Abstract: A method for multi-factor, biometrics-based, secure data signature includes generating, by a biometrics reader device, a first biometric measurement using a physical characteristic of a user. The method includes selecting, by at least one noise-resistant feature transformation and hashing module executing on a processor of a computing device, a code word in a set of code words, wherein selecting further comprises applying an error correcting code to the first biometric measurement. The method includes generating, by the at least one noise-resistant feature transformation and hashing module, a first hash, wherein generating further comprises executing a hashing algorithm and using the selected code word as input to the hashing algorithm. The method includes generating, by the at least one noise-resistant feature transformation and hashing module, a public key and a private key, using the first hash. The method includes electronically signing, with the private key, data associated with the user.

Abstract: A method of restricting data access based on properties of at least one of a process and a machine executing the process includes receiving, by an access control management system, from a first computing device, information associated with an encrypted data object. The method includes requesting, by the access control management system, from a verifier, verification that a second computing device executes a process in accordance with a process attribute identified in the information associated with the encrypted data object. The method includes sending, by the access control management system, to the second computing device, the received information associated with the encrypted data object, responsive to the verification of the process attribute.

Abstract: A method of restricting data access based on properties of at least one of a process and a machine executing the process includes receiving, by an access control management system, from a first computing device, information associated with an encrypted data object. The method includes requesting, by the access control management system, from a verifier, verification that a second computing device executes a process in accordance with a process attribute identified in the information associated with the encrypted data object. The method includes sending, by the access control management system, to the second computing device, the received information associated with the encrypted data object, responsive to the verification of the process attribute.

Abstract: A method for securing data access by containerized applications includes intercepting, by a first container executing on a first computing device and associated with a containerized application in a second container executing on the first computing device, a first Internet Protocol (IP) request from the containerized application. The first container determines that the IP request is addressed to a second computing device executing a resource that the containerized application is authorized to access. The first container encrypts a payload portion of the IP request and transmits, to the resource, a second IP request with the encrypted payload portion. The first container receives, from the resource, a response. The first container requests, from a third computing device, a cryptographic key for decrypting the response. The first container decrypts, with the cryptographic key, a payload portion of the response and transmits, to the containerized application, the decrypted payload portion of the response.

Abstract: A method of restricting data access based on properties of at least one of a process and a machine executing the process includes receiving, by an access control management system, from a first computing device, information associated with an encrypted data object. The method includes requesting, by the access control management system, from a verifier, verification that a second computing device executes a process in accordance with a process attribute identified in the information associated with the encrypted data object. The method includes sending, by the access control management system, to the second computing device, the received information associated with the encrypted data object, responsive to the verification of the process attribute.

Abstract: A method includes receiving, by an access control management system, from a first client device, information associated with an encrypted data object. The access control management system receives, from a second client device, a request for the information. The access control management system verifies that a user of the second client device is identified in the received information. The access control management system selects an identity provider, based on a user identifier included in the received information, the user identifier associated with the user of the second client device. The access control management system requests from the selected identity provider, authentication of the user of the second client device. The access control management system sends, to the second client device, the received information. The access control management system stores an identification of at least one of the second client device and the received request for the information.

Abstract: A method includes receiving, by an access control management system, from a first client device, information associated with an encrypted data object. The access control management system receives, from a second client device, a request for the information. The access control management system verifies that a user of the second client device is identified in the received information. The access control management system selects an identity provider, based on a user identifier included in the received information, the user identifier associated with the user of the second client device. The access control management system requests from the selected identity provider, authentication of the user of the second client device. The access control management system sends, to the second client device, the received information. The access control management system stores an identification of at least one of the second client device and the received request for the information.

Abstract: A method for distributing cryptographic data to trusted recipients includes receiving, by an access control management system, from a first client device, information associated with an encrypted data object, the information including an identification of a platform for generating an integrity measurement digitally signed by a root of trust. The access control management system receives, from a second client device, a request for the information associated with the encrypted data object. The access control management system verifies that the second client device includes the platform for generating the integrity measurement digitally signed by the root of trust. The access control management system determines, based on the verification of the second client device, not to authenticate the second client device. The access control management system sends, to the second client device, the received information associated with the encrypted data object, responsive to the determination.

Abstract: A method for distributing cryptographic data to trusted recipients includes receiving, by an access control management system, from a first client device, information associated with an encrypted data object, the information including an identification of a platform for generating an integrity measurement digitally signed by a root of trust. The access control management system receives, from a second client device, a request for the information associated with the encrypted data object. The access control management system verifies that the second client device includes the platform for generating the integrity measurement digitally signed by the root of trust. The access control management system determines, based on the verification of the second client device, not to authenticate the second client device. The access control management system sends, to the second client device, the received information associated with the encrypted data object, responsive to the determination.

Abstract: A method for distributing cryptographic data to authenticated recipients includes receiving, by an access control management system, from a first client device, information associated with an encrypted data object. The method includes receiving, by the access control management system, from a second client device, a request for the information associated with the encrypted data object. The method includes verifying, by the access control management system, that a user of the second client device is identified in the received information associated with the encrypted data object. The method includes authenticating, by the access control management system, with an identity provider, the user of the second client device. The method includes sending, by the access control management system, to the second client device, the received information associated with the encrypted data object.

Abstract: A method for distributing cryptographic data to authenticated recipients includes receiving, by an access control management system, from a first client device, information associated with an encrypted data object. The method includes receiving, by the access control management system, from a second client device, a request for the information associated with the encrypted data object. The method includes verifying, by the access control management system, that a user of the second client device is identified in the received information associated with the encrypted data object. The method includes authenticating, by the access control management system, with an identity provider, the user of the second client device. The method includes sending, by the access control management system, to the second client device, the received information associated with the encrypted data object.

Abstract: A method for distributing cryptographic data to authenticated recipients includes receiving, by an access control management system, from a first client device, information associated with an encrypted data object. The method includes receiving, by the access control management system, from a second client device, a request for the information associated with the encrypted data object. The method includes verifying, by the access control management system, that a user of the second client device is identified in the received information associated with the encrypted data object. The method includes authenticating, by the access control management system, with an identity provider, the user of the second client device. The method includes sending, by the access control management system, to the second client device, the received information associated with the encrypted data object.

Abstract: A method for distributing cryptographic data to authenticated recipients includes receiving, by an access control management system, from a first client device, information associated with an encrypted data object. The method includes receiving, by the access control management system, from a second client device, a request for the information associated with the encrypted data object. The method includes verifying, by the access control management system, that a user of the second client device is identified in the received information associated with the encrypted data object. The method includes authenticating, by the access control management system, with an identity provider, the user of the second client device. The method includes sending, by the access control management system, to the second client device, the received information associated with the encrypted data object.