According to a disclosed embodiment, data analysis is secured with a microservice architecture and data anonymization in a multitenant application. Tenant data is received by a first microservice in a multitenant application. The tenant data is isolated from other tenant data in the first microservice and stored separately from other tenant data in a tenant database. The tenant data is anonymized in the first microservice and thereafter provided to a second microservice. The second microservice stores the anonymized tenant data in an analytics database. The second microservice, upon request, analyzes anonymized tenant data from a plurality of tenants from the analytics database and provides an analytics result to the first microservice.

Data stored on a data asset may be migrated to another data asset while maintaining compliance to applicable regulations. A data asset may experience a failure. Based on the type of data stored by that data asset and the applicable regulations, requirements, and/or restrictions that relate to a transfer of that type data from that data asset, a target data asset may be determined. The data stored on the data asset may then be transferred to the target data asset. The disclosed systems may use data models and/or data maps in determining the requirements for a data transfer and selecting target data assets.

An apparatus and a method for selectively migrating data of a virtualized network function (VNF) instance from a first administrative domain to a second administrative domain. The data used within a single process of the VNF instance within the first administrative domain is read. The read data comprises marked data and non-marked data. The marked data is overwritten by anonymous data according to a pre-configured policy. The data, comprising said anonymous data and said non-marked data, is transferred to the second administrative domain. The present disclosure allows determining which areas within a process need to be protected.

A computer system message generated by an application programming interface (API) or addressed to the API can be received. A first data sensitivity score for at least a first of a plurality of data elements in a payload of the computer system message and at least second data sensitivity score for at least a second of the plurality of data elements in the payload of the computer system message can be determined. Based on the first data sensitivity score and at least the second data sensitivity score, a differential security can be applied to the computer system message. Applying the differential security can include masking the first of the plurality of data elements and not masking the second of the plurality of data elements. The computer system message can be electronically communicated the to a destination to which the message is addressed.

Techniques are disclosed for usage-tracking of various information security (InfoSec) entities for tenants/organization onboarded on an instant multi-tenant security assurance platform. The InfoSec entities include policies, procedures, controls and evidence tasks. A policy or procedure is enforced by implementing one or more controls, and the collection of one or more evidence tasks proves/verifies the implementation of a control. The InfoSec entities are linked to each other across the platform and accrue a number of benefits for the tenants. These include generating a security questionnaire response (SQR), defining a readiness project and an audit project, sharing InfoSec entities encompassing the various products of a tenant, automating risk assessment, automatic collection of evidence tasks for verifying the implementation and/or operational state/status of various mitigating controls, etc.

A digital optical data network system for improving information security in Passive Optical Networks (“PON”) by providing virtual information separation in the router, such as a premise router, or routers interfacing the entire PON, such as by utilizing virtual routing and forwarding, thus allowing safe data traffic between multiple carriers, service providers accessing the PON and multiple end users on the PON such as tenants in a building, employees of a business entity, or subscribers in a residential community.

A method is disclosed for conducting a transaction between a computing device and an access device. A server computer may be utilized to facilitate data exchanges between the computing device and the access device. These data exchanges may utilize high-frequency sound signals. The server computer may encrypt at least some portion of data that is then transmitted to the access device via the computing device. The server computer may verify data received from the access device prior to generating and transmitting an authorization request message for the transaction.

Systems and methods of performing identity verification across different geographical or jurisdictional regions are provided. In one exemplary embodiment, a method by a first network node comprises sending, by the first network node located in a first geographical or jurisdictional region, to a second network node located in a second geographical or jurisdictional region, an indication of an identity verification associated with a certain identity based on personally identifiable information of that identity received by the first network node from the second network node. Further, the identity verification is determined based on whether the PII data of the certain identity corresponds to PII data of at least one of a plurality of identities associated with the first region and stored in one or more databases located in the first region and on identity verification rule(s) associated with the first region.

Disclosed examples include accessing a search term from a client device; accessing a first identifier, the first identifier corresponding to a first database proprietor, the first identifier to access first user information corresponding to a user of the client device; accessing a second identifier, the second identifier corresponding to a second database proprietor, the second identifier to access second user information corresponding to the user of the client device; providing the search term, the first identifier, and the second identifier in a message; and transmitting the message to a server.

An approach is provided for providing probe data accuracy while ensuring privacy. The approach includes receiving probe path consisting of multiple points from a vehicle, wherein each probe point includes a location of the vehicle and a timestamp indicating when the location was determined by a location sensor. The approach further includes determining a vehicle identifier from among a plurality of vehicle identifiers assigned to the vehicle based on the timestamp, wherein the plurality of vehicle identifiers are applicable for assigning at different respective time slots. The approach also involves generating a hashed vehicle identifier by using a hash function on the determined vehicle identifier and the timestamp. The approach also involves reporting the probe point using the hashed vehicle identifier to identify the probe point.