Abstract: An approach is proposed that contemplates systems, methods, and computer-readable storage mediums to support receiving, from a computerized system, a first encrypted file entity key and signed access metadata, wherein the first encrypted file entity key is created by encrypting a file entity key using a first encryption key, the signed access metadata is signed by the file entity key and the encrypted file entity is created by encrypting a file entity using the file entity key. The approach then determines whether to facilitate the decryption of the encrypted file entity by the computerized system and sends a second encrypted file entity key to the computerized system if it is determined to facilitate the decryption. The approach prevents the computerized system to decrypt the encrypted file entity if it is determined not to facilitate the decryption of the encrypted file entity by the computerized system.

Abstract: An approach is proposed that contemplates systems, methods, and computer-readable storage mediums to support receiving, from a computerized system, a first encrypted file entity key and signed access metadata, wherein the first encrypted file entity key is created by encrypting a file entity key using a first encryption key, the signed access metadata is signed by the file entity key and the encrypted file entity is created by encrypting a file entity using the file entity key. The approach then determines whether to facilitate the decryption of the encrypted file entity by the computerized system and sends a second encrypted file entity key to the computerized system if it is determined to facilitate the decryption. The approach prevents the computerized system to decrypt the encrypted file entity if it is determined not to facilitate the decryption of the encrypted file entity by the computerized system.

Abstract: System, computer readable medium and method for decryption. The method may include receiving, by a third computerized system and from a fourth computerized system, a first encrypted file entity key and signed access metadata. The first encrypted file entity key is created by encrypting a file entity key by a first computerized system using an encryption key of a second computerized system. The signed access metadata is signed by the file entity key. The encrypted file entity is created by encrypting a file entity by the first computerized system using the file entity key. Sending, by the third computerized system, the signed access metadata and the first encrypted file entity key to the second computerized system. Receiving a response from the second computerized system. Determining, based on the response from the second computerized system, whether to facilitate a decryption of the encrypted file entity by the fourth computerized entity.

Abstract: System, computer readable medium and method for decryption. The method may include receiving, by a third computerized system and from a fourth computerized system, a first encrypted file entity key and signed access metadata. The first encrypted file entity key is created by encrypting a file entity key by a first computerized system using an encryption key of a second computerized system. The signed access metadata is signed by the file entity key. The encrypted file entity is created by encrypting a file entity by the first computerized system using the file entity key. Sending, by the third computerized system, the signed access metadata and the first encrypted file entity key to the second computerized system. Receiving a response from the second computerized system. Determining, based on the response from the second computerized system, whether to facilitate a decryption of the encrypted file entity by the fourth computerized entity.

Abstract: A unified access control component (UACC) can maintain information relating to network access information and physical location information associated with respective users who may access a network that can include network resources (e.g., applications, information). The UACC can cross reference the network access information (e.g., user network access events, credentials, and policy) and physical location information (e.g., user physical access events, credentials, and policy) and can generate and enforce a unified network access policy based on network access information and physical location information associated with a particular user. After network access privileges have been granted to a user, the UACC can continue to monitor the user. The UACC can include a dynamic authentication component that can request a user re-authenticate if a change in the physical location and/or network access associated with the user is detected, such that a re-computation of network access privileges is desired.

Abstract: A network access system. In particular implementations, a method includes monitoring, responsive to a network access request of a client, an authentication session between an authentication server and the client, and determining user credential information associated with a user of the client based on one or more messages of the authentication session. The method also includes accessing, using the user credential information, physical entry information indicating a physical location of the user relative to a defined perimeter, and conditionally allowing the client access to a network based on the physical entry information and a successful authentication of the client.

Abstract: A unified access control component (UACC) can maintain information relating to network access information and physical location information associated with respective users who may access a network that can include network resources (e.g., applications, information). The UACC can cross reference the network access information (e.g., user network access events, credentials, and policy) and physical location information (e.g., user physical access events, credentials, and policy) and can generate and enforce a unified network access policy based on network access information and physical location information associated with a particular user. After network access privileges have been granted to a user, the UACC can continue to monitor the user. The UACC can include a dynamic authentication component that can request a user re-authenticate if a change in the physical location and/or network access associated with the user is detected, such that a re-computation of network access privileges is desired.