Abstract: Described are techniques for encryption management such as a computer-implemented method including generating a data flow diagram for a computational system architecture, where the data flow diagram identifies discrete layers that interact with data in the computational system architecture. The method further includes determining discrete encryption processes occurring on same data in different layers of the data flow diagram. The method further includes eliminating, in at least one component of the computational system architecture, a redundant encryption process, where the redundant encryption process is configured to encrypt the same data as another one of the discrete encryption processes.

Abstract: A level of classification for each piece of data of one or more pieces of data is determined. A layer of encryption for each piece of data of the one or more pieces of data is determined. A type of encryption for each piece of data of the one or more pieces of data is determined. Other mechanisms applied to each piece of data of the one or more pieces of data is determined. A first constant for the layer of encryption, a second constant for the type of encryption, a third constant for the other mechanisms applied is determined. A risk factor for each piece of data of the one or more pieces of data is determined.

Abstract: A method, a computer program product, and a system for usage restrictions on digital certificates. The method includes selecting a digital certificate relating to a user and determining a usage restriction policy for the digital certificate based on the user. The method also includes populating an extension field of the digital certificate with the usage restriction policy. The method further includes providing the digital certificate including the usage restriction policy to the user. The method also includes gathering parameters relating to the digital certificate, determining usage patterns based on the parameters, inputting the usage patterns into a machine learning model, outputting a risk assessment, and updating the usage restriction policy based on the risk assessment.

Abstract: A first access attempt to perform a secure transaction is received, from a first user. The secure transaction is related to an authentication card that has a physical exterior. An authentication card profile related to the authentication card of the first user is retrieved based on the first access attempt. The authentication card profile describes a set of one or more degradation characteristics, each degradation characteristic of the set of degradation characteristics describes a degradation of the physical exterior of the authentication card. A validation status of the authentication card is determined. The determination is based on the first access attempt and on the set of degradation characteristics. A security response related to the first access attempt is performed in response to the validation status.

Abstract: An embodiment intercepts an authentication request being sent from a secure web service to a user device associated with a user. The embodiment transmits, responsive to the authentication request, a credential request to a credential storage, wherein the credential request includes a request for a credential associated with the user and the secure web service. The embodiment receives, responsive to the credential request, the credential associated with the user and the secure web service. The embodiment transmits, as a response to the authentication request, the credential associated with the user to the secure web service. The embodiment intercepts, responsive to successful validation of the credential by the secure web service, an authentication response from the secure web service, where the authentication response includes session data required for maintaining an authenticated session with the secure web service. The embodiment forwards the authentication response with the session data to the user device.

Abstract: A level of classification for each piece of data of one or more pieces of data is determined. A layer of encryption for each piece of data of the one or more pieces of data is determined. A type of encryption for each piece of data of the one or more pieces of data is determined. Other mechanisms applied to each piece of data of the one or more pieces of data is determined. A first constant for the layer of encryption, a second constant for the type of encryption, a third constant for the other mechanisms applied is determined. A risk factor for each piece of data of the one or more pieces of data is determined.

Abstract: A key management protocol (such as KMIP) is extended to provide an extended credential type that enables an initiating (first) client device to create a credential dynamically and that can then be selectively shared with and used by other (second) client devices. Using a dynamically-created credential of this type, the other (second) devices are able to fetch the same key configured by the initiating (first) device. In this manner, multiple devices are able to create and share one or more keys among themselves dynamically, and on as-needed basis without requiring a human administrator to create a credential for a device group in advance of its usage.

Abstract: A digital key management system for physical keys is provided. A processor registers a physical lock. A processor generates a digital key based on a physical key structure to be used with the physical lock. A processor configures the physical lock to decode an inserted physical key. A processor verifies the inserted physical key, in response to a digital key for the decoded physical key matching the generated digital key.

Abstract: A method, a computer program product, and a system for usage restrictions on digital certificates. The method includes selecting a digital certificate relating to a user and determining a usage restriction policy for the digital certificate based on the user. The method also includes populating an extension field of the digital certificate with the usage restriction policy. The method further includes providing the digital certificate including the usage restriction policy to the user. The method also includes gathering parameters relating to the digital certificate, determining usage patterns based on the parameters, inputting the usage patterns into a machine learning model, outputting a risk assessment, and updating the usage restriction policy based on the risk assessment.

Abstract: Embodiments of the present invention provide systems and methods for personalizing a navigation route. The method includes receiving a request from a user for a navigation route between two or more points. The method further includes accessing navigation data and services, creating a generic navigation route, accessing route history and related data for the user, creating a personalized navigation route for the user, and displaying the personalized navigation route.

Abstract: A computer-implemented method for generating a symmetric key for data encryption includes receiving a first request from an entity to generate a first symmetric key for data encryption. The computer-implemented method further includes retrieving a first secret data element and a second secret data element from one or more secret data servers. The computer-implemented method further includes dividing each of the first secret data element and the second secret data element into a number of secret data element byte strings. The computer-implemented method further includes generating the first symmetric key for data encryption based, at least in part, on combining a first secret data element byte string from the first secret data element and a second secret data element byte string from the second secret data element.

Abstract: Cryptographic key provisioning by determining future cryptographic key demand according to historic key demand and key access requirements, determining cryptographic key provisioning resources for the future cryptographic key demand, and providing cryptographic keys, prior to the determined future cryptographic key demand using the cryptographic key provisioning resources.

Abstract: The method, computer system, and computer program product for using a key management server to protect visible content. The method, computer program product, and computer system may include a key management server which may receive, from an encryption device, an identification of one or more portions of clear information visible on a physical document. The key management server may receive, from the encryption device, one or more permission parameters. The permission parameters may include a time duration parameter, a location parameter, a start and end time parameter, or a device identification parameter. Further, the key management server may receive, from a decryption device, a request to access a portion of the clear information. The key management server may transmit, to the decryption device, information permitting access to the portion of clear information.

Abstract: Cryptographic key provisioning by determining future cryptographic key demand according to historic key demand and key access requirements, determining cryptographic key provisioning resources for the future cryptographic key demand, and providing cryptographic keys, prior to the determined future cryptographic key demand using the cryptographic key provisioning resources.

Abstract: A digital key management system for physical keys is provided. A processor registers a physical lock. A processor generates a digital key based on a physical key structure to be used with the physical lock. A processor configures the physical lock to decode an inserted physical key. A processor verifies the inserted physical key, in response to a digital key for the decoded physical key matching the generated digital key.

Abstract: A key management protocol (such as KMIP) is extended to provide an extended credential type that enables an initiating (first) client device to create a credential dynamically and that can then be selectively shared with and used by other (second) client devices. Using a dynamically-created credential of this type, the other (second) devices are able to fetch the same key configured by the initiating (first) device. In this manner, multiple devices are able to create and share one or more keys among themselves dynamically, and on as-needed basis without requiring a human administrator to create a credential for a device group in advance of its usage.

Abstract: A service interface of an SSL application hosted on at least one computer system in a hosted network selecting at least one authorized cipher suite. An SSL socket of the SSL application negotiating with another SSL socket of another SSL application in the hosted network for a mutual cipher from among the at least one authorized cipher suite and a shared key to encrypt information exchanged during a secure session. Responsive to establishing a security connection between the SSL socket and the another SSL socket using the selected mutual cipher, the service interface sends to a centralized service an identifier of the selected mutual cipher. Responsive to the service interface receiving a revoked cipher alert from the centralized service, the service interface revokes one or more sessions of the SSL application using a revoked cipher in the revoked cipher alert matching the selected mutual cipher.

Abstract: The method, computer system, and computer program product for using a key management server to protect visible content. The method, computer program product, and computer system may include a key management server which may receive, from an encryption device, an identification of one or more portions of clear information visible on a physical document. The key management server may receive, from the encryption device, one or more permission parameters. The permission parameters may include a time duration parameter, a location parameter, a start and end time parameter, or a device identification parameter. Further, the key management server may receive, from a decryption device, a request to access a portion of the clear information. The key management server may transmit, to the decryption device, information permitting access to the portion of clear information.

Abstract: Utilizing multimedia content in a digital signature to facilitate authentication. A message requester public key is received from a message requester. A digital certificate is generated containing the message requester public key. Multimedia content identifying the message requester is retrieved. Multimedia content is inserted into the digital certificate. A message digest is generated from the digital certificate including the multimedia content. The message digest and included multimedia content is encrypted with a certificate authority private key to generate a digital signature. A certificate authority public key is retrieved. The digital certificate including the digital signature and certificate authority public key is transmitted to a message owner.

Abstract: Embodiments of the present invention provide systems and methods for personalizing a navigation route. The method includes receiving a request from a user for a navigation route between two or more points. The method further includes accessing navigation data and services, creating a generic navigation route, accessing route history and related data for the user, creating a personalized navigation route for the user, and displaying the personalized navigation route.