Systems, computer program products, and methods are described herein for enhanced authentication framework using multi-dimensional hashing. The present invention is configured to electronically receive, from a computing device of a user, a resource transfer request; retrieve, from an authentication database, a multi-dimensional hash for a first set of data files for the user and a user identification artifact; retrieve, from the computing device of the user, a second set of data files matching the user identification artifact; initiate an asynchronous hash processing engine on the second set of data files; generate, using the asynchronous hash processing engine, a multi-dimensional hash for the second set of data files; compare the multi-dimensional hash for the first set of data files with the multi-dimensional hash for the second set of data files to determine a match; and authorize the resource transfer request based on at least determining the match.

An authentication apparatus includes a processor configured to: obtain information on a first authentication technique used by a user when the user requests authentication for a first service; and output information for presenting an additional authentication screen to a device used by the user for authentication if the first authentication technique does not satisfy a predetermined condition set for the first service, the additional authentication screen being used for requesting the user to perform additional authentication by using a second authentication technique different from the first authentication technique.

A system allows for higher security guarantees on public or shared or even compromised equipment, which may be designated as untrusted equipment, without a need to install additional software on it or connect to it outside of general browser interactions. Based on this system, even if it is compromised, proper information separation may ensure security of the sensitive parts of data. That is, trusted information will only go to (outputs) or come from (inputs) trusted devices and insensitive information can go to or come from both trusted and untrusted devices.

A technological approach can be employed to protect data. Datasets from distinct computing environments of an organization can be scanned to identify data elements subject to protection, such as sensitive data. The identified elements can be automatically protected such as by masking, encryption, or tokenization. Data lineage including relationships amongst data and linkages between computing environments can be determined along with data access patterns to facilitate understanding of data. Further, personas and exceptions can be determined and employed as bases for access recommendations.

A technique to implement access control from within an application begins by dynamically-generating a “management scope” for a transaction associated with a set of managed resources. The management scope is a collection of permissions defined by at least one of: a set of roles, and a set of resource administration rights, that are assigned to a first operator that issues the transaction. As the transaction executes, a request to alter the transaction is then received from a second operator. According to the technique, the management scope for the transaction and associated with the first operator is then evaluated against a management scope associated with the second operator. Upon determining the management scope associated with the first operator has a given relationship to the management scope for the second operator, the transaction is permitted to be altered in response to the request. The given relationship is scoped by one or more rules.

Systems and methods for privacy-protecting hybrid cloud and premise stream processing are disclosed. In one embodiment, in an information processing device comprising at least one computer processor, a method for processing a voice communication including restricted content may include: (1) receiving from an electronic device, a customer communication; (2) identifying restricted content in the customer communication; (3) masking or marking the restricted content in the customer communication; (4) communicating the customer communication with the masked or marked restricted content to a cloud processor; (5) receiving a processed responsive communication comprising the masked or marked restricted content from the cloud processor; (6) unmasking or unmarking the restricted content in the processed responsive communication; and (7) communicating the processed responsive communication comprising the unmasked or unmarked restricted content to the electronic device.

A device, method and system for changing communication infrastructure based on call security level is provided. A device determines a call security level of a call occurring at a first communication infrastructure; the first communication infrastructure associated with a first security level; the call security level determined from one or more of; a profile of a caller on the call; and audio on the call. In response to determining that the call security level and the first security level are misaligned, the device causes the call to change to a second communication infrastructure associated with a second security level aligned with the call security level.

Examples of techniques for validation of approver identifiers in a cloud computing environment are described herein. An aspect includes receiving, by a processor, a template that defines a plurality of actions to be performed by the processor. Another aspect includes determining for a first action of the plurality of actions whether the template specifies a first user identifier under which to run the first action. Another aspect includes, based on determining that the template specifies the first user identifier, determining whether the template specifies a second user identifier to approve running of the first action under the first user identifier. Another aspect includes, based on determining that the template specifies the second user identifier to approve running of the first action under the first user identifier, validating whether the second user identifier has permission to approve the running of the first action under the first user identifier.

According to one embodiment, a method, computer system, and computer program product for managing access to one or more protected web resources based on the location of an approver is provided. The present invention may include granting the requestor access to the protected web resource based on one or more access requirements being met, wherein at least one access requirement comprises a location of one or more authorization devices corresponding with one or more approvers being within a threshold distance of a computing device of a requestor requesting a protected web resource.

A network communications method utilizing a network watermark for providing security in the communications includes creating a verifiable network communications path of nodes through a network for the transfer of information from a first end node to a second end node; verifying the network communications path of nodes, by the first end node, before communicating by the first end node information intended for receipt by the second end node; and once the network communications path of nodes is verified by the first end node, communicating by the first end node, via the verified communications path of nodes, the information intended for receipt by the second end node; wherein the network watermark represents the verifiable network communications path of nodes.