Abstract: Embodiments for tracking multi-layer secured transactions include systems for providing a dedicated secure transaction channel to a user and sending pre-authorization code to the user via the transaction channel. The systems allow the user to encrypt transaction data and receive the encrypted transaction data from the user via the transaction channel. The systems further unlock the encrypted data and match the sent pre-authorization code to the received pre-authorization code. The systems send a post verification notification to the user comprising the one or more transactions via the transaction channel and receive a post verification confirmation from user in response to the post verification notification.

Abstract: Systems are provided for using a message spinning engine to create and/or manage messaging queues in a distributed network using virtualized servers. An abstraction layer formed by virtualized servers may enable the message spinning engine to seamlessly transition messaging queues while minimizing the likelihood of exceeding the parameters of existing service level agreements. The message spinning engine may include a service mapping module to maintain mappings between source business applications and virtualized servers, a product bridge to implement message encapsulation for communication between different messaging queue products, and a messaging queue monitoring console to analyze performance and capacity of physical services and messaging services and accordingly adjust levels of service for source business applications.

Abstract: Systems are provided for using a message spinning engine to create and/or manage messaging queues in a distributed network using virtualized servers. An abstraction layer formed by virtualized servers may enable the message spinning engine to seamlessly transition messaging queues while minimizing the likelihood of exceeding the parameters of existing service level agreements. The message spinning engine may include a service mapping module to maintain mappings between source business applications and virtualized servers, a product bridge to implement message encapsulation for communication between different messaging queue products, and a messaging queue monitoring console to analyze performance and capacity of physical services and messaging services and accordingly adjust levels of service for source business applications.

Abstract: A computing system for redacting and/or tokenizing non-public information of electronic documents stored in a database may include a data redaction computing device and/or a data tokenization computing device, a first database storing a plurality of electronic documents, and a second database storing computer executable instructions for analyzing information associated with the plurality of electronic documents stored in the first database. The computer executable instructions may cause the data redaction/tokenization computing device to identify non-public information in one or more of the plurality of electronic documents and/or at least one of a document type, a source of the electronic document, and a destination to which the electronic document is to be communicated.

Abstract: A computing system for redacting and/or tokenizing non-public information of electronic documents stored in a database may include a data redaction computing device and/or a data tokenization computing device, a first database storing a plurality of electronic documents, and a second database storing computer executable instructions for analyzing information associated with the plurality of electronic documents stored in the first database. The computer executable instructions may cause the data redaction/tokenization computing device to identify non-public information in one or more of the plurality of electronic documents and/or at least one of a document type, a source of the electronic document, and a destination to which the electronic document is to be communicated.

Abstract: Systems for the automated capture of forensic data information are presented. An example system may receive an access/modification request directed to a data item(s), generate an initial data capture record for the data item(s), and send the record to an isolated, secure data preservation module before granting the request. After the access/modification, the system may generate a post-access data capture record and send it to the preservation module. The system may determine the content of the generated records, based on, e.g., content of the data item(s), before generation. For example, the system may determine a first content type for records where data item(s) include critical data, and a second content type for records that do not, to, e.g., efficiently allocate system resources while minimizing any disruption to an accessing user. The system may also utilize different encryption and decryption key techniques based on, e.g., the content of the data item(s).

Abstract: Embodiments for preventing data loss in a business environment are provided. In some embodiments, a secure endpoint file export application assigns users to different classes having different permissions for accessing and writing data. In an embodiment, the system and method are configured to identify a plurality of users in a business environment; classify the plurality of users according to business needs; assign the users to one of at least two classes based on the classification; determine that the first user is permitted to access the data; transmit the secure file to a second user who is permitted to write the data in the secure file to removable media; write the data in the secure file to the removable media; and track a location of the removable media.

Abstract: Embodiments for preventing data loss in a business environment are provided. In some embodiments, a secure endpoint file export application assigns users to different classes having different permissions for accessing and writing data. In an embodiment, the system and method are configured to identify a plurality of users in a business environment; classify the plurality of users according to business needs; assign the users to one of at least two classes based on the classification; determine that the first user is permitted to access the data; transmit the secure file to a second user who is permitted to write the data in the secure file to removable media; write the data in the secure file to the removable media; and track a location of the removable media.

Abstract: A platform for providing authorization of electronic communication of secure data to external entities, e.g., vendors, third parties or the like based on an assessment of the data risk associated with communicating the data to the external entity. The secure data that is to be communicated, in the form of specific data items, are identified as well as the associated security standards. The external identity is assessed to ensure their capabilities to properly meet the enterprise/sender's information security, business privacy and continuity standards, along with applicable industry standards. Based on the results of the assessment, remediation action may be required to address critical vulnerabilities or recommendations may be presented to a decision-making entity to grant authorization to electronically communicate the data in question to the external entity. In response to granting authorization, secure communication channels are allocated and established to allow for communication of the data.

Abstract: A centralized controller may include at least one processor, a memory and a communication interface. The centralized controller may configure a computing system in a single deployment of an executable process. The executable process may include multiple executable instances associated with one of multiple different templates for the executable process. Each template may include multiple user-configurable parameters. A user may request a template associated with a first executable instance and update the template using the user-configurable parameters. The centralized controller may generate a second executable instance of the executable process and a second template associated with the second executable instance based on the updated template. The centralized controller may reconfigure the computing system based on the second executable instance of the executable process while maintaining the configuration of the computing system based on the first executable instance.

Abstract: Embodiments for tracking multi-layer secured transactions include systems for providing a dedicated secure transaction channel to a user and sending pre-authorization code to the user via the transaction channel. The systems allow the user to encrypt transaction data and receive the encrypted transaction data from the user via the transaction channel. The systems further unlock the encrypted data and match the sent pre-authorization code to the received pre-authorization code. The systems send a post verification notification to the user comprising the one or more transactions via the transaction channel and receive a post verification confirmation from user in response to the post verification notification.

Abstract: Methods, systems, and computer-readable media for reviewing inputted commands and preventing the execution of accidentally or maliciously entered adverse commands are disclosed. These commands may be operating system commands, resource commands, device commands, application commands, and so on. Some aspects of the disclosure provide ways to approve commands prior to their execution, or validate commands subsequent to their execution. In some aspects, execution of the command may be undone or reversed if the command is not successfully validated. Commands may be encapsulated in a control wrapper to identify commands subject to pre-execution approval process and/or the post-execution validation, and criteria regarding the commands or the user entering the commands may be used to determine whether pre-execution approval and/or post-execution validation is required. Indications of approval or denial of a command may be transmitted to other computing devices to reduce or eliminate malicious or accidental activity.

Abstract: Methods, systems, and computer-readable media for reviewing inputted commands and preventing the execution of accidentally or maliciously entered adverse commands are disclosed. These commands may be operating system commands, resource commands, device commands, application commands, and so on. Some aspects of the disclosure provide ways to split entry and/or approval of commands prior to their execution. In some aspects, execution of the command may be undone or reversed if the command is not successfully validated. Commands may be encapsulated in a control wrapper to identify commands subject to split approval or co-entry process, and criteria regarding the commands or the user(s) entering the commands may be used to determine whether co-entry or split approval and/or post-execution validation is required. Indications of approval or denial of a command may be transmitted to other computing devices to reduce or eliminate malicious or accidental activity.

Abstract: A centralized controller may include at least one processor, a memory and a communication interface. The centralized controller may configure a computing system in a single deployment of an executable process. The executable process may include multiple executable instances associated with one of multiple different templates for the executable process. Each template may include multiple user-configurable parameters. A user may request a template associated with a first executable instance and update the template using the user-configurable parameters. The centralized controller may generate a second executable instance of the executable process and a second template associated with the second executable instance based on the updated template. The centralized controller may reconfigure the computing system based on the second executable instance of the executable process while maintaining the configuration of the computing system based on the first executable instance.

Abstract: A centralized workflow management system is described that provides for the ability to manage workflows existing throughout a large enterprise regardless of the format of the workflow platform/system providing the workflows. The system and other embodiments provide for workflow extensibility, such that changes to existing workflows and/or addition of new workflows result in automatic adaption to all downstream and upstream workflows that are affected by the change or addition.

Abstract: The present invention relates to verification of the contents of a data file prior to external recipient communication. Specifically, the invention provides for a data file registration repository that registers information associated with data files. In specific embodiments, data registration occurs automatically be capturing the file header metadata. Prior to communicating the file to an external recipient, the payload of the data file is interrogated to determine actual content and the actual content is compared to the registered information to insure that the data being communicated is the same as what the data file is purported to contain (i.e., matches the registered information). Other verifications, such as date type authorization, recipient authorization and the like may also occur in conjunction with the content verification. If the verification(s) is successful, the data is authorized to be placed in the data channel for communication to the external recipient.

Abstract: A technology/operating system-agnostic and protocol-agnostic modular-based service delivery system that includes a management of enterprise-wide deployment of services and updates to services delivered by the modules of the system. Management includes determination and automatic implementation of an optimal schedule for service deployment, service version updates and service version roll-backs based on (i) predetermined lifecycle levels assigned to networked devices in the enterprise executing the service delivery application, and/or (ii) segments within the enterprise.

Abstract: Embodiments for preventing data loss and allowing selective data access are provided. In some embodiments, the system and method are configured to receive task protocols and registration requests; determine an allowed list based on the protocols or requests, the list comprising registered data and codes needed to execute a task; allow a user to establish a connection to a device to execute the task on the device; identify data being transferred to and from the device; compare the data being transferred and the allowable list; and determine that at least some of the data being transferred is allowable.

Abstract: Management over data movement/transfer is accomplished by employing a data transmission rating system that assigns a data transmission rating to each server in the enterprise-wide communication network and subsequently makes determinations as to whether a data connection can be established between two or more servers based on the assigned data transmission rating. The enterprise-wide servers may be assigned a primary data transmission rating based on the type of data that the server is authorized to exchange and, optionally, the servers are assigned a secondary data transmission rating, (or a tertiary rating and so on) based on the geographic/physical location of the server. In this regard, in order for a data connection to be established between the two or more servers, the primary rating, and in those embodiments that implement a secondary rating, a tertiary rating and so on, must be determined to be authorized for establishing a data connection.

Abstract: A technology/operating system-agnostic and protocol-agnostic modular-based service delivery system that includes a management of enterprise-wide deployment of services and updates to services delivered by the modules of the system. Management includes determination and automatic implementation of an optimal schedule for service deployment, service version updates and service version roll-backs based on (i) predetermined lifecycle levels assigned to networked devices in the enterprise executing the service delivery application, and/or (ii) segments within the enterprise.