Abstract: A mechanism is provided for blocking IP connection addresses and prefixes. Header information is extracted from an incoming connection request. A determination is made as to whether a portion of an Internet Protocol address comprised in the header information is blacklisted. Responsive to a portion of the Internet Protocol address being blacklisted, a fingerprint is generated, and a determination is made as to whether the fingerprint is blacklisted. Responsive to the fingerprint being blacklisted, the underlying physical connection is dropped; data associated with the incoming connection request is stored in a buffer, the fingerprint is associated to the incoming connection request; the incoming connection request is merged with stored blacklisted requests of a related originating system; and shared prefixes of the Internet Protocol address of the stored blacklisted requests are filtered out.

Abstract: Methods, computer program products, and systems are presented. The methods include customer specific information exchange and an adjustment of the privacy level of this information. For this purpose an abstraction layer and an obfuscation module are introduced. Using a “fraud vector” a risk assessment is performed on the obfuscated transaction data.

Abstract: Methods, computer program products, and systems are presented. The methods include customer specific information exchange and an adjustment of the privacy level of this information. For this purpose an abstraction layer and an obfuscation module are introduced. Using a “fraud vector” a risk assessment is performed on the obfuscated transaction data.

Abstract: One or more processors generate a website mimicking a virtual message board. One or more processors receive a request message directed to the website. One or more processors analyze the request message for evidence that the request message originates from a source of spam. In response to a determination that the request message likely does originate from a spam source, one or more processors provide data about the spam source to an anti-spam system.

Abstract: Methods, computer program products, and systems are presented. The methods include, for instance: obtaining passenger information of one or more passenger traveling within a transportation network; and providing one or more output based on a processing of the passenger information.

Abstract: A mechanism is provided for blocking IP connection addresses and prefixes. Header information is extracted from an incoming connection request. A determination is made as to whether a portion of an Internet Protocol address comprised in the header information is blacklisted. Responsive to a portion of the Internet Protocol address being blacklisted, a fingerprint is generated, and a determination is made as to whether the fingerprint is blacklisted. Responsive to the fingerprint being blacklisted, the underlying physical connection is dropped; data associated with the incoming connection request is stored in a buffer, the fingerprint is associated to the incoming connection request; the incoming connection request is merged with stored blacklisted requests of a related originating system; and shared prefixes of the Internet Protocol address of the stored blacklisted requests are filtered out.

Abstract: According to one embodiment, a method for message-thread management with a messaging client is provided. The method may include receiving a message-thread containing a signature and a body, with the signature including a composite identifier which may include a thread identifier, a tangent identifier, a sender identifier, a depth-level identifier, and a unique message identifier, determining that message-thread content is missing from the message-thread, sending a broadcast message using a peer-to-peer protocol requesting the missing message-thread content, and receiving the missing message-thread content via the peer-to-peer protocol. The message client may include a peer-to-peer communication protocol manager for handling the peer-to-peer protocol.

Abstract: A shared networked storage may be separated from a key vault system. A storage request with data to be stored and the storage request with a confidentiality rating may be received. The confidentiality rating may indicate a level of confidentiality the data is associated with. The storage request with the data and the confidentiality rating may be received via a shared networked storage access interface by a security layer. The data to be stored by the key vault system and the confidentiality rating may be encrypted on request of the security layer and into a data container. The shared networked storage may be categorized into Cloud zones. Each Cloud zone may be assigned a trust level. The data container may be stored in one of the Cloud zones of the shared networked storage. The trust level of the one of the Cloud zones may correspond to the confidentiality rating.

Abstract: According to one embodiment, a method for message-thread management with a messaging client is provided. The method may include receiving a message-thread containing a signature and a body, with the signature including a composite identifier which may include a thread identifier, a tangent identifier, a sender identifier, a depth-level identifier, and a unique message identifier, determining that message-thread content is missing from the message-thread, sending a broadcast message using a peer-to-peer protocol requesting the missing message-thread content, and receiving the missing message-thread content via the peer-to-peer protocol. The message client may include a peer-to-peer communication protocol manager for handling the peer-to-peer protocol.

Abstract: A shared networked storage may be separated from a key vault system. A storage request with data to be stored and the storage request with a confidentiality rating may be received. The confidentiality rating may indicate a level of confidentiality the data is associated with. The storage request with the data and the confidentiality rating may be received via a shared networked storage access interface by a security layer. The data to be stored by the key vault system and the confidentiality rating may be encrypted on request of the security layer and into a data container. The shared networked storage may be categorized into Cloud zones. Each Cloud zone may be assigned a trust level. The data container may be stored in one of the Cloud zones of the shared networked storage. The trust level of the one of the Cloud zones may correspond to the confidentiality rating.

Abstract: According to one exemplary embodiment, a method for obfuscating a traffic pattern associated with a plurality of network traffic within a tunnel connection is provided. The method may include detecting the tunnel connection. The method may also include analyzing a connection environment associated with the detected tunnel connection. The method may then include determining a packet handling technique based on the analyzed connection environment, whereby the packet handling technique provides a way for creating a noise packet that will be discarded by a network stack at a target node or before the target node. The method may include determining a noise strategy based on the determined packet handling technique. The method may also include sending a plurality of noise packets into the tunnel connection based on the determined noise strategy to obfuscate the traffic pattern.

Abstract: Embodiments are directed to a sender side of a network communication, being sent from a sender to a destination over a network path, expressing certain conditions and actions in a form of a script and encoding the script into network packets, thus enabling routing decisions to be made. Routing devices along the network path are equipped with an execution environment and an application program interface (API) to allow the script to execute and intervene (i.e., “talk” with the routing device) in the routing process. Embodiments provided herein may be implemented to coexist with other existing routing protocols or may completely replace other existing routing protocols.

Abstract: A processor attracts and harvests spam messages. The processor simulates a message relay server. The processor receives one or more messages for the message relay server. The processor relays a message that is included in the one or more messages based on a determination that a pattern of the message matches a first identification pattern for probe messages. The processor captures a second message that originated from an IP address of the relayed probe message. The processor processes the one or more messages and the second message to generate an identification pattern that identifies potential spam messages.

Abstract: According to one exemplary embodiment, a method for obfuscating a traffic pattern associated with a plurality of network traffic within a tunnel connection is provided. The method may include detecting the tunnel connection. The method may also include analyzing a connection environment associated with the detected tunnel connection. The method may then include determining a packet handling technique based on the analyzed connection environment, whereby the packet handling technique provides a way for creating a noise packet that will be discarded by a network stack at a target node or before the target node. The method may include determining a noise strategy based on the determined packet handling technique. The method may also include sending a plurality of noise packets into the tunnel connection based on the determined noise strategy to obfuscate the traffic pattern.

Abstract: Methods, systems, and computer program products for encrypting photograph metadata are provided. An image file is received. The image file includes digital image data and a plurality of data fields. A first data field of the plurality of data fields includes a first metadata. A rule set for modifying the first metadata is received. In response to determining that at least one rule of the rule set corresponds to the first metadata, the first metadata is encrypted based to create a second metadata. The second metadata is stored in the image file.

Abstract: Embodiments of the present invention provide systems, methods, and computer program products for processing responses from services (e.g., content providers) and managing content tailoring by services and/or recommender systems used by those services. Embodiments of the present invention can afford users with the ability to control the diversity of content in responses provided by services based one or more detected themes of the responses. Furthermore, embodiments of the present invention may be used to provide users with enriched responses from services, without needing cooperation of those services.

Abstract: A computer-implemented method according to one embodiment includes identifying a photograph taken utilizing a mobile device, analyzing a plurality of privacy factors associated with the photograph, and performing one or more security actions, based on the analyzing, including determining and presenting to a user of the mobile device a plurality of security options.

Abstract: Methods, computer program products, and systems are presented. The methods include, for instance: obtaining passenger information of one or more passenger traveling within a transportation network; and providing one or more output based on a processing of the passenger information.

Abstract: Methods, computer program products, and systems are presented. The methods include, for instance: obtaining passenger information of one or more passenger traveling within a transportation network; and providing one or more output based on a processing of the passenger information.

Abstract: A method for secure data storage in a cloud storage infrastructure comprises providing a set of first upload files to be stored in the cloud storage infrastructure, providing a set of first random noise files, splitting each file of the two sets into a group of fragments, recombining the fragments by randomly intermixing fragments from different groups thus generating a set of second upload files, encrypting each second upload file with a first encryption key and storing each first encryption key in a secure storage location, storing reconstruction information about the set of first upload files, the splitting, the recombining and the first encryption keys in the secure storage location, uploading each second upload file to a respective temporary cloud storage location, repeatedly moving each uploaded second upload file to a new temporary cloud storage location in predetermined intervals of time.