Abstract: Phishing and online fraud prevention in one aspect includes a user computer implementing operations such as establishing a VPN tunnel between the user computer and a network operations center, activating a website launcher, reading user credentials from a smartcard, launching a browser in a sandboxed execution environment, and requesting a whitelisted webpage from the network operations center, via the VPN tunnel. The network operations center comprises one or more servers implementing operations such as determining if a user requested webpage is listed for access by the user, and loading and sending the requested webpage to the user, via the VPN tunnel, if the requested webpage is listed for access by the user. The user computer supplies the user credentials to the website and presents a webpage, a homepage, or a one-time password entry page for the website.

Abstract: Phishing and online fraud prevention in one aspect includes a user computer implementing operations such as establishing a VPN tunnel between the user computer and a network operations center, activating a website launcher, reading user credentials from a smartcard, launching a browser in a sandboxed execution environment, and requesting a whitelisted webpage from the network operations center, via the VPN tunnel. The network operations center comprises one or more servers implementing operations such as determining if a user requested webpage is listed for access by the user, and loading and sending the requested webpage to the user, via the VPN tunnel, if the requested webpage is listed for access by the user. The user computer supplies the user credentials to the website and presents a webpage, a homepage, or a one-time password entry page for the website.

Abstract: Disclosed is an access and information flow control framework that includes a series of phases. The first phase includes: receiving raw authorization requirement(s); creating authorization requirement representation(s) from the raw authorization requirement(s) using a language; and analyzing the authorization requirement representation(s) to ensure that they are consistent and conflict-free. The second phase includes: creating case authorization(s) from the authorization requirement representation(s) and validating consistency between the authorization requirement representation(s) and the use case authorization(s). The use case authorization may be created by propagating the authorization requirement representation(s) to a subject hierarchy; enumerating implicit authorization(s) derived from the authorization requirement representation(s); resolving inconsistencies in the use case authorization(s); and completing incomplete use case authorization(s).