Abstract: A computer-implemented method for managing emergency information may include intercepting, on a mobile-computing device, an emergency communication being transmitted from the mobile-computing device. Intercepting the emergency communication may include monitoring outgoing communications on the mobile-computing device and determining that an outgoing communication being monitored is a communication about an emergency. This method may also include sending, from the mobile-computing device to a remote server that collects emergency data from a plurality of mobile-computing devices, information about the emergency communication and location information that identifies a location of the emergency. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method includes assessing a trustworthiness level of a user computer by communication between the user computer and a first server. A record indicating the trustworthiness level is sent from the first server to the user computer, for storage by the user computer. A request is sent from the user computer to a second server, different from the first server, for a service to be provided to the user computer by the second server. The record is provided from the user computer to the second server by communicating between the user computer and the second server. At the second server, the trustworthiness level is extracted from the record, and the requested service is conditionally allowed to be provided to the user computer depending on the extracted trustworthiness level.

Abstract: A method includes receiving an instruction used to define a widget-container containing a service module associated with a widget. The widget-container is a procedural software framework configured to be executed at a widget-container processing device in response to a reference to the widget-container being accessed from a content aggregation point. The widget-container has a portion configured for receiving the widget. The method also includes determining whether processing of the widget within the portion of the widget-container is restricted and/or allowed.

Abstract: Systems, methods, and non-transitory computer readable media configured to create, process, and/or modify images are provided. Recipient image data associated with an original image captured by a second computing system can be received by a first computing system. A first intermediate image may be generated based on the recipient image data. A first viewable image for display on the first computing system may be generated based on the first intermediate image.

Abstract: A method of securely storing data to a dispersed data storage system is disclosed. A data segment is arranged along the columns or rows of an appropriately sized matrix. Data slices are then created based on either the columns or the rows so that no consecutive data is stored in a data slice. Each data slice is then stored in a separate storage node.

Abstract: Systems and methods are provided for transmitting data for secure storage. For each of two or more data sets, a plurality of shares are generated containing a distribution of data from an encrypted version of the data set. The shares are then stored in a shared memory device, wherein a data set may be reconstructed from a threshold number of the associated plurality of shares using an associated key. Also provided are systems and methods for providing access to secured data. A plurality of shares containing a distribution of data from an encrypted version of a data set are stored in a memory device. A client is provided with a virtual machine that indicates the plurality of shares, and the capability to reconstruct the data set from the plurality of shares using an associated key.

Abstract: HTTP-Based Captive Portal. Client requests through a device such as an access point or wired connection are routed through a captive portal switch (CPS). If the CPS determines that the client has not been authenticated, the CPS redirects (NATs) the client request to an internal HTTP proxy. The CPS HTTP proxy terminates the client request and opens a connection to a captive portal server. Thus, for an unauthenticated client, any HTTP request will be routed to the captive portal server. When client authentication at the captive portal server completes, the captive portal server returns a success code, such as embedded in a web page delivered to the client. When the CPS recognizes this success code, it disables the NAT for that client, allowing further requests to be passed through the network. The CPS may be hosted in a separate network appliance, or it may be a process hosted in the AP or on another AP in the network, or on a network device such as a controller or switch.

Abstract: Disclosed are methods, systems, and computer-readable media for wireless key management for authentication. Authentication includes transmitting a request to a locking device, transmitting a security challenge to the mobile device, and transmitting a response to the challenge and an encrypted user profile for the locking device. The response includes data generated with an access key that is stored by both the mobile device and the locking device, and the user profile is encrypted by a server using a secret key that is stored by the server and the locking device. Authentication further includes verifying the response to the challenge, where the response is verified using the access key, and validating additional data from the mobile device. An action of the locking device may be initiated as specified by the request.

Abstract: Methods and apparatus to securely share data are disclosed. An example includes generating, at a first device of a first user of cloud services, an archive file representative of a drive of the first device; encrypting, via a processor, the archive file to form an encrypted archive file; and conveying the encrypted archive file to a cloud service provider, the encrypted archive file to be decrypted by a second device of a second user of the cloud services, the decrypted archive file to be mounted to an operating system of the second device.

Abstract: A first device may receive a content request from a second device. The content request may include a dynamic network address and a request for a content file. The first device may determine that the dynamic network address is not included in a first index; determine one or more response values associated with the content file; determine that the one or more response values are included in a second index when the one or more response values match one or more response values included in the second index; generate an association between the dynamic network address and the second index to map the dynamic network address to the second index and to the content file based on determining that the one or more response values are included in the second index; and provide the content file to the second device.

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for wireless data protection utilizing cryptographic key management on a primary device and a backup device. A system encrypts a file with a file key and encrypts the file key twice, resulting in two encrypted file keys. The system encrypts each file key differently and stores a first file key on the primary device and transmits one of the encrypted file keys in addition to the encrypted file to a backup device for storage. On the backup device, the system associates the encrypted file key with a set of backup keys protected by a user password. In one embodiment, the system generates an initialization vector for use in cryptographic operations based on a file key. In another embodiment, the system manages cryptographic keys on a backup device during a user password change.

Abstract: An address to access a location in a storage device (106, 204) is received, and the address is scrambled. Write data is encrypted using an encryption key. The encrypted write data is stored in the storage device at a location of the storage device specified by the scrambled address.

Abstract: A network storage server receives multiple write requests from a set of clients via a network and internally buffers multiple data blocks written by the write requests. At a consistency point, the storage server commits the data blocks to a nonvolatile mass storage facility. The consistency point process includes using a storage operating system in the network storage server to compress the data blocks, encrypt selected data blocks, and store the compressed and (possibly) encrypted data blocks in the nonvolatile mass storage facility. Data blocks can also be fingerprinted in parallel with compression and/or encryption, to facilitate subsequent deduplication. Data blocks can be indexed and classified according to content or attributes of the data. Encryption can be applied at different levels of logical container granularity, where a separate, unique cryptographic key is used for each encrypted data container.

Abstract: A secure secrets proxy is instantiated in a first computing environment and includes secure secrets proxy authentication data for identifying itself to a secrets distribution management system in a second computing environment as a trusted virtual asset to receive and cache secrets data in a secure secrets cache outside the second computing environment. The secure secrets proxy requests one or more secrets to be cached and is then provided data representing the requested secrets in the secure secrets cache. The secure secrets proxy then receives secrets application request data from a second virtual asset instantiated in the first computing environment requesting one or more secrets be applied to second virtual asset data. The secure secrets proxy then obtains the required secrets from the secure secrets cache and coordinates the application of the secrets to the second virtual asset data.

Abstract: In general, embodiments of the present invention provide systems, methods and computer readable media for automated dynamic data quality assessment. One aspect of the subject matter described in this specification includes the actions of receiving a data quality job including a new data sample; and, if the new data sample is determined to be added to a reservoir of data samples, sending a quality verification request to an oracle; receiving a new data sample quality estimate from the oracle; and adding the new data sample and estimate to the reservoir. A second aspect of the subject matter includes the actions of receiving, from a predictive model, a judgment associated with a new data sample; analyzing the new data sample based in part on the judgment to determine whether to send a new data sample quality verification request to an oracle; and, if a new data sample quality estimate is received from the oracle, determining whether to add the new data sample and the judgment to the reservoir.

Abstract: A data search server stores a system ciphertext including a data ciphertext and a keyword ciphertext in each category-specific DB unit for each data category, and stores each category-determination secret key being associated with each category-specific DB unit. A search request receiving unit receives from a data search terminal a search request including a search trapdoor and an index tag. A data searching unit searches for a category-determination secret key with which the index tag is decrypted to the same value as a key-determination value. Using the search trapdoor, the data searching unit performs a search of a Public-key Encryption with Keyword Search scheme on system ciphertexts in a category-specific DB unit associated with this category-determination secret key. A search result transmitting unit transmits to the data search terminal a data ciphertext included in a system ciphertext which has been found as a hit in the search.

Abstract: The present invention discloses methods and devices for securing keys for a non-secure computing-environment.

Abstract: A computer-implemented method for securely storing backup data while facilitating fast failovers may include 1) identifying, at a primary site, a virtual disk file that includes a backup image, 2) modifying a boot sector within the virtual disk file to add a boot loader that supports reading disks encrypted with whole disk encryption, 3) encrypting the backup image within the virtual disk file, except for at least one decryption area, with whole disk encryption, and 4) storing the virtual disk file at a secondary site after encrypting the backup image within the virtual disk file. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Sanitizing passwords used in a shared, privileged account includes providing a password of a shared account to a user; identifying a first machine logged into using the password; determining when the first machine enters an inconsistent state; and modifying a memory area associated with the first machine to eliminate occurrences of the password in the memory area.

Abstract: A computer-implemented method entails steps of receiving user input signifying that an application on a computing device is to be locked and, in response to the user input, locking a user within the application to thereby permit the user to utilize functionalities of the application without exiting from the application or switching to another application on the computing device.

Abstract: The present invention is directed towards systems and methods for providing multiple modes of a zone for DNSSEC by an intermediary device. The method includes providing, by a device intermediary to a plurality of clients and a plurality of servers, a plurality of modes of a zone for Domain Name Service. The device receives a selection of a first mode of the zone of the plurality of modes of the zone. The device receives information identifying to enable DNS Security for the selected first mode. The device establishes the zone for DNS in accordance with the selected first mode and with DNS Security enabled.

Abstract: Making a target file impractical to be retrieved comprises decrypting a directory manager file using a first directory manager file key. The directory manager file includes an encryption key for a segment that is used when reconstructing a target file. The directory manager file is modified by deleting a reference to the target file. The reference includes a file encryption key. Retrieving the target file is made impractical by the deletion of the reference to the target file in the directory manager file. The modified directory manager file is encrypted using a second directory manager file key.

Abstract: A computer-implemented method for searching shared encrypted files on third-party storage systems may include (1) receiving, at a server-side computing system, a request from a user to search at least one encrypted file to which a group of users that includes the user shares access, (2) identifying, in response to the request, at least one encrypted search index compiled for and shared by the group of users that enables the encrypted file to be searched, (3) decrypting the encrypted search index with a key with which each user within the group of users has access, and (4) using the decrypted search index to respond to the request from the user. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method is performed at a computer system having one or more processors and memory storing one or more programs executed by the one or more processors. The method includes receiving a first data transmission from a first client system, where the first data transmission including a first document, the first document having one or more portions that are marked as private; encrypting the marked portions of the first document using a key; and sending a second data transmission to a destination system, where the second data transmission includes a second document, the second document including the encrypted marked portions of the first document and a remainder of the first document that is not marked as private. The key is unavailable to the destination system. The second document is stored at the destination system.

Abstract: A system and method are disclosed for compiling a database of investor-related data by gathering and linking customer-specific data records from multiple unaffiliated financial institutions, where such data records are coded in such a manner that the database compiler is enabled to link, across data providers and/or time periods, data records that pertain to the same investor without being provided any information that reveals the identity of any investor.

Abstract: A processor capable of secure execution. The processor contains an execution unit and secure partition logic that secures a partition in memory. The processor also contains cryptographic logic coupled to the execution unit that encrypts and decrypts secure data and code.

Abstract: A device may periodically update a BIOS password on a client device. In some implementations, the device may determine a particular password generation algorithm; determine password generation seed values; and generate a first password and one or more second passwords based on the particular password generation algorithm and the password generation seed values. The first password may be a password that should be set for the BIOS. The one or more second passwords may be possible current passwords currently set. The device may individually output the one or more second passwords to the client device to cause the client device to update a password of the BIOS to update to the first password; receive an indication that the BIOS password has been updated to the first password; and output the indication that the BIOS password has been updated to the first password.

Abstract: A method is performed at a computer system having one or more processors and memory storing one or more programs executed by the one or more processors. The method includes generating a document, including marking one or more portions of the document as private; and sending the document to an intermediary system for transmission to a destination system. Prior to the document being transmitted to the destination system, the marked portions of the document are encrypted by the intermediary system using a key that is unavailable to the destination system.

Abstract: A method, system and program product comprise obtaining a user's username and password. A random key is generated for use as a master key. The master key is encrypted using the password to create an encrypted master key. A hash function is performed on the password to create a password hash. A random key is generated for use as a content key for encrypting the user's selected content. The content key is encrypted using the master key to create an encrypted content key. The selected content is encrypted using the content key to create encrypted content. The username, password hash, encrypted master key, first encrypted content key, and encrypted content is communicated to a server for storage in the user's account in which the possibility of decrypting at least the encrypted content by operations on the server is mitigated.

Abstract: A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths.

Abstract: The present invention relates generally to information processing, and more particularly to techniques for securely organizing, sharing, accessing and storing valuable information related to a family or individual in conjunction with a computer-based platform. Users will have the ability to organize, share, access, send and receive information online using a plurality of personal devices. A computer web browser, mobile device web browser, facsimile machine, scanning device can send and receive information over a communication link with the system using standard software applications such as email, mobile messaging, scanning software and facsimile software. The present invention provides a user friendly web based platform that allows individuals to instantly setup a secure account and store important information, as well as, establish a seamless and effective contingency plan to organizing highly sensitive and personal information.

Abstract: Wrapping a computer software application by unpackaging the computer software application into constituent components including a data file that includes a listing of any of the components, modifying the data file to include a reference to a library, where the library is configured to cause communications between the computer software application and a computer operating system to be intercepted and processed by instructions within the library when the computer software application is executed by a computer, and repackaging the computer software application to include the library and any of the components listed in the modified data file.

Abstract: An apparatus, a method, and a computer program product are provided in which an information block is generated to include an expression encoded based on at least one of a peer discovery resource identifier or an area identifier. The information block is sent for broadcasting. An apparatus, a method, and a computer program product are provided in which an information block is received that includes an expression encoded based on at least one of a peer discovery resource identifier or an area identifier. The information block is decoded based on said at least one of the peer discovery resource identifier or the area identifier to obtain the expression.

Abstract: Attributes relevant to at least one existing authorization system are identified. Noise removal from identified attributes of the at least one existing authorization system is performed. An attribute based access control (ABAC) policy is generated from remaining identified attributes to derive logical rules that grant or deny access.

Abstract: There is disclosed a method for use in credential recovery. In one exemplary embodiment, the method comprises determining a policy that requires at least one trusted entity to verify the identity of a first entity in order to facilitate credential recovery. The method also comprises receiving at least one communication that confirms verification of the identity of the first entity by at least one trusted entity. The method further comprises permitting credential recovery based on the received verification.

Abstract: Disclosed are an apparatus and method of restoring at least one data file. The method may include retrieving the at least one data file to be restored from a data storage location, determining that the at least one data file is a link file, and regenerating a previously exchanged shared secret. The method may also include decrypting a key from the link file using the shared secret, and retrieving data from a data repository location to be restored.

Abstract: There is provided a method of providing secure access to data stored in a system memory of a computer system, the computer system comprising a memory controller for writing data to and reading data from the system memory. The method comprises generating a random encryption key each time the computer system is booted and storing the random encryption key in a volatile memory region of the memory controller. The method additionally comprises encrypting data using the random encryption key to create encrypted data, and storing the encrypted data in the system memory. Also provided are a memory subsystem and a computer system for performing the method.

Abstract: The present invention relates to a method and a device for ensuring information integrity and non-repudiation over time. At least one example embodiment provides a mechanism for secure distribution of information, which information relates to an instance in time when usage of cryptographic key pairs associated with a certain brand identity commenced, as well as when the key pairs ceased to be used, i.e. when the key pairs were revoked. The mechanism further allows a company or an organization to tie administration of cryptographic key pairs and a procedure for verifying information integrity and non-repudiation to their own brand. This can be seen as a complement or an alternative to using a certificate authority (CA) as a trusted third party, which CA guarantees an alleged relation between a public key and the identity of the company or organization using the cryptographic key pair to which that public key belongs.

Abstract: Example embodiments perform on-the-fly delivery of PGP encrypted data. A large data file is broken into chunks which are encrypted and delivered to a pipe object. The bytes of a chunk are read from the pipe object in the same order as they were written. Header and footer packets are prepared and delivered.

Abstract: In one embodiment, a processor can enforce a blacklist and validate, according to a multi-phase lockstep integrity protocol, a device coupled to the processor. Such enforcement may prevent the device from accessing one or more resources of a system prior to the validation. The blacklist may include a list of devices that have not been validated according to the multi-phase lockstep integrity protocol. Other embodiments are described and claimed.

Abstract: Technologies are generally described for a load balancing scheme for a cloud-based game system. In some examples, a load balancing system may include a resource usage measurement unit configured to measure resource usage of a game server, a determination unit configured to determine one or more client devices to stream non-interactive media files among a plurality of client devices connected to the game server based at least in part on the resource usage measured by the resource usage measurement unit, and a transmission unit to stream the non-interactive media files to one or more of the client devices upon occurrence of a predetermined game event.

Abstract: The embodiments relate to methods and apparatuses for producing secure transmission of a message. The methods are based on production of a basic key that is used for producing respective transmitter keys for a plurality of transmitters. For the ascertainment of the receiver keys by respective receivers, the basic key is transmitted to the receivers, which for their part are able to ascertain a receiver key for checking the integrity of the message from a respective transmitter on the basis of the basic key and an identifier for the transmitter. The receiver ascertains a cryptographic checksum, which, in the course of the integrity check, is compared with a cryptographic checksum that has been produced by the transmitter and sent along by the respective message. The embodiments may be used within the context of automation and sensor networks.

Abstract: An information processing apparatus, a software update method, and an image processing apparatus capable of encrypting and decrypting information using values uniquely calculated from booted primary modules or booted backup modules with less effort are disclosed. The information processing apparatus includes primary modules and the same kinds of backup modules, and includes a value storage unit storing values calculated from the modules, an encryption information storage unit storing information unique to the modules, an information decryption unit decrypting the information unique to the modules using the values in the value storage unit, and an encryption information update unit, when the module is updated, encrypting the information unique to the modules based on a value calculated from the each kind of the primary modules or the backup modules after the update.

Abstract: A cloud storage system includes a plurality of cloud storage modules for storing and managing data and a data encryption processing device. The data encryption processing device includes a priority manager for managing priorities on encrypting data of a plurality of cloud storage modules by using information on whether encryption processing for each of the plurality of the cloud storage modules is supported; and an encryption requester for selecting at least one cloud storage module on the basis of the priorities managed by the priority manager when receiving request of a data encryption, and performing, by the selected at least one cloud storage module, encryption after delivering the data to the selected cloud storage module.

Abstract: Exemplary methods for deduplicating encrypted files are described herein. The exemplary methods include receiving a first encrypted data file from a remote source that is encrypted by a first security key. In one embodiment, the methods include transmitting to a remote security manager a first key identifier (ID) that is extracted from the first data file, the first key ID identifying the first security key. In one aspect of the invention, in response to receiving the first security key from the remote security manager based on the first key ID, decrypting the first data file using the first security key provided by the remote security manager. In at least one embodiment, the methods include deduplicating the decrypted first data file.

Abstract: The method and apparatus support signature-based application management that examines credibility of an application to be installed or executed and controls installation and execution accordingly. The application management method for a user device includes: receiving user input for installing an application; comparing signature information of the application with an authentication list stored in a signature information storage; preventing, when the signature information is present in a blacklist of the authentication list, installation of the application; initiating, when the signature information is present in a whitelist of the authentication list, installation of the application; and selectively performing, when the signature information is not present in either the blacklist or the whitelist, installation of the application according to user consent.

Abstract: A method begins by a dispersed storage (DS) processing module generating a shared secret key from a public key of another entity and a private key using a first modulo prime polynomial function, wherein a public key is generated from the private key using a second modulo prime polynomial function and wherein the public key of the other entity is derived using the second modulo prime polynomial function on a private key of the other entity. The method continues with the DS module encrypting a message using the shared secret key to produce an encrypted message. The method continues with the DS module outputting the encrypted message to the other entity.

Abstract: Briefly, in accordance with one embodiment of the invention, a plug-in type application may intercept called functions in order to implement one or more security or digital rights management type settings, and/or one or more policies for a given document where such functions may be restricted, prohibited, and/or otherwise controlled. Patch code may be integrated with such controlled functions to modify the behavior of the function when executed in order to comply with the security or digital rights management setting, and/or one or more policies.

Abstract: A parallel data processing system based on location control and a method thereof can divide a data into smaller data and store and manage the divided data using a location control technique which divides a file, distributes the divided files, and stores and manages information on corresponding areas. The parallel data processing system includes an encryption and decryption server, a location control server and a storage device. Further, the system may reduce the time required for storing and reading a data and improve the speed of controlling encryption and decryption of the data as a result, by distributing the data in a plurality of storage devices and processing the data in parallel in encrypting, storing and restoring a data which requires security. In addition, performance of a plurality of storage devices and efficiency of the storage may be enhanced.

Abstract: A method for protecting data is disclosed that protects not only who may access data but also how it is used. This invention uses an intelligent proxy which controls access to protected data using any of a variety of already existing security measures and is also the only object capable of making use of the data so that the data may not be copied or otherwise used in any manner inconsistent with the design of a data protection scheme chosen to meet security needs.