Abstract: A method, a computer program product, and a system for usage restrictions on digital certificates. The method includes selecting a digital certificate relating to a user and determining a usage restriction policy for the digital certificate based on the user. The method also includes populating an extension field of the digital certificate with the usage restriction policy. The method further includes providing the digital certificate including the usage restriction policy to the user. The method also includes gathering parameters relating to the digital certificate, determining usage patterns based on the parameters, inputting the usage patterns into a machine learning model, outputting a risk assessment, and updating the usage restriction policy based on the risk assessment.

Abstract: A first access attempt to perform a secure transaction is received, from a first user. The secure transaction is related to an authentication card that has a physical exterior. An authentication card profile related to the authentication card of the first user is retrieved based on the first access attempt. The authentication card profile describes a set of one or more degradation characteristics, each degradation characteristic of the set of degradation characteristics describes a degradation of the physical exterior of the authentication card. A validation status of the authentication card is determined. The determination is based on the first access attempt and on the set of degradation characteristics. A security response related to the first access attempt is performed in response to the validation status.

Abstract: An embodiment intercepts an authentication request being sent from a secure web service to a user device associated with a user. The embodiment transmits, responsive to the authentication request, a credential request to a credential storage, wherein the credential request includes a request for a credential associated with the user and the secure web service. The embodiment receives, responsive to the credential request, the credential associated with the user and the secure web service. The embodiment transmits, as a response to the authentication request, the credential associated with the user to the secure web service. The embodiment intercepts, responsive to successful validation of the credential by the secure web service, an authentication response from the secure web service, where the authentication response includes session data required for maintaining an authenticated session with the secure web service. The embodiment forwards the authentication response with the session data to the user device.

Abstract: A digital key management system for physical keys is provided. A processor registers a physical lock. A processor generates a digital key based on a physical key structure to be used with the physical lock. A processor configures the physical lock to decode an inserted physical key. A processor verifies the inserted physical key, in response to a digital key for the decoded physical key matching the generated digital key.

Abstract: A method, a computer program product, and a system for usage restrictions on digital certificates. The method includes selecting a digital certificate relating to a user and determining a usage restriction policy for the digital certificate based on the user. The method also includes populating an extension field of the digital certificate with the usage restriction policy. The method further includes providing the digital certificate including the usage restriction policy to the user. The method also includes gathering parameters relating to the digital certificate, determining usage patterns based on the parameters, inputting the usage patterns into a machine learning model, outputting a risk assessment, and updating the usage restriction policy based on the risk assessment.

Abstract: Embodiments of the present invention provide systems and methods for personalizing a navigation route. The method includes receiving a request from a user for a navigation route between two or more points. The method further includes accessing navigation data and services, creating a generic navigation route, accessing route history and related data for the user, creating a personalized navigation route for the user, and displaying the personalized navigation route.

Abstract: A computer-implemented method for generating a symmetric key for data encryption includes receiving a first request from an entity to generate a first symmetric key for data encryption. The computer-implemented method further includes retrieving a first secret data element and a second secret data element from one or more secret data servers. The computer-implemented method further includes dividing each of the first secret data element and the second secret data element into a number of secret data element byte strings. The computer-implemented method further includes generating the first symmetric key for data encryption based, at least in part, on combining a first secret data element byte string from the first secret data element and a second secret data element byte string from the second secret data element.

Abstract: Cryptographic key provisioning by determining future cryptographic key demand according to historic key demand and key access requirements, determining cryptographic key provisioning resources for the future cryptographic key demand, and providing cryptographic keys, prior to the determined future cryptographic key demand using the cryptographic key provisioning resources.

Abstract: The method, computer system, and computer program product for using a key management server to protect visible content. The method, computer program product, and computer system may include a key management server which may receive, from an encryption device, an identification of one or more portions of clear information visible on a physical document. The key management server may receive, from the encryption device, one or more permission parameters. The permission parameters may include a time duration parameter, a location parameter, a start and end time parameter, or a device identification parameter. Further, the key management server may receive, from a decryption device, a request to access a portion of the clear information. The key management server may transmit, to the decryption device, information permitting access to the portion of clear information.

Abstract: Cryptographic key provisioning by determining future cryptographic key demand according to historic key demand and key access requirements, determining cryptographic key provisioning resources for the future cryptographic key demand, and providing cryptographic keys, prior to the determined future cryptographic key demand using the cryptographic key provisioning resources.

Abstract: A digital key management system for physical keys is provided. A processor registers a physical lock. A processor generates a digital key based on a physical key structure to be used with the physical lock. A processor configures the physical lock to decode an inserted physical key. A processor verifies the inserted physical key, in response to a digital key for the decoded physical key matching the generated digital key.

Abstract: A service interface of an SSL application hosted on at least one computer system in a hosted network selecting at least one authorized cipher suite. An SSL socket of the SSL application negotiating with another SSL socket of another SSL application in the hosted network for a mutual cipher from among the at least one authorized cipher suite and a shared key to encrypt information exchanged during a secure session. Responsive to establishing a security connection between the SSL socket and the another SSL socket using the selected mutual cipher, the service interface sends to a centralized service an identifier of the selected mutual cipher. Responsive to the service interface receiving a revoked cipher alert from the centralized service, the service interface revokes one or more sessions of the SSL application using a revoked cipher in the revoked cipher alert matching the selected mutual cipher.

Abstract: The method, computer system, and computer program product for using a key management server to protect visible content. The method, computer program product, and computer system may include a key management server which may receive, from an encryption device, an identification of one or more portions of clear information visible on a physical document. The key management server may receive, from the encryption device, one or more permission parameters. The permission parameters may include a time duration parameter, a location parameter, a start and end time parameter, or a device identification parameter. Further, the key management server may receive, from a decryption device, a request to access a portion of the clear information. The key management server may transmit, to the decryption device, information permitting access to the portion of clear information.

Abstract: Utilizing multimedia content in a digital signature to facilitate authentication. A message requester public key is received from a message requester. A digital certificate is generated containing the message requester public key. Multimedia content identifying the message requester is retrieved. Multimedia content is inserted into the digital certificate. A message digest is generated from the digital certificate including the multimedia content. The message digest and included multimedia content is encrypted with a certificate authority private key to generate a digital signature. A certificate authority public key is retrieved. The digital certificate including the digital signature and certificate authority public key is transmitted to a message owner.

Abstract: Embodiments of the present invention provide systems and methods for personalizing a navigation route. The method includes receiving a request from a user for a navigation route between two or more points. The method further includes accessing navigation data and services, creating a generic navigation route, accessing route history and related data for the user, creating a personalized navigation route for the user, and displaying the personalized navigation route.

Abstract: Embodiments of the present invention provide systems and methods for personalizing a navigation route. The method includes receiving a request from a user for a navigation route between two or more points. The method further includes accessing navigation data and services, creating a generic navigation route, accessing route history and related data for the user, creating a personalized navigation route for the user, and displaying the personalized navigation route.

Abstract: A service interface of an SSL application hosted on at least one computer system in a hosted network selecting at least one authorized cipher suite. An SSL socket of the SSL application negotiating with another SSL socket of another SSL application in the hosted network for a mutual cipher from among the at least one authorized cipher suite and a shared key to encrypt information exchanged during a secure session. Responsive to establishing a security connection between the SSL socket and the another SSL socket using the selected mutual cipher, the service interface sends to a centralized service an identifier of the selected mutual cipher. Responsive to the service interface receiving a revoked cipher alert from the centralized service, the service interface revokes one or more sessions of the SSL application using a revoked cipher in the revoked cipher alert matching the selected mutual cipher.

Abstract: Utilizing multimedia content in a digital signature to facilitate authentication. A message requester public key is received from a message requester. A digital certificate is generated containing the message requester public key. Multimedia content identifying the message requester is retrieved. Multimedia content is inserted into the digital certificate. A message digest is generated from the digital certificate including the multimedia content. The message digest and included multimedia content is encrypted with a certificate authority private key to generate a digital signature. A certificate authority public key is retrieved. The digital certificate including the digital signature and certificate authority public key is transmitted to a message owner.

Abstract: At a centralized service in a hosted environment, a permission list is established of at least one cipher suite valid for secure connections across multiple network environments. Responsive to the centralized service receiving a request from a socket indicating the socket is negotiating a secure connection with another socket, the centralized service sends the permission list to the socket, wherein the socket negotiates for a mutual cipher suite specified in the permission list with the another socket. Responsive to the centralized service identifying that a particular cipher suite matching the mutual cipher suite used in an ongoing secure session for the socket is revoked, the centralized service notifies the socket that the mutual cipher suite is revoked.

Abstract: At a centralized service in a hosted environment, a permission list is established of at least one cipher suite valid for secure connections across multiple network environments. Responsive to the centralized service receiving a request from a socket indicating the socket is negotiating a secure connection with another socket, the centralized service sends the permission list to the socket, wherein the socket negotiates for a mutual cipher suite specified in the permission list with the another socket. Responsive to the centralized service identifying that a particular cipher suite matching the mutual cipher suite used in an ongoing secure session for the socket is revoked, the centralized service notifies the socket that the mutual cipher suite is revoked.