Abstract: A first server launches, under control of a device user, an execution of a first virtual payload by using a predetermined service provider interface or a first predetermined application programming interface that is associated with the first virtual payload executed by the first server. The first virtual payload generates a first random nonce. The first virtual payload launches an execution of a second virtual payload by using an associated second predetermined application programming interface. The second virtual payload is executed by the first or a second server. The first virtual payload exchanges with the second virtual payload the first random nonce, so as to establish a first secure channel. The invention also relates to corresponding first server and system.

Abstract: A first server launches, under control of a device user, an execution of a first virtual payload by using a predetermined service provider interface or a first predetermined application programming interface that is associated with the first virtual payload executed by the first server. The first virtual payload generates a first random nonce. The first virtual payload launches an execution of a second virtual payload by using an associated second predetermined application programming interface. The second virtual payload is executed by the first or a second server. The first virtual payload exchanges with the second virtual payload the first random nonce, so as to establish a first secure channel. The invention also relates to corresponding first server and system.

Abstract: A first server exchanges with a second server a master (symmetric) key(s). The first server sends to the first application the master key(s). The second server generates dynamically a first derived key by using a generation parameter(s) and a first master key. The second server sends to the second application the first derived key and the generation parameter(s). The second application generates and sends to the first application a first (key possession) proof and the generation parameter(s). The first application verifies successfully by using the generation parameter(s), the first master key and the first proof, that the first proof has been generated by using the first derived key, generates and sends to the second application a second (key possession) proof. The second application verifies successfully that the second proof has been generated by using the first derived key, as a dynamically generated and proven shared key.

Abstract: A set of users who may authenticate is predefined and is associated, each, with a reference secret share. A first subset of users who has, each, to authenticate is predefined. The device defines a second subset of the users who has, each, to authenticate while further satisfying, each, to be physically proximate to the device and an authentication condition(s). The second user subset is comprised within the first user subset comprised within the user set. The device verifies whether each user of the second user subset satisfies to be physically proximate to the device and the authentication condition(s), if yes, requests, to each user device, the secret share and receives, from each user device relating to at least the first user subset, the secret share. The device reconstructs a secret with each received secret share, verifies whether the reconstructed matches the reference and, if yes, authenticates the user set.

Abstract: A set of users who may authenticate is predefined and is associated, each, with a reference secret share. A first subset of users who has, each, to authenticate is predefined. The device defines a second subset of the users who has, each, to authenticate while further satisfying, each, to be physically proximate to the device and an authentication condition(s). The second user subset is comprised within the first user subset comprised within the user set. The device verifies whether each user of the second user subset satisfies to be physically proximate to the device and the authentication condition(s), if yes, requests, to each user device, the secret share and receives, from each user device relating to at least the first user subset, the secret share. The device reconstructs a secret with each received secret share, verifies whether the reconstructed matches the reference and, if yes, authenticates the user set.

Abstract: A first server exchanges with a second server a master (symmetric) key(s). The first server sends to the first application the master key(s). The second server generates dynamically a first derived key by using a generation parameter(s) and a first master key. The second server sends to the second application the first derived key and the generation parameter(s). The second application generates and sends to the first application a first (key possession) proof and the generation parameter(s). The first application verifies successfully by using the generation parameter(s), the first master key and the first proof, that the first proof has been generated by using the first derived key, generates and sends to the second application a second (key possession) proof. The second application verifies successfully that the second proof has been generated by using the first derived key, as a dynamically generated and proven shared key.

Abstract: Disclosed is a method of supporting security policies and security levels associated with processes and applications. A security level is associated with a process independent of a user executing the process. When secure data is to be accessed, the security level of the process is evaluated to determine whether data access is to be granted. Optionally, the security level of a user of the process is also evaluated prior to providing data access.

Abstract: A method for sharing data from within a secure network perimeter includes providing a sharing folder associated with a first user for transferring data therefrom to destinations outside the secure perimeter. Data stored within the sharing folder is stored in a secured fashion. Semi-trusted applications are provided an ability to retrieve the secured data in a unsecured fashion for sharing of same. The semi-trusted applications are other than able to retrieve and share secured data from at least a folder other than the sharing folder in unsecured form.

Abstract: A method for sharing data from within a secure network perimeter includes providing a sharing folder associated with a first user for transferring data therefrom to destinations outside the secure perimeter. Data stored within the sharing folder is stored in a secured fashion. Semi-trusted applications are provided an ability to retrieve the secured data in a unsecured fashion for sharing of same. The semi-trusted applications are other than able to retrieve and share secured data from at least a folder other than the sharing folder in unsecured form.

Abstract: Disclosed is a method of supporting security policies and security levels associated with processes and applications. A security level is associated with a process independent of a user executing the process. When secure data is to be accessed, the security level of the process is evaluated to determine whether data access is to be granted. Optionally, the security level of a user of the process is also evaluated prior to providing data access.

Abstract: Disclosed is a method of supporting security policies and security levels associated with processes and applications. A security level is associated with a process independent of a user executing the process. When secure data is to be accessed, the security level of the process is evaluated to determine whether data access is to be granted. Optionally, the security level of a user of the process is also evaluated prior to providing data access.