Abstract: Systems and methods for monitoring a process a provided. An example method commences with providing a management platform. The management platform is configured to receive user rules for processing at least one function call within the process. A high-level script can be used based on the user rules to develop and install at least one library to execute synchronously within the process. The at least one library can be configured to monitor the process for at least one function call and capture argument values of the function call before the argument values are passed to a function. The at least one library can filter the function call based at least in part on the argument values. The method can continue with selectively creating an API event for execution by a dedicated worker thread. The execution of the API event is performed asynchronously with regard to the process.

Abstract: Systems and methods for monitoring a process a provided. An example method commences with providing a management platform. The management platform is configured to receive user rules for processing at least one function call within the process. A high-level script can be used based on the user rules to develop and install at least one library to execute synchronously within the process. The at least one library can be configured to monitor the process for at least one function call and capture argument values of the function call before the argument values are passed to a function. The at least one library can filter the function call based at least in part on the argument values. The method can continue with selectively creating an API event for execution by a dedicated worker thread. The execution of the API event is performed asynchronously with regard to the process.

Abstract: In one embodiment, a malicious code prevention module identifies potentially malicious instructions in volatile memory of a computing device and replaces them with innocuous instructions. In another embodiment, the malicious code prevention module identifies a potentially malicious thread within an operating system and replaces the first instruction in the thread with a new instruction that terminates the thread. Malicious code prevention module prevents malicious code from inflicting any harm on the computing device and its contents.

Abstract: In one embodiment, a malicious code prevention module identifies potentially malicious instructions in volatile memory of a computing device and replaces them with innocuous instructions. In another embodiment, the malicious code prevention module identifies a potentially malicious thread within an operating system and replaces the first instruction in the thread with a new instruction that terminates the thread. Malicious code prevention module prevents malicious code from inflicting any harm on the computing device and its contents.

Abstract: Systems and methods are provided for creating and using a sharable file-level key to secure data files. The file-level key is generated based on a workgroup key associated with the data file and unique information associated with the data file. The file-level key may be used to encrypt and split data. Systems and methods are also provided for sharing data without replicating the data on an end user machine. Data is encrypted and split across an external/consumer network and an enterprise/producer network. Access to the data is provided using a computing image generated by a server in the enterprise/producer network and then distributed to end users of the external/consumer network. This computing image may include preloaded files that provide pointers to the data. No access or replication of the data on the enterprise/producer network is needed in order for a user of the external/consumer network to access the data.

Abstract: Two approaches are provided for distributing trust among certificate authorities. Each approach may be used to secure data in motion. One approach provides methods and systems in which a secure data parser is used to distribute trust in a set of certificate authorities during initial negotiation (e.g., the key establishment phase) of a connection between two devices. Another approach of the present invention provides methods and systems in which the secure data parser is used to disperse packets of data into shares. A set of tunnels is established within a communication channel using a set of certificate authorities, keys developed during the establishment of the tunnels are used to encrypt shares of data for each of the tunnels, and the shares of data are transmitted through each of the tunnels. Accordingly, trust is distributed among a set of certificate authorities in the structure of the communication channel itself.

Abstract: Systems and methods are provided for creating and using a sharable file-level key to secure data files. The file-level key is generated based on a workgroup key associated with the data file and unique information associated with the data file. The file-level key may be used to encrypt and split data. Systems and methods are also provided for sharing data without replicating the data on an end user machine. Data is encrypted and split across an external/consumer network and an enterprise/producer network. Access to the data is provided using a computing image generated by a server in the enterprise/producer network and then distributed to end users of the external/consumer network. This computing image may include preloaded files that provide pointers to the data. No access or replication of the data on the enterprise/producer network is needed in order for a user of the external/consumer network to access the data.

Abstract: The present invention relates to a system and method for improved memory allocation in a computer system. The system and method reduces or eliminates vulnerabilities that would otherwise exist due to use-after-free situations involving memory, thereby enhancing the security of the computer system.

Abstract: A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser may split or share a data set into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting an original data set into portions of data that may be communicated using one or more communications paths. Secure workgroup communication is supported through the secure distribution and management of a workgroup key for use with the secure data parser.

Abstract: Systems and methods are provided for creating and using a sharable file-level key to secure data files. The file-level key is generated based on a workgroup key associated with the data file and unique information associated with the data file. The file-level key may be used to encrypt and split data. Systems and methods are also provided for sharing data without replicating the data on an end user machine. Data is encrypted and split across an external/consumer network and an enterprise/producer network. Access to the data is provided using a computing image generated by a server in the enterprise/producer network and then distributed to end users of the external/consumer network. This computing image may include preloaded files that provide pointers to the data. No access or replication of the data on the enterprise/producer network is needed in order for a user of the external/consumer network to access the data.

Abstract: A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser may split or share a data set into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting an original data set into portions of data that may be communicated using one or more communications paths. Secure workgroup communication is supported through the secure distribution and management of a workgroup key for use with the secure data parser.

Abstract: A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser may split or share a data set into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting an original data set into portions of data that may be communicated using one or more communications paths. Secure workgroup communication is supported through the secure distribution and management of a workgroup key for use with the secure data parser.

Abstract: Two approaches are provided for distributing trust among certificate authorities. Each approach may be used to secure data in motion. One approach provides methods and systems in which a secure data parser is used to distribute trust in a set of certificate authorities during initial negotiation (e.g., the key establishment phase) of a connection between two devices. Another approach of the present invention provides methods and systems in which the secure data parser is used to disperse packets of data into shares. A set of tunnels is established within a communication channel using a set of certificate authorities, keys developed during the establishment of the tunnels are used to encrypt shares of data for each of the tunnels, and the shares of data are transmitted through each of the tunnels. Accordingly, trust is distributed among a set of certificate authorities in the structure of the communication channel itself.

Abstract: Two approaches are provided for distributing trust among certificate authorities. Each approach may be used to secure data in motion. One approach provides methods and systems in which a secure data parser is used to distribute trust in a set of certificate authorities during initial negotiation (e.g., the key establishment phase) of a connection between two devices. Another approach of the present invention provides methods and systems in which the secure data parser is used to disperse packets of data into shares. A set of tunnels is established within a communication channel using a set of certificate authorities, keys developed during the establishment of the tunnels are used to encrypt shares of data for each of the tunnels, and the shares of data are transmitted through each of the tunnels. Accordingly, trust is distributed among a set of certificate authorities in the structure of the communication channel itself.

Abstract: Systems and methods are provided for creating and using a sharable file-level key to secure data files. The file-level key is generated based on a workgroup key associated with the data file and unique information associated with the data file. The file-level key may be used to encrypt and split data. Systems and methods are also provided for sharing data without replicating the data on an end user machine. Data is encrypted and split across an external/consumer network and an enterprise/producer network. Access to the data is provided using a computing image generated by a server in the enterprise/producer network and then distributed to end users of the external/consumer network. This computing image may include preloaded files that provide pointers to the data. No access or replication of the data on the enterprise/producer network is needed in order for a user of the external/consumer network to access the data.

Abstract: A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser may split or share a data set into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting an original data set into portions of data that may be communicated using one or more communications paths. Secure workgroup communication is supported through the secure distribution and management of a workgroup key for use with the secure data parser.

Abstract: Systems and methods are provided for securing data. A processing device receives a data set and identifies a first subset of data from a first dimension of a multi-dimensional representation of the data set. The processing device encrypts the first subset of data using a first encryption technique to yield a first encrypted subset of data and replaces the first subset of data in the multi-dimensional representation of the data set with the first subset of encrypted data. The processing device then identifies a second subset of data from a second dimension of the multi-dimensional representation of the data set, with the second subset of data including at least a portion of the first subset of encrypted data, and encrypts the second subset of data using a second encryption technique to yield a second encrypted subset of data.

Abstract: Systems and methods are provided for creating and using a sharable file-level key to secure data files. The sharable file-level key is generated based on a workgroup key associated with the data file, as well as unique information associated with the data file. The sharable file-level key may be used to encrypt and split data using a Secure Parser. Systems and methods are also provided for sharing data without replicating the data on the machine of the end user. Data is encrypted and split across an external/consumer network and an enterprise/producer network. Access to the data is provided using a computing image generated by a server in the enterprise/producer network and then distributed to end users of the external/consumer network. This computing image may include preloaded files that provide pointers to the data that was encrypted and split. No access or replication of the data on the enterprise/producer network is needed in order for a user of the external/consumer network to access the data.

Abstract: Systems and methods are provided for distributing trust among a set of certificate authorities. One approach provides methods and systems in which the secure data parser is used to distribute trust in a set of certificate authorities during initial negotiation of a connection between two devices. Another approach provides methods and systems in which the secure data parser is used to disperse packets of data into shares. A set of tunnels is established within a communication channel using a set of certificate authorities, keys developed during the establishment of the tunnels are used to encrypt shares of data, and the shares of data are transmitted through each of the tunnels.

Abstract: Two approaches are provided for distributing trust among a set of certificate authorities. Each approach may be used to secure data in motion. One approach provides methods and systems in which the secure data parser is used to distribute trust in a set of certificate authorities during initial negotiation (e.g., the key establishment phase) of a connection between two devices. Another approach provides methods and systems in which the secure data parser is used to disperse packets of data into shares. A set of tunnels is established within a communication channel using a set of certificate authorities, keys developed during the establishment of the tunnels are used to encrypt shares of data for each of the tunnels, and the shares of data are transmitted through each of the tunnels. Accordingly, trust is distributed among a set of certificate authorities in the structure of the communication channel itself.