Abstract: A method for data security reading includes steps of: receiving a hardware instruction; analyzing said hardware instruction; if said hardware instruction is a reading instruction, obtaining the source address in the reading instruction; searching a mapping bitmap and modifying the reading address in the reading instruction according to the data of the mapping bitmap, wherein the mapping bitmap is used to indicate whether the data stored in a local storage address is dumped to said security storage device; transmitting the modified reading instruction to a hardware layer. An apparatus for data security reading includes a receiving unit, an instruction analyzing unit, an instruction modifying unit and a transmitting unit. The Trojan horse or malicious tools cannot store or transmit the acquired information even if the secret information has been obtained, so that the data always exists in controllable security range.

Abstract: A system and method for managing licensing of virtual environment applications. A licensing module of a first installed virtual environment application detects installation of affiliated applications and gives them a group licensing key for passing it to the licensing server. The licensing server derives licensing parameters of the affiliated applications from the group key and gives the licenses to the affiliated applications, in case of successful validation. The licensing system provides protection from un-authorized copying of the applications. If an affiliated virtual environment application is copied (or moved) to another hardware node without its virtual environment, the licensing server will not give the license activation key to this virtual environment application.

Abstract: A computer-implemented method for predicting the impact of security-policy changes on users may include (1) identifying at least one end-user computing system that may potentially be regulated using a security policy, (2) predicting, prior to activating the security policy on the end-user computing system, how activating the security policy may impact at least one user of the end-user computing system by monitoring at least one behavior of the user on the end-user computing system and by determining how activating the security policy on the end-user computing system may have impacted the behavior, and (3) notifying, based at least in part on predicting how activating the security policy may impact the user, an administrator of the end-user computing system with information that indicates how activating the security policy may impact future user behavior. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Various systems, computer program products, and methods for securing a plug server and its data are described. According to the invention, the plug server will be protected via encryption when disconnected from the internet via a block level encryption device. The invention is particularly useful in environments where no internet connectivity exists, and teams must collaborate and collect data in remote regions of the world in a secure responsible manner.

Abstract: A method performed by a client access device includes (1) receiving, at the client access device, a signal from a client authorizing device, the signal including an environmental detection instruction, the environmental detection instruction instructing the client access device to detect an aspect of a local environment, (2) detecting, at the client access device, the aspect of the environment indicated by the environmental detection instruction to yield a first environmental detection result, (3) sending the first environmental detection result from the client access device to a remote server, and (4) in response to sending the environmental detection result to the remote server, receiving a proximity signal from the remote server indicating whether or not proximity between the client access device and the client authorizing device has been established by comparing the first environmental detection result to a second environmental detection result sent from the client authorizing device to the server.

Abstract: The systems, methods and apparatuses described herein permit encrypted media content to be displayed by an apparatus for a restricted time period. The apparatus may comprise a communication interface configured to couple to a controlling device to transmit a first nonce and to receive the encrypted media content and an association encryption envelope. The association encryption envelope may comprise at least a second nonce and a first time restriction expressed as a first time interval. The apparatus may further comprise a counter, a storage configured to store a value of the counter representing a time of when the first nonce is transmitted, and an engine configured to perform operations according to the first time restriction.

Abstract: A computer system identifies a request to place a workload in a hypervisor-based host. The computer system identifies a security level of the workload. The computer system identifies a security level of a storage device associated with the hypervisor-based host. If the security level of the workload corresponds to the security level of the storage device, the computer system grants the request to place the workload in the hypervisor-based host. If the security level of the workload does not correspond to the security level of the storage device, the computer system denies the request to place the workload in the hypervisor-based host.

Abstract: Provided is a revocation list generation device that can suppress an increase in the amount of data of a revocation list. A revocation list generation device that generates a revocation list includes an acquisition unit that acquires, for a content, a revocation identifier identifying a revoked public key certificate allocated to an apparatus related to use of the content, a revocation list generation unit that generates a revocation list including the acquired revocation identifier associated with the content, and an output unit that outputs the revocation list.

Abstract: A WebSocket connection is established. The WebSocket connection was established with a requester of the connection. The authentication of the requester is configured to expire. A request to revalidate the authentication is provided. An update of the authentication is received. The update of the authentication is received without disconnecting the WebSocket connection.

Abstract: Methods, apparatus and articles of manufacture for using a token code to control access to data and applications in a mobile platform are provided herein. A method includes processing authentication information via a cryptographic operation to generate an output, partitioning the output into (i) a component that identifies the authentication information and (ii) an encryption key component, encrypting an item of cryptographic information via the encryption key component, and storing the component that identifies the authentication information and the encrypted item of cryptographic information.

Abstract: An information providing apparatus includes following components. A storing unit stores marker image identification information, an image feature of a marker placed area, related information, and disclosure limitation information indicating whether the related information is to be disclosed to specific users in an image information memory. A user information memory stores user identification information identifying a user and privilege information indicating a privilege of the user. An obtaining unit obtains, from an information terminal, user identification information and a target image. A search unit searches the image information memory for marker image identification information of a marker image having an image feature similar to that included in the target image.

Abstract: An authentication technique employs a security device that communicates with a software token construct installed on a user device via a connector. The technique includes secure provisioning of an authentication seed and safe storage of the seed in encrypted form on the user device. A key for decrypting the seed is stored within the security device, and token codes are generated by physically connecting the security device to the user device and conveying the encrypted seed from the user device to the security device over the connector.

Abstract: A method to securely and asynchronously provisioning keys from one source secure device to a target secure device through a key provisioning server, in which the keys to be provisioned via the method remain unknown. The method includes the steps of, for the source secure device, encrypting a key to be transferred using a transport key so that only the target secure device can decrypt, and sending the encrypted key to the provisioning server and, for the target secure device, when available, getting the encrypted transferred key, and decrypting the transferred key using the transport key.

Abstract: This invention includes a system and method to enable a device to determine the presence information of another device over a secure communication network. First, the device and a presence server establish a secure connection. Next, while the initial secure connection with the presence server is established, the device generates a randomly created token and provides it to the presence server. The token is used as a shared-secret by the device and the presence server to secure future presence communications over a non-secure connection. Next, without the need to again enter a password or establish a secure connection with the presence server, the device uses the shared-secret to sign, encrypt and convey presence information to the presence server over an arbitrary connection. Finally, the presence server may share the first device's presence information with another device.

Abstract: This invention includes a synchronized storage server enabled to send the end-point device a notification including the root folder list. The end-point device compares the sent root folder list to a previously stored root folder list in the end-point devices' memory. If the end-point device detects either a new root folder on the synchronized storage server, a change in an existing folder, or deleted content in a folder the end-point device will determine that a change is required to the stored data. Next the end-point device will synchronize with the synchronized storage server and create a new storage list. Finally, the synchronized storage server will send the end-point device a new encrypted folder encryption key which includes the encrypted file contents along with identifying information such as the server name and revision information.

Abstract: A user having remote device wants to access an application executing on an application server computer that is behind a firewall. During set-up, another firewall and a gateway computer are configured in front of the original firewall. During registration, users' remote devices are configured with security data. The security data includes user authentication cryptographic credentials, for establishing secure channels, and may include user application cryptographic credentials as needed by individual applications executing on the application server. During operation, the user provides a password to an application program executing on his/her remote device to use the security information on the remote device to establish a secure channel to the application, and then conducts a data session with the application.

Abstract: Technologies are provided in embodiments for receiving an enclave program for operation in an enclave, identifying at least one shared object dependency of the enclave program, determining whether the shared object dependency corresponds to at least one enclave shared object, causing association between the shared object dependency and the enclave shared object in circumstances where the shared object dependency corresponds to the enclave shared object, and causing association between the shared object dependency and an enclave-loadable non-enclave shared object in circumstances where the shared object dependency fails to correspond to the enclave shared object.

Abstract: Embodiments of the invention are directed to systems, methods and computer program products for enrolling a user in a device identification program. In some embodiments, a system is configured to: receive device identification information from a mobile device, receive user information associated with a user, the user information enabling identification of the user, associate the device identification information with the user information, and create a record based on the device identification information and the user information.

Abstract: A group video messaging method stores user information identifying authorized users of a video messaging system, and provides a user interface to the video messaging system. The user interface permits authorized users to transfer video files to the video messaging system for storage and retrieval, and to identify criteria for other authorized users to access each transferred video file. The method also stores in the video messaging system the video files transferred to the system by the authorized users; stores information identifying the user that transferred each stored video file to the video messaging system, and the criteria for authorized users to access the stored video files; and stores information identifying different groups of the authorized users and which of the stored video files are to be accessible to each of the authorized users or authorized user groups.

Abstract: A device is configured to determine that the device is to activate a privacy mode, obscure information displayed by a display of the device, detect a user interaction with a first portion of the display, the first portion being less than an entirety of the display, and reveal first information obscured by the first portion of the display, without revealing information obscured by a remaining portion of the display, the first portion and the remaining portion comprising the entirety of the display.