Abstract: Techniques concerning the authentication of communication units in a network of communication units are disclosed. At the request of an initiating communication unit, an intermediate communication unit generates a first authentication problem and a first authentication answer that are answerable by a target communication unit. The first authentication answer is provided to the initiating communication unit and the first authentication problem is provided to a target communication unit. The target communication unit provides a first proposed answer to the initiating communication unit. When the first proposed answer compares favorably with the first authentication answer, the initiating communication unit designates the target communication unit as being authenticated. This process may be repeated with the roles of the initiating and target communication units reversed in order to authenticate the initiating communication unit to the target communication unit.

Abstract: Techniques concerning the communication of messages, and verification of connections, between communication units in a network of communication units are disclosed. An intermediate communication unit either routes messages to other communication units or further processes such messages based on whether it is able to successful interpret such messages based on at least one shared secret maintained by the intermediate communication unit. In this manner, initiating and target communication units can verify connections therebetween.

Abstract: Data is securely stored on a storage device by encoding a data block into multiple encoded blocks, any number of which can be recombined to recover the data block. The encoded blocks are stored at known logical locations corresponding to physical locations on a storage device that change over time. When the data needs to be destroyed, at least one of the encoded blocks is overwritten with arbitrary data. In one aspect, the encoded blocks include at least one random block that is used to encode the data block. In another aspect, the known logical locations are stored in metadata.

Abstract: A cryptographic key management system includes executable instructions to control access to keys based on permissions for users and groups. Executable instructions support cryptographic operations on the keys through a network application program interface. The cryptographic operations are controlled by the permissions. The cryptographic operations are distributed between the servers and the clients in accordance with criteria specifying optimal execution of cryptographic operations between the servers and the clients.

Abstract: A computing device receives a command to restrict access to encrypted data. The computing device generates a new record that can access the encrypted data. The computing device encrypts the record information for the new record using a public key of a trusted entity. The computing device prevents access to the encrypted data for a previously generated record or records.

Abstract: Data is securely stored on a storage device by encoding a data block into multiple encoded blocks, any number of which can be recombined to recover the data block. The encoded blocks are stored at known logical locations corresponding to physical locations on a storage device that change over time. When the data needs to be destroyed, at least one of the encoded blocks is overwritten with arbitrary data. In one aspect, the encoded blocks include at least one random block that is used to encode the data block. In another aspect, the known logical locations are stored in metadata.

Abstract: A probe attached to a customer's network collects status data and other audit information from monitored components of the network, looking for footprints or evidence of unauthorized intrusions or attacks. The probe filters and analyzes the collected data to identify potentially security-related events happening on the network. Identified events are transmitted to a human analyst for problem resolution. The analyst has access to a variety of databases (including security intelligence databases containing information about known vulnerabilities of particular network products and characteristics of various hacker tools, and problem resolution databases containing information relevant to possible approaches or solutions) to aid in problem resolution. The analyst may follow a predetermined escalation procedure in the event he or she is unable to resolve the problem without assistance from others.

Abstract: A computer readable storage medium includes executable instructions to process a duress command to invoke a system termination operation. The duress command may be a pass phrase with an added prefix or suffix. The duress command may be received from a menu, a dedicated key or a key sequence. The system termination operation may result in whole disk encryption. Alternately, the system termination operation may result in permanent destruction of data.

Abstract: A computer readable medium storing executable code to generate an identity-based encryption key includes executable code to specify a master key, receive an identity-based string and execute a function that processes the master key and the identity-based string to produce a seed. The seed is then used to produce an identity-based encryption key interoperable with a deployed public key cryptosystem.

Abstract: This present invention provides users with secure transparent electronic communication, allowing them to send and receive encrypted and/or signed messages with little or no user involvement. In various embodiments, the present invention provides a user with e-mail security via automated hierarchical techniques for transparently sending and receiving secure messages, and lowers the burden on administrators. Such a system can also manage cryptographic keys and certificates for the users, and creates such keys and certificates for the users when necessary. A server according to the present invention can intercept unsecured messages from a user, automatically transform those messages into secured messages, and transmit those secure messages to the intended recipients. The server can also automatically transform messages after the recipient sends a digital identity to the server and downloads the software necessary for transforming the secured messages back into readable messages (i.e.

Abstract: A cryptographic key management system includes executable instructions to control access to keys based on permissions for users and groups. Executable instructions support cryptographic operations on the keys through a network application program interface. The cryptographic operations are controlled by the permissions. The cryptographic operations are distributed between the servers and the clients in accordance with criteria specifying optimal execution of cryptographic operations between the servers and the clients.

Abstract: The invention includes a computer readable medium storing executable instructions to enroll a user with a secure email support facility. The computer readable medium includes executable instructions to send an enrollment message, supply a registration response, and confirm the registration response. An authentication email is also sent. A client identifies the authentication email. Authentication information within the authentication email is decrypted. The authentication information is used to authenticate the client and subsequently obtain access to a secure email support facility.

Abstract: A probe attached to a customer's network collects status data and other audit information from monitored components of the network, looking for footprints or evidence of unauthorized intrusions or attacks. The probe filters and analyzes the collected data to identify potentially security-related events happening on the network. Identified events are transmitted to a human analyst for problem resolution. The analyst has access to a variety of databases (including security intelligence databases containing information about known vulnerabilities of particular network products and characteristics of various hacker tools, and problem resolution databases containing information relevant to possible approaches or solutions) to aid in problem resolution. The analyst may follow a predetermined escalation procedure in the event he or she is unable to resolve the problem without assistance from others.

Abstract: This present invention provides users with secure transparent electronic communication, allowing them to send and receive encrypted and/or signed messages with little or no user involvement. In various embodiments, the present invention provides a user with e-mail security via automated hierarchical techniques for transparently sending and receiving secure messages, and lowers the burden on administrators. The present invention can include a server in a local network that acts as a proxy between a user and an open communications network, thereby providing transparent transmission and receipt of secure messages for the user. This could be used for sending and receiving secure e-mail or for securing instant messaging (IM). A server according to the present invention can intercept unsecured messages from a user, automatically transform those messages into secured messages, and transmit those secure messages to the intended recipients.

Abstract: This present invention provides users with secure transparent electronic communication, allowing them to send and receive encrypted and/or signed messages with little or no user involvement. In various embodiments, the present invention provides a user with e-mail security via automated hierarchical techniques for transparently sending and receiving secure messages, lowers the burden on administrators, and allows for a public key infrastructure (PKI) to be dynamically constructed and operated. Such a system can also manage cryptographic keys and certificates for the users, and create such keys and certificates for the users when necessary. The server can also receive an indication that a user has been properly authenticated, check whether the user has a cryptographic key, and automatically create a key if the user does not have one, thereby automatically registering the user within a community and allowing the user to transparently send and receive secure electronic messages.

Abstract: This present invention provides users with secure transparent electronic communication, allowing them to send and receive encrypted and/or signed messages with little or no user involvement. In various embodiments, the present invention provides a user with e-mail security via automated hierarchical techniques for transparently sending and receiving secure messages, and lowers the burden on administrators. Such a system can also manage cryptographic keys and certificates for the users, and creates such keys and certificates for the users when necessary. A server according to the present invention can intercept unsecured messages from a user, automatically transform those messages into secured messages, and transmit those secure messages to the intended recipients. The server can also automatically transform messages after the recipient sends a digital identity to the server and downloads the software necessary for transforming the secured messages back into readable messages (i.e.

Abstract: A probe attached to a customer's network collects status data and other audit information from monitored components of the network, looking for footprints or evidence of unauthorized intrusions or attacks. The probe filters and analyzes the collected data to identify potentially security-related events happening on the network. Identified events are transmitted to a human analyst for problem resolution. The analyst has access to a variety of databases (including security intelligence databases containing information about known vulnerabilities of particular network products and characteristics of various hacker tools, and problem resolution databases containing information relevant to possible approaches or solutions) to aid in problem resolution. The analyst may follow a predetermined escalation procedure in the event he or she is unable to resolve the problem without assistance from others.