Abstract: The invention includes systems and methods to asymmetrically encrypt audit logs, store a limited period of the encrypted audit logs, periodically send the encrypted audit logs to a central location for storage and further process in order to provide tamper-proof evidence of an activity. The system comprises a secure audit client enabled to perform various activities. A secure audit manager logs such activities in an audit log for uploading to a secure audit server. The secure audit server receives the audit logs from the secure audit manager. Finally a secure audit log consumer requests audit log data from the secure audit log manager to review the secure audit log.

Abstract: The invention includes a system comprising a device, software installed on the device and coupled to the device's hardware and software stack to execute data encryption and remote attestation. The invention includes a process to configure the device for encryption and remote attestation and performing an initial inventory and content scan of the device's hardware and software stack with results transmitted across a communication network to the attestation server. The invention includes periodic inventory and content scans of the device's hardware and software stack with results transmitted again to the server via the network. The attestation server stores the results in a database for comparison to subsequent results sent by devices. The attestation server notes any differences in the most recent results and sends an alert to the device if the device is configured differently based on the previous scan, or configured the same if no differences were noted.

Abstract: This invention includes a solution to enable a digital authentication solution comprising a network. Next, a first device is coupled to the network. The first device may include an authentication key generator that is able to generate both public and private keys in electronic formats. Next, the first device is coupled to a certificate authority gateway. The certificate authority gateway includes devices capable of converting the electronically formatted public key to a non-electronic format, and vice versa. Next, the certificate authority gateway is coupled to a certificate authority server. The certificate authority server includes devices capable of converting the electronically formatted public key to a non-electronic format, and vice versa. The certificate authority server is also contained in a secure area such as a locked room, or a safe. The secure area includes features that allow the non-electronically formatted public key to be passed across the boundary of the secure area.

Abstract: This invention includes apparatus, systems, and methods for repairing a corrupted device still in the field by sending the corrupted device a known-good configuration derived from the majority group of devices in the field. First, an initial inventory and content scan of the device's hardware and software stack is taken. The attestation server uses the collection of results to determine a statistically known-good configuration for each type of device. The attestation server groups the known good devices by devices and ideally all of the devices of the same type are configured mostly the same. The attestation server sends an alert to the device that the device is configured differently than the plurality of existing devices. Finally, the attestation server will request a known-good configuration from one of the devices in the plurality of existing devices to repair the corrupted device in the field.

Abstract: The invention includes methods for authenticating access between devices when the devices are within a geospatial boundary comprising the first step of keeping track of the physical position of the devices using both low and, or high fidelity geospatial positioning techniques. Next, a first device determines whether any nearby mobile devices have entered the geospatial boundary. Next, the first device determines if any of the mobile devices are peers eligible for cryptographic authentication. After the first device authenticates that the other device within the geospatial boundary is a trusted peer, the devices may perform various data and, or dynamic policy operations.

Abstract: A comprehensive solution for providing secure mobile communication is provided. The system includes techniques for authentication and control of communication end-points; chain of trust to ensure devices are certified as authentic; contact list management; peer-to-peer encrypted voice, email, and texting communication; and a technique for bypassing an IP PBX to ensure high levels of security. The system is able to support use of commodity mobile communication devices (e.g., smart phones, laptops) over public carrier networks.

Abstract: This invention includes a system and method to enable a device to determine the presence information of another device over a secure communication network. First, the device and a presence server establish a secure connection. Next, while the initial secure connection with the presence server is established, the device generates a randomly created token and provides it to the presence server. The token is used as a shared-secret by the device and the presence server to secure future presence communications over a non-secure connection. Next, without the need to again enter a password or establish a secure connection with the presence server, the device uses the shared-secret to sign, encrypt and convey presence information to the presence server over an arbitrary connection. Finally, the presence server may share the first device's presence information with another device.

Abstract: This invention includes a solution to enable a digital authentication solution comprising a network. Next, a first device is coupled to the network. The first device may include an authentication key generator that is able to generate both public and private keys in electronic formats. Next, the first device is coupled to a certificate authority gateway. The certificate authority gateway includes devices capable of converting the electronically formatted public key to a non-electronic format, and vice versa. Next, the certificate authority gateway is coupled to a certificate authority server. The certificate authority server includes devices capable of converting the electronically formatted public key to a non-electronic format, and vice versa. The certificate authority server is also contained in a secure area such as a locked room, or a safe. The secure area includes features that allow the non-electronically formatted public key to be passed across the boundary of the secure area.

Abstract: This invention provides a novel method, system, and apparatus allowing an authorized user access to controlled assets when a passcode method malfunctions, such as when a user forgets a password, a token malfunction, or a biometric mismatch. The invention allows temporary access to an access control system without knowing the password and without sending the user the password or a new random password. The user is able to set a new password without knowing the previous password. Furthermore, stored encrypted data is preserved and made accessible once again via the new passcode. This invention works for many authentication methods such as restoring access when a password, token, access card, or biometric sample is used.

Abstract: The invention includes a system for transmitting multi-wrapped VPN enabled-data across a communication network from a device to another destination device within a remote protected network. The device comprises a software stack, hardware layer, application-layer VPN software, link-layer VPN software, and user-based application software. Next, the device is coupled to a communication network. Next, the system includes a link-layer VPN aggregator and an application-layer VPN aggregator. Finally, the system includes a protected network that includes the destination device. The invention includes embodiments for configuring a device to transmit multi-wrapped VPN enabled-data and processes for transmitting multi-wrapped VPN enabled-data across a communication network from a device to another destination device within a remote protected network. Finally, the invention includes inverse processes so the destination device can transmit data back through the communication network and to the device.

Abstract: A comprehensive solution for providing secure mobile communication is provided. The system includes techniques for authentication and control of communication end-points; chain of trust to ensure devices are certified as authentic; contact list management; peer-to-peer encrypted voice, email, and texting communication; and a technique for bypassing an IP PBX to ensure high levels of security. The system is able to support use of commodity mobile communication devices (e.g., smart phones, laptops) over public carrier networks.

Abstract: This invention includes a system and method to enable a device to determine the presence information of another device over a secure communication network. First, the device and a presence server establish a secure connection. Next, while the initial secure connection with the presence server is established, the device generates a randomly created token and provides it to the presence server. The token is used as a shared-secret by the device and the presence server to secure future presence communications over a non-secure connection. Next, without the need to again enter a password or establish a secure connection with the presence server, the device uses the shared-secret to sign, encrypt and convey presence information to the presence server over an arbitrary connection. Finally, the presence server may share the first device's presence information with another device.

Abstract: This invention includes a synchronized storage server enabled to send the end-point device a notification including the root folder list. The end-point device compares the sent root folder list to a previously stored root folder list in the end-point devices' memory. If the end-point device detects either a new root folder on the synchronized storage server, a change in an existing folder, or deleted content in a folder the end-point device will determine that a change is required to the stored data. Next the end-point device will synchronize with the synchronized storage server and create a new storage list. Finally, the synchronized storage server will send the end-point device a new encrypted folder encryption key which includes the encrypted file contents along with identifying information such as the server name and revision information.

Abstract: The invention includes methods for cryptographically authenticating access between devices when the devices are within a geospatial boundary comprising the first step of keeping track of the physical position of the devices using both low and, or high fidelity geospatial positioning techniques. Next, a first device determines whether any nearby mobile devices have entered the geospatial boundary. Next, the first device determines if any of the mobile devices are peers eligible for cryptographic authentication. After the first device authenticates that the other device within the geospatial boundary is a trusted peer, the devices may perform various data and, or dynamic policy operations.

Abstract: A comprehensive solution for providing secure mobile communication is provided. The system includes techniques for authentication and control of communication end-points; chain of trust to ensure devices are certified as authentic; contact list management; peer-to-peer encrypted voice, email, and texting communication; and a technique for bypassing an IP PBX to ensure high levels of security. The system is able to support use of commodity mobile communication devices (e.g., smart phones, laptops) over public carrier networks.

Abstract: This invention includes apparatus, systems, and methods to ensure the security and integrity of data stored, processed, and transmitted across compute devices. The invention includes a system comprising at least one of said devices, application software installed on said devices and coupled to the device's hardware and software stack to execute data encryption and remote attestation, and said devices coupled with an attestation server through a communication network. The invention includes a process to configure said devices for data encryption and remote attestation and performing an initial inventory and content scan of the device's hardware and software stack with results transmitted across a communication network to the attestation server. The invention includes periodic inventory and content scans of the device's hardware and software stack with results transmitted again to the attestation server via the communication network.

Abstract: This invention provides a novel method, system, and apparatus allowing an authorized user access to controlled assets when a passcode method malfunctions, such as when a user forgets a password, a token malfunction, or a biometric mismatch. The invention allows temporary access to an access control system without knowing the password and without sending the user the password or a new random password. The user is able to set a new password without knowing the previous password. Furthermore, stored encrypted data is preserved and made accessible once again via the new passcode. This invention works for many authentication methods such as restoring access when a password, token, access card, or biometric sample is used.