Abstract: Non-transitory computer readable medium that may store instructions that once executed by a computer may cause a computer to receive or generate multiple security questions, receive multiple security answers that were provided by an entity in response to the multiple security questions, receive or generate redundant information and calculate the passphrase by applying an error correction process on the redundant information and the multiple security answers; wherein the error correction process is configured to correct up to a predefined number of erroneous security answers.

Abstract: An approach is proposed that contemplates system and method to configure firewall rules of a VPN gateway of a protected network so that users of devices in the protected network can access Internet securely via a captive network. First, the proposed approach enables the VPN gateway to probe the captive network with an HTTP request to discover a captive portal of the captive network. After the captive portal is discovered, one or more firewall rules of the VPN gateway are added so that network traffic from the devices in the protected network are redirected to the captive portal for authentication. Once the users are authenticated and a VPN tunnel is established between the VPN gateway and a remote VPN tunnel terminal, the firewall rules previously added are removed from the VPN gateway and all network traffic from the devices in the protected network are routed over the VPN tunnel.

Abstract: A new approach is proposed that contemplates systems and methods to support bulk authentication of a device associated with a user to all cloud-based services the device intends to access in one transaction instead of authenticating the device against each of the services individually. First, the device generates and transmits to one or more authentication service clusters an authentication request that includes its identification and authentication credentials in order to access to a plurality of services. Upon receiving the authentication request, the authentication service cluster(s) authenticate the device for all of the services to be accessed based on the information in the authentication request. Once the device is authenticated, the authentication service cluster(s) then retrieve entitlement information of the services to be accessed by the device, and identify the service clusters/nodes that the device will connect to for the services with the fastest response time.

Abstract: A device includes a database, a controller, and a PVN router. The database is configured to store network settings information and tracks devices connected to a network. The controller is configured to control access of devices to one another after establishing a connection to the network. The PVN router is configured to receive a provisioning request from a requesting to connect to the network. The PVN router is further configured to transmit a provisioning response to the requesting device based on instantiation of a PVN template received from the database. The PVN template is generated based on the network settings information and further based on the control access determined by the controller. The provisioning response establishes a connection between the requesting device and the network. The requesting device is inaccessible by a subset of devices already connected in the network after the connection is established and vice versa.

Abstract: A new approach is proposed that contemplates systems and methods to support bulk authentication of an appliance associated with a user to all cloud-based services the appliance intends to access in one transaction instead of authenticating the appliance against each of the services individually. First, the appliance generates and transmits to an authentication service cluster an authentication request that includes its identification and authentication credentials in order to access to a plurality of services. Upon receiving the authentication request, the authentication service cluster authenticates the appliance for all of the services to be accessed based on the information in the authentication request. Once the appliance is authenticated, the authentication service cluster then retrieves entitlement information of the services to be accessed by the appliance, and identifies the service clusters/nodes that the appliance will connect to for the services with the fastest response time.

Abstract: A single Point of Recordation Terminal (PORT) is disclosed. The PORT is configured to detect one or more events of interest, generate one or more representations of the event and establish the timing relationship among the multiple representations of the event of interest. The PORT is further configured to associate a unique ID of the PORT with the representations, encrypt and upload the representations to the cloud.

Abstract: A system for branding and deploying backup software includes a branding interface, a branding database, and an installer-generating server. The branding interface receives branding data from a partner associated with a partner machine. The branding database stores the received branding data. The installer-generating server generates a generic full installer capable of installing a software program and generates a branded installation shell in response to a request from the partner and using the stored branding data. The branded installation shell, when executed by the partner machine, retrieves the generic full installer from the installer-generating server. The branded installation shell causes the generic full installer to install in a branded location on the partner machine to make it appear as if the partner generated the software program installed by the generic full installer. Related apparatus, systems, techniques, and articles are also described.

Abstract: System, computer readable medium and method for decryption. The method may include receiving, by a third computerized system and from a fourth computerized system, a first encrypted file entity key and signed access metadata. The first encrypted file entity key is created by encrypting a file entity key by a first computerized system using an encryption key of a second computerized system. The signed access metadata is signed by the file entity key. The encrypted file entity is created by encrypting a file entity by the first computerized system using the file entity key. Sending, by the third computerized system, the signed access metadata and the first encrypted file entity key to the second computerized system. Receiving a response from the second computerized system. Determining, based on the response from the second computerized system, whether to facilitate a decryption of the encrypted file entity by the fourth computerized entity.

Abstract: Systems and methods for creating an electronic signature that looks like a handwritten signature.

Abstract: A file shard store includes high performance encoding and compaction circuits. An apparatus and its method of operation avoids duplicate storage of file fragments. A plurality of tables control write operations into a plurality of log segments. Shard keys are transferred to uniquely identify fragments of files which may have been previously stored and associated with one or more of client subscribers. An apparatus comprises a plurality of location/subscription tables, a shard transfer circuit, a storage control circuit, an append-to-log circuit coupled to a large storage array, and a log segment compactor circuit.

Abstract: A cloud file event server transmits file events necessary to synchronize a file system of a file share client. A tree queue director circuit receives file events and stores each one into a tree data structure which represents the hierarchical paths of files within the file share client. An event normalization circuit sorts the file events stored at each node into sequential order and moots file events which do not have to be performed because a later file event makes them inconsequential. A thread scheduling circuit assigns a resource to perform file events at a first node in a hierarchical path before assigning one or more resources to a second node which is a child of the first node until interrupted by the tree queue director circuit or until all file events in the tree data structure have been performed.

Abstract: An apparatus accesses many locations of a store for information about a specific Internet Protocol address. A filter concentrates and condenses a diffuse population widely dispersed in a ginormous address range into a smaller storage space with controllable error rate. A cloud service acquires, aggregates, and distributes IP address data structure records from and to globally distributed network access devices. A system of filter elements operating in parallel determines a plurality of storage addresses in memory to represent Internet Protocol addresses categorized for security. A method determines a plurality of storage addresses from each Internet Protocol address so characteristics of the IP address can be accessed at the storage addresses.

Abstract: When each new device or service is installed into a network, a hyper-server reads a configuration description provided by the new device or service and adapts to provide a user interface for configuring its capabilities. A first server gathers descriptions of available commands and parameters from many diverse devices and services. A second server presents an administrator or operator with a control panel for one or many client devices. The panel presentation changes with respect to the devices or services selected. The hyper-server registers the capabilities of each device or service and transfers the commands and parameter settings to the appropriate device or service under configuration control.

Abstract: Documents are scored and displayed with annotations for best practices, and variances from normal ranges of clauses and clause groups. Custom rules developed for an industry or for an enterprise further distinguish which documents need further review or approval by senior staff because of higher risks or commitments than standard terms and conditions. A display provides the document transformed with annotations about the scores or rules triggered by each group of clauses and accepts comments and approval or objections to acceptance of the document. The absence of best practices clauses for the category is noted for reference.

Abstract: Legacy documents of an enterprise are scanned and analyzed to determine best practices and rules for each category. Clauses and groups of clauses are assigned scores for relative value. Each category of documents has a profile of the clauses and groups of clauses which establish a norm against which proposed new documents may be scored. A document is analyzed for clauses and groups of clauses. A score is determined for each document to measure its fit with a document category. An absence of an expected clause within group of clauses results in a lower score. An absence of a group of expected clauses results in an even lower score. A high score reflects that a document is substantially standard with its category.

Abstract: A document is categorized according to clauses and groups of clauses. A distribution and transmission control system determines from a user login credential if the document may be stored to removable, transportable media or transmitted to an external server through network connections. A scoring system determines the level of sensitivity of the document according to its component clauses and resulting document category. Even if headers and footers are removed from a sensitive document, its component clauses flag the category and sensitivity.

Abstract: Documents are analyzed for best practices and compliance with rules normalized for an industry or an enterprise by identifying, grouping, and scoring clauses. Key clauses in each stored document are identified which distinguish a relationship with restrictions on the principal party. A document set containing potentially conflicting restrictions is scanned for clauses, which mutually conflict. Documents with circular dependencies, obligations on the same resources, commitments to exclusivity, or compel action or inaction are surfaced for renegotiation, risk remediation, or conflict resolution.

Abstract: A store for virus and malware fingerprints is coupled to a backup server apparatus which receives hashes and file shards from backup clients through a network. A circuit compares hashes received from backup clients to determine matches with file shards previously stored and matches with file shards with virus or malware infections. File shards not previously stored are received for backup and inspection by a virus filter. When a received file shard is determined to match a virus or malware fingerprint, a process is initiated to restore the file on the backup client to a clean version and notify the user and the network security administrator. The hashes of file shards determined to match a virus or malware fingerprint are stored for future reference. The data of a file shard which has been determined to be infected is also stored in case of a false-positive determination.

Abstract: An apparatus, system, and method for measuring the similarity of communication packet binary objects to classified object binary objects is disclosed. The method determines at least one pattern signature in an Nth binary object, accessing a location in a similarity store which has object identifiers for each of the previous N?1 binary objects which contain the corresponding pattern, and writing the object identifier of the Nth binary object at that same location in the similarity store. Reporting the number of locations in similarity store which contain the object identifiers of a communication packet and a classified object is a measure of similarity to each other. Outgoing packets are blocked if they correlate highly with confidential documents or objects.

Abstract: A file shard store includes high performance encoding and compaction circuits. An apparatus and its method of operation avoids duplicate storage of file fragments. A plurality of tables control write operations into a plurality of log segments. Shard keys are transferred to uniquely identify fragments of files which may have been previously stored and associated with one or more of client subscribers. An apparatus comprises a plurality of location/subscription tables, a shard transfer circuit, a storage control circuit, an append-to-log circuit coupled to a large storage array, and a log segment compactor circuit.