Abstract: In the approaches described herein, a data file storage service may control access to file system objects using corresponding “personal” or organization-related “work” identity information which may include encryption keys or passwords. To assist the user with identifying respective file system objects, the user is presented with a corresponding graphical user interface (GUI) which displays a corresponding personal or work identity icon next to a visual rendering of the file system objects. Keys that control access to work identity files and folders are purged from a local key store as soon as user authorization changes are detected. In this way, even a user who originated a data file will not be able to decrypt files stored in a folder shared using a work identity once that identity is canceled by the organization, while at the same time, the user's access to their personal files may continue.

Abstract: In the approaches described herein, a data file storage service may control access to file system objects using corresponding “personal” or organization-related “work” identity information which may include encryption keys or passwords. To assist the user with identifying respective file system objects, the user is presented with a corresponding graphical user interface (GUI) which displays a corresponding personal or work identity icon next to a visual rendering of the file system objects. Keys that control access to work identity files and folders are purged from a local key store as soon as user authorization changes are detected. In this way, even a user who originated a data file will not be able to decrypt files stored in a folder shared using a work identity once that identity is canceled by the organization, while at the same time, the user's access to their personal files may continue.

Abstract: Techniques for controlling access to shared data files such as stored in a collaborative file sharing service. Organizations want to have access to data originated by their employees and want that access to continue even when the employees leave the company. Also, organizations do not want former employees to have access to the company's files. A file storage service uses an Organization's recovery key while creating a recovery record for a file (which may be stored in a folder), and protected using a Work identity. The individual person who originally creates a file and/or shares a folder securely with others is considered the folder's owner as long as he is part of the same Organization. User's identities are validated upon access. The keys are also purged from a local key store as soon as identity changes are detected. In this way, the folder owner will not be able to decrypt files stored in a folder shared using a Work identity if the identity is canceled by the Organization.

Abstract: Techniques for controlling access to shared data files such as stored in a collaborative file sharing service. Organizations want to have access to data originated by their employees and want that access to continue even when the employees leave the company. Also, organizations do not want former employees to have access to the company's files. A file storage service uses an Organization's recovery key while creating a recovery record for a file (which may be stored in a folder), and protected using a Work identity. The individual person who originally creates a file and/or shares a folder securely with others is considered the folder's owner as long as he is part of the same Organization. User's identities are validated upon access. The keys are also purged from a local key store as soon as identity changes are detected. In this way, the folder owner will not be able to decrypt files stored in a folder shared using a Work identity if the identity is canceled by the Organization.

Abstract: Seamless, secure, private, collaborative file synchronization across trust boundaries, typically as a companion to a store and sync file service. Information needed to recover a file is stored within the file itself, without giving away secret data. User specific personal keys are preferably only stored on the users' device(s). A unique ID is also created for each protected file; a password is generated that depends on (a) a key value that can either be (i) the user's personal key in the case of a file that is to be private or (ii) a shared key in the case of a file that is to be shared with other users, and (b) the unique file ID. The password is then encrypted using a recovery key and also stored in the file itself. The file is secured using a format that supports password-based content encryption.

Abstract: Techniques for controlling access to shared data files such as stored in a collaborative file sharing service. Organizations want to have access to data originated by their employees and want that access to continue even when the employees leave the company. Also, organizations do not want former employees to have access to the company's files. A file storage service uses an Organization's recovery key while creating a recovery record for a file (which may be stored in a folder), and protected using a Work identity. The individual person who originally creates a file and/or shares a folder securely with others is considered the folder's owner as long as he is part of the same Organization. User's identities are validated upon access. The keys are also purged from a local key store as soon as identity changes are detected. In this way, the folder owner will not be able to decrypt files stored in a folder shared using a Work identity if the identity is canceled by the Organization.

Abstract: Techniques for controlling access to shared data files such as stored in a collaborative file sharing service. Organizations want to have access to data originated by their employees and want that access to continue even when the employees leave the company. Also, organizations do not want former employees to have access to the company's files. A file storage service uses an Organization's recovery key while creating a recovery record for a file (which may be stored in a folder), and protected using a Work identity. The individual person who originally creates a file and/or shares a folder securely with others is considered the folder's owner as long as he is part of the same Organization. User's identities are validated upon access. The keys are also purged from a local key store as soon as identity changes are detected. In this way, the folder owner will not be able to decrypt files stored in a folder shared using a Work identity if the identity is canceled by the Organization.

Abstract: Seamless, secure, private, collaborative file synchronization across trust boundaries, typically as a companion to a store and sync file service. Information needed to recover a file is stored within the file itself, without giving away secret data. User specific personal keys are preferably only stored on the users' device(s). A unique ID is also created for each protected file; a password is generated that depends on (a) a key value that can either be (i) the user's personal key in the case of a file that is to be private or (ii) a shared key in the case of a file that is to be shared with other users, and (b) the unique file ID. The password is then encrypted using a recovery key and also stored in the file itself. The file is secured using a format that supports password-based content encryption.

Abstract: Seamless, secure, private, collaborative file synchronization across trust boundaries, typically as a companion to a store and sync file service. Information needed to recover a file is stored within the file itself, without giving away secret data. User specific personal keys are preferably only stored on the users' device(s). A unique ID is also created for each protected file; a password is generated that depends on (a) a key value that can either be (i) the user's personal key in the case of a file that is to be private or (ii) a shared key in the case of a file that is to be shared with other users, and (b) the unique file ID. The password is then encrypted using a recovery key and also stored in the file itself. The file is secured using a format that supports password-based content encryption.

Abstract: A technique for establishing a perimeter of accountability for usage of digital assets such as data files. The accountability model not only tracks authorized users' access to files, but monitors passage of such files to uncontrollable removable storage media or through network connections and the like which may indicate possible abuse of access. In accordance with a preferred embodiment, an autonomous independent agent process running at a point of use, such as in the background of a client operating system kernel, interrupts requests for access to resources. The agent process senses low level system events, filters, aggregates them, and makes reports to a journaling server. The journaling server analyzes sequences of low level events to detect when aggregate events of interest occur, such as “FileEdit”, network file transfers and the like. Reports can be generated to provide an understanding of how digital assets have been accessed, used or communicated by individuals in an enterprise.

Abstract: The technology described herein provides a stand-alone intelligent battery charger and intelligent conditioner for use with a high-voltage battery, such as those used in hybrid automotive vehicles. Additionally, in various exemplary embodiments, this technology provides a system and method for validating the capacity of a high voltage battery. Other comparable uses are also contemplated herein, as will be obvious to those of ordinary skill in the art.

Abstract: A technique for establishing usage control over digital assets such as computer files. The system model not only tracks authorized users' access to files, but monitors passage of such files to uncontrollable removable storage media or through network connections and the like which may indicate possible abuse of access rights. In accordance with a preferred embodiment, an autonomous independent agent process running at a point of use, such a background process in a client operating system kernel, interrupts requests for access to resources. The agent process senses low level system events, filters, and aggregates them. A policy engine analyzes sequences of aggregate events to determine when policy violations occur.

Abstract: The technology described herein provides a stand-alone intelligent battery charger and intelligent conditioner for use with a high-voltage battery, such as those used in hybrid automotive vehicles. Additionally, in various exemplary embodiments, this technology provides a system and method for validating the capacity of a high voltage battery. Other comparable uses are also contemplated herein, as will be obvious to those of ordinary skill in the art.

Abstract: The technology described herein provides a stand-alone intelligent battery charger and intelligent conditioner for use with a high-voltage battery, such as those used in hybrid automotive vehicles. Additionally, in various exemplary embodiments, this technology provides a system and method for validating the capacity of a high voltage battery. Other comparable uses are also contemplated herein, as will be obvious to those of ordinary skill in the art.

Abstract: A technique for establishing a perimeter of accountability for usage of digital assets such as data files. The accountability model not only tracks authorized users' access to files, but monitors passage of such files to uncontrollable removable storage media or through network connections and the like which may indicate possible abuse of access. In accordance with a preferred embodiment, an autonomous independent agent process running at a point of use, such as in the background of a client operating system kernel, interrupts requests for access to resources. The agent process senses low level system events, filters, aggregates them, and makes reports to a journaling server. The journaling server analyzes sequences of low level events to detect when aggregate events of interest occur, such as “FileEdit”, network file transfers and the like. Reports can be generated to provide an understanding of how digital assets have been accessed, used or communicated by individuals in an enterprise.

Abstract: A data processing application logging, recording, and reporting process and infrastructure. Compliance with regulatory directives such as HIPAA, internal organizational and corporate, personal information privacy, and other security policies can thus be enforced without the need to recode legacy application software. In one preferred embodiment, a core agent process provides “listener” functionality that captures user input events, such as keyboard and mouse interactions, between a user and a legacy application of interest. The agent obtains instructions for how to deal with such events, accessing information that describes the application's behavior as already captured by an application profiler tool. Keyboard and mouse data entry sequences, screen controls and fields of interest are tagged during application profiling process. This data is stored in application profile developed for each mode of a legacy application.

Abstract: The technology described herein provides a stand-alone intelligent battery charger and intelligent conditioner for use with a high-voltage battery, such as those used in hybrid automotive vehicles. Additionally, in various exemplary embodiments, this technology provides a system and method for validating the capacity of a high voltage battery. Other comparable uses are also contemplated herein, as will be obvious to those of ordinary skill in the art.

Abstract: A technique for establishing a perimeter of accountability for usage of digital assets such as data files. The accountability model not only tracks authorized users' access to files, but monitors passage of such files to uncontrollable removable storage media or through network connections and the like which may indicate possible abuse of access. In accordance with a preferred embodiment, an autonomous independent agent process running at a point of use, such as in the background of a client operating system kernel, interrupts requests for access to resources. The agent process senses low level system events, filters, aggregates them, and makes reports to a journaling server. The journaling server analyzes sequences of low level events to detect when aggregate events of interest occur, such as “FileEdit”, network file transfers and the like. Reports can be generated to provide an understanding of how digital assets have been accessed, used or communicated by individuals in an enterprise.

Abstract: A technique for adaptive encryption of digital assets such as computer files. The system model monitors passage of files to uncontrollable removable storage media or through network connections and the like which may indicate possible abuse of access rights. In accordance with a preferred embodiment, an autonomous independent agent process running at a point of use, such a background process in a client operating system kernel, interrupts requests for access to resources. The agent process senses low level system events, filters, and aggregates them. A policy engine analyzes sequences of aggregate events to determine when to apply encryption.

Abstract: A trusted transaction architecture that provides security from a client side input device to a merchant server by installing a secure custom browser process on the client side computer via an ActiveX control or the equivalent. This Secure Browser Process (SBP) may then be inspected to ensure that no external codes exist in its application space, that no subsequently loaded Dynamic Link Library (DLL), or equivalent, has been tampered with or modified, that no Application Programming Interface (API) has been overwritten or redirected, and that no input device driver has been hooked by a digital signature. The SBP then creates a secure channel to the input device(s) that are used to enter data into the browser application, and creates a secure channel to the merchant's destination server to ensure that data cannot be intercepted, even on the client side computer.