Abstract: The disclosed computer-implemented method for verifying connection integrity may include (i) receiving a request from a client to initiate a connection to a server via a middlebox, (ii) receiving, from the client, via a side protocol executing in parallel with a transport layer security protocol, a request for a certificate for the middlebox, (iii) sending, to the client, via the side protocol, the certificate, (iv) receiving, from the client, via the side protocol, a request for an additional certificate from a device upstream of the middlebox, (v) requesting, from the device upstream of the middlebox, via the side protocol, the additional certificate, (vi) receiving, from the device upstream of the middlebox, via the side protocol, the additional certificate, (vii) sending, to the client, via the side protocol, the additional certificate, and (viii) relaying data via the connection. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The present disclosure relates to systems and methods for on-boarding an out of the box (OOB) device so as to secure electronic control of the OOB device. In some embodiments, a method may be performed by a computing device having an electronic processor, and may include automatically electronically receiving, by a processor, an electronic request to on-board from the OOB device, and authenticating, by the processor, a standardized certificate associated with the OOB device. The method may further include obtaining, by the processor, a policy authority to electronically control the OOB device. The method may further include securing electronic control of the OOB device, by the processor, based at least in part on the obtained approval.

Abstract: A computer-implemented method for authenticating an application is described. In one embodiment, a software package is received and the software package may be authorized based at least in part on an evaluation of the software package. Upon authorizing the software package, a signature file is embedded in a directory of the software package. A request to use a privileged service provided by a service provider is received from a client. In some embodiments, the request includes a custom class loader, the custom class loader being configured to construct a proxy object as an interface to the privileged service.

Abstract: An E-DRM remote caching system enables a user without a client side E-DRM access component to view E-DRM governed content on a variety of client devices. The user transmits inaccessible E-DRM governed content to be viewed to a the remote caching system. The remote system receives the content, temporarily stores it in a cache, and determines whether the user has sufficient rights to view the content. If the user does have sufficient access rights, the remote system transforms the content into a secure, viewable format and securely transmits it to the user. The user can view the E-DRM governed content without an E-DRM client side access component. The E-DRM remote caching system can add a unique digital marker to received content. The marker can be subsequently used to identify the origin of compromised content.

Abstract: A method for using virtualization to implement information rights management. The method may include: 1) intercepting, at a virtualization module, a request from an application to access data; 2) querying an information-rights-management database for a virtualization policy associated with the access request; 3) receiving, at the virtualization module, the virtualization policy from the information-rights-management database; and 4) controlling access to the data by applying the virtualization policy to the access request in a manner that is transparent to the application. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for securely managing access to data may comprise identifying a request to access data that is encrypted, the request being made within an insecure platform. The method may: determine that a requestor has a right to access the data, decrypt the data to provide decrypted data, and permit a secure platform to access the decrypted data. A computer-implemented method for securely managing access to data may comprise identifying a request to access data that is encrypted, the request being made within an insecure platform. They method may: submit the request to a policy server, receive permission from the policy server to access the data, decrypt the data to provide decrypted data, and permit a secure platform to access the decrypted data. A system for securely managing access to data may comprise: an authorization platform, an authentication module, a policy-enforcement module, and a cryptography module.

Abstract: An E-DRM remote caching system enables a user without a client side E-DRM access component to view E-DRM governed content on a variety of client devices. The user transmits inaccessible E-DRM governed content to be viewed to a the remote caching system. The remote system receives the content, temporarily stores it in a cache, and determines whether the user has sufficient rights to view the content. If the user does have sufficient access rights, the remote system transforms the content into a secure, viewable format and securely transmits it to the user. The user can view the E-DRM governed content without an E-DRM client side access component. The E-DRM remote caching system can add a unique digital marker to received content. The marker can be subsequently used to identify the origin of compromised content.

Abstract: A peer-to-peer storage manager measures availability (liveness) of the various nodes in a peer-to-peer storage pool, and adjusts the storage of data within the pool to meet performance expectations based on this liveness information. Based on node liveness statistics, the peer-to-peer storage manager fine tunes storage up or down to efficiently allocate storage while maintaining service level objectives for retrieval time probabilities. Responsive to node liveness information, the peer-to-peer storage manager can dynamically adjust redundancy and/or determine which nodes on which to store data. The peer-to-peer storage manager can execute these storage modifications using rateless erasure codes that allow highly robust storage with only weakly synchronized directory update protocols.