Abstract: A method for assessing security risks associated with a cloud application to which one or more connected applications are coupled begins by configuring a security risk assessment application to function as a connected application. The security risk assessment application collects “first” data associated with one or more accounts, and “second” data associated with the one or more connected applications coupled to the cloud application. After receiving the first and second data, the security risk assessment application instantiates that data into a generic “data object” that the system uses to represent each account and each of the connected applications. Each such data object thus is populated either with the first data or the second data, depending on whether the data object represents an account or a connected application. A risk assessment is then applied to the generic data object to assess a security risk associated with the cloud application.

Abstract: A system and method of initializing a virtual machine within a secure hybrid cloud is disclosed. One method includes transmitting service mode credentials to a cloud broker from a cloud-based virtual machine, receiving a service mode community of interest key from a credentialing service based on the service mode credentials, and establishing a secure service mode connection based on the service mode community of interest key. The method also includes receiving role VPN credentials at the cloud-based virtual machine and establishing a secure role connection to the cloud broker using the role VPN credentials, thereby providing, in response to the role VPN credentials, a role VPN community of interest key to a virtual data relay dedicated to the cloud-based virtual machine.

Abstract: Tools, strategies, and techniques are provided for evaluating the identities of different entities to protect individual consumers, business enterprises, and other organizations from identity theft and fraud. Risks associated with various entities can be analyzed and assessed based on analysis of social network data, professional network data, or other networking connections, among other data sources. In various embodiments, the risk assessment may include calculating an authenticity score based on the collected network data.

Abstract: The present disclosure discloses a method and computer device for monitoring a wireless network. The method is implemented as follows. The computer device obtains configuration file information for accessing the wireless network after the computer device accesses the wireless network, wherein the configuration file information comprises an IP address and a subnet mask of the computer device. The computer device calculates an IP address range of the wireless network according to the IP address and the subnet mask of the computer device. The computer device searches for a device that accesses the wireless network and of which IP address is within the IP address range.

Abstract: Storing a key to an encrypted file in a kernel memory is disclosed. Authentication data may be received and authentication credentials of the authentication data may be stored in a file. The file may be encrypted and a key to the encrypted file may be generated. The encrypted file may be stored in a user space and the key may be stored in a kernel space. The key may be retrieved from the kernel space and applied to the encrypted file in the user space to decode the encrypted file and subsequently access the authentication credentials stored in the encrypted file.

Abstract: A method and system for authorizing a user at a field device by a portable communications device. A first information is acquired by the portable communications device for identifying the field device. The portable communications device sends to a system the first information and a second information for identifying at least one of (i) the portable communications device, and (ii) the user thereof. The system determines a first piece of access information on the basis of the first information and the second information, and sends the first piece of access information to the portable communications device. The portable communications device transmits the second information and the first piece of access information to the field device. The field device determines a second piece of access information on the basis of the second information, and compares the first piece of access information with the second piece of access information.

Abstract: The longstanding problems of user password management and security, and user authentication are addressed. Disclosed is a system and method for providing a means for a user to identify themselves with configurable levels of authentication in order to receive limited access or services while protecting user privacy. As a user inputs information related to their identity into an interface, the system searches an indexed database which may include both registered users and/or unregistered customers indexed from disparate data sources. The system presents the user matching results from the search in an obscured form from which the user selects and authenticates his or her identity. Unregistered users identified during the process may be automatically registered in certain embodiments, or no account may be needed in other embodiments.

Abstract: According to one embodiment of the present invention, a system for accessing protected content includes a first computing device with at least one processor. The system determines one or more users associated with information required to access content of a protected document based on a set of rules. A request is generated and sent to at least one second computing device associated with the one or more determined users to retrieve and utilize the required information to access the content of the protected document. Embodiments of the present invention further include a method and computer program product for accessing protected content in substantially the same manner described above.

Abstract: Threat detection instrumentation is simplified by providing and updating labels for computing objects in a context-sensitive manner. This may include simple labeling schemes to distinguish between objects, e.g., trusted/untrusted processes or corporate/private data. This may also include more granular labeling schemes such as a three-tiered scheme that identifies a category (e.g., financial, e-mail, game), static threat detection attributes (e.g., signatures, hashes, API calls), and explicit identification (e.g., what a file or process calls itself). By tracking such data for various computing objects and correlating these labels to malware occurrences, rules can be written for distribution to endpoints to facilitate threat detection based on, e.g., interactions of labeled objects, changes to object labels, and so forth.

Abstract: A method, system and computer program product for administering a secure data repository. Rather than using a specific database, an application may use an existing hierarchical file structure, such as provided by conventional operating systems, to store structured data in a number of files. To detect unauthorized, malicious or inadvertent changes to these files, either within one or more files, or by deletion, replacement or movement of files in their entirety, each file incorporates a last change timestamp and the contents of the file are digitally signed. Furthermore, every file in the secure repository is logged in an index file together with its respective change date stamp, and the index file as a whole is also digitally signed. Unauthorized changes can be identified by comparison of the file date stamps with the content of the index as well as verifying the validity of each digital signature.

Abstract: Methods and systems for vendor independent and secure cloud storage distribution and aggregation are provided. According to one embodiment, an application programming interface (API) is provided by a cloud storage gateway device logically interposed between third-party cloud storage platforms and users of an enterprise. The API facilitates storing of files, issuing of search requests against the files and retrieval of content of the files. A file storage policy is assigned to each user, which defines access rights, storage diversity requirements and a type of encryption to be applied to files. Responsive to receiving a request to store a file, (i) searchable encrypted data is created relating to content and/or metadata of the file based on the assigned file storage policy; and (ii) the searchable encrypted data is distributed among the third-party cloud storage platforms based on the storage diversity requirements defined by the assigned file storage policy.

Abstract: Data driven role based security is provided. At login, the system queries for a data context in connection with access to computing objects of a computing system. When a request for access to computing objects is received by the computing system, one or more control expressions specified for the computing object being accessed are evaluated. The evaluation of the control expressions may reference the user context or the data context previously established, and returns a set of effective permissions. Access to the computing object is then granted if the set of permissions includes an appropriate permission for the request for access.

Abstract: A method and apparatus providing an indication of data consumption by an application, which is executable on an electronic device and operable to consume data, via a network, from at least one remote content provider server. The method includes: providing, on the electronic device, an iconic representation for the application, the iconic representation having an indication of previous data consumption by the application from the at least one remote content provider server during previous execution of the application; executing the application in response to selection of the iconic representation; receiving, from the network, data representative of new data consumption with the at least one remote content provider server during the execution of the application; and providing an updated iconic representation for the application.

Abstract: A system, method, and apparatus for a network topology aided by a smart agent download are disclosed. The method involves authenticating, with at least one authenticator device, at least one claimant. The method further involves transmitting, by at least one transmission source, the smart agent download to at least one receiving source associated with at least one claimant. In one or more embodiments, at least one transmission source is employed in a Lower Earth Orbiting (LEO) Iridium satellite. Also, the method involves receiving, by at least one receiving source, the smart agent download. In addition, the method involves executing, by at least one processor, the smart agent download. Further, the method involves monitoring, by the smart agent download, network behavior. The monitoring of network behavior includes monitoring the users on the network, monitoring data passing through the network, and monitoring the quantity of data passing through the network.

Abstract: The claimed subject matter provides systems and/or methods that effectuate a simple protocol for tangible security on mobile devices. The system can include devices that generate sets of keys and associated secret identifiers, employs the one or more keys to encrypt a secret and utilizes the identifiers and encryptions of the secret to populate a table associated with a security token device that is used in conjunction with a mobile device to release sensitive information persisted on the mobile device for user selected purposes.

Abstract: Embodiments disclosed herein provide systems and methods for performing video recorder failover. In a particular embodiment, a system for handing a failover of a first Network Video Recorder (NVR) is provided. The system includes a second NVR that receives a video stream and temporarily stores an amount of the video stream to the temporary storage, wherein the amount of the video stream stored in the temporary storage at any given time corresponds to a duration of time sufficient to accommodate a failover of the first NVR to the second NVR. In response to a detection of a failure of the first NVR, the second NVR records the video stream to the second long-term storage and transfers at least a portion of the video stream stored in the temporary storage to the second long-term storage.

Abstract: Methods and systems for secure cloud storage are provided. According to one embodiment, a trusted gateway device establishes and maintains multiple cryptographic keys. A request is received by the gateway from a user of an enterprise network to store a file. The file is partitioned into chunks. A directory is created within a cloud storage service having a name attribute based on an encrypted version of a name of the file. For each chunk: (i) a cryptographic key is selected; (ii) existence of data is identified within the chunk associated with one or more predefined search indices; (iii) searchable encrypted metadata is generated based on the identified data and the selected cryptographic key; (iv) an encrypted version of the chunk is generated; and (v) a file is created within the directory in which a name attribute includes the searchable encrypted metadata and the file content includes the encrypted chunk.

Abstract: Embodiments described herein relate to securing the privacy of knowledge used to authenticate a user (i.e., Proof of Knowledge (PoK) test(s)). In some embodiments, a client device is operable to receive a first encryption key and encrypted test(s) from a PoK server. The client device also receives a second encryption key from a Relying Party (RP) server. The client device can decrypt the encrypted test(s) by using the first encryption key and the second encryption key to thereby render decrypted test(s). The client device is further operable to obtain answer(s) for the decrypted test(s), send a communication to the PoK server based on the answer(s), and receive a communication from the RP server that authorizes a user of the client device to access service(s) administered by the RP server.

Abstract: An authoritative computer network (10) comprising: at least one manager user (12); a plurality of subordinate users (14); and access control means adapted to allow the manager user to control access of one or more subordinate users to the authoritative computer network, wherein the authoritative computer network is provided as an overlay network on or within a distributed network (100).

Abstract: A system and method for connecting a classified internet protocol (IP) network to a public IP network including an unclassified computing device. The unclassified computing device is a wide area network access management computer which directly connects to a National Security Agency (NSA) High Assurance Internet Protocol Encryptor (HAIPE) device and interfaces between the IP network and the classified IP network. The wide area network access management computer includes a graphical user interface, an internal data network communications interface, an external data network communications interface and a processing unit. The processing unit operates the network interfaces and presents information to the graphical user interface and interprets user input from the graphical user interface. The processing unit also performs the processing and protocols associated with the internal and external networks, performs client processing and allows the user to interact with services on any of the attached networks.