Abstract: The example embodiments are directed to a system and method for managing blockchain transaction processing. In an example, the method includes one or more of receiving a message transmitted from a client device, the message including a predefined structural format for processing by a service providing computing system, determining a type of the message and detecting one or more sensitive fields within the message based on the determined type of the message, anonymizing values of the one or more sensitive fields within the message while leaving the predefined structural format intact, and transmitting the anonymized message including the one or more anonymized values with the predefined structural format remaining intact to the service providing computing system. The system can anonymize data from a private network before it is transmitted to a public service.

Abstract: A method, system and computer-usable medium for performing an adaptive security operation comprising: performing an authentication operation via a first device, the authentication operation analyzing an obligation performed by a first user; establishing access to a protected resource by the first device based upon the obligation performed by the first user; generating an attribute list comprising at least one attribute of the first device; analyzing a second device to determine whether the second device comprises an attribute corresponding to the at least one attribute of the first device; and, allowing access to the protected resource by the second device when the second device comprises the attribute corresponding to the at least one attribute of the first device.

Abstract: The example embodiments are directed to a system and method for managing blockchain transaction processing. In an example, the method includes one or more of receiving a message transmitted from a client device, the message including a predefined structural format for processing by a service providing computing system, determining a type of the message and detecting one or more sensitive fields within the message based on the determined type of the message, anonymizing values of the one or more sensitive fields within the message while leaving the predefined structural format intact, and transmitting the anonymized message including the one or more anonymized values with the predefined structural format remaining intact to the service providing computing system. The system can anonymize data from a private network before it is transmitted to a public service.

Abstract: According to a non-limiting embodiment, a multiple identity resolution system includes an IDaaS integrated with a PaaS. The IDaaS is integrated with a cloud-based network, and an application module installed in the cloud-based network. The application module is configured to deliver content to at least one electronic device. The multiple identity resolution system further includes a service module in signal communication with the application module. The service module is configured to identify a physical user operating the at least one electronic device based on at least one user authentication credential received by the at least one electronic user device and at least one device attribute of the at least one electronic device.

Abstract: The example embodiments are directed to a system and method for managing blockchain transaction processing. In an example, the method includes one or more of receiving a message transmitted from a client device, the message including a predefined structural format for processing by a service providing computing system, determining a type of the message and detecting one or more sensitive fields within the message based on the determined type of the message, anonymizing values of the one or more sensitive fields within the message while leaving the predefined structural format intact, and transmitting the anonymized message including the one or more anonymized values with the predefined structural format remaining intact to the service providing computing system. The system can anonymize data from a private network before it is transmitted to a public service.

Abstract: The example embodiments are directed to a system and method for managing blockchain transaction processing. In an example, the method includes one or more of receiving a message transmitted from a client device, the message including a predefined structural format for processing by a service providing computing system, determining a type of the message and detecting one or more sensitive fields within the message based on the determined type of the message, anonymizing values of the one or more sensitive fields within the message while leaving the predefined structural format intact, and transmitting the anonymized message including the one or more anonymized values with the predefined structural format remaining intact to the service providing computing system. The system can anonymize data from a private network before it is transmitted to a public service.

Abstract: The example embodiments are directed to a system and method for managing blockchain transaction processing. In an example, the method includes one or more of receiving a message transmitted from a client device, the message including a predefined structural format for processing by a service providing computing system, determining a type of the message and detecting one or more sensitive fields within the message based on the determined type of the message, anonymizing values of the one or more sensitive fields within the message while leaving the predefined structural format intact, and transmitting the anonymized message including the one or more anonymized values with the predefined structural format remaining intact to the service providing computing system. The system can anonymize data from a private network before it is transmitted to a public service.

Abstract: The example embodiments are directed to a system and method for managing blockchain transaction processing. In an example, the method includes one or more of receiving a message transmitted from a client device, the message including a predefined structural format for processing by a service providing computing system, determining a type of the message and detecting one or more sensitive fields within the message based on the determined type of the message, anonymizing values of the one or more sensitive fields within the message while leaving the predefined structural format intact, and transmitting the anonymized message including the one or more anonymized values with the predefined structural format remaining intact to the service providing computing system. The system can anonymize data from a private network before it is transmitted to a public service.

Abstract: An enterprise server is provisioned with an authentication response language, where the authentication response language allows the enterprise server to issue instructions for authentication steps to an enterprise client, which enables the enterprise client to execute a set of instructions for navigating an authentication sequence. The set of instructions installed into and served by the enterprise server varies depending on a protocol inherently used by the authentication topology. The enterprise client, when accessing a protected resource, and not already authenticated, receives a set of authentication instructions from the enterprise server formulated in the authentication response language. The client starts to interpret the provided authentication instructions, but controls the presentation layer and interface of any user interactions. The client follows the sequence by sending requests and receiving responses from one or more servers in the topology until the sequence is complete.

Abstract: An enterprise server is provisioned with an authentication response language, where the authentication response language allows the enterprise server to issue instructions for authentication steps to an enterprise client, which enables the enterprise client to execute a set of instructions for navigating an authentication sequence. The set of instructions installed into and served by the enterprise server varies depending on a protocol inherently used by the authentication topology. The enterprise client, when accessing a protected resource, and not already authenticated, receives a set of authentication instructions from the enterprise server formulated in the authentication response language. The client starts to interpret the provided authentication instructions, but controls the presentation layer and interface of any user interactions. The client follows the sequence by sending requests and receiving responses from one or more servers in the topology until the sequence is complete.

Abstract: According to a non-limiting embodiment, a multiple identity crisis resolution system includes an IDaaS integrated with a PaaS. The IDaaS is integrated with a cloud-based network, and an application module installed in the cloud-based network. The application module is configured to deliver content to at least one electronic device. The multiple identity crisis resolution system further includes a service module in signal communication with the application module. The service module is configured to identify a physical user operating the at least one electronic device based on at least one user authentication credential received by the at least one electronic user device and at least one device attribute of the at least one electronic device.

Abstract: A computer receives a request for protected user data with an access token presented by a client as authorization for the client to access the protected user data in a delegated environment. The computer parses the request to create a device fingerprint identifying the device submitting the request for the client. The computer compares the device fingerprint of the request to a previously stored device fingerprint of an authorized device associated with the access token. The computer automatically determines whether to identify the access token as potentially misappropriated based on the comparison of the device fingerprint of the request to the previously stored device fingerprint.

Abstract: A method, system and computer-usable medium for performing an adaptive security operation comprising: performing an authentication operation via a first device, the authentication operation analyzing an obligation performed by a first user; establishing access to a protected resource by the first device based upon the obligation performed by the first user; generating an attribute list comprising at least one attribute of the first device; analyzing a second device to determine whether the second device comprises an attribute corresponding to the at least one attribute of the first device; and, allowing access to the protected resource by the second device when the second device comprises the attribute corresponding to the at least one attribute of the first device.

Abstract: Authentication of users is based at least in part on a comparison of environmental signals of a present location with environmental signals identified earlier for the present location. Verification of the user location supports authentication where a conventional user logon actions are insufficient.

Abstract: Authentication of users is based at least in part on a comparison of environmental signals of a present location with environmental signals identified earlier for the present location. Verification of the user location supports authentication where a conventional user logon actions are insufficient.

Abstract: An aspect of recovery from rolling security token loss includes storing, in a memory device accessible by a server computer, a token pair (B) transmitted to a client device. The token pair (B) includes an access token (a2) and a refresh token (r2) and is generated as part of a refresh operation. An aspect also includes storing, in the memory device, a refresh token (r1) that was generated by the server computer before generation of the token pair B. The refresh token (r1) and the refresh token (r2) are each tagged as a valid refresh token. An aspect further includes receiving, at the server computer, a request to access a network resource that includes the access token (a2), invalidating the refresh token (r1), and providing the client device with access to the network resource.

Abstract: An aspect of recovery from rolling security token loss includes storing, in a memory device accessible by a server computer, a token pair (B) transmitted to a client device. The token pair (B) includes an access token (a2) and a refresh token (r2) and is generated as part of a refresh operation. An aspect also includes storing, in the memory device, a refresh token (r1) that was generated by the server computer before generation of the token pair B. The refresh token (r1) and the refresh token (r2) are each tagged as a valid refresh token. An aspect further includes receiving, at the server computer, a request to access a network resource that includes the access token (a2), invalidating the refresh token (r1), and providing the client device with access to the network resource.

Abstract: An aspect of recovery from rolling security token loss includes storing, in a memory device accessible by a server computer, a token pair (B) transmitted to a client device. The token pair (B) includes an access token (a2) and a refresh token (r2) and is generated as part of a refresh operation. An aspect also includes storing, in the memory device, a refresh token (r1) that was generated by the server computer before generation of the token pair B. The refresh token (r1) and the refresh token (r2) are each tagged as a valid refresh token. An aspect further includes receiving, at the server computer, a request to access a network resource that includes the access token (a2), invalidating the refresh token (r1), and providing the client device with access to the network resource.

Abstract: An aspect of recovery from rolling security token loss includes storing, in a memory device accessible by a server computer, a token pair (B) transmitted to a client device. The token pair (B) includes an access token (a2) and a refresh token (r2) and is generated as part of a refresh operation. An aspect also includes storing, in the memory device, a refresh token (r1) that was generated by the server computer before generation of the token pair B. The refresh token (r1) and the refresh token (r2) are each tagged as a valid refresh token. An aspect further includes receiving, at the server computer, a request to access a network resource that includes the access token (a2), invalidating the refresh token (r1), and providing the client device with access to the network resource.

Abstract: A computer receives a request for protected user data with an access token presented by a client as authorization for the client to access the protected user data in a delegated environment. The computer parses the request to create a device fingerprint identifying the device submitting the request for the client. The computer compares the device fingerprint of the request to a previously stored device fingerprint of an authorized device associated with the access token. The computer automatically determines whether to identify the access token as potentially misappropriated based on the comparison of the device fingerprint of the request to the previously stored device fingerprint.