Abstract: A system and method for achieving authorization in confidential group communications in terms of an ordered list of data blocks representing a tamper-resistant chronological account of group membership updates. This method permits ad-hoc and decentralized group definition, dynamic and decentralized membership updates, open sharing, tamper resistance, and tracking of membership history. There are many applications of these techniques. One such application is enabling end-to-end encryption of instant messaging, content sharing, and streamed media.

Abstract: An end-to-end secure cloud-hosted collaboration service is provided with a hybrid cloud/on-premise index and search capability. This approach includes on-premise indexing and search handling, while relying on the cloud for persistent storage and search of the index. The on-premise indexer receives a copy of an encrypted message from the cloud-hosted collaboration service. The encrypted message has been encrypted with a conversation key. The indexer receives the conversation key from an on-premise key management service, and decrypts the encrypted message with the conversation key. A set of tokens are extracted from the decrypted message, and subsequently encrypted with a secret key, different than the conversation key, to generate a first set of encrypted tokens. The first set of encrypted tokens is transmitted for storage in a search index on the cloud-hosted collaboration service.

Abstract: A system and method for achieving authorization in confidential group communications in terms of an ordered list of data blocks representing a tamper-resistant chronological account of group membership updates. This method permits ad-hoc and decentralized group definition, dynamic and decentralized membership updates, open sharing, tamper resistance, and tracking of membership history. There are many applications of these techniques. One such application is enabling end-to-end encryption of instant messaging, content sharing, and streamed media.

Abstract: A computer-implemented method for managing network security may include identifying a set of trusted Internet domains, identifying traffic information that indicates Internet traffic volume for each trusted Internet domain in the set of trusted Internet domains, and analyzing the traffic information to select, from the set of trusted Internet domains, a subset of trusted Internet domains that each have higher Internet traffic volume than one or more other trusted Internet domains in the set of trusted Internet domains. The method may also include including the selected subset of trusted Internet domains in an Internet domain whitelist. The method may further include configuring a network gateway system to perform a less intensive scan on Internet traffic that originates from an Internet domain identified in the Internet domain whitelist than on traffic that originates from other Internet domains. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for managing network communication may include (1) identifying a pattern of network communication between a network node and a network service, (2) creating a representation of the network communication pattern, (3) querying, using the representation of the communication pattern, a network communication pattern database that associates network communication patterns with computer programs responsible for generating the patterns, (4) receiving, in response to querying the database, identification of a computer program associated with the network communication pattern, and then, (5) applying a network communication management policy assigned to the computer program associated with the pattern to network communication between the network node and network service. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques for providing data in dynamic account and device management are disclosed. In one particular exemplary embodiment, the techniques may be realized as a system for providing data in dynamic account and device management. The system may comprise one or more processors communicatively coupled to a network. The one or more processors may be configured to identify a user device to be managed. The one or more processors may be configured to transmit a request for delegate authority to manage the user device. The one or more processors may be configured to receive delegate authority to manage the user device. The one or more processors may be configured to provide network access to the user device. The one or more processors may also be configured to manage the user device and monitor data communicated to and from the user device.

Abstract: An end-to-end secure cloud-hosted collaboration service is provided with a hybrid cloud/on-premise index and search capability. This approach includes on-premise indexing and search handling, while relying on the cloud for persistent storage and search of the index. The on-premise indexer receives a copy of an encrypted message from the cloud-hosted collaboration service. The encrypted message has been encrypted with a conversation key. The indexer receives the conversation key from an on-premise key management service, and decrypts the encrypted message with the conversation key. A set of tokens are extracted from the decrypted message, and subsequently encrypted with a secret key, different than the conversation key, to generate a first set of encrypted tokens. The first set of encrypted tokens is transmitted for storage in a search index on the cloud-hosted collaboration service.

Abstract: Techniques are disclosed for providing a device-based PIN authentication process used to protect encrypted data stored on a computing system, such as a tablet or mobile device. A client component and a server component each store distinct cryptographic keys needed to access encrypted data on the client. The mobile device stores a vault encryption key used to decrypt encrypted sensitive data stored on the mobile device. The vault key is encrypted using a first encryption key and stored on the mobile device. The first encryption key is itself encrypted using a second encryption key. The second encryption key is derived from the PIN value.

Abstract: An end-to-end secure cloud-hosted collaboration service is provided with a hybrid cloud/on-premise index and search capability. This approach includes on-premise indexing and search handling, while relying on the cloud for persistent storage and search of the index. The on-premise indexer receives a copy of an encrypted message from the cloud-hosted collaboration service. The encrypted message has been encrypted with a conversation key. The indexer receives the conversation key from an on-premise key management service, and decrypts the encrypted message with the conversation key. A set of tokens are extracted from the decrypted message, and subsequently encrypted with a secret key, different than the conversation key, to generate a first set of encrypted tokens. The first set of encrypted tokens is transmitted for storage in a search index on the cloud-hosted collaboration service.

Abstract: A computer-implemented method for automatically synchronizing online communities may comprise identifying login information for a first user account associated with the first online community, accessing the first user account using the login information for the first user account, obtaining information from the first user account, and modifying, based on the information obtained from the first user account, a second user account associated with a second online community. Corresponding systems and computer-readable media are also disclosed.

Abstract: A system and method for achieving authorization in confidential group communications in terms of an ordered list of data blocks representing a tamper-resistant chronological account of group membership updates. This method permits ad-hoc and decentralized group definition, dynamic and decentralized membership updates, open sharing, tamper resistance, and tracking of membership history. There are many applications of these techniques. One such application is enabling end-to-end encryption of instant messaging, content sharing, and streamed media.

Abstract: A computer-implemented method for automatically configuring virtual private networks may include 1) broadcasting by a client on a network to discover a virtual private network server configured to manage virtual private networks, 2) discovering, by the client in response to the broadcast, the virtual private network server, 3) establishing a secure connection between the client and the virtual private network server in response to the discovery, and 4) receiving, by the client from the virtual private network server through the secure connection, configuration settings that enable the client to automatically connect to a virtual private network. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques are provided for augmenting the capabilities of the standard OAuth2 authorization framework in such a way as to allow clients to consume the services of multiple resource servers residing in disjoint security domains while requiring only a single one-time user authentication. An access token that provides access to resource services distributed across a plurality of security domains is partitioned into a plurality of reduced-scope access tokens. Each reduced-scope access token is limited to a subset of authorization scopes of the access token, providing access to a resource service in a particular security domain based upon the subset.

Abstract: A computer-implemented method for managing emergency information may include intercepting, on a mobile-computing device, an emergency communication being transmitted from the mobile-computing device. Intercepting the emergency communication may include monitoring outgoing communications on the mobile-computing device and determining that an outgoing communication being monitored is a communication about an emergency. This method may also include sending, from the mobile-computing device to a remote server that collects emergency data from a plurality of mobile-computing devices, information about the emergency communication and location information that identifies a location of the emergency. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques are presented herein for receiving a hash value of a file computed by a collaboration client prior to the collaboration client uploading the file to a collaboration server in an attempt to share the file with another collaboration client. The collaboration server may query an internal file storage system of file hashes for a hash value of a previously uploaded file that matches the hash value of the file to be uploaded. In response to the collaboration server receiving a notification that a matching hash value was not found in the file storage system, the collaboration server queries a first connector service that is in communication with a first service that has access to at least a first file storage system that is external to the collaboration server. The collaboration server queries the first connector service with the hash value of the file to be uploaded.

Abstract: An end-to-end secure cloud-hosted collaboration service is provided with a hybrid cloud/on-premise index and search capability. This approach includes on-premise indexing and search handling, while relying on the cloud for persistent storage and search of the index. The on-premise indexer receives a copy of an encrypted message from the cloud-hosted collaboration service. The encrypted message has been encrypted with a conversation key. The indexer receives the conversation key from an on-premise key management service, and decrypts the encrypted message with the conversation key. A set of tokens are extracted from the decrypted message, and subsequently encrypted with a secret key, different than the conversation key, to generate a first set of encrypted tokens. The first set of encrypted tokens is transmitted for storage in a search index on the cloud-hosted collaboration service.

Abstract: Method and apparatus for monitoring product purchasing activity on a network are described. In some examples, processing of network traffic in a network is performed. Web content is extracted from the network traffic at a node in the network. A statistical analysis of the web content is performed to detect product purchasing activity. Product attributes associated with the product purchasing activity are extracted. The product attributes are stored in a log implemented in a memory on the network.

Abstract: An end-to-end secure cloud-hosted collaboration service is provided with a hybrid cloud/on-premise index and search capability. This approach includes on-premise indexing and search handling, while relying on the cloud for persistent storage and search of the index. The on-premise indexer receives a copy of an encrypted message from the cloud-hosted collaboration service. The encrypted message has been encrypted with a conversation key. The indexer receives the conversation key from an on-premise key management service, and decrypts the encrypted message with the conversation key. A set of tokens are extracted from the decrypted message, and subsequently encrypted with a secret key, different than the conversation key, to generate a first set of encrypted tokens. The first set of encrypted tokens is transmitted for storage in a search index on the cloud-hosted collaboration service.

Abstract: A computer-implemented method for predictive responses to internet object queries may include receiving a query from a client to evaluate a first internet object. The computer-implemented method may also include analyzing the query to predict a set of additional internet objects for which the client may subsequently request an evaluation. The computer-implemented method may further include transmitting an evaluation of the first internet object and of each additional internet object in the set of additional internet objects to the client. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for sharing logs of a child's computer activities with a guardian of the child is disclosed. The method may include determining that a child may be involved in a computer activity on a computing device that is not controlled by a guardian of the child, monitoring the computer activity, creating a log of the computer activity, determining that the guardian of the child is authorized to view the log of the computer activity, and providing the log of the computer activity to the guardian of the child. Various other methods, systems, and computer-readable media are also disclosed.