders the Diffie-Hellman values as a “partially ordered set” to form a lattice. An authentication context is derived from the Diffie-Hellman values in the lattice.

Abstract: A method, system, apparatus, and computer program product are presented for managing digital certificates. When entities need to engage in a secure transaction or open a secure communication link, they may exchange digital certificates in order to provide a public key or reference information to a public key for the opposing entity, thereby requiring validation of a received certificate. Rather than construct a trust path for each validation event, hierarchical certifications and peer-to-peer cross-certifications among a set of certificate authorities are represented by a set of trust relations, and trust path information is generated using a transitive closure computation and an “all pairs shortest paths” computation over the set of trust relations and then incrementally updated as the set of trust relations changes. Computations related to trust paths can be delegated to a central agent in a trust web.

Abstract: A methodology is presented for a network single sign-on (SSO) authentication process using digital certificates. A user has access to protected resources, such as legacy applications, that require verification of a user's authentication data prior to providing access. The user's authentication data is encrypted using the public key of the user, and an attribute certificate containing the encrypted authentication data is generated by an attribute-certificate-issuing authority. When a user requires access to the protected resource, an SSO agent performs an initial authentication process against the user. The SSO agent then retrieves the user's attribute certificate, and for subsequent authentication requests for other protected resources, the SSO agent uses the authentication data from the attribute certificate that corresponds to the targeted protected resource.

Abstract: A Centralized Authentication & Authorization (CAA) system that facilitates secure communication between service clients and service providers. CAA comprises a Service Request Filter (SRF), a Service Client Authentication Program (SCAP), a Service Authorization Program (SAP), and an Authorization Database (ADB). The SRF intercepts service requests, extracts the service client's identifier from a digital certificate attached to the request, and stores the identifier in memory accessible to service providers. In the preferred embodiment, the SRF forwards the service request to a web service manager. The web service manager invokes SCAP. SCAP matches the identifier with a record stored in ADB. SAP queries ADB to determine if the service request is valid for the service client. If the service request is valid, SAP authorizes the service request and the appropriate service provider processes the service request.