Abstract: An extended hardware security module (“HSM”) possessing additional security properties relative to conventional HSMs and methods for initializing, deploying, and managing such extended HSMs in a networked environment. In the preferred embodiment, an extended HSM includes additional hardware and software components that configure it to run sensitive client tasks on demand inside a cloud-hosted, anti-tamper HSM housing so as to ensure sensitive data is encrypted when stored or processed outside the housing. Methods for initializing, deploying, and managing provide a framework through which extended HSMs may be secured from their initial assembly through their availing for use and actual use over a network by one or more clients. Such use often entails repeated discrete sequential secure sessions and concurrent discrete secure sessions.

Abstract: A method for the integrated use of a secondary cloud resource, provided by a secondary cloud service software function executed on secondary hardware, from a primary cloud service, provided by a primary cloud service software function executed on primary hardware which is remote to said secondary hardware including provision step operative to provide a primary integration interface and a secondary integration interface, a resource request step operative to identify a set of secondary user data and request said secondary cloud resource from the secondary cloud service, a resource allocation step for allocating the requested secondary cloud resource and providing corresponding secondary cloud resource allocation information, an information association step for associating said secondary cloud resource allocation information with said secondary cloud user data and a set of primary user data, and a user authentication step for authenticating the primary cloud service user access to said secondary cloud resource.

Abstract: A secure data management system and method which separates query processing operations from transaction management and data storage operations to provides secure outsourced data management assurances while remaining practically viable for commercial deployment. The secure data management system and method includes a untrusted database module which performs transaction management and data storage operations on encrypted data from at least one network accessible computer and a trusted database module which processes user generated queries and commands on a secure client device by selectively accessing, decrypting and re-encrypting the encrypted data on the at least one network accessible computer. In this regard, total privacy can be maintained while still outsourcing transaction management and data storage operations to untrusted third parties because all sensitive operations are performed in a secure environment and the transaction management and data storage operations can only access encrypted data.

Abstract: An extended hardware security module (“HSM”) possessing additional security properties relative to conventional HSMs and methods for initializing, deploying, and managing such extended HSMs in a networked environment. In the preferred embodiment, an extended HSM includes additional hardware and software components that configure it to run sensitive client tasks on demand inside a cloud-hosted, anti-tamper HSM housing so as to ensure sensitive data is encrypted when stored or processed outside the housing. Methods for initializing, deploying, and managing provide a framework through which extended HSMs may be secured from their initial assembly through their availing for use and actual use over a network by one or more clients. Such use often entails repeated discrete sequential secure sessions and concurrent discrete secure sessions.

Abstract: Computer server device (690) comprising a server control unit (600) and at least one physical connectors (605) for respective physical tamper-protected computer modules (80), which tamper-protected computer modules (SO) each comprises a respective tamper-protected enclosure (162), a respective module control unit and a respective information processing module (128), which module control unit and information processing module (128) are both entirely enclosed by said tamper-protected enclosure (162) in question.

Abstract: Tamper-proof computer device (1) comprising a sealed enclosure (10), in turn comprising a hollow metal body (20) having an inside surface (22); a computer processor (30), arranged inside said enclosure (10); a tamper-detection sensor (40), which sensor (40) in turn comprises a tamper-detecting membrane (40) forming a sealed container in which the computer processor (30) is arranged, which membrane (40) is arranged on, and in direct thermal contact with, the said hollow metal body (20); and a metal heat sink structure (50) thermally connected to the computer processor (30), wherein the metal heat sink structure (50) is also arranged in direct thermal contact with a side of the membrane (40) not facing the said inside surface (22), so that the membrane (40) is sandwiched between the hollow metal body (20) and the metal heat sink structure (50) so that thermal connection is achieved between the metal heat sink structure (50) and the enclosure (10), via the membrane (40).

Abstract: A secure searchable and shareable remote storage system and method which utilizes client side processing to enable search capability of the stored data, allow the synchronizing of stored data between multiple discrete devices, and allow sharing of stored data between multiple discrete users. Such a remote storage system and method includes a networked remote computer server which receives and stores encrypted data and manages access thereto and a client device configured to index data to be stored, upload secured data and related information, perform searches on the stored data and related information locally, and implement cryptographic protocols which allow the stored data and related information to be synchronized with other desired client devices. Advantageously, since trusted client-side search code may directly access mostly plaintext data, it may operate orders of magnitude faster than the equivalent server code which may access encrypted data only.

Abstract: An extended hardware security module (“HSM”) possessing additional security properties relative to conventional HSMs and methods for initializing, deploying, and managing such extended HSMs in a networked environment. In the preferred embodiment, an extended HSM includes additional hardware and software components that configure it to run sensitive client tasks on demand inside a cloud-hosted, anti-tamper HSM housing so as to ensure sensitive data is encrypted when stored or processed outside the housing. Methods for initializing, deploying, and managing provide a framework through which extended HSMs may be secured from their initial assembly through their availing for use and actual use over a network by one or more clients. Such use often entails repeated discrete sequential secure sessions and concurrent discrete secure sessions.

Abstract: Method for the integrated use of a secondary cloud resource, provided by a secondary cloud service software function executed on secondary hardware, from a primary cloud service, provided by a primary cloud service software function executed on primary hardware which is remote to said secondary hardware, the method comprising in a provision step, providing an integration database as well as an integration software function, which integration software function is arranged to provide a primary integration interface and a secondary integration interface; in a resource request step, the integration software function receiving, via the said primary integration interface, an allocation request regarding a certain cloud resource, and the integration software function in response thereto identifying a set of secondary user data and requesting, via the secondary integration interface, said secondary cloud resource from the secondary cloud service, the secondary cloud resource request being performed using said second

Abstract: The present invention relates to a system for protecting sensitive data including at least one enclosing layer, at least one tamper-detecting sensor, zeroization support logic, at least one memory module, and at least one Internal IPM Decoupler configured to provide a link between the anti-tamper system and at least one electronic component that is enclosed by at least one enclosing layer.

Abstract: Tamper-proof computer device (1) comprising a sealed enclosure (10), in turn comprising a hollow metal body (20) having an inside surface (22); a computer processor (30), arranged inside said enclosure (10); a tamper-detection sensor (40), which sensor (40) in turn comprises a tamper-detecting membrane (40) forming a sealed container in which the computer processor (30) is arranged, which membrane (40) is arranged on, and in direct thermal contact with, the said hollow metal body (20); and a metal heat sink structure (50) thermally connected to the computer processor (30), wherein the metal heat sink structure (50) is also arranged in direct thermal contact with a side of the membrane (40) not facing the said inside surface (22), so that the membrane (40) is sandwiched between the hollow metal body (20) and the metal heat sink structure (50) so that thermal connection is achieved between the metal heat sink structure (50) and the enclosure (10), via the membrane (40).

Abstract: A secure data management system and method which separates query processing operations from transaction management and data storage operations to provides secure outsourced data management assurances while remaining practically viable for commercial deployment. The secure data management system and method includes a untrusted database module which performs transaction management and data storage operations on encrypted data from at least one network accessible computer and a trusted database module which processes user generated queries and commands on a secure client device by selectively accessing, decrypting and re-encrypting the encrypted data on the at least one network accessible computer. In this regard, total privacy can be maintained while still outsourcing transaction management and data storage operations to untrusted third parties because all sensitive operations are performed in a secure environment and the transaction management and data storage operations can only access encrypted data.

Abstract: A secure searchable and shareable remote storage system and method which utilizes client side processing to enable search capability of the stored data, allow the synchronizing of stored data between multiple discrete devices, and allow sharing of stored data between multiple discrete users. Such a remote storage system and method includes a networked remote computer server which receives and stores encrypted data and manages access thereto and a client device configured to index data to be stored, upload secured data and related information, perform searches on the stored data and related information locally, and implement cryptographic protocols which allow the stored data and related information to be synchronized with other desired client devices. Advantageously, since trusted client-side search code may directly access mostly plaintext data, it may operate orders of magnitude faster than the equivalent server code which may access encrypted data only.

Abstract: The present invention relates to a system for protecting sensitive data including at least one enclosing layer, at least one tamper-detecting sensor, zeroization support logic, at least one memory module, and at least one Internal IPM Decoupler configured to provide a link between the anti-tamper system and at least one electronic component that is enclosed by at least one enclosing layer.

Abstract: The present invention relates to a system for protecting sensitive data including at least one enclosing layer, a cryptography module, at least one tamper-detecting sensor, zeroization support logic, at least one memory module, and at least one Internal IPM Decoupler configured to provide a link between the anti-tamper system and at least one electronic component that is enclosed by at least one enclosing layer.

Abstract: The present invention relates to a system for protecting sensitive data including at least one enclosing layer, a cryptography module, at least one tamper-detecting sensor, zeroization support logic, at least one memory module, and at least one Internal IPM Decoupler configured to provide a link between the anti-tamper system and at least one electronic component that is enclosed by at least one enclosing layer.

Abstract: An extended hardware security module (“HSM”) possessing additional security properties relative to conventional HSMs and methods for initializing, deploying, and managing such extended HSMs in a networked environment. In the preferred embodiment, an extended HSM includes additional hardware and software components that configure it to run sensitive client tasks on demand inside a cloud-hosted, anti-tamper HSM housing so as to ensure sensitive data is encrypted when stored or processed outside the housing. Methods for initializing, deploying, and managing provide a framework through which extended HSMs may be secured from their initial assembly through their availing for use and actual use over a network by one or more clients. Such use often entails repeated discrete sequential secure sessions and concurrent discrete secure sessions.

Abstract: This invention introduces a new paradigm for outsourcing the transaction processing backend of a multi-client database application to an untrusted service provider. Specifically, the invention enables untrusted service providers to support transaction serialization, backup and recovery for clients, with full data confidentiality and correctness. Moreover, providers learn nothing about transactions (except their size and timing), thus achieving read and write access pattern privacy.

Abstract: This invention introduces a new paradigm for outsourcing the transaction processing backend of a multi-client database application to an untrusted service provider. Specifically, the invention enables untrusted service providers to support transaction serialization, backup and recovery for clients, with full data confidentiality and correctness. Moreover, providers learn nothing about transactions (except their size and timing), thus achieving read and write access pattern privacy.

Abstract: Disclosed is a method for storing digital information for storage in an adversarial setting in which trusted hardware enforces digital information compliance with data storage mandates. Secure storage overhead is minimized by identifying sparsely accessing the trusted hardware based on data retention cycles. Data retention assurances are provided for information stored by a Write-Once Read-Many (WORM) storage system.