The present application generally relates to systems, devices, and methods to conduct the secure exchange of encrypted data using a three-element-core mechanism consisting of the key masters, the registries and the cloud lockboxes with application programming interfaces providing interaction with a wide variety of user-facing software applications. Together the mechanism provides full lifecycle encryption enabling cross-platform sharing of encrypted data within and between organizations, individuals, applications and devices. Further the mechanism generates chains of encrypted blocks to provide a distributed indelible ledger and support external validation. Cross-verification among users, applications and the mechanism deliver both enterprise and business ecosystem cyber security features. Crowdsourcing of anomaly detection extends to users and to subjects of the data. Robust identity masking offers the benefits of anonymization while retaining accountability and enabling two-way communications. The mechanism may also provide high availability through multi-level fail over or operations to multiple instances of the core mechanism.

A system and method for providing content to a user outside of a home region. A portable device displays content to a user through a network connection. A home content provider provides content to the portable device from the home region. Some of the content provided is region restricted content. A location verifier determines that the portable device and the user are both physically located within the home region. The location verifier issues to the user a location token when the user and the portable device are in the home region. A token verifier verifies the location token when the user requests the region restricted content outside of the home region. The token verifier further instructs the home content provider to provide region restricted content to the user when the user has the location token.

Various aspects of the subject technology relate to completing a payment over a video call. A method includes initiating, a video call between a user and a vendor, the user and the vendor having a scheduled appointment comprising a specified duration of time. The method also includes directing the user to the video call through video call software. The method also includes receiving, from the video call software, a notification that the video call ended, the notification comprising video call metadata. The method also includes calculating, through an online marketplace, a total cost of the scheduled appointment based at least on the video call metadata and marketplace data. The method also includes generating, through the online marketplace, an invoice based on the total cost. The method also includes receiving payment information from the user regarding the invoice. According to aspects, the method includes a flash-to-pay option for payment.

Methods of configuring path-aware point to point secure network private lines over multi-domain, multi-operator virtual and physical networks through network elements that are compliant with PKI Digital Certificates (eDC) with metadata enhancements are disclosed. Secure Network Slices (SNS) may then be constructed by interconnecting SVPLs through a network aggregation device such as switch/bridge/router which allows different network policies on different segments of the network. A Digital Trust Broker is disclosed that bridges between multiple Authentication/Authorization frameworks of an enterprise and the security frameworks of multiple operators and service providers that provide Secure Virtual Private lines and Secure Network Slices. Additionally, the methods that identify that any traffic exchange with internet or between differing levels of SNS or SVPLs go through enhanced security bridge that enforces policies of high security enterprise are also disclosed.

In particular embodiments, a Cross-Border Visualization Generation System is configured to: (1) identify one or more data assets associated with a particular entity; (2) analyze the one or more data assets to identify one or more data elements stored in the identified one or more data assets; (3) define a plurality of physical locations and identify, for each of the identified one or more data assets, a respective particular physical location of the plurality of physical locations; (4) analyze the identified one or more data elements to determine one or more data transfers between the one or more data systems in different particular physical locations; (5) determine one or more regulations that relate to the one or more data transfers; and (6) generate a visual representation of the one or more data transfers based at least in part on the one or more regulations.

Systems and methods disclosed herein provide a geo-targeted online reservation system that ensures authenticity of customer devices requesting reservations by generating reservations only if threshold authentication conditions are satisfied. For example, a computing device registered with a server system receives inputs for requesting a reservation of a limited release product and for configuring the product. To authenticate the computing device, the server device transmits an electronic message to the computing device requesting the computing device to respond. A response to the message is one threshold authentication condition for generating the reservation. Upon determining that one or more threshold authentication conditions are satisfied, the server device generates a reservation for the product.

A system is provided for the storage of data, the system having: an encrypted host platform upon which regulatory controlled data is stored; a controller configured to allow a primary user to set permission settings and identify authorized end users and degrees of access granted to each the authorized end user, the authorized end user being pre-cleared for compliance with regulatory controls pertaining to the regulatory controlled data; the controller configured to permit access to the encrypted host platform only if the hosting platform is in compliance with predefined data security protocols the controller configured to allow the authorized end user access to the regulatory controlled data, and the controller configured to exclude access to both a provider of the system for storage and a system host platform provider; at least one individual computing device accessible by at least one the authorized end user, the individual computing device configured to provide authorized end user identification data to the controller and receive permissions from the controller for access to the host platform; and the host platform only communicates with individual user devices if the devices have received permission from the controller.

A highly secure networked system and methods for storage, processing, and transmission of sensitive information are described. Sensitive, e.g. personal/private, information is cleansed, salted, and hashed by data contributor computing environments. Cleansing, salting, and hashing by multiple data contributor computing environments occurs using the same processes to ensure output hashed values are consistent across multiple sources. The hashed sensitive information is hashed a second time by a secure facility computing environment. The second hashing of the data involves a private salt inaccessible to third parties. The second hashed data is linked to previously hashed data (when possible) and assigned a unique ID. Data dictionaries are created for particular individuals provided access to the highly secure information, e.g. researchers. Prior to a data dictionary being accessible by a researcher computing device, the data dictionary undergoes compliance and statistical analyses regarding potential re-identification of the source unhashed data. The data dictionaries are viewable by researchers as certified views via a secure VPN.

A method and apparatus with selective combined authentication performs a single authentication based on a first modality among plural modalities, and in response to the single authentication having failed, determines whether to perform a combined authentication by a combination of two or more of the plural modalities, and selectively, depending on a result of the determining of whether to perform the combined authentication, performs the combined authentication.

A multifactor authentication system onboard a vehicle including at least one processor, a first database, a second database, and one or more protected computer systems is provided. The at least one processor is programmed to receive, from a user, a request for access to the one or more protected computer systems, wherein the request contains authentication information including a first authentication factor and a second authentication factor, retrieve first factor authentication data associated with the user from the first database, compare the first factor authentication data with the received first authentication factor to determine if there is a match, retrieve the second factor authentication data associated with the user from the second database, compare the second factor authentication data with the received second authentication factor to determine if there is a match, and grant access to the one or more protected computer systems if all of the comparisons match.