Abstract: A computer-implemented method for managing encrypted files within application packages may include (1) identifying an individual component within an application package that requires encryption, (2) creating an encrypted file by encrypting the individual component, (3) decomposing the encrypted file into (a) a primary encrypted file that contains an initial portion of the encrypted file that matches a critical attribute of the individual component and (b) an auxiliary encrypted file that contains the remaining portion of the encrypted file, and (4) replacing, within the application package, the individual component with the primary encrypted file and the auxiliary encrypted file. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A system and method for remote patient monitoring and assessment to facilitate patient treatment are provided. The system includes at least one portable computing device (such as a smart cellular telephone) operated by a caregiver, which generates a plurality of user interface screens for allowing the caregiver to enter information relating to a patient's medical condition and treatment of the patient. The system compares a parameter of the information entered by the caregiver to a pre-defined threshold to determine whether the parameter is acceptable, and displays an alert screen on the portable computing device if the means for comparing the parameter determines that the parameter is unacceptable. A central server in communication with the portable computing device via a network receives the information entered by the caregiver, and electronically generates a report summarizing the patient's medical condition and treatment given to the patient by the caregiver.

Abstract: A dispersed storage network includes a dispersed storage device to store data. The dispersed storage device includes a processing module operable to slice a data segment of a data object into data slices. The processing module further creates a slice name for each of the data slices. The slice name includes routing information containing a vault identifier that identifies a vault associated with the data object, in which the vault identifies at least one user. The slice name further includes a source data name containing an identifier of the data object.

Abstract: Systems and methods described herein may store and analyze patient data sets. A processor in communication with a database may generate a plurality of patient data sets, each of the patient data sets being associated with one of a plurality of patients and comprising an attribute. The processor may de-identify each of the patient data sets so that they are not associated with the patients. The processor may encrypt each of the de-identified data sets to generate a plurality of encrypted data sets and store the encrypted data sets in the database. The processor may analyze one of the patient data sets to determine a relationship between the one of the patient data sets and the other of the patient data sets based on the attribute of the one of the patient data sets and the attributes of the other of the patient data sets.

Abstract: Described are a system and method for facilitating collaboration on a project by multiple team members. A plurality of projects and a plurality of documents are stored in persistent storage of a server system. A user launches an application program that displays an expandable and collapsible view showing each project of the plurality of projects for which the user is a team member and each document linked to each of the shown projects. Searchable metadata is associated with each project. The searchable metadata associated with each project is propagated to each document linked to that project. A given document is searched for using the metadata propagated from the project linked to that document.

Abstract: Disclosed are various embodiments for inspecting malware with little or no user interruption. A first computing device may compare a source code of an application to a fingerprint stored locally on the first computing device. The first computing device may transmit the source code to a second computing device to determine whether the source code resides in a database comprising approved applications. If the source code does not reside in the database, a thorough scan of the source code may be conducted.

Abstract: Techniques for representing directory structure in content-addressable storage systems are provided. A directory structure of a file system is represented using a plurality of chunks in a content-addressable storage system. The directory structure includes a set of objects arranged in an object hierarchy. The set of objects includes a particular directory that has, within the object hierarchy, a set of child objects. The plurality of chunks includes a directory object chunk for the particular directory. The plurality of chunks further includes a particular set of child object chunks. The particular set of child object chunks are object chunks for each child object in the set of child objects. The plurality of chunks further includes at least one hash set chunk with hash values for object chunks in the particular set of child object chunks.

Abstract: A SDE system and a computer program product for secure data communication are provided herein. In one embodiment, the SDE system includes: (1) a processor and (2) a SDE client configured to determine if a document is a secure data document and if not, determine if a user is authorized to create secure data having a predetermined extension by verifying authentication code associated with the user, wherein the authentication code is based on an email address and a user defined identifier associated with the user. If authorized, the SDE client configured to employ a plurality of converters to create a secure data document and direct an electronic mail system to send the secure data document to recipients of a recipients email list provided by the user, wherein the secure data document includes a predetermined extension.

Abstract: Techniques are disclosed for protecting cryptographic secrets stored locally in a device, such as a mobile phone. A client device creates or downloads a shared secret to be used in a server transaction. To protect this shared secret locally, the client device encrypts the shared secret using a key generated a file system attributes value, along with other sources of entropy. The file system attributes value may correspond to the inode of a file in a UNIX-based file system. Thereafter, when the shared secret is required for logical computation, the client device reconstructs the key using the file system attributes value and the other previous sources of entropy. The client device may use the key to decrypt the information and use the shared secret for its required purpose, e.g., in generating a one-time password for a login session.

Abstract: A method for controlling access to a Cloud, comprising receiving traffic from an Enterprise user at a gateway, wherein the traffic carries a first key specific to the Enterprise user for use internal to the gateway, replacing the first key with a second key, wherein the second key is a Cloud-negotiated key generic to a plurality of Enterprise users which permits access to the Cloud, and sending traffic to the Cloud.

Abstract: Various embodiments described herein each provide one or more of systems, methods, software, and data structures that facilitate document-authorized access to a shared workspace. Some of these embodiments provide access to a shared workspace, such as a document review comment repository, through data embedded within a document. Mere possession of a document with a key, or other data element, allows a possessor of the document to participate in a workflow process.

Abstract: Disclosed are methods and systems for variable width data input to a pattern-recognition processor. A variable width data input method may include receiving bytes over a data bus having a first width and receiving one or more signals indicating the validity of each of the one or more bytes. The valid bytes may be sequentially provided to a pattern-recognition processor in an 8-bit wide data stream. In an embodiment, a system may include one or more address lines configured to provide the one or more signals indicating the validity of the bytes transferred over the data bus. The system may include a buffer and control logic to sequentially process the valid bytes.

Abstract: A method, apparatus and computer program product for performing authorization control in a cloud storage system. The method comprises: receiving an access request to a file block, wherein the file block is embedded with tag data comprising at least file block authorization information; retrieving the file block; extracting the file block authorization information from the tag data; determining whether the access request matches the file block authorization information; and performing the access request if the access request matches the file block authorization information. Effective authorization control may be performed in a cloud storage system.

Abstract: An encryption and decryption device for a portable storage device and an encryption and decryption method thereof are provided. The encryption and decryption device includes a storage element, a control element and an encryption and decryption circuit. The control element receives a password, saves the password to the storage element and provides an encryption and decryption command. The encryption and decryption circuit is electrically connected to a portable storage device, receives the encryption and decryption command, reads the password stored in the storage element according to the encryption and decryption command, and encrypts or decrypts data stored in the portable storage device by utilizing the password according to whether the data have been encrypted. After the data are encrypted or decrypted, the encryption and decryption circuit clears the password in the storage element.

Abstract: A document handling device receives a request to perform a task on document data, the document data comprising at least one of an electronic document to be converted by the document handling device into a non-digital form or a physical document received by the document handling device in the non-digital form. Responsive to receiving the request, the document handling device makes a determination as to whether the requested task violates a data loss prevention policy, and performs an action based on the determination.

Abstract: A computer-readable storage medium stores a data processing program for causing a computer to execute a process. The process includes: identifying a first combination of first data and second data based on a predetermined condition from a storage in which the first data and first ciphered data obtained by ciphering the first data are correspondently stored, and the second data and second ciphered data obtained by ciphering the second data are correspondently stored; extracting a second combination of the first ciphered data and the second ciphered data stored respectively and correspondently to the first data and the second data identified by the identifying; and transmitting the second combination of the first ciphered data and the second ciphered data extracted by the extracting to an external device.

Abstract: A portable electronic device is provided. The portable electronic device includes a data interface module that processes files associated with a user, the data interface module receives and validates a password from a user of the portable electronic device before the user is allowed access to files processed by the data interface module, an encryption key formed by the data interface module upon validation of the password, the encryption key further comprising the password, a hard coded private string and a serial number of the portable electronic device and a data storage area that stores files received from the data interface module the stored files are encrypted using the encryption key and where neither the encryption key or the password are stored in an unencrypted format anyplace within the portable electronic device.

Abstract: Included in the present disclosure are a system, method and program of instructions operable to protect vital information by combining information about a user and what they are allowed to see with information about essential files that need to be protected on an information handling system. Using intelligent security rules, essential information may be encrypted without encrypting the entire operating system or application files. According to aspects of the present disclosure, shared data, user data, temporary files, paging files, the password hash that is stored in the registry, and data stored on removable media may be protected.

Abstract: Systems and methods are provided for determining an address for a private function. A start address for a public function of a software program in a data file associated with the software program is determined. Instruction data for the public function is identified in the data file based on the start address of the public function. First data of a predetermined size is read from a beginning of the instruction data for the public function. A signature for a private function of the software program is identified in the first data. A relative address for the private function in the data file based on the identified signature is stored in memory.

Abstract: The present invention relates to a method and a system for collecting and providing reports of activities of medical service providers, while encrypting confidential information. Specifically, the present invention provides systems and methods for collecting and providing information from medical claim transactions without information for specifically identifying the particular medical service provider. The present invention also allows for correlation of medical claim transactions with providers' information without using information that can be used to specifically identify the particular medical service provider (provider identifier).

Abstract: A system and related devices and methods facilitating orchestration of page composition based on performance of one or more portions of the page are disclosed herein. An exemplary system may comprise a first device and a second device. An exemplary method may comprise providing to a client device, a first portion of a requested page while waiting for one or more service calls required to render a second portion to return, and after a time at which the one or more service calls required to render the second portion return, providing the client device with the second portion, the one or more service calls required to render the second portion having a higher latency than any service calls required to render the first portion.

Abstract: Embodiments of the present disclosure include systems and methods for upload and/or download streaming encryption to/from an online service, or cloud-based platform or environment. The encryption process includes the following parts: Upload encryption, download decryption, and a central piece of infrastructure called the Interval Key Server (IKS). During both upload and download, the encryption and decryption processes are performed while the files are being uploaded/downloaded, (e.g., the files are being encrypted/decrypted as they are being streamed).

Abstract: Information corresponding to a set of signatures is maintained, and for each signature in the set, an associated group policy of a network is maintained. A message from a device on the network is intercepted, and the message includes a header. At least a portion of the header matches a signature in the set of signatures. Responsive to determining that the portion of the header matches the signature, the matched signature's associated group policy of the network is applied to the device on the network.

Abstract: A computing system includes data encryption in the data path between a data source and data storage devices. The data encryption may utilize a key which is derived at least in part from an identification code stored in a nonvolatile memory. The key may also be derived at least in part from user input to the computer.

Abstract: Processing a query, includes, at a client, receiving a user-generated query having a plurality of recognizable terms, securing the user-generated query to generate an encrypted query, so that the plurality of recognizable terms generated by the user-generated query cannot be determined by a server, transmitting the encrypted query to the server, to perform the query on encrypted data comprising a mix of regular data and secure data previously provided by the client, wherein at least one of selection criteria of the query and identifies of selected records of the query result cannot be determined by the server, and interpreting a result of the query provided by the server, and providing an output of the query to the user having the plurality of recognizable terms.

Abstract: An access terminal apparatus provides a group determination key being a decryption key to a data center apparatus previously, and then transmits grouping information generated from a keyword of storage target data and having been encrypted to the data center apparatus, with encrypted data of the storage target data and tag data of the encrypted data of the storage target data. The data center apparatus stores the encrypted data relating it to the tag data, decrypts a part of the grouping information with the group determination key, derives an index value from a bit value obtained by the decryption, and stores the derived index value and the tag data relating them with each other.

Abstract: Systems and methods for implementing location-based security protocols for information and/or data files are disclosed. The location-based security protocols may be enforced by an organization to protect and/or provide additional levels of security for information and/or data files associated with the organization and stored and/or used by agents of the organization on their user devices, such as personal user devices. Location-based security protocols may be applied to data file functions that include generating, receiving, transmitting, sharing, backing-up, or rendering a data file. Data files that are to adhere to one or more location-based security protocols may be tagged, such as in metadata associated with the data file to indicate that it is subject to adherence to the one or more location-based security protocols.

Abstract: An aspect of the present invention facilitates users/administrators to control access to electronic resources. In one embodiment, a tag data indicating the corresponding tags associated with each of a set of electronics resources is maintained. In response to receiving from an administrator, a search query indicating a search tag, the tag data is examined and a result set of electronic resources having tags matching the received search tag is identified. The administrator is thereafter enabled to specify an access policy for each of the result set of electronic resources. Thus, administrators are enabled to search for specific resources from a large number of resources and then specify the desired access policies for controlling access to the specific resources.

Abstract: A file packing and unpacking method, the method including: encrypting a target file using an encryption/decryption algorithm to obtain an encrypted target file, dividing the encryption/decryption algorithm into a first part encryption/decryption algorithm and a second part encryption/decryption algorithm; obtaining a packed target file according to the first part encryption/decryption algorithm and the encrypted target file; and informing an unpacking apparatus of the packed target file and the second part encryption/decryption algorithm.

Abstract: Methods and systems described herein facilitate improving universal serial bus (USB) storage performance in remote computing environments. A virtual USB host is associated with a virtual machine running a guest operating system (OS) and is configured to communicate with a USB storage device that is connected to a remote terminal. The virtual USB host is further configured to transmit one of a data-in request to the USB storage device before the guest OS transmits the data-in request or an acknowledgement of a data-out request to the guest OS before the USB storage device transmits the acknowledgement.

Abstract: A secure data parser is provided that may be integrated into any suitable system for securely storing data in and communicating data with cloud computing resources. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security.

Abstract: A malware detection agent operating on a computing device detects one or more indicators of a potential data loss threat. Sensitive data is identified based on at least one of a logical location or a physical location of the sensitive data. One or more data loss prevention policies are enabled to protect the sensitive data until the potential data loss threat is resolved.

Abstract: The present application is directed towards methods and systems for providing anonymous and traceable external access to internal linguistic assets. The methods and systems described allow users the freedom to use a linguistic resource with the security that their identities and interactions with the resource are shielded from other users. Simultaneously, the system maintains a mechanism to trace all user's interactions with a resource to ensure the integrity of the asset is not jeopardized and to easily identify a problem with a user's access without broadcasting their identity or actions.

Abstract: Private message system, method, and apparatus are described. A private message that includes encrypted data and identifying information indicating a recipient client device authorized to read the private message is stored at a server computer. Since the client devices perform all encryption and decryption processing, the server computer stores the private message in a platform agnostic manner and without performing any encryption/decryption related processes. Although any number of recipient devices can receive the private message, only a recipient client device authorized in accordance with the identifying information can read the private message.

Abstract: Cryptographic key management techniques are described. In one or more implementations, an access control rule is read that includes a Boolean expression having a plurality of atoms. The cryptographic keys that corresponds each of the plurality of atoms in the access control rule are requested. One or more cryptographic operations are then performed on data using one or more of the cryptographic keys.

Abstract: A memory card includes a storage unit storing key information and version information in association with the key information, the key information and the version information being issued by a key issuing authority and the version information indicating a version of the latest revocation list that has been issued when the key information is generated. A revocation list receiving unit receives a revocation list having a version; and a version verification unit compares the version of the revocation list received by the revocation list receiving unit and the version information. When the version of the revocation list is older than version information, processing by a revocation list writing unit is prohibited.

Abstract: An electronic apparatus includes a secure unit to store public key information, an input unit to receive user authentication information and a data searching word, a user authenticating unit to perform user authentication with the inputted user authentication information, an encryption generating unit to generate a searching word encryption to use in data search, and a control unit to control generating the searching word encryption using the previously-stored public key information, the inputted user authentication information, and the data searching word.

Abstract: Techniques for controlling access to shared data files such as stored in a collaborative file sharing service. Organizations want to have access to data originated by their employees and want that access to continue even when the employees leave the company. Also, organizations do not want former employees to have access to the company's files. A file storage service uses an Organization's recovery key while creating a recovery record for a file (which may be stored in a folder), and protected using a Work identity. The individual person who originally creates a file and/or shares a folder securely with others is considered the folder's owner as long as he is part of the same Organization. User's identities are validated upon access. The keys are also purged from a local key store as soon as identity changes are detected. In this way, the folder owner will not be able to decrypt files stored in a folder shared using a Work identity if the identity is canceled by the Organization.

Abstract: Techniques for controlling access to shared data files such as stored in a collaborative file sharing service. Organizations want to have access to data originated by their employees and want that access to continue even when the employees leave the company. Also, organizations do not want former employees to have access to the company's files. A file storage service uses an Organization's recovery key while creating a recovery record for a file (which may be stored in a folder), and protected using a Work identity. The individual person who originally creates a file and/or shares a folder securely with others is considered the folder's owner as long as he is part of the same Organization. User's identities are validated upon access. The keys are also purged from a local key store as soon as identity changes are detected. In this way, the folder owner will not be able to decrypt files stored in a folder shared using a Work identity if the identity is canceled by the Organization.

Abstract: A method for controlling access to a digital file includes: associating digital content with a header, the header including data identifying a permitted access identity corresponding to a physical key removable from a reading computer. The method also includes encrypting the header and the digital content, the header being susceptible to decryption separate from the content by a key interface.

Abstract: An encryption method and decryption method are provided. The encryption method divides an electronic file into a plurality of message blocks, wherein the message blocks have a sequence. The encryption method sets a checking vector as the last message block. The encryption method performs the following steps on each message block according to the sequence: generating an input block, deriving an output block by encrypting the input block by an encryption key, and deriving an encrypted block by applying XOR operation to the output block and the previous message block, wherein the input block is equivalent to applying XOR operation to the message block, the output block corresponding to the previous message block, and the message block before the previous one. The encryption method generates an electronic encrypted file by concatenating the encrypted blocks. The decryption method performs a series of operations corresponding to the above operations.

Abstract: Making a target file impractical to be retrieved comprises decrypting a directory manager file using a first directory manager file key. The directory manager file includes an encryption key for a segment that is used when reconstructing a target file. The directory manager file is modified by deleting a reference to the target file. The reference includes a file encryption key. Retrieving the target file is made impractical by the deletion of the reference to the target file in the directory manager file. The modified directory manager file is encrypted using a second directory manager file key.

Abstract: Various embodiments provide a method and apparatus of providing accelerated encrypted connections in a cloud network supporting transmission of data including per-user encrypted data. Transmission of encrypted data from an application server uses an encryption scheme that encrypts static data using a first encryption scheme that derives keys from the content itself and encrypts dynamic data, such as dynamic website content with personalized user data, using a second encryption scheme.

Abstract: A first information processing device holds data and a key for encryption. A second information processing device does not have rights to share data not encrypted with the first information processing device and a client. The first information processing device transmits data and key to the client when receiving a request to use the data. The first information processing device generates first encrypted data encrypted with the key, and transmits it to the second information processing device. The client transmits information obtained by encrypting the result of processing on the data with the key to the second information processing device until the use of the data ends. The first information processing device acquires second encrypted data received by the second information processing device from the second information processing device, and decrypts and stores it when notified that the use of the data has ended.

Abstract: Method and system is disclosed for encrypting information utilizing three-dimensional shapes. The method includes receiving one or more computer device usage metrics, one or more user files having information, and instructions for encrypting the one or more user files, selecting shape type from a plurality of predetermined shape types, determining shape dimensions and shape volume based upon quantity of information associated with the one or more user files, generating a shape based upon the selected shape type, the shape dimensions, and the shape volume, distributing axis coordinates for each axis, wherein a node is define at least by axis coordinates within the generated shape, associating information of the one or more user files with axis coordinates within the generated shape, and transmitting generated shape and data based upon the associating.

Abstract: A method of searching encrypted data includes generating with a client computing device a search index identifier corresponding to a search term in an encrypted search table and transmitting the search index identifier, a first single use key and a second single use key to a server. The method includes generating a set of decrypted data with the server for a set of data in an encrypted search table corresponding to the search index identifier using the first single use key to decrypt a first portion of the data and the second single use key to decrypt a second portion of the data. The method further includes identifying one or more encrypted files stored on the server that include the encrypted search term based on the decrypted data from the search table, and transmitting the encrypted files or encrypted file identifiers to the client computing device.

Abstract: Methods and apparatus are provided for providing a DRM service by a user terminal apparatus consuming DRM content in a service environment that provides the DRM content using a plurality of incompatible DRM systems. A license corresponding to the DRM content is acquired from a service providing apparatus that provides the DRM content. It is determined whether the license is a common license having a common DRM interface format. The common DRM interface format of the common license is converted to a format of a first DRM system installed in the user terminal apparatus, when the license is the common license. The license having the format of the first DRM system is applied in reproducing the DRM content. The common license is provided from the service providing apparatus to the user terminal apparatus through a common DRM interface when the service providing apparatus does not support the first DRM system.

Abstract: A system is disclosed that logs access system events. When an access system event occurs, a log entry is created for the access system event. Information from an identity profile is stored in the log entry. The identity profile pertains to a first user. The first user is the entity who caused or was involved with the access system event. In one embodiment, the access system includes identity management and access management functionality.

Abstract: A data storage system includes a storage device and a data handler that receives an object, creates metadata for the object that includes a key and an authorization, stores the object on the storage device, receives a request for the object, determines if the request includes the key, and, if the request has authorization information, permits access to the object. The data handler receives another request for the object, determines if the request includes the key, and, if the request does not have the authorization information, denies access to the object.

Abstract: The present invention relates to a web server having a web application using published API of one or more cloud storage providers, said web application being dedicated to secure and economical sharing of encrypted files residing at the cloud storage providers, said files being managed under a virtual folder which is shared by a group of different entities.