Aspects of the disclosure relate to electrical computers, systems, and encryption processes. In particular, one or more aspects of the disclosure relate to ensuring data security by utilizing encryption of data in processing events.
Event processing often requires multiple steps and the use of multiple devices, or inputs received via multiple devices, to authenticate a user and/or authorize processing. In some conventional arrangements, systems available for authenticating a user and/or authorizing processing might not provide sufficient data security for the information being used to process events. Further, in some examples, certain channels might not be used to process events because of concerns over data security. Accordingly, it would be advantageous to provide a secure system that uses encryption to ensure data security while simplifying the inputs and devices used to process events.
The following presents a simplified summary in order to provide a basic understanding of some aspects of the disclosure. The summary is not an extensive overview of the disclosure. It is neither intended to identify key or critical elements of the disclosure nor to delineate the scope of the disclosure. The following summary merely presents some concepts of the disclosure in a simplified form as a prelude to the description below.
Aspects of the disclosure provide effective, efficient, scalable, and convenient technical solutions that address and overcome the technical problems associated with ensuring data security when processing events through various channels.
In some examples, a system, computing platform, or the like, may receive a request to initiate or process an event. The request may include interaction between the system, computing platform, or the like, and an event processing device (e.g., via a computing device, such as a mobile computing device). In some arrangements, an event processing device identifier may be extracted from the event processing device and encrypted using a first encryption process.
In some examples, the system, computing platform, or the like, may receive user identifying information. In some examples, the user identifying information may be a personal identification number (PIN) input to the mobile computing device. The user identifying information may be encrypted with the encrypted event processing device identifier in a second encryption process.
In some arrangements, the encrypted data may be transmitted for authentication of the user and/or authorization to process the event. A second decryption process may be used to decrypt the encrypted user identifying information and encrypted event processing device identifier. A first encryption process may be used to decrypt the encrypted event processing device.
In some examples, the decrypted user identifying information may be used to authenticate the user requesting processing of the event. If the user is authenticated, the processing may be authorized and the event may be processed. If the user is not authenticated, the process may be prevented.
These features, along with many others, are discussed in greater detail below.
The present disclosure is illustrated by way of example and not limited in the accompanying figures in which like reference numerals indicate similar elements and in which:
In the following description of various illustrative embodiments, reference is made to the accompanying drawings, which form a part hereof, and in which is shown, by way of illustration, various embodiments in which aspects of the disclosure may be practiced. It is to be understood that other embodiments may be utilized, and structural and functional modifications may be made, without departing from the scope of the present disclosure.
It is noted that various connections between elements are discussed in the following description. It is noted that these connections are general and, unless specified otherwise, may be direct or indirect, wired or wireless, and that the specification is not intended to be limiting in this respect.
Some aspects of the disclosure relate to using encryption to provide information security control functions when processing one or more events.
In many instances, processing events may involve using multiple devices, systems, or the like, to obtain information, authenticate a user, process the event, and the like. Ensuring the security of the data being used to process the events is of utmost importance.
Accordingly, aspects described herein provide for ensuring information security during event processing. The aspects described herein relate to systems, computing platforms, and the like, for receiving requests to process an event and extracting data associated with an event processing device. In some examples, the extracted data may be encrypted using a first encryption process.
In some arrangements, user identifying information may be received. The user identifying information may include a personal identification number (PIN) of the user. This user identifying information may be encrypted with the encrypted extracted data and may be used to authenticate a user and/or authorize processing the transaction.
In some examples, a second decryption process may be used to decrypt the user identifying information. A first decryption process may then be used to decrypt the encrypted extracted data. This information may be used to authenticate a user requesting processing of the event and/or to authorize processing of the event.
These and various other arrangements will be discussed more fully below.
User authentication and event authorization computing platform 110 may be configured to host and/or execute one or more modules including instructions for providing various user authentication and event authorization functions. In some examples, user authentication and event authorization computing platform 110 may be configured to generate a public and private encryption key, receive encrypted data, and decrypt encrypted data to authenticate a user requesting processing of an event and/or authorize the processing of the event.
Event processing computing platform 120 may be configured to host and/or execute one or more modules including instructions for providing various event processing functions. For instance, event processing computing platform 120 may receive a request to process an event, may encrypt event processing device identification information, may encrypt user identification information, such as a personal identification number (PIN), and process the requested event or deny the requested event based on determinations made by the user authentication and event authorization computing platform 110.
One or more aspects described herein may be performed by one or more applications downloaded or otherwise provided to a computing device (such as first local user computing device 130, second local user computing device 135, first remote user computing device 150, second remote user computing device 155, or the like) and executing thereon. In some examples, the one or more applications may execute in background of the device.
Although various devices in the user authentication and event processing system are shown and described as separate device, one or more of user authentication and event authorization computing platform 110, event processing computing platform 120, first local user computing device 130, second local user computing device 130, first remote user computing device 150, and/or second remote user computing device 155, may be part of a single computing device without departing from the invention.
Local user computing device 130, 135 and remote user computing device 150, 155 may be configured to communicate with and/or connect to one or more computing devices or systems shown in
In one or more arrangements, local user computing device 130, local user computing device 135, remote user computing device 150, and/or remote user computing device 155 may be any type of computing device or combination of devices capable of performing the particular functions described herein. For example, local user computing device 130, local user computing device 135, remote user computing device 150, and/or remote user computing device 155 may, in some instances, be and/or include server computers, desktop computers, laptop computers, tablet computers, smart phones, or the like that may include one or more processors, memories, communication interfaces, storage devices, and/or other components. As noted above, and as illustrated in greater detail below, any and/or all of user authentication and event authorization computing platform 110, event processing computing platform 120, local user computing device 130, local user computing device 135, remote user computing device 150, and/or remote user computing device 155 may, in some instances, be or include special-purpose computing devices configured to perform specific functions.
Computing environment 100 also may include one or more computing platforms. For example, and as noted above, computing environment 100 may include user authentication and event authorization computer platform 110, event processing computing platform 120, and the like. As illustrated in greater detail below, user authentication and event authorization computer platform 110 and/or event processing computing platform 120 may include one or more computing devices configured to perform one or more of the functions described herein. For example, user authentication and event authorization computer platform 110 and/or event processing computing platform 120 may have or include one or more computers (e.g., laptop computers, desktop computers, tablet computers, servers, server blades, or the like).
As mentioned above, computing environment 100 also may include one or more networks, which may interconnect one or more of user authentication and event authorization computer platform 110, event processing computing platform 120, local user computing device 130, local user computing device 135, remote user computing device 150, and/or remote user computing device 155. For example, computing environment 100 may include private network 140 and public network 145. Private network 140 and/or public network 145 may include one or more sub-networks (e.g., Local Area Networks (LANs), Wide Area Networks (WANs), or the like). Private network 140 may be associated with a particular organization (e.g., a corporation, financial institution, educational institution, governmental institution, or the like) and may interconnect one or more computing devices associated with the organization. For example, user authentication and event authorization computer platform 110, event processing computing platform 120, local user computing device 130, and/or local user computing device 135, may be associated with an organization (e.g., a financial institution), and private network 140 may be associated with and/or operated by the organization, and may include one or more networks (e.g., LANs, WANs, virtual private networks (VPNs), or the like) that interconnect user authentication and event authorization computer platform 110, event processing computing platform 120, local user computing device 130, and/or local user computing device 135, and one or more other computing devices and/or computer systems that are used by, operated by, and/or otherwise associated with the organization. Public network 145 may connect private network 140 and/or one or more computing devices connected thereto (e.g., user authentication and event authorization computer platform 110, event processing computing platform 120, local user computing device 130, local user computing device 135) with one or more networks and/or computing devices that are not associated with the organization. For example, remote user computing device 130 and remote user computing device 135 might not be associated with an organization that operates private network 140 (e.g., because remote user computing device 130 and remote user computing device 135 may be owned, operated, and/or serviced by one or more entities different from the organization that operates private network 140, such as one or more customers of the organization, public or government entities, and/or vendors of the organization, rather than being owned and/or operated by the organization itself or an employee or affiliate of the organization), and public network 145 may include one or more networks (e.g., the internet) that connect remote user computing device 130 and remote user computing device 135 to private network 140 and/or one or more computing devices connected thereto (e.g., user authentication and event authorization computer platform 110, event processing computing platform 120, local user computing device 130, local user computing device 135).
Referring to
For example, memory 122 may have, store, and/or include an event processing device reader module 122a. The event processing device reader module 122a may store instructions and/or data that may cause or enable the event processing computing platform 120 to read or extract data from one or more event processing devices. In some examples, an event processing device may include a credit card, debit card, or the like. In some arrangements, the data may be read or extracted from the event processing device by reading data encoded in a magnetic strip on the device, by extracted data from a chip embedded in the device, or the like. The event processing device reader module 122a may receive data by a user swiping the event processing device to access data stored on the magnetic strip, by the user inserting the event processing device into a chip reader device to read or extract data stored on the chip, or may obtain the data wirelessly from a device connected to or in communication with a user computing device (such as local user computing device 130, 135, remote user computing device 150, 155, or the like). In some examples, data may be received wirelessly via a mobile payment application executing on the computing device.
The event processing device reader module 122a may read or extract, for example, an event processing device identifier, such as a number associated with the event processing device. This information may then be used to authenticate a user and/or process an event, as will be discussed more fully herein.
Memory 122 may further have, store and/or include a first process encryption module 122b. The first process encryption module 122b may store instructions and/or data that may cause or enable the event processing computing platform 120 to encrypt the data read or extracted from the event processing device using a first encryption process. For instance, the event processing device identifier may be encrypted using a first encryption process. In some examples, the first encryption process may be a key management cryptography scheme, such as derived unique key per transaction (DUKPT). In other examples, various other encryption processes may be used.
Memory 122 may further have, store and/or include a user identifier reader module 122c. The user identifier reader module 122c may store instructions and/or data that may cause or enable the event processing computing platform 120 to receive personal identifying information from a user, such as a user requesting processing of an event. In some examples, the personal identifying information may include user identifier, such as a personal identification number (PIN). In some arrangements, the PIN may be received via the computing device, such as local user computing device 130, 135, remote user computing device 150, 155, or the like. In some examples, the computing device may be tablet computing device used to request processing of an event. In these examples, the tablet computing device, or a supplemental device connected thereto or in communication therewith, may read or extract the data from the event processing device, and the user identifier may be received, for example, via a touch screen display of the tablet computing device. Accordingly, both the event processing device identifier and the user identifier may be received by the same device for processing.
Memory 122 may further have, store, and/or include a second process encryption module 122d. The second process encryption module 122d may store instructions and/or data that may cause or enable the event processing computing platform 120 to encrypt the received user identifier using a second encryption process. In some examples, the second encryption process may be different from the first encryption process. In other examples, the second encryption process may be the same type of encryption process as the first encryption process.
In some examples, in which the first encryption process includes a DUKPT process, the second process encryption module 122d may encrypt the user identifier, as well as the encrypted event processing device identifier and associated key serial number (KSN). In some examples, the second encryption process may include receiving a generated public key of a pair of keys (e.g., public and private) and encrypting the user identifier, encrypted event processing device identifier and KSN using the public key.
Memory 122 may further have, store and/or include an application lock control module 122e. The application lock control module 122e may store instructions and/or data that may cause or enable the event processing computing platform 120 to prevent other applications executing on a computing device (e.g., the computing device being used to request processing of the event, the computing device receiving the event processing device identifier and user identifier, or the like). For instance, upon receiving a request to process an event (e.g., via user input, initiation by reading the even processing device, or the like), the application lock control module 122e may lock some or all of the other applications executing on the computing device to prevent the other applications from access data associated with the event processing device, user, or the like. In some examples, locking the other applications may include temporarily disabling the other applications, automatically closing the other applications, or the like.
Memory 122 may further have, store and/or include an event processing module 122f. The event processing module 122f may store instructions and/or data that may cause or enable the event processing computing platform 120 to process one or more requested events. In some examples, processing an event may include processing a transaction to make a purchase using the event processing device. In some arrangements, processing the event (or denying a request to process an event) may be performed in response to one or more user authentication and/or event authorization steps performed, for example, by the user authentication and event authorization computing platform 110, as will be discussed more fully herein.
Memory 122 may further have, store and/or include a notification generation module 122g. Notification generation module 122g may store instructions and/or data that may cause or enable the event processing computing platform 120 to generate one or more notifications and cause the one or more notifications to be displayed on a computing device, such as local computing device 130, 135, remote computing device 150, 155, or the like. For instance, the notification generation module 122g may generate one or more notifications indicating that a requested event has been authorized for processing or denied, may include one or more options for a user to select, and the like. The notification may be transmitted to and displayed via display of the computing device requesting the event, receiving the event processing device data, user identifier, and the like.
Referring to
For example, memory 112 may have, store, and/or include a key generation module 112a. Key generation module 112a may store instructions and/or data that may cause or enable the user authentication and event authorization computing platform 110 to generate one or more keys or pairs of keys for use in one or more of the encryption processes and/or associated decryption processes. For instance, the key generation module 112a may generate a base derivation key (BDK) which may be used to generate an initial pin encryption key (IPEK). Further, the key generation module 112a may generate one or more pairs of keys (e.g., a public key and an associated private key) for use in encrypting data received with requests for processing events. For example, key generation module 112a may generate a public key and a private key pair in response to a request to process an event. The public key may be transmitted to the computing device requesting processing of the event (e.g., computing device 130, 135, computing device 150, 155, or the like) and may be used by the device to encrypt data. The private key may be used to later decrypt encrypted data, as will be discussed more fully below.
Memory 112 may further have, store and/or include a second process decryption module 112b. The second process decryption module 112b may store instructions and/or data that may cause or enable user authentication and event authorization computing platform 110 to decrypt data received by the user authentication and event authorization computing platform 110. For instance, the private key may be used to decrypt the data encrypted using the second encryption process by the second process decryption module 112b.
Memory 112 may further have, store and/or include a first process decryption module 112c. The first process decryption module 112c may store instructions and/or data that may cause or enable the user authentication and event authorization computing platform 110 to decrypt data encrypted using the first encryption process. For instance, the event processing device identifier may be decrypted using the BDK and KSN by the first process decryption module 112c.
Memory 112 may further have, store and/or include an authentication/authorization module 112d. The authentication/authorization module 112d may store instructions and/or data that may cause or enable the user authentication and event authorization computing platform 110 to authenticate a user based on decrypted information and authorize processing of an event based on an outcome of the user authentication. For instance, decrypted information, such as an event processing device identifier, user identifier, and the like, may be compared to pre-stored information (e.g., information provided by a user, for instance, when registering, upon receiving the event processing device, or the like). In some examples, the user identifier may be compared to a pre-stored user identifier associated with the event processing device to determine whether the user is authenticated and/or whether to authorize processing of the event. For instance, the decrypted event processing device identifier may be used as an input to query a database 112e containing event processing device information, associated user information, and the like. Based on the query, a pre-stored user identifier, such as a PIN, may be identified and compared to the PIN received and decrypted during the event processing request. If the PINs match, the user may be authenticated and processing the event may be authorized. If the PINs do not match, the user might not be authenticated and the request to process the event may be denied. The outcome of the user authentication and event authorization processes performed by the authentication/authorization module 112d may be transmitted to the event processing computing platform 120 (e.g., to the event processing module 122f) to enable event processing functions or disable event processing. An associated notification may then be generated by the notification generation module 122g and transmitted for display.
In some examples, the authentication/authorization module 112d may perform additional encryption and/or decryption of one or more pieces of data to perform one or more user authentication and/or event authorization processes. For instance, in some examples, a PIN block format 0 may be created and may be encrypted using one or more encryption processes, such as by one or more systems unique or used in event processing. This information may then be decrypted to determine whether event processing should occur.
Referring to
In some examples, receiving the request to process the event may include reading or extracting information from the event processing device. For instance, an event processing device identifier may be read from the device (e.g., from the magnetic strip, from the chip, or the like) or extracted from the event processing device.
In step 202, the request to process the event may be transmitted from the user computer device 130, 150 to the event processing computing platform 120. In some examples, the transmitted request may include the information read or extracted from the event processing device. In step 203, the request to process the event, and associated data, may be received by the event processing computing platform 120.
In step 204, event processing functionality may be activated or initiated based on receipt of the request to process the event. In some examples, activating or initiating event processing functionality may cause other applications executing on the computing device 130, 150 to lock or be disabled to ensure that data from event processing device, user identification information, and the like, are not accessible to other applications. In step 205, the extracted event processing device identifier may be encrypted using a first encryption process. In some examples, encrypting the event processing device identifier may result in generation of first encrypted data.
With reference to
In step 208, user identification/authentication information may be received. For instance, user identification or authentication information, such as a unique user identifier, personal identification number (PIN), or the like may be received by the user computing device 130, 150. In step 209, the received user identification/authentication information may be transmitted to the event processing computing platform 120. In step 210, the user identification/authentication information may be received by the event processing computing platform 120.
In some examples, the event processing device identifier and/or the user identification/authentication information may be received via a channel that is not considered secure. For instance, the event processing device identifier and/or user identification/authentication information may be received via a computing device, such as a mobile computing device, which might not be considered a secure channel. Although many aspects described herein are described in relation to receiving event processing device information, user identifying information, and the like, via a computing device, such as a mobile computing device, various other channels, such as a telephone system, smartphone, desktop or laptop computer, or the like, may be used without departing from the invention.
With reference to
In step 212, the second encrypted data may be transmitted to the user authentication and event authorization computing platform 110. In step 213, the second encrypted information may be decrypted (e.g., via a second decryption process) using the public key associated with the private key (e.g., generated in step 206). In step 214, the first encrypted data (e.g., encrypted event processing device identifier, and the like) may be decrypted (e.g., using a first decryption process). In some examples, the first encrypted data may be decrypted using the BDK and KSN associated with the first encryption process.
With reference to
In step 217, the authorization to process the event may be transmitted from the user authentication and event authorization computer platform 110 to the event processing computing platform 120. In step 218, the event may be processed (e.g., the purchase or transaction may be completed). In some examples, processing the event may further include clearing any data associated with the event. For instance, event processing device identifier, user identifier, and the like, may be deleted from the user computing device 130, 150 so that the information cannot be accessed at a later time or by another application executing on the device.
In step 219, a notification that the event was authorized and/or processed may be generated. In step 220, the generated notification may be transmitted to the user computing device 130, 150 for display. In step 221, the event processing computing platform 120 may transmit a signal, command or instruction to cause the notification to be displayed on the user computing device 130, 150.
In step 300, registration information and/or other data may be stored by one or more computing platforms. For instance, a user may register or activate an event processing device upon receiving the device, first use, or the like. In some examples, registering or activating the event processing device may include pre-storing a PIN associated with the user. In some arrangements, step 300 may be performed once and information may be stored such that the remaining steps shown in
In step 302, a request to process an event may be received. As discussed above, the request may be received via user input, via interaction with an event processing device, or the like. In step 304, an event processing device identifier may be extracted from data associated with the requested event. For instance, a user may swipe an event processing device, may insert an event processing device, or the like, to interact with a computing device, such as computing devices 130, 135, 150, 155. Upon interaction with the event processing device, the computing device 130, 135, 150, 155 may extract data from the device, such as an identifier associated with the event processing device.
In step 306, the extracted event processing device identifier may be encrypted using a first encryption process to generate first encrypted data.
In step 308, information identifying a user requesting the processing of the event may be received. In some examples, the information identifying the user may include a PIN or other identifier received via the computing device 130, 135, 150, 155. In step 310, the received information identifying the user may be encrypted with the first encrypted data (and associated data such as a KSN) using a second encryption process to generate second encrypted data. In some examples, the second encryption process may be a same type of encryption process as the first encryption process. In other examples, the second encryption process may be a different encryption process than the first encryption process.
In step 312, the second encrypted data may be transmitted for further processing to authenticate the user and/or authorize processing of the requested event.
In step 400, the second encrypted data may be received. In step 402, the second encrypted data may be decrypted using a second decryption process. Decrypting the second encrypted data may yield the first encrypted data, received PIN, and associated items.
In step 404, the first encrypted data may be decrypted using a first decryption process. Decrypting the first encrypted data may yield the event processing device identifier. In step 406, the event processing device identifier may be used an input to query a database to identify a pre-stored PIN associated with the event processing identifier. In step 408, the pre-stored PIN may be compared to the received, decrypted PIN.
In step 410, a determination may be made as to whether the pre-stored PIN matches the decrypted PIN. If so, the user may be authenticated and an instruction to process the event may be transmitted in step 414. If the pre-stored PIN does not match the decrypted PIN, the user might not be authenticated and a signal or instruction preventing processing of the requested event may be transmitted.
As discussed herein, the arrangements described provide for identification of a user and authentication and authorization in one step. As discussed herein, the arrangements described including joining user identification information to other data, such as an event processing device identifier, to provide the user identification/authentication and/or authorization of the event in one step.
The arrangements described herein provide for ensuring information security using encryption in processing events. Although encryption processes such as DUKPT are described above, various other encryption processes may be used without departing from the invention. Further, the encryption processes used, and the various processes described herein, may comply with the standards of one or more regulatory bodies regulating processing of events and/or use of data associated therewith.
Further, in addition to encryption aspects described herein, various other aspects aid in ensuring information security when processing events. For instance, in some examples, upon initiating a request to process an event, the computing device receiving the event processing device identifier, user identifying information, and the like, may lock or disable other applications executing on the computing device to ensure that other applications are prevented from accessing the data associated with processing the event.
Additionally or alternatively, in some examples, after processing the requested event, data associated with the event may be deleted or removed from the computing device and/or any associated systems. For instance, an event processing device identifier, user identifying information, or the like, may be deleted to prevent unauthorized access to the information.
Computing system environment 700 may include information security control computing device 701 having processor 703 for controlling overall operation of information security control computing device 701 and its associated components, including Random Access Memory (RAM) 705, Read-Only Memory (ROM) 707, communications module 709, and memory 715. Information security control computing device 701 may include a variety of computer readable media. Computer readable media may be any available media that may be accessed by information security control computing device 701, may be non-transitory, and may include volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer-readable instructions, object code, data structures, program modules, or other data. Examples of computer readable media may include Random Access Memory (RAM), Read Only Memory (ROM), Electronically Erasable Programmable Read-Only Memory (EEPROM), flash memory or other memory technology, Compact Disk Read-Only Memory (CD-ROM), Digital Versatile Disk (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium that can be used to store the desired information and that can be accessed by computing device 701.
Although not required, various aspects described herein may be embodied as a method, a data transfer system, or as a computer-readable medium storing computer-executable instructions. For example, a computer-readable medium storing instructions to cause a processor to perform steps of a method in accordance with aspects of the disclosed embodiments is contemplated. For example, aspects of method steps disclosed herein may be executed on a processor on information security control computing device 701. Such a processor may execute computer-executable instructions stored on a computer-readable medium.
Software may be stored within memory 715 and/or storage to provide instructions to processor 703 for enabling information security control computing device 701 to perform various functions. For example, memory 715 may store software used by information security control computing device 701, such as operating system 717, application programs 719, and associated database 721. Also, some or all of the computer executable instructions for information security control computing device 701 may be embodied in hardware or firmware. Although not shown, RAM 705 may include one or more applications representing the application data stored in RAM 705 while information security control computing device 701 is on and corresponding software applications (e.g., software tasks) are running on information security control computing device 701.
Communications module 709 may include a microphone, keypad, touch screen, and/or stylus through which a user of information security control computing device 701 may provide input, and may also include one or more of a speaker for providing audio output and a video display device for providing textual, audiovisual and/or graphical output. Computing system environment 700 may also include optical scanners (not shown). Exemplary usages include scanning and converting paper documents, e.g., correspondence, receipts, and the like, to digital files.
Information security control computing device 701 may operate in a networked environment supporting connections to one or more remote computing devices, such as computing devices 741 and 751. Computing devices 741 and 751 may be personal computing devices or servers that include any or all of the elements described above relative to information security control computing device 701.
The network connections depicted in
The disclosure is operational with numerous other computing system environments or configurations. Examples of computing systems, environments, and/or configurations that may be suitable for use with the disclosed embodiments include, but are not limited to, personal computers (PCs), server computers, hand-held or laptop devices, smart phones, multiprocessor systems, microprocessor-based systems, set top boxes, programmable consumer electronics, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like and are configured to perform the functions described herein.
Computer network 703 may be any suitable computer network including the Internet, an intranet, a Wide-Area Network (WAN), a Local-Area Network (LAN), a wireless network, a Digital Subscriber Line (DSL) network, a frame relay network, an Asynchronous Transfer Mode network, a Virtual Private Network (VPN), or any combination of any of the same. Communications links 702 and 705 may be communications links suitable for communicating between workstations 701 and information security control server 704, such as network links, dial-up links, wireless links, hard-wired links, as well as network types developed in the future, and the like.
One or more aspects of the disclosure may be embodied in computer-usable data or computer-executable instructions, such as in one or more program modules, executed by one or more computers or other devices to perform the operations described herein. Generally, program modules include routines, programs, objects, components, data structures, and the like that perform particular tasks or implement particular abstract data types when executed by one or more processors in a computer or other data processing device. The computer-executable instructions may be stored as computer-readable instructions on a computer-readable medium such as a hard disk, optical disk, removable storage media, solid-state memory, RAM, and the like. The functionality of the program modules may be combined or distributed as desired in various embodiments. In addition, the functionality may be embodied in whole or in part in firmware or hardware equivalents, such as integrated circuits, Application-Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGA), and the like. Particular data structures may be used to more effectively implement one or more aspects of the disclosure, and such data structures are contemplated to be within the scope of computer executable instructions and computer-usable data described herein.
Various aspects described herein may be embodied as a method, an apparatus, or as one or more computer-readable media storing computer-executable instructions. Accordingly, those aspects may take the form of an entirely hardware embodiment, an entirely software embodiment, an entirely firmware embodiment, or an embodiment combining software, hardware, and firmware aspects in any combination. In addition, various signals representing data or events as described herein may be transferred between a source and a destination in the form of light or electromagnetic waves traveling through signal-conducting media such as metal wires, optical fibers, or wireless transmission media (e.g., air or space). In general, the one or more computer-readable media may be and/or include one or more non-transitory computer-readable media.
As described herein, the various methods and acts may be operative across one or more computing servers and one or more networks. The functionality may be distributed in any manner, or may be located in a single computing device (e.g., a server, a client computer, and the like). For example, in alternative embodiments, one or more of the computing platforms discussed above may be combined into a single computing platform, and the various functions of each computing platform may be performed by the single computing platform. In such arrangements, any and/or all of the above-discussed communications between computing platforms may correspond to data being accessed, moved, modified, updated, and/or otherwise used by the single computing platform. Additionally or alternatively, one or more of the computing platforms discussed above may be implemented in one or more virtual machines that are provided by one or more physical computing devices. In such arrangements, the various functions of each computing platform may be performed by the one or more virtual machines, and any and/or all of the above-discussed communications between computing platforms may correspond to data being accessed, moved, modified, updated, and/or otherwise used by the one or more virtual machines.
Aspects of the disclosure have been described in terms of illustrative embodiments thereof. Numerous other embodiments, modifications, and variations within the scope and spirit of the appended claims will occur to persons of ordinary skill in the art from a review of this disclosure. For example, one or more of the steps depicted in the illustrative figures may be performed in other than the recited order, one or more steps described with respect to one figure may be used in combination with one or more steps described with respect to another figure, and/or one or more depicted steps may be optional in accordance with aspects of the disclosure.