Abstract: A data protection policy is implemented on a computing device, the data protection policy indicating how organization data on the computing device is to be protected. Protection of the organization data includes encrypting the organization data, and allowing the organization data to be decrypted only by particular programs and/or under particular circumstances (as indicated by the data protection policy). When implementing a data protection policy, files already stored on the computing device are encrypted using a passive encryption technique. The passive encryption technique can include one or more of an encrypt on close technique, an encrypt on open technique, an encrypt without exclusive access technique, and an encrypt location technique.

Abstract: A program on a device communicates with services of an organization and obtains data associated with the organization (also referred to as organization data). The organization data is optionally encrypted using one or more encryption keys, in which case the program has access to one or more decryption keys allowing the organization data to be decrypted and used at the device. Situations can arise in which the organization data stored on the device is to no longer be accessible to a user and/or the device, which is also referred to as the data being revoked. In response to organization data being revoked at the device, various techniques are used to intelligently delete the data, which refers to determining, based on the revocation that occurred and the nature of the data on the device, which data on the device is to be deleted from the device.

Abstract: Content on a device is encrypted and protected based on a data protection key. The protected content can then be copied to cloud storage, and from the cloud storage the protected content can be transferred to various other ones of the user's devices. A key used to retrieve plaintext content from the protected content is associated with an identifier of a particular device that provides the key, the device providing the key being the device that generated the key, or another managed device to which the protected content was transferred. A wipe command can similarly be transferred to the various ones of the user's devices, causing any keys associated with a particular device to be deleted from each of the various ones of the user's devices.

Abstract: Content on a device is encrypted and protected based on a data protection key corresponding to a particular identity of the user of the device. The protected content can then be stored to cloud storage, and from the cloud storage the protected content can be transferred to various other ones of the user's devices. A data protection key that is used to retrieve the plaintext content from the protected content is maintained by the user's device. This data protection key can be securely transferred to other of the user's devices, allowing any of the user's devices to access the protected content.

Abstract: Data files are encrypted based on a key associated with an entity that sets a data protection policy controlling access to the data files. The data protection policy identifies various restrictions on how the plaintext data of the encrypted data in the data files can be used. The data files have corresponding metadata identifying the entity that sets the data protection policy, and processes that are running instances of applications that are allowed to access the plaintext data are also associated with the identifier of the entity. These identifiers of the entity, as well as the data protection policy, are used by an operating system of a computing device to protect the data in accordance with the data protection policy, including having the protection be transferred to other devices with the protected data, or preventing the protected data from being transferred to other devices.

Abstract: Techniques for providing revocation information for revocable items are described. In implementations, a revocation service is employed to manage revocation information for various revocable items. For example, the revocation service can maintain a revoked list that includes revoked revocable items, such as revoked digital certificates, revoked files (e.g., files that are considered to the unsafe), unsafe network resources (e.g., a website that is determined to be unsafe), and so on. In implementations, the revocation service can communicate a revoked list to a client device to enable the client device to maintain an updated list of revocation information.

Abstract: A computing device analyzes digital certificates received from various different sites (e.g., accessed via the Internet or other network) in order to automatically detect fraudulent digital certificates. The computing device maintains a record of the digital certificates it receives from these various different sites. A certificate screening service operating remotely from the computing device also accesses these various different sites and maintains a record of the digital certificates that the service receives from these sites. In response to a request to access a target site the computing device receives a current digital certificate from the target site. The computing device determines whether the current digital certificate is genuine or fraudulent based on one or more of previously received digital certificates for the target site, confirmation certificates received from the certificate screening service, and additional characteristics of the digital certificates and/or the target site.

Abstract: A computing device analyzes digital certificates received from various different sites (e.g., accessed via the Internet or other network) in order to automatically detect fraudulent digital certificates. The computing device maintains a record of the digital certificates it receives from these various different sites. A certificate screening service operating remotely from the computing device also accesses these various different sites and maintains a record of the digital certificates that the service receives from these sites. In response to a request to access a target site the computing device receives a current digital certificate from the target site. The computing device determines whether the current digital certificate is genuine or fraudulent based on one or more of previously received digital certificates for the target site, confirmation certificates received from the certificate screening service, and additional characteristics of the digital certificates and/or the target site.

Abstract: Techniques for providing revocation information for revocable items are described. In implementations, a revocation service is employed to manage revocation information for various revocable items. For example, the revocation service can maintain a revoked list that includes revoked revocable items, such as revoked digital certificates, revoked files (e.g., files that are considered to the unsafe), unsafe network resources (e.g., a website that is determined to be unsafe), and so on. In implementations, the revocation service can communicate a revoked list to a client device to enable the client device to maintain an updated list of revocation information.

Abstract: A method for reducing NVH in a vehicle having the steps of providing at least one repeating event, replicating at least one component, and delaying at least one equivalent part. The repeating event is a complete cycle, such that the repeating event ends when the cycle begins to repeat itself. The component is replicated at least one time so that at least one equivalent part is formed. The equivalent part is delayed with respect to the component by angularly positioning the equivalent part with respect to the component in a predetermined way, such that at least one harmonic in the NVH-spectra is reduced during the component's repeating event and the equivalent part's repeating event in operation.

Abstract: A sprocket includes a plurality of teeth along the outer circumference of the sprocket, where the teeth include at least a first tooth variant with a first involute length between a root and a tip radii of the sprocket and a first curvature at a given radius of the sprocket and at least a second tooth variant with a second involute length between a root and a tip radii of the sprocket and a second curvature at the given radius of the sprocket. The first curvature is different than the second curvature at a given radius of the sprocket. Such variants are arranged around the circumference in a predetermined way.

Abstract: A method for reducing NVH in a vehicle having the steps of providing at least one repeating event, replicating at least one component, and delaying at least one equivalent part. The repeating event is a complete cycle, such that the repeating event ends when the cycle begins to repeat itself. The component is replicated at least one time so that at least one equivalent part is formed. The equivalent part is delayed with respect to the component by angularly positioning the equivalent part with respect to the component in a predetermined way, such that at least one harmonic in the NVH-spectra is reduced during the component's repeating event and the equivalent part's repeating event in operation.