Abstract: Methods, systems, and computer-readable media for reviewing inputted commands and preventing the execution of accidentally or maliciously entered adverse commands are disclosed. These commands may be operating system commands, resource commands, device commands, application commands, and so on. Some aspects of the disclosure provide ways to split entry and/or approval of commands prior to their execution. In some aspects, execution of the command may be undone or reversed if the command is not successfully validated. Commands may be encapsulated in a control wrapper to identify commands subject to split approval or co-entry process, and criteria regarding the commands or the user(s) entering the commands may be used to determine whether co-entry or split approval and/or post-execution validation is required. Indications of approval or denial of a command may be transmitted to other computing devices to reduce or eliminate malicious or accidental activity.

Abstract: A multi-tier platform provides additional security at a perimeter of a computer system, where an intermediate layer interacts with a web layer and controls data presentation to the web layer. When the intermediate layer receives a data request for dynamic data from the web layer, the intermediate layer obtains source data from the registered source and may remove a specified portion from the source data to obtain the dynamic data before returning it to the web layer. When requested data comprises static data, the intermediate layer accesses the static data from storage maintained at the intermediate layer. The intermediate layer obtains the static data by the registered source previously publishing source data and the intermediate layer removing a specified portion from it. Source data may assume different forms including a webpage of an external service provider with embedded third-party information being removed by the intermediate layer before presenting it.

Abstract: A multi-tier platform supports a messaging platform. An intermediate layer interacts with a web layer and registered sources of data components, where a registered source may be an application executing on the computer system or an external source of an external service provider. A data request is received at the web layer and is passed to the intermediate layer for requested data, which may comprise one or more data components. The intermediate layer determines the authoritative source for a data component and whether the data component comprises static or dynamic data. If data component comprises dynamic data, the intermediate layer functions as a messaging platform by generating a message to the registered source to access the dynamic data. If the data component comprises static data, the intermediate layer accesses the static data stored at the intermediate layer. The intermediate layer then returns the requested data via the web layer.

Abstract: Systems for the automated capture of forensic data information are presented. An example system may receive an access/modification request directed to a data item(s), generate an initial data capture record for the data item(s), and send the record to an isolated, secure data preservation module before granting the request. After the access/modification, the system may generate a post-access data capture record and send it to the preservation module. The system may determine the content of the generated records, based on, e.g., content of the data item(s), before generation. For example, the system may determine a first content type for records where data item(s) include critical data, and a second content type for records that do not, to, e.g., efficiently allocate system resources while minimizing any disruption to an accessing user. The system may also utilize different encryption and decryption key techniques based on, e.g., the content of the data item(s).

Abstract: Methods, systems, and computer-readable media for reviewing inputted commands and preventing the execution of accidentally or maliciously entered adverse commands are disclosed. These commands may be operating system commands, resource commands, device commands, application commands, and so on. Some aspects of the disclosure provide ways to approve commands prior to their execution, or validate commands subsequent to their execution. In some aspects, execution of the command may be undone or reversed if the command is not successfully validated. Commands may be encapsulated in a control wrapper to identify commands subject to pre-execution approval process and/or the post-execution validation, and criteria regarding the commands or the user entering the commands may be used to determine whether pre-execution approval and/or post-execution validation is required. Indications of approval or denial of a command may be transmitted to other computing devices to reduce or eliminate malicious or accidental activity.

Abstract: A computing system may receive physical-storage-media identifiers stored on physical storage media approved for use by an organization. The computing system may generate, for each of the physical storage media, a log entry comprising a physical-storage-media identifier, of the physical-storage-media identifiers, stored on the physical storage medium. The computing system may receive, from a computing device, a request to write secure data to a physical storage medium.

Abstract: Aspects of the disclosure relate to ensuring information security in data transfers by utilizing decoy data. A computing platform may receive, from a data source computing device, a source data collection for a secure physical-storage-media data transfer and may identify one or more transmission parameters associated with the secure physical-storage-media data transfer. Subsequently, the computing platform may generate decoy data and may produce a secure dataset for the secure physical-storage-media data transfer by combining the decoy data with the source data collection received from the data source computing device. Then, the computing platform may encrypt the secure dataset based on the one or more transmission parameters to produce an encrypted dataset for the secure physical-storage-media data transfer.

Abstract: Aspects of the disclosure relate to ensuring information security in data transfers by dividing and encrypting data blocks. A computing platform may receive, from a data source computing device, a source data collection for a secure physical-storage-media data transfer and may identify one or more transmission parameters associated with the secure physical-storage-media data transfer. Subsequently, the computing platform may divide the source data collection into two or more data blocks and may separately encrypt the two or more data blocks based on the one or more transmission parameters to produce two or more encrypted data blocks for the secure physical-storage-media data transfer. Then, the computing platform may store the two or more encrypted data blocks on two or more physical media, and each encrypted data block of the two or more encrypted data blocks may be stored on a different physical medium of the two or more physical media.

Abstract: The present invention relates to verification of the contents of a data file prior to external recipient communication. Specifically, the invention provides for a data file registration repository that registers information associated with data files. In specific embodiments, data registration occurs automatically be capturing the file header metadata. Prior to communicating the file to an external recipient, the payload of the data file is interrogated to determine actual content and the actual content is compared to the registered information to insure that the data being communicated is the same as what the data file is purported to contain (i.e., matches the registered information). Other verifications, such as date type authorization, recipient authorization and the like may also occur in conjunction with the content verification. If the verification(s) is successful, the data is authorized to be placed in the data channel for communication to the external recipient.

Abstract: A centralized controller may include at least one processor, a memory and a communication interface. The centralized controller may configure a computing system in a single deployment of an executable process. The executable process may include multiple executable instances associated with one of multiple different templates for the executable process. Each template may include multiple user-configurable parameters. A user may request a template associated with a first executable instance and update the template using the user-configurable parameters. The centralized controller may generate a second executable instance of the executable process and a second template associated with the second executable instance based on the updated template. The centralized controller may reconfigure the computing system based on the second executable instance of the executable process while maintaining the configuration of the computing system based on the first executable instance.

Abstract: A centralized controller may include at least one processor, a memory and a communication interface. The centralized controller may configure a computing system in a single deployment of an executable process. The executable process may include multiple executable instances associated with one of multiple different templates for the executable process. Each template may include multiple user-configurable parameters. A user may request a template associated with a first executable instance and update the template using the user-configurable parameters. The centralized controller may generate a second executable instance of the executable process and a second template associated with the second executable instance based on the updated template. The centralized controller may reconfigure the computing system based on the second executable instance of the executable process while maintaining the configuration of the computing system based on the first executable instance.

Abstract: A computing system for redacting and/or tokenizing non-public information of electronic documents stored in a database may include a data redaction computing device and/or a data tokenization computing device, a first database storing a plurality of electronic documents, and a second database storing computer executable instructions for analyzing information associated with the plurality of electronic documents stored in the first database. The computer executable instructions may cause the data redaction/tokenization computing device to identify non-public information in one or more of the plurality of electronic documents and/or at least one of a document type, a source of the electronic document, and a destination to which the electronic document is to be communicated.

Abstract: A centralized controller may include at least one processor, a memory and a communication interface. The centralized controller may configure a computing system in a single deployment of an executable process. The executable process may include multiple executable instances associated with one of multiple different templates for the executable process. Each template may include multiple user-configurable parameters. A user may request a template associated with a first executable instance and update the template using the user-configurable parameters. The centralized controller may generate a second executable instance of the executable process and a second template associated with the second executable instance based on the updated template. The centralized controller may reconfigure the computing system based on the second executable instance of the executable process while maintaining the configuration of the computing system based on the first executable instance.

Abstract: A technology-agnostic and protocol-agnostic system for transferring data between an enterprise, such as a financial institution or the like and external entities, such as commercial banking customers and the like. The embodiments described provide the user with a data transfer solution that is compatible with all major operating systems, supports mobile platforms and allows for local data transfer, as well as, data transfer from cloud services and cloud connection services. The comprehensive nature of the application provides for applicable data transfer amongst all of the different services provided by the enterprise and provides the user/external entity with a streamlined means for transferring data to and from the enterprise. The application minimizes external entity involvement from an Information Technology (IT) standpoint, such that any user can efficiently, effectively and reliably transfer data to and from an enterprise with minimal risk and high confidence.

Abstract: The present invention provides for managing and controlling data file transfer exchange to and from file hosting services, such as cloud-based file hosting services. Specifically, the present invention control what data files are authorized for uploading to the file hosting service and downloading from the file hosting service, as well as, controlling the access to such files after uploading or downloading the data file.

Abstract: Embodiments for tracking multi-layer secured transactions include systems for providing a dedicated secure transaction channel to a user and sending pre-authorization code to the user via the transaction channel. The systems allow the user to encrypt transaction data and receive the encrypted transaction data from the user via the transaction channel. The systems further unlock the encrypted data and match the sent pre-authorization code to the received pre-authorization code. The systems send a post verification notification to the user comprising the one or more transactions via the transaction channel and receive a post verification confirmation from user in response to the post verification notification.

Abstract: An electronic file management system may include an electronic file data repository and a file analysis engine that may include a processor and a non-transitory memory device. The non-transitory memory device may store computer executable instructions that, when executed by the processor, cause the file analysis engine to analyze an electronic file to identify a file identifier and determine whether a matching file has previously been saved in a data repository. If a matching file was found by the file analysis engine, a link to the previously saved file may be saved to the data repository and if not, the electronic file itself may be saved to the data repository. The file analysis engine and/or a permissions engine may analyze file itself and/or the contents of the electronic file to determine one or more permissions levels associated with the electronic file and save the file according to the permissions levels.

Abstract: A multi-tier platform provides additional security at a perimeter of a computer system, where an intermediate layer interacts with a web layer and controls data presentation to the web layer. When the intermediate layer receives a data request for dynamic data from the web layer, the intermediate layer obtains source data from the registered source and may remove a specified portion from the source data to obtain the dynamic data before returning it to the web layer. When requested data comprises static data, the intermediate layer accesses the static data from storage maintained at the intermediate layer. The intermediate layer obtains the static data by the registered source previously publishing source data and the intermediate layer removing a specified portion from it. Source data may assume different forms including a webpage of an external service provider with embedded third-party information being removed by the intermediate layer before presenting it.

Abstract: A multi-tier platform provides security at a perimeter of a computer system, where an intermediate layer interacts between a web layer and an application layer. A data request that is associated with a data set is received at the web layer and passed to the intermediate layer. The intermediate layer determines the authoritative source for the data set and whether the data set has a static or dynamic value. If the value is static, the intermediate layer accesses the value stored at the intermediate layer. However, if the value is dynamic, the intermediate layer queries the source registered to the data set, obtains the value from the authoritative source, and returns the dynamic value via the web layer, where the registered source may be internal or external to the computer system. Consequently, the intermediate layer may function as an aggregate layer that supports both database and messaging services.

Abstract: A multi-tier platform supports a messaging platform. An intermediate layer interacts with a web layer and registered sources of data components, where a registered source may be an application executing on the computer system or an external source of an external service provider. A data request is received at the web layer and is passed to the intermediate layer for requested data, which may comprise one or more data components. The intermediate layer determines the authoritative source for a data component and whether the data component comprises static or dynamic data. If data component comprises dynamic data, the intermediate layer functions as a messaging platform by generating a message to the registered source to access the dynamic data. If the data component comprises static data, the intermediate layer accesses the static data stored at the intermediate layer. The intermediate layer then returns the requested data via the web layer.