Abstract: Aspects of the present invention provide the ability to enforce access methods on data based upon a policy or policies identified within the metadata of a file. The data is self-protected by including or being wrapped with one or more policy/rule identifiers that act as a form of body armor to the data when in transit or in different situations. In embodiments, access is only granted upon successful authentication and compliance with the identified policy or policies. In embodiments, depending upon the conditions and policies, varying level access may be granted. In embodiments, depending upon the conditions and policies, the system may take one or more mitigations or remedial access levels, such as containerizing, sandboxing, granting limited access, or erasing the data.

Abstract: Aspects of the present invention provide the ability to enforce access methods on data based upon a policy or policies identified within the metadata of a file. The data is self-protected by including or being wrapped with one or more policy/rule identifiers that act as a form of body armor to the data when in transit or in different situations. In embodiments, access is only granted upon successful authentication and compliance with the identified policy or policies. In embodiments, depending upon the conditions and policies, varying level access may be granted. In embodiments, depending upon the conditions and policies, the system may take one or more mitigations or remedial access levels, such as containerizing, sandboxing, granting limited access, or erasing the data.

Abstract: Aspects of the present invention provide the ability to enforce access methods on data based upon a policy or policies identified within the metadata of a file. The data is self-protected by including or being wrapped with one or more policy/rule identifiers that act as a form of body armor to the data when in transit or in different situations. In embodiments, access is only granted upon successful authentication and compliance with the identified policy or policies. In embodiments, depending upon the conditions and policies, varying level access may be granted. In embodiments, depending upon the conditions and policies, the system may take one or more mitigations or remedial access levels, such as containerizing, sandboxing, granting limited access, or erasing the data.

Abstract: Aspects of the present invention provide the ability to enforce access methods on data based upon a policy or policies identified within the metadata of a file. The data is self-protected by including or being wrapped with one or more policy/rule identifiers that act as a form of body armor to the data when in transit or in different situations. In embodiments, access is only granted upon successful authentication and compliance with the identified policy or policies. In embodiments, depending upon the conditions and policies, varying level access may be granted. In embodiments, depending upon the conditions and policies, the system may take one or more mitigations or remedial access levels, such as containerizing, sandboxing, granting limited access, or erasing the data.

Abstract: Aspects of the present invention provide the ability to enforce access methods on data based upon a policy or policies identified within the metadata of a file. The data is self-protected by including or being wrapped with policies/rules that act as a form of body armor to the data when in transit or in different situations. In embodiments, access is only granted upon successful authentication and compliance with the identified policy or policies. In embodiments, depending upon the conditions and policies, varying level access may be granted. In embodiments, depending upon the conditions and policies, the system may take one or more mitigations or remedial access levels, such as containerizing, sandboxing, granting limited access, or erasing the data.

Abstract: Embodiments of systems and methods for providing anonymous cloud encryption are provided. One embodiment of a method for providing anonymous cloud encryption includes communicating an anonymizing token to a key broker. Additionally, the method may include communicating at least one encryption key associated with the anonymizing token to the key broker. The method may also include conducting a secure anonymous transaction with a cloud service using at least one of the encryption keys associated with the anonymizing token.

Abstract: Embodiments of methods, systems, and services for transparent adaptive file transform are described. In one embodiment a method for transparent adaptive file transform is performed by a data processing device. The method may include automatically detecting a data transfer addressed to an external data storage. The method may also include redirecting data associated with the data transfer to a data transformer. Additionally, the method may include applying one or more data transforms to the data associated with the data transfer to generate a transformed data set. In an embodiment, the method may also include transferring the transformed data set to the external data storage. In one embodiment, the external data storage is a cloud storage facility.

Abstract: Embodiments of systems and methods for providing anonymous cloud encryption are provided. One embodiment of a method for providing anonymous cloud encryption includes communicating an anonymizing token to a key broker. Additionally, the method may include communicating at least one encryption key associated with the anonymizing token to the key broker. The method may also include conducting a secure anonymous transaction with a cloud service using at least one of the encryption keys associated with the anonymizing token.

Abstract: Embodiments of methods, systems, and services for transparent adaptive file transform are described. In one embodiment a method for transparent adaptive file transform is performed by a data processing device. The method may include automatically detecting a data transfer addressed to an external data storage. The method may also include redirecting data associated with the data transfer to a data transformer. Additionally, the method may include applying one or more data transforms to the data associated with the data transfer to generate a transformed data set. In an embodiment, the method may also include transferring the transformed data set to the external data storage. In one embodiment, the external data storage is a cloud storage facility.

Abstract: Included in the present disclosure are a system, method and program of instructions operable to protect vital information by combining information about a user and what they are allowed to see with information about essential files that need to be protected on an information handling system. Using intelligent security rules, essential information may be encrypted without encrypting the entire operating system or application files. According to aspects of the present disclosure, shared data, user data, temporary files, paging files, the password hash that is stored in the registry, and data stored on removable media may be protected.

Abstract: In a particular embodiment, a wireless security system is disclosed. The wireless security system includes a client module deployed on a wireless device, a network module, and a server module. The client module is adapted to authenticate a wireless device while the wireless device is operating independently from the network module and the server module. In another embodiment, a method of distributing security policy information from a server to a mobile computing device is disclosed. The method includes authentication of a connection between the server and a gatekeeper, sending a policy package to the gatekeeper, initiating data synchronization between the mobile computing device and the gatekeeper, authenticating the mobile computing device, and sending the policy package from the gatekeeper to the mobile computing device.

Abstract: In a particular embodiment, a client module is deployed on a wireless device. The client module comprises a policy database including a list of authorized devices to which the wireless device may communicate. In another embodiment, the client module comprises a policy database including at least two user profiles on a wireless device, such as a personal profile and a business profile.

Abstract: In a particular embodiment, a network module deployed at a wireless network access node is disclosed. The network module comprises a policy database including a list of authorized wireless mobile devices and an agent for enforcing rules of the policy database.

Abstract: In a particular embodiment, a server module deployed on a server is disclosed. The server module is connected to a wireless network access node. The server module includes a database containing user information for multiple wireless devices. Each element in the database is attributable to at least one authorized wireless device and contains at least one type of data file from the following group: (i) wireless connectivity permissions, (ii) authorized wireless device identification, and (iii) authorized network access node information. In another embodiment, a computer memory is disclosed. The computer memory includes a plurality of operating keys for use in connection with security features of a mobile computing device and a root key. The root key is to encrypt the plurality of operating keys. In another embodiment, a method of enforcing security policies at a mobile computing device is provided.