Abstract: Systems and methods for securely transferring tokens from one device to another are provided. According to one embodiment, a token transfer request (TTR), requesting transfer of a soft token stored on a first mobile device to a second mobile device, is received by a provisioning server from the first device. A transfer activation code (TAC) is generated by the provisioning server responsive to receipt of token data associated with the soft token from the first device. The token data includes an encrypted token seed bound to the first device. The TAC is delivered to a user of the first device via an authentication server. Unbound token data for the soft token is created by the provisioning server by unbinding the encrypted token seed from the first device. Upon receipt of the TAC from the second device, the unbound token data is transferred to the second device.

Abstract: Systems and methods for securely transferring tokens from one device to another are provided. According to one embodiment, a token transfer request (TTR), requesting transfer of a soft token stored on a first mobile device to a second mobile device, is received by a provisioning server from the first device. A transfer activation code (TAC) is generated by the provisioning server responsive to receipt of token data associated with the soft token from the first device. The token data includes an encrypted token seed bound to the first device. The TAC is delivered to a user of the first device via an authentication server. Unbound token data for the soft token is created by the provisioning server by unbinding the encrypted token seed from the first device. Upon receipt of the TAC from the second device, the unbound token data is transferred to the second device.

Abstract: Methods and systems for secure cloud storage are provided. According to one embodiment, file storage policies are maintained for users of an enterprise network by a trusted gateway device interposed between the network and multiple third-party cloud storage services. Responsive to receiving a request to store a local file from a user: (i) searchable encrypted data is created by the gateway corresponding to one or more of (a) content of the local file and (b) metadata associated with the local file and (ii) the searchable encrypted data is distributed by the gateway among the cloud storage services based on a storage diversity requirement defined by the user's file storage policy by uploading a subset of the searchable encrypted data to each of the cloud storage services.

Abstract: Systems and methods for a secure soft token solution applicable to multiple platforms and usage scenarios are provided. According to one embodiment, a user of a mobile device is prompted to input an activation code previously provided to the user by an authentication server, which authenticates credentials provided by users of a secure network resource that is accessible via an IP-based network. A unique device ID of the mobile device is obtained via an API of an operating system of the mobile device. A seed is requested from a provisioning server. The seed is received in encrypted form based on a combination of a secret key, the unique device ID and a hardcoded-pre-shared key. The seed is bound to the mobile device by encrypting the seed based on the unique device ID. When a token is requested by the user it is generated based on the bound seed.

Abstract: A network-based multi-factor authentication approach is provided. A request to access a protected network resource and user credentials are received from a client by an application server hosting the resource. Attributes associated with the request are obtained. After determining the credentials are valid, the access attributes are provided to an authentication server. A first OTP is generated by the authentication server. The client is caused to seek confirmation from the user regarding the request and the associated attributes, by sending a push notification to the client. Responsive to authentication of the user to an OTP generator application running on the client via a biometric sensor or a PIN associated with the client: (i) a second OTP is generated by the OTP generator; and (ii) the application server is caused to grant the request by the OTP generator sending the second OTP to the application server or to the authentication server.

Abstract: Methods and systems for vendor independent and secure cloud storage distribution and aggregation are provided. According to one embodiment, an application programming interface (API) is provided by a cloud storage gateway device logically interposed between third-party cloud storage platforms and users of an enterprise. The API facilitates storing of files, issuing of search requests against the files and retrieval of content of the files. A file storage policy is assigned to each user, which defines access rights, storage diversity requirements and a type of encryption to be applied to files. Responsive to receiving a request to store a file, (i) searchable encrypted data is created relating to content and/or metadata of the file based on the assigned file storage policy; and (ii) the searchable encrypted data is distributed among the third-party cloud storage platforms based on the storage diversity requirements defined by the assigned file storage policy.

Abstract: Methods and systems for secure cloud storage are provided. According to one embodiment, file storage policies are maintained for users of an enterprise network by a trusted gateway device interposed between the network and multiple third-party cloud storage services. Responsive to receiving a request to store a local file from a user: (i) searchable encrypted data is created by the gateway corresponding to one or more of (a) content of the local file and (b) metadata associated with the local file and (ii) the searchable encrypted data is distributed by the gateway among the cloud storage services based on a storage diversity requirement defined by the user's file storage policy by uploading a subset of the searchable encrypted data to each of the cloud storage services.

Abstract: Methods and systems for secure cloud storage are provided. According to one embodiment, a gateway maintains multiple cryptographic keys. A file that is to be stored across multiple third-party cloud storage services is received by the gateway from a user of an enterprise network. The file is partitioned into chunks. A directory is created within a cloud storage service having a name attribute based on an encrypted version of a name of the file. For each chunk: (i) existence of data is identified within the chunk associated with one or more predefined search indices; (ii) searchable encrypted metadata is generated based on the identified data and a selected cryptographic key; (iii) an encrypted version of the chunk is generated; and (iv) a file is created within the directory in which a name attribute includes the searchable encrypted metadata and the file content includes the encrypted chunk.

Abstract: A network-based multi-factor authentication approach is provided. A request to access a protected network resource and user credentials are received from a client by an application server hosting the resource. Attributes associated with the request are obtained. After determining the credentials are valid, the access attributes are provided to an authentication server. A first OTP is generated by the authentication server. The client is caused to seek confirmation from the user regarding the request and the associated attributes, by sending a push notification to the client. Responsive to authentication of the user to an OTP generator application running on the client via a biometric sensor or a PIN associated with the client: (i) a second OTP is generated by the OTP generator; and (ii) the application server is caused to grant the request by the OTP generator sending the second OTP to the application server or to the authentication server.

Abstract: Methods and systems for vendor independent and secure cloud storage distribution and aggregation are provided. According to one embodiment, an application programming interface (API) is provided by a cloud storage gateway device logically interposed between third-party cloud storage platforms and users of an enterprise. The API facilitates storing of files, issuing of search requests against the files and retrieval of content of the files. A file storage policy is assigned to each user, which defines access rights, storage diversity requirements and a type of encryption to be applied to files. Responsive to receiving a request to store a file, (i) searchable encrypted data is created relating to content and/or metadata of the file based on the assigned file storage policy; and (ii) the searchable encrypted data is distributed among the third-party cloud storage platforms based on the storage diversity requirements defined by the assigned file storage policy.

Abstract: Methods and systems for secure cloud storage are provided. According to one embodiment, a gateway maintains multiple cryptographic keys. A file that is to be stored across multiple third-party cloud storage services is received by the gateway from a user of an enterprise network. The file is partitioned into chunks. A directory is created within a cloud storage service having a name attribute based on an encrypted version of a name of the file. For each chunk: (i) existence of data is identified within the chunk associated with one or more predefined search indices; (ii) searchable encrypted metadata is generated based on the identified data and a selected cryptographic key; (iii) an encrypted version of the chunk is generated; and (iv) a file is created within the directory in which a name attribute includes the searchable encrypted metadata and the file content includes the encrypted chunk.

Abstract: Methods and systems for vendor independent and secure cloud storage distribution and aggregation are provided. According to one embodiment, an application programming interface (API) is provided by a cloud storage gateway device logically interposed between third-party cloud storage platforms and users of an enterprise. The API facilitates storing of files, issuing of search requests against the files and retrieval of content of the files. A file storage policy is assigned to each user, which defines access rights, storage diversity requirements and a type of encryption to be applied to files. Responsive to receiving a request to store a file, (i) searchable encrypted data is created relating to content and/or metadata of the file based on the assigned file storage policy; and (ii) the searchable encrypted data is distributed among the third-party cloud storage platforms based on the storage diversity requirements defined by the assigned file storage policy.

Abstract: Methods and systems for secure cloud storage are provided. According to one embodiment, a trusted gateway device establishes and maintains multiple cryptographic keys. A request is received by the gateway from a user of an enterprise network to store a file. The file is partitioned into chunks. A directory is created within a cloud storage service having a name attribute based on an encrypted version of a name of the file. For each chunk: (i) a cryptographic key is selected; (ii) existence of data is identified within the chunk associated with one or more predefined search indices; (iii) searchable encrypted metadata is generated based on the identified data and the selected cryptographic key; (iv) an encrypted version of the chunk is generated; and (v) a file is created within the directory in which a name attribute includes the searchable encrypted metadata and the file content includes the encrypted chunk.

Abstract: Systems and methods for a secure soft token solution applicable to multiple platforms and usage scenarios are provided. According to one embodiment, a user of a mobile device is prompted to input an activation code previously provided to the user by an authentication server, which authenticates credentials provided by users of a secure network resource that is accessible via an IP-based network. A unique device ID of the mobile device is obtained via an API of an operating system of the mobile device. A seed is requested from a provisioning server. The seed is received in encrypted form based on a combination of a secret key, the unique device ID and a hardcoded-pre-shared key. The seed is bound to the mobile device by encrypting the seed based on the unique device ID.

Abstract: Systems and methods for a secure soft token solution applicable to multiple platforms and usage scenarios are provided. According to one embodiment a unique device ID of a mobile device is obtained by a soft token application via an API of an operating system of the mobile device. A seed for generating an OTP for accessing a secure network resource is requested from a provisioning server by the application via an IP-based network. The seed is received by the mobile device via a first out-of-band channel in encrypted form based on a secret key, the unique device ID and a hardcoded-pre-shared key. The received encrypted seed is decrypted and installed within the application. The OTP is generated by the application based on the seed. The OTP is bound to the mobile device by the application by encrypting the seed with the unique device ID and the hardcoded pre-shared key.

Abstract: Methods and systems for vendor independent and secure cloud storage distribution and aggregation are provided. According to one embodiment, an application programming interface (API) is provided by a cloud storage gateway device logically interposed between third-party cloud storage platforms and users of an enterprise. The API facilitates storing of files, issuing of search requests against the files and retrieval of content of the files. A file storage policy is assigned to each user, which defines access rights, storage diversity requirements and a type of encryption to be applied to files. Responsive to receiving a request to store a file, (i) searchable encrypted data is created relating to content and/or metadata of the file based on the assigned file storage policy; and (ii) the searchable encrypted data is distributed among the third-party cloud storage platforms based on the storage diversity requirements defined by the assigned file storage policy.

Abstract: Methods and systems for vendor independent and secure cloud storage distribution and aggregation are provided. According to one embodiment, an application programming interface (API) is provided by a cloud storage gateway device logically interposed between third-party cloud storage platforms and users of an enterprise. The API facilitates storing of files, issuing of search requests against the files and retrieval of content of the files. A file storage policy is assigned to each user, which defines access rights, storage diversity requirements and a type of encryption to be applied to files. Responsive to receiving a request to store a file, (i) searchable encrypted data is created relating to content and/or metadata of the file based on the assigned file storage policy; and (ii) the searchable encrypted data is distributed among the third-party cloud storage platforms based on the storage diversity requirements defined by the assigned file storage policy.

Abstract: Methods and systems for secure cloud storage are provided. According to one embodiment, a trusted gateway device establishes and maintains multiple cryptographic keys. A request is received by the gateway from a user of an enterprise network to store a file. The file is partitioned into chunks. A directory is created within a cloud storage service having a name attribute based on an encrypted version of a name of the file. For each chunk: (i) a cryptographic key is selected; (ii) existence of data is identified within the chunk associated with one or more predefined search indices; (iii) searchable encrypted metadata is generated based on the identified data and the selected cryptographic key; (iv) an encrypted version of the chunk is generated; and (v) a file is created within the directory in which a name attribute includes the searchable encrypted metadata and the file content includes the encrypted chunk.

Abstract: Systems and methods for a secure soft token solution applicable to multiple platforms and usage scenarios are provided. According to one embodiment a unique device ID of a mobile device is obtained by a soft token application via an API of an operating system of the mobile device. A seed for generating an OTP for accessing a secure network resource is requested from a provisioning server by the application via an IP-based network. The seed is received by the mobile device via a first out-of-band channel in encrypted form based on a secret key, the unique device ID and a hardcoded-pre-shared key. The received encrypted seed is decrypted and installed within the application. The OTP is generated by the application based on the seed. The OTP is bound to the mobile device by the application by encrypting the seed with the unique device ID and the hardcoded pre-shared key.

Abstract: Systems and methods for a secure soft token solution applicable to multiple platforms and usage scenarios are provided. According to one embodiment a method is provided for soft token management. A mobile device of a user of a secure network resource receives and installs a soft token application. A unique device ID of the mobile device is programmatically obtained by the soft token application. A seed for generating a soft token for accessing the secure network resource is requested by the soft token application. Responsive to receipt of the seed by the soft token application, the soft token is generated based on the seed and the soft token is bound to the mobile device by encrypting the seed with the unique device ID and a hardcoded pre-shared key.