Disclosed embodiments relate to systems and methods for security protection against threats to network identity providers. Techniques include identifying a first request from a client for access to a secure network resource; redirecting the client to an identity provider. The identity provider may be configured to authenticate the client and provide the client with data signed using a first identity provider key. Further techniques include identifying a second request from the client, the second request including a doubly-signed version of the data, verifying the doubly-signed version of the data using a second identity provider key corresponding to the first identity provider key and a second client key corresponding to the first client key; and allowing, conditional on a result of the verifying, the client to access the secure network resource.

Techniques are described for providing secure and direct communication between two parties. In some examples, a business server (e.g., a first party), may send a request to a social networking system. The request may include an identifier associated with an end user (e.g., a second party) and an indication of one or more types of information to be requested from the user. In some examples, the user may submit user information to the business server. The user information may include sensitive and/or personal information of the user. The user information may be input by the user into an application associated with the social networking system. The user information may be sent securely and directly from the application on the user's device to the business server and is not accessible by the social networking system.

A computer-implemented system, method and computer program product for providing access to a network of computing nodes that includes: requesting, by a client, access into a host node in the network, preferably a private network; selecting a digital certificate issuer; verifying, by the digital certificate issuer, the identity of the client's token; adding, by the certificate issuer, a nonce to a distributed ledger; and granting the client access to the host node in the network. The computing nodes in an embodiment are ranked based upon CPU capacity, and computing nodes with highest CPU capacity ranking are selected to participate in a proof-of-capacity consensus to solve for the nonce.

This disclosure relates to, among other things, scalable data processing, storage, and/or management systems and methods. Certain embodiments disclosed herein provide for a data management architecture that allows for more secure storage of enterprise data, making it more secure, usable, and/or interoperable, facilitating data usage across information silos. Further embodiments provide for comprehensive data access authentication and/or authorization functionality between various services included in embodiments of the disclosed architecture.

A supply item has toner for use in an imaging device. A chip has memory storing quanta indicating allowed usage of the supply item over its lifetime and a multiplier correlating the quanta to toner mass. The imaging device requires quanta to conduct imaging operations and loads the quanta and multiplier by way of a certificate stored in the memory. The imaging device retrieves quanta from the chip over time and both devices keep tally. Initialization between the supply item and imaging device includes providing encrypted and unencrypted instances of firmware versions and certificates from the supply item that the imaging device can compare for security. Alternatively, the supply item defines a fuser assembly, imaging unit, intermediate transfer member, or other component installed for use in the imaging device.

There is provided a computer-implemented method for managing third-party access to data, to increase data security and/or privacy. The method comprises receiving, from a third-party computer, a request to access data, wherein the request is indicative of at least one requested operation. A validity of each of the requested operations is determined in dependence on permission data stored in a distributed public ledger. The permissions data defines, for said third-party computer, a set of permissible operations and one or more permissible data attributes associated with each of the set of permissible operations. The request and the validity are logged in the distributed public ledger. For each of the requested operations, if the requested operation is valid, there is created, on the public ledger, an electronic token enabling the third-Valid party computer to obtain access to one or more of the permissible data attributes associated with the requested operation, wherein the electronic token comprises information indicative of a location of the data attributes. A time-dependent transformation is applied to an element of the electronic token, and the electronic token is communicated from the public ledger to the third-party computer.

A file management server may include a processor, a network interface for operatively coupling the file management server to a user computer system and to memory services via a network. The file management server includes a file management application configured to receive an authorisation enquiry of the user computer system to store file fragments of a file via the network in a plurality of the memory services; and in response to the receipt of the authorisation enquiry, request an authorisation token from each of the memory services and forward, to the user computer system, authorisation tokens formed as URLs and obtained in response to the request. Each URL enables direct write or direct read access to a storage space of one of the memory services identified by the URL. Metadata that allows reconstruction of the file from the stored file fragments is protected against access by the memory services.

Examples described herein provide a computer-implemented method for multi-user debugging of a program. The method includes receiving a first request from a first developer to initiate a debug of the program and receiving a second request from a second developer to initiate the debug of the program. The method further includes, responsive to receiving the first request and the second request, initiating the debug of the program. The method further includes sending first source code for the program to the first developer, wherein the first source code is associated with the first developer. The method further includes sending second source code for the program to the second developer, wherein the second source code is associated with the second developer. The method further includes updating the program responsive to receiving a change to at least one of the first source code or the second source code.

A rights-based system is described in which vouchers are employed for creating, managing, distributing, and redeeming rights in digital contexts. A voucher is a digital, possession-based rights representation. An authorization component of the system validates the vouchers and issues corresponding tokens. Access to digital resources is provided in response to presentation of the tokens which are validated by matching voucher refresh values to corresponding values maintained by the system. New refresh values are generated and inserted in the vouchers each time they are redeemed.

An information processing apparatus includes: a memory; and a processor coupled to the memory and configured to: receive personal data related to a personal data originator; receive agreement information on a processing method for the personal data agreed between the personal data originator and a personal data user who uses the personal data; process the personal data by the processing method defined in the agreement information; and attach a digital signature to processed data and output the processed data.