Abstract: A device may receive a request for a collaboration session. The device may authenticate a user for the collaboration session. The device may generate a trust-score associated with the collaboration session based on authenticating the user. The trust-score may be associated with a security level for the collaboration session. The security level may be associated with one or more capabilities of the collaboration session. The device may assign the user to a session role associated with the collaboration session. The session role may be associated with the one or more capabilities of the collaboration session. The device may provide information associated with the collaboration session based on the security level for the collaboration session and/or the session role assigned to the user.

Abstract: A device may receive an authentication request generated based on a request to access a service. The authentication request may include a user identifier. The device may identify a mobile device associated with the user identifier. The device may authenticate the mobile device, and may generate an access notification based on authenticating the mobile device. The access notification may include information relating to the request to access the service. The device may provide the access notification to the mobile device, and may receive an access response from the mobile device. The access response may indicate whether to permit access to the service. The device may cause access to the service to be permitted when the access response indicates to permit access to the service, or may cause access to the service to be denied when the access response indicates to deny access to the service.

Abstract: A method and a system of distinguishing between a human and a machine are disclosed. The method includes: when a request for accessing a designated network service is received, recording information of the request which include a time of receiving the request and information of an access object that sends the request; computing a statistical value of requests sent by the access object in real time based on a record; and determining the access object to be abnormal when the statistical value of the requests sent by the access object falls outside a predetermined normal range. The disclosed system of distinguishing between a human and a machine includes a recording module, a computation module and a determination module. Identification between humans and machines using the disclosed scheme is difficult to be cracked down and can improve an accuracy rate of human-machine identification.

Abstract: A computer-implemented method includes restricting access to customer data to certain geographic regions authorized by the customer. The restriction can be managed by associating policy information with the customer data that identifies the geographic regions authorized by the customer. Resources attempting to access the customer data can evaluate the policy information associated with the customer data with respect to the geographic location in which the resource is located to determine whether the resource is permitted to access the customer data. The restriction can also be managed by encrypting the customer data with a cryptographic key that corresponds to the customer and/or the authorized geographic regions.

Abstract: A system and method for generating passwords for secure login to a storage array. A randomly generated root secret is utilized along with a compartment ID to generate a root password for logging into a storage array with root privileges. The root secret is encrypted with the public key of a public-private key pair and stored on the storage array. The encrypted root secret is then stored in the storage array. When root access is needed, a private key stored externally to the storage array is utilized to decrypt the root secret. The decrypted root secret is then used along with the compartment ID to regenerate the root password.

Abstract: Systems, methods, and computer program products are provided for application validation. A first request is transmitted to a ticket generation application. A first ticket is received, including a first unencrypted portion and a first encrypted portion. A second request is transmitted to the ticket generation application. A second ticket is received, including a second unencrypted portion and a second encrypted portion. The first and second unencrypted portions are concatenated to form an unencrypted shared encryption key. The first and second encrypted portions are concatenated to form an encrypted shared encryption key. The unencrypted shared encryption key is stored in a memory, and the encrypted shared encryption key is transmitted to a server.

Abstract: A system is provided to deliver an application, hosted by a private application provider system, over a network to a user device, comprising: an application delivery system that includes a first network interface, a network security interface and a second network interface; wherein the network security interface is configured to determine whether a user or device request for access to an application is valid, and in response to determining that the user or device request for access to the first application is valid, to send the user or device request to the application agent.

Abstract: Examples disclose providing a decryption, validation and encryption process. Specifically, disclosure includes decrypting a first encrypted application data to then validate its integrity. Disclosure also includes encrypting the decrypted application data using a technique different from that used to provide the first encrypted application data and then storing the encrypted application data.

Abstract: A method and apparatus configure privacy settings for publishing electronic images. An image including first image content and second image content can be received. A first image content data file can be created for the first image content and a second image content data file can be created for the second image content. A publication privilege can be assigned to the first image content data file. The publication privilege can be based on a relationship between a consumer of the image and a subject of the first image content. The first image content data file with the publication privilege can be stored separate from the second image content data file. Image reconstruction data can be stored.

Abstract: A system is provided to deliver an application, hosted by a private application provider, over a network to a user device comprising: an application delivery system that includes a first network interface, a network security interface, and a second network interface; an application agent is disposed within the private application provider system. wherein the first network interface receives an encrypted user or device request for access to the hosted application sent over the network and to send the user or device request to the network security interface; wherein the network security interface is configured to decrypt the request, to validate request, to re-encrypt the request and to send the encrypted request to the second network interface; wherein the second network interface is configured to send the encrypted request over the network to the agent; and wherein the agent is configured to send the request to the hosted application.

Abstract: A system is provided comprising: an application delivery system that includes, a first network interface, a network security interface, and a second network interface; an agent is disposed within one or more private application provider systems; a security network interface instance determines whether a received request is valid, and in response to determining that the received user or device request is valid, to send the received request to a respective second network interface instance for delivery to the agent.

Abstract: A method begins by a source processing module securing data based on a key stream to produce secured data, where the key stream is derived from a unilateral encryption key accessible only to the source processing module, and sending the secure data to an intermediator processing module, where desecuring the secured data is divided into two partial desecuring stages. The method continues with the intermediator processing module partially desecuring the secure data in accordance with a first partial desecuring stage to produce partially desecured data and sending the partially desecured data to a destination processing module. The method continues with the destination processing module further partially desecuring the partially desecured data in accordance with a second desecuring stage to recover the data, where the destination processing module does not have access to the encryption key or to the key stream.

Abstract: Apparatus (104) for connecting two or more computer networks having two or more network interface machines (201, 202, 203) each arranged to be connected to a respective computer network with a bidirectional communications link (105, 106, 107) enabling the network interface machine to receive data from and transmit data to the computer network. The network interface machines are connected together with at least one content checker (210, 211) to enable data to be transmitted from one network interface machine to another, and arranged such that data transmitted from one network interface machine to another network interface machine must pass via a content checker. Each network interface machine is arranged to transmit flow control data. The network interface machines are connected to the content checkers only by unidirectional communications links.

Abstract: System and methods are provided for performing privacy-preserving, high-performance, and scalable DNA read mapping on hybrid clouds including a public cloud and a private cloud. The systems and methods offer strong privacy protection and have the capacity to process millions of reads and allocate most of the workload to the public cloud at a small overall cost. The systems and methods perform seeding on the public cloud using keyed hash values of individual sequencing reads' seeds and then extend matched seeds on the private cloud. The systems and methods are designed to move the workload of read mapping from the extension stage to the seeding stage, thereby ensuring that the dominant portion of the overhead is shouldered by the public cloud.

Abstract: Generally, this disclosure describes a system and method for trusted data processing in the public cloud. A system may include a cloud server including a trusted execution environment, the cloud server one of a plurality of cloud servers, a cloud storage device coupled to the cloud server, and a RKM server including a key server module, the RKM server configured to sign the key server module using a private key and a gateway server configured to provide the signed key server module to the cloud server, the trusted execution environment configured to verify the key server module using a public key related to the private key and to launch the key server module, the key server module configured to establish a secure communication channel between the gateway server and the key server module, and the gateway server configured to provide a cryptographic key to the key server module via the secure communication channel.