A first party uses a secret key to encrypt information, which is then sent through an untrusted connection to a second party. The second party, however, cannot decrypt the information on its own, and it relays the encrypted information through a secure network. The secure network includes one or more nodes linking the first and second parties through one or more trusted connections (“hops”); each hop features uses of a shared secret key unique to that hop. The first party's connection to the network (domain) receives the information relayed through the secure network by the second party, it decrypts that information according to the secret key of the first party, and it then retransmits the decrypted information to the second party using the secure hops. Techniques are provided for sharing a private session key, federated credentials, and private information.

This disclosure describes a computer implemented method for receiving authentication credentials identifying a user; identifying computing systems for which the user is authorized access to; and transmitting tokens granting access to the identified computing systems. In some embodiments, no two tokens of the transmitted tokens grants access to the same one of the identified computing systems. The user typically has access to a management tool configured to manage the transmission of the received tokens to the corresponding computing systems, thereby granting the user the ability to have seamless access to any of the computing systems associated with the user's authenticated identity.

Methods, systems, and devices are provided for generating a graphical user interface configured to display, at least in part, a schedule. According to one aspect, the system can receive selectable fields of a client and selectable fields one or more providers from a plurality of providers. The system can determine the quality of pairings between the client and each of the one or more providers based on the one or more selectable fields of the client and the one or more selectable fields of the one or more providers. The system can generate a schedule of potential sessions based on the pairings. The system can score each of the potential sessions and display the schedule and scores to a user.

Systems, devices, and methods are disclosed for an agent device within a company's network firewall to initiate an HTTP connection with a cloud-based gateway and then upgrade the connection to a WebSockets protocol in order to have an interactive session. Over this interactive session, a mobile device, which connects to the cloud-based intermediary, can request data from servers inside the company's firewalls. Because the firewall is traversed using HTTP protocols (with WebSockets), it can be as safe as letting employees browse the web from inside the company's network.

The present invention gives the methods and processes for automatically servicing user driven requests to find place-holder fields, fill them in with relevant data in a secure manner and securely communicating the data related thereto to the appropriate Android™ device and/or application. More particularly, it relates to the methods and processes for authenticated users to automatically obtain and use the correct filled-in data that allows them to access or use any of a multiple number of Android™ applications and/or services at any time.

Secret application and maintenance policy data is generated for different classes of data. The class of data to be protected is determined and the secret application and maintenance policy data for the determined class of the data to be protected is identified and obtained. Required secrets data representing one or more secrets to be applied to the data to be protected is obtained and then automatically scheduled for application to the data to be protected in accordance with the secret application and maintenance policy data for the determined class of the data to be protected. Maintenance of the one or more secrets is also automatically scheduled in accordance with the secret application and maintenance policy data for the determined class of the data to be protected.

Systems and methods are described for determining whether an electronic computing device complies with the security policy for a network. The invention includes receiving an electronic request signal including an electronically encoded request to allow an electronically encoded process operating on an electronic processor of the electronic computer device to establish electronic communication with a specific target electronic device or service operating on the electronic communications and data network; receiving electronically encoded information about the identity of the electronically encoded process, the electronic computing device, or the use of the electronic computing device; receiving electronically encoded policy elements for the security policy; receiving electronically encoded information about the compliance of the electronic computing device; receiving electronically encoded information related to the identity of the principal of the electronic computing device; and determining whether the electronic computing device complies with the security policy.

A Cloud federator may be used to allow seamless and transparent access by a Cloud Client to Cloud services. Federation may be provided on various terms, including as a subscription based real-time online service to Cloud Clients. The Cloud federator may automatically and transparently effect communication between the Cloud Client and Clouds and desired services of the Clouds, and automatically perform identity federation. A Service Abstraction Layer (SAL) may be implemented to simplify Client communication, and Clouds/Cloud services may elect to support the SAL to facilitate federation of their services.

Data is received as part of an authentication procedure to identify a user. Such data characterizes a user-generated biometric sequence that is generated by the user interacting with at least one input device according to a desired biometric sequence. Thereafter, using the received data and at least one machine learning model trained using empirically derived historical data generated by a plurality of user-generated biometric sequences (e.g., historical user-generated biometric sequences according to the desired biometric sequence, etc.), the user is authenticated if an output of the at least one machine learning model is above a threshold. Data can be provided that characterizes the authenticating. Related apparatus, systems, techniques and articles are also described.

An information integration system may include a set of integration services embodied on one or more server machines in a computing environment. The set of integration services may include connectors communicatively connected to disparate information systems. The connectors are configured for integrating data utilizing a common model comprising a content management interoperability services data model, common property definitions, and a common security model particularly defined for use by the set of integration services. Responsive to a user query to search disparate information systems or a subset thereof, an application may communicate metadata of interest contained in the user query to a search engine which locates, via a unified index, requested data from the disparate information systems or a subset thereof. The search engine returns search results referencing the requested data to the application which interprets the search results and displays a visualization thereof on a client device.