Abstract: An extended hardware security module (“HSM”) possessing additional security properties relative to conventional HSMs and methods for initializing, deploying, and managing such extended HSMs in a networked environment. In the preferred embodiment, an extended HSM includes additional hardware and software components that configure it to run sensitive client tasks on demand inside a cloud-hosted, anti-tamper HSM housing so as to ensure sensitive data is encrypted when stored or processed outside the housing. Methods for initializing, deploying, and managing provide a framework through which extended HSMs may be secured from their initial assembly through their availing for use and actual use over a network by one or more clients. Such use often entails repeated discrete sequential secure sessions and concurrent discrete secure sessions.

Abstract: A method for the integrated use of a secondary cloud resource, provided by a secondary cloud service software function executed on secondary hardware, from a primary cloud service, provided by a primary cloud service software function executed on primary hardware which is remote to said secondary hardware including provision step operative to provide a primary integration interface and a secondary integration interface, a resource request step operative to identify a set of secondary user data and request said secondary cloud resource from the secondary cloud service, a resource allocation step for allocating the requested secondary cloud resource and providing corresponding secondary cloud resource allocation information, an information association step for associating said secondary cloud resource allocation information with said secondary cloud user data and a set of primary user data, and a user authentication step for authenticating the primary cloud service user access to said secondary cloud resource.

Abstract: A secure data management system and method which separates query processing operations from transaction management and data storage operations to provides secure outsourced data management assurances while remaining practically viable for commercial deployment. The secure data management system and method includes a untrusted database module which performs transaction management and data storage operations on encrypted data from at least one network accessible computer and a trusted database module which processes user generated queries and commands on a secure client device by selectively accessing, decrypting and re-encrypting the encrypted data on the at least one network accessible computer. In this regard, total privacy can be maintained while still outsourcing transaction management and data storage operations to untrusted third parties because all sensitive operations are performed in a secure environment and the transaction management and data storage operations can only access encrypted data.

Abstract: A secure searchable and shareable remote storage system and method which utilizes client side processing to enable search capability of the stored data, allow the synchronizing of stored data between multiple discrete devices, and allow sharing of stored data between multiple discrete users. Such a remote storage system and method includes a networked remote computer server which receives and stores encrypted data and manages access thereto and a client device configured to index data to be stored, upload secured data and related information, perform searches on the stored data and related information locally, and implement cryptographic protocols which allow the stored data and related information to be synchronized with other desired client devices. Advantageously, since trusted client-side search code may directly access mostly plaintext data, it may operate orders of magnitude faster than the equivalent server code which may access encrypted data only.

Abstract: Tamper-proof computer device (1) comprising a sealed enclosure (10), in turn comprising a hollow metal body (20) having an inside surface (22); a computer processor (30), arranged inside said enclosure (10); a tamper-detection sensor (40), which sensor (40) in turn comprises a tamper-detecting membrane (40) forming a sealed container in which the computer processor (30) is arranged, which membrane (40) is arranged on, and in direct thermal contact with, the said hollow metal body (20); and a metal heat sink structure (50) thermally connected to the computer processor (30), wherein the metal heat sink structure (50) is also arranged in direct thermal contact with a side of the membrane (40) not facing the said inside surface (22), so that the membrane (40) is sandwiched between the hollow metal body (20) and the metal heat sink structure (50) so that thermal connection is achieved between the metal heat sink structure (50) and the enclosure (10), via the membrane (40).

Abstract: An extended hardware security module (“HSM”) possessing additional security properties relative to conventional HSMs and methods for initializing, deploying, and managing such extended HSMs in a networked environment. In the preferred embodiment, an extended HSM includes additional hardware and software components that configure it to run sensitive client tasks on demand inside a cloud-hosted, anti-tamper HSM housing so as to ensure sensitive data is encrypted when stored or processed outside the housing. Methods for initializing, deploying, and managing provide a framework through which extended HSMs may be secured from their initial assembly through their availing for use and actual use over a network by one or more clients. Such use often entails repeated discrete sequential secure sessions and concurrent discrete secure sessions.

Abstract: The present invention relates to a system for protecting sensitive data including at least one enclosing layer, at least one tamper-detecting sensor, zeroization support logic, at least one memory module, and at least one Internal IPM Decoupler configured to provide a link between the anti-tamper system and at least one electronic component that is enclosed by at least one enclosing layer.

Abstract: The present invention relates to a system for protecting sensitive data including at least one enclosing layer, a cryptography module, at least one tamper-detecting sensor, zeroization support logic, at least one memory module, and at least one Internal IPM Decoupler configured to provide a link between the anti-tamper system and at least one electronic component that is enclosed by at least one enclosing layer.