Systems, devices or methods provide for control of sensitive data in a computer system that includes at least one central server communicatively-coupled to a plurality of client computers. A particular method relates to the execution of software code on the at least one central server to monitor data communications of the plurality of client computers for sensitive data. A subset of the data communications is restricted when sensitive data is detected. Configuration data is provided to each of the plurality of client computers. Software code is executed on each of the plurality of client computers to detect accesses to sensitive data by one or more applications running on a client computer. Actions of the one or more applications running on a client computer are monitored to determine whether or not a trigger event has occurred. In response to determining that the trigger event has occurred, a notification is sent.

A set of raw data relating to activity of one or more users in accordance with a communication network is obtained. The communication network is managed by a network operator. The obtained set of raw data is processed in accordance with at least one data isolation policy maintained by the network operator to generate a first set of data comprising at least a portion of the set of raw data with sensitive data associated with the one or more users removed; a second set of data comprising the sensitive data removed from the set of raw data; and a third set of data comprising a mapping between portions of the set of raw data and the first set of data. The first set of data is exposed to a third party, while the second set of data and the third set of data are isolated from the third party.

Tools, strategies, and techniques are provided for evaluating the identities of different entities to protect individual consumers, business enterprises, and other organizations from identity theft and fraud. Risks associated with various entities can be analyzed and assessed based on analysis of social network data, professional network data, or other networking connections, among other data sources. In various embodiments, the risk assessment may include calculating an authenticity score based on the collected network data.

A processor of a medical device configured to communicate with a remote server can be programmed to protect the medical device from exposure to unauthorized or malicious software. A system or method to implement this form of protection can include, for example, at least one processor on the medical device, a control software module that controls the operation of the medical device and is executable on the processor, a data management module that manages data flow to and from the control software module from sources external to the medical device, and an agent module that has access to a limited number of designated memory locations in the medical device. In addition, a hemodialysis apparatus can be configured to operate in conjunction with an apparatus for providing purified water from a source such as a municipal water supply or a well. A system for controlling delivery of purified water to the hemodialysis apparatus can comprise a therapy controller of the hemodialysis apparatus configured to communicate with a controller of a water purification device, and a user interface controller of the hemodialysis apparatus configured to communicate with the therapy controller, and to send data to and receive data from a user interface.

A processor of a medical device configured to communicate with a remote server can be programmed to protect the medical device from exposure to unauthorized or malicious software. A system or method to implement this form of protection can include, for example, at least one processor on the medical device, a control software module that controls the operation of the medical device and is executable on the processor, a data management module that manages data flow to and from the control software module from sources external to the medical device, and an agent module that has access to a limited number of designated memory locations in the medical device. In addition, a hemodialysis apparatus can be configured to operate in conjunction with an apparatus for providing purified water from a source such as a municipal water supply or a well. A system for controlling delivery of purified water to the hemodialysis apparatus can comprise a therapy controller of the hemodialysis apparatus configured to communicate with a controller of a water purification device, and a user interface controller of the hemodialysis apparatus configured to communicate with the therapy controller, and to send data to and receive data from a user interface.

A method for remote access includes obtaining, by a virtual private network (VPN) server, trust data of a user accessing a first network; determining, by the VPN server, a first trust level corresponding to the trust data according to a first correspondence, wherein the first correspondence comprises the trust data and the first trust level; determining, by the VPN server, a first access zone of the first network corresponding to the first trust level according to a second correspondence, wherein the second correspondence comprises the first trust level and the first access zone; and establishing, by the VPN server, a first VPN connection between a device used by the user and the first access zone.

A dark web monitoring, analysis and alert system comprising a data receiving module configured to receive data collected from the dark web and structured; a Structured Data Database (SDD) connected with the data receiving module, the SDD configured to store the structured data; a Text Search and Analytic Engine (TSAE) connected with the SDD, the TSAE configured to enable advanced search and basic analysis in the structured data; a Knowledge Deduction Service (KDS) connected with the TSAE, the KDS configured to deeply analyze the collected data; the deep analysis comprises extracting insights regarding dark web surfers behavioral patterns and interactions; a Structured Knowledge Database (SKD) connected with the KDS, the SKD configured to store the deep analysis results; and an Alert Service connected with the TSAE and the SKD, the Alert Service configured to provide prioritized alerts based on the deep analysis.

A dark web monitoring, analysis and alert system comprising a data receiving module configured to receive data collected from the dark web and structured; a Structured Data Database (SDD) connected with the data receiving module, the SDD configured to store the structured data; a Text Search and Analytic Engine (TSAE) connected with the SDD, the TSAE configured to enable advanced search and basic analysis in the structured data; a Knowledge Deduction Service (KDS) connected with the TSAE, the KDS configured to deeply analyze the collected data; the deep analysis comprises extracting insights regarding dark web surfers behavioral patterns and interactions; a Structured Knowledge Database (SKD) connected with the KDS, the SKD configured to store the deep analysis results; and an Alert Service connected with the TSAE and the SKD, the Alert Service configured to provide prioritized alerts based on the deep analysis.

This specification discloses techniques for risk identification. One example method includes receiving, by a client device, a risk identification request identifying a requested service operation and service data associated with the requested service operation; retrieving, by the client device, service data corresponding to the risk identification request; determining, by the client device, service indicator data associated with the service data; analyzing, by the client device, one or more of the service data and the service indicator based on a risk identification rule or a risk identification model to produce a risk result; and determining, by the client device, whether the requested service operation is a high risk operation based at least in part on the risk result.

Systems and methods for tokenization to support pseudonymization are provided herein. An example method includes receiving an input set, seeding a random number generator with one or more secret data, transposing the input set using a first random number/transposition parameter generated by the random number generator to create a transposed input set, transposing a token set using a second random number/transposition parameter generated by the random number generator to create a transposed token set, and generating a token by substituting transposed input set values with transposed token set values.