Abstract: Systems and methods are provided for adding security to client data by maintaining keys providing access to the client data remotely from the client data. In some circumstances, the systems encrypt a cluster of data using an encryption key, associate the cluster of encrypted data with a unique identifier and send the unique identifier and the decryption key to a server for storage. The decryption key is then received from the server and is used to decrypt the cluster of encrypted data. A server can also perform policy checks or trigger additional authentication such as SMS, phone, or email notification before allowing access to a key. Furthermore, in some instances, the server can also prevent access to the stored keys in response to anomalies, such as decommissioning and other asset management events.

Abstract: Systems and methods are provided for adding security to client data by maintaining decryption keys at a server that provide access to encrypted keys that are maintained at a client system with encrypted client data. A specialized protocol is utilized for accessing the decryption keys from the server. Once obtained, the decryption key is used to decrypt the encrypted key at the client and then the newly decrypted decryption key is used to decrypt the encrypted data. A server can also perform policy checks or trigger additional authentication such as SMS, phone, or email notification before allowing access to the server decryption key. Furthermore, in some instances, the server can also prevent access to the server decryption keys in response to anomalies, such as decommissioning and other asset management events.

Abstract: Systems and methods are provided for adding security to client data by maintaining keys providing access to the client data remotely from the client data. In some circumstances, the systems encrypt a cluster of data using an encryption key, associate the cluster of encrypted data with a unique identifier and send the unique identifier and the decryption key to a server for storage. The decryption key is then received from the server and is used to decrypt the cluster of encrypted data. A server can also perform policy checks or trigger additional authentication such as SMS, phone, or email notification before allowing access to a key. Furthermore, in some instances, the server can also prevent access to the stored keys in response to anomalies, such as decommissioning and other asset management events.

Abstract: Systems and methods are provided for adding security to client data by maintaining decryption keys at a server that provide access to encrypted keys that are maintained at a client system with encrypted client data. A specialized protocol is utilized for accessing the decryption keys from the server. Once obtained, the decryption key is used to decrypt the encrypted key at the client and then the newly decrypted decryption key is used to decrypt the encrypted data. A server can also perform policy checks or trigger additional authentication such as SMS, phone, or email notification before allowing access to the server decryption key. Furthermore, in some instances, the server can also prevent access to the server decryption keys in response to anomalies, such as decommissioning and other asset management events.

Abstract: Methods for providing relevance-based, image centric information are provided. The methods may include receiving an image. The methods include linking each received image to an appropriate selected standard format. The selection may be based on a greatest degree of relevance between the image and the selected format. The methods include converting each image into a linked standard format. The methods include loading the converted images into a database. The methods include searching the database utilizing a query. The methods include returning a plurality of resultant images in response to the query. The methods include determining a search relevance result value for each resultant image. The search relevance result value being based on the level at which the document fits the query. The methods include ordering the resultant images based on the search relevance result values. The methods include arranging the images and associated metadata on a four-regioned user interfacing display.

Abstract: Methods for providing relevance-based, image centric information is provided. The method may include receiving the image. Methods may include linking each received image to an appropriate selected standard format. The selection may be based on a greatest degree of relevance between the image and the selected format. Methods may include converting each image into a linked standard format. Methods may include loading the converted into a database. Methods may include searching the database utilizing a query. Methods may include returning a plurality of resultant images in response to the query. Methods may include determining a search relevance result value for each resultant image. The search relevance result value being based on the level at which the document fits the query. Methods may include ordering the resultant images based on the search relevance result values. Methods may include arranging the images and associated metadata on a four-regioned user interfacing display.

Abstract: This disclosure describes methods, systems, and application programming interfaces for creating a credential managed account. This disclosure describes creating a new password managed account, defining the password managed account, wherein the password managed account is to access a service on a managed computing device, identifying the password managed account for a lifecycle, and automatically managing the password managed account by updating and changing a password for the password managed account on a periodic basis.

Abstract: In the host operating system of a computing device, entropy data is collected based at least in part on each of one or more hardware components of the computing device. An entropy pool is updated based at least in part on the collected entropy data, and data from the entropy pool is provided to a guest operating system running as a virtual machine of the computing device. The guest operating system maintains a guest operating system entropy pool based on the data from the entropy pool provided by the host operating system. The guest operating system accesses the guest operating system entropy pool and uses the guest operating system entropy pool as a basis for generating values including random numbers.

Abstract: Embodiments are directed to establishing a secure connection between computing systems and to providing computer system virtualization on a secure computing device. In one scenario, a computer system receives a request that at least one specified function be initiated. The request includes user credentials and a device claim that identifies the computing device. The computer system authenticates the user using the received user credentials and determines, based on the device claim, that the computing device is an approved computing device that has been approved to initiate performance of the specified function. Then, upon determining that the user has been authenticated and that the computing device is approved to initiate performance the specified function, the computer system initiates performance of the specified function.

Abstract: Embodiments described herein are directed to preventing development of insecure web pages, preventing deployment of insecure web pages and to preventing access to insecure web pages. In one embodiment, a computer system accesses a web page that includes one or more web elements. The computer system then determines that the web page includes at least one element that requests user authentication and determines whether various specified secure protocols have been implemented on the web page. Then, if the specified secure protocols have not been implemented on the web page, the computer system displays a warning or error indicating that the web page is insecure.

Abstract: Embodiments are directed to establishing a secure connection between computing systems and to providing computer system virtualization on a secure computing device. In one scenario, a computer system receives a request that at least one specified function be initiated. The request includes user credentials and a device claim that identifies the computing device. The computer system authenticates the user using the received user credentials and determines, based on the device claim, that the computing device is an approved computing device that has been approved to initiate performance of the specified function. Then, upon determining that the user has been authenticated and that the computing device is approved to initiate performance the specified function, the computer system initiates performance of the specified function.

Abstract: Embodiments are directed to establishing a secure connection between computing systems and to providing computer system virtualization on a secure computing device. In one scenario, a computer system receives a request that at least one specified function be initiated. The request includes user credentials and a device claim that identifies the computing device. The computer system authenticates the user using the received user credentials and determines, based on the device claim, that the computing device is an approved computing device that has been approved to initiate performance of the specified function. Then, upon determining that the user has been authenticated and that the computing device is approved to initiate performance the specified function, the computer system initiates performance of the specified function.

Abstract: Embodiments described herein are directed to preventing development of insecure web pages, preventing deployment of insecure web pages and to preventing access to insecure web pages. In one embodiment, a computer system accesses a web page that includes one or more web elements. The computer system then determines that the web page includes at least one element that requests user authentication and determines whether various specified secure protocols have been implemented on the web page. Then, if the specified secure protocols have not been implemented on the web page, the computer system displays a warning or error indicating that the web page is insecure.

Abstract: Methods for using scenario solution-related information to generate customized user experiences are provided. Upon receiving a user query, a plurality of results is returned, each result being representative of a scenario solution which may be utilized to address a particular issue relevant to the received query. At the time of authoring, each scenario solution is organized based upon one or more keywords and/or one or more categories (i.e., namespaces). Data associated with a namespace/keyword corresponding to a returned search result may be mined to determine information beyond basic scenario solution search results that may be of interest to the user.

Abstract: A facility for applying a software patch is described. Using an automatic patching agent, the facility receives the software patch. In response to receiving the software patch, without user intervention, the facility performs the following acts: First, the facility identifies an instance of an executable module that is currently loaded, and to which the received software patch pertains. Second, the facility applies the received software patch to the identified loaded executable module instance to modify the behavior of the identified executable module instance.

Abstract: Computer-executable instructions that are directed to the performance of consequential actions and automatically elevate to execute at a higher privilege level to do so can perform such consequential actions only after user notification. Doing so can enable monitoring processes to avoid presenting duplicative user notification upon detection of such auto-elevation. In addition, prior to presenting user notification, input from the execution environment can be ignored and access to DLLs for performing consequential actions can be avoided. A static analyzer can identify non-conforming computer-executable instructions. A wrapper can be utilized to provide compliance by otherwise unknown or non-conforming computer-executable instructions.

Abstract: Apparatus for coordinating a rule-based relationship between a bank, a vendor and a merchant is provided. The apparatus may include a first receiver configured to receive an employee identification number input into a graphical user interface (“GUI”). The apparatus may additionally include the first receiver being configured to receive a billing account number input into the GUI. The apparatus may also include a processor configured to determine if the billing account number includes a number of consecutive, identical digits. The processor may further be configured to determine if the number of consecutive, identical digits is equal to or greater than a threshold number of consecutive, identical digits.

Abstract: Booting a computing device includes executing one or more firmware components followed by a boot loader component. A protection component for the computing device, such as an anti-malware program, is identified and executed as an initial component after executing the boot loader component. One or more boot components are also executed, these one or more boot components including only boot components that have been approved by the protection component. A list of boot components that have been previously approved by the protection component can also be maintained in a tamper-proof manner.

Abstract: Apparatus for coordinating a rule-based relationship between a bank, a vendor and a merchant is provided. The apparatus may include a first receiver configured to receive an employee identification number input into a graphical user interface (“GUI”). The apparatus may additionally include the first receiver being configured to receive a billing account number input into the GUI. The apparatus may also include a processor configured to determine if the billing account number includes a number of consecutive, identical digits. The processor may further be configured to determine if the number of consecutive, identical digits is equal to or greater than a threshold number of consecutive, identical digits.

Abstract: Systems and methods for creating a secure process on a web server can include creating an application manager process, and creating an application host process, the application host process being created under control of the application manager process. Example methods can also include restricting attributes of the application host process, and assigning a unique logon identifier to the application host process so that the application host process can only communicate with the application manager process.