File Protection Patents (Class 713/165)
  • Patent number: 8880879
    Abstract: Methods and systems for encrypting and decrypting are presented. In one embodiment, the method comprises encrypting one or more segments of a data with a key. The data is associated with at least one encryption attribute and having a plurality of segments. The encryption attribute includes information to identify one or more segments of the data to encrypt. The method further comprises encrypting the encryption attribute and storing the data including the partly encrypted data and the encrypted encryption attribute.
    Type: Grant
    Filed: September 4, 2008
    Date of Patent: November 4, 2014
    Assignee: Intel Corporation
    Inventor: Yen Hsiang Chew
  • Patent number: 8881271
    Abstract: A system and method for employing memory forensic techniques to determine operating system type, memory management configuration, and virtual machine status on a running computer system. The techniques apply advanced techniques in a fashion to make them usable and accessible by Information Technology professionals that may not necessarily be versed in the specifics of memory forensic methodologies and theory.
    Type: Grant
    Filed: August 1, 2008
    Date of Patent: November 4, 2014
    Assignee: Mandiant, LLC
    Inventor: James Robert Butler, II
  • Patent number: 8881239
    Abstract: A method and apparatus for securing transactions using verified resource locations is described. In one embodiment, the method for authorizing a transaction request using published location information for at least one resource includes examining relationship data regarding at least one resource to identify at least one publisher computer and at least one subscriber computer, wherein the at least one publisher computer communicates location information for the at least one resource and in response to at least one transaction request from the at least one subscriber computer, comparing the location information with the at least one transaction request to verify at least one resource location.
    Type: Grant
    Filed: March 23, 2009
    Date of Patent: November 4, 2014
    Assignee: Symantec Corporation
    Inventor: James Cabell Poole
  • Patent number: 8880905
    Abstract: According to one aspect of the invention, a file received from a first user is stored in a storage device, where the file includes private metadata encrypted by a secret key associated with a second user. A private metadata identifier is stored in a predetermined storage location, indicating that private metadata of the file has not been decrypted and indexed. In response to an inquiry subsequently received from the second user, the predetermined storage location is scanned to identify the private metadata identifier based on the inquiry. The encrypted metadata identified by the private metadata identifier is transmitted to the second user for decryption. In response to the metadata that has been decrypted by the second user, the decrypted metadata is indexed for the purpose of subsequent searches of at least one of the metadata and the file.
    Type: Grant
    Filed: October 27, 2010
    Date of Patent: November 4, 2014
    Assignee: Apple Inc.
    Inventors: Kaelin L. Colclasure, John M. Hörnkvist, Braden J. Thomas
  • Patent number: 8879732
    Abstract: In an exemplary embodiment content of a data message to be sent on a control channel is determined, and a selection is made between ciphering and not ciphering the data message based on the determined content. By example if from the content it is determined that that the data message is a SMS message, ciphering is selected and the control channel is a SACCH; else ciphering is not selected. Such a determination may be made by checking a service access point identifier for a data block comprising the data message. A data message within a data block received on the control channel is determined to be ciphered or not ciphered using only information within the data block, and the received data message is processed according to the determination. In another embodiment the FACCH is selected for sending the message if it is a SMS, and ciphering is selected for all data blocks sent on the FACCH.
    Type: Grant
    Filed: October 13, 2010
    Date of Patent: November 4, 2014
    Assignee: Nokia Corporation
    Inventors: Harri A. Jokinen, Guillaume Sebire
  • Patent number: 8879728
    Abstract: Embodiments are directed towards enabling cryptographic key rotation without disrupting cryptographic operations. If key rotation is initiated, a transitional key may be generated by encrypting the current key with a built-in system key. A new key may be generated based one at least one determined key parameter. Next, the new key may be activated by the one or more key holders. If the new key is activated, it may be designated as the new current key. The new current key may be employed to encrypt the transitional key and store it in a key array. Each additional rotated key may be stored in the key array after it is encrypted by the current cryptographic key. Further, in response to a submission of an unencrypted query value, one or more encrypted values that correspond to a determined number of rotated cryptographic keys are generated.
    Type: Grant
    Filed: April 8, 2013
    Date of Patent: November 4, 2014
    Assignee: Dark Matter Labs Inc.
    Inventors: Jeffrey Earl MacMillan, Jason Arthur Offrey
  • Publication number: 20140325213
    Abstract: A block management unification system and method for communicating a data file that includes a source component, a first rearrangement criterion, a first block encryption key, a second rearrangement criterion, a second block encryption key, a compression module, and an encryption module. The source component accesses the data file that is divided into a plurality of blocks. The first rearrangement criterion organize the blocks according to the first rearrangement criterion. The first block encryption key is inserted into the blocks. The second rearrangement criterion organize the blocks according to the second rearrangement criterion. The second block encryption key is inserted into the blocks. A compression module compresses the rearranged blocks. An encryption module encrypts the rearranged blocks with the first block encryption key and the second block encryption key.
    Type: Application
    Filed: July 12, 2013
    Publication date: October 30, 2014
    Applicant: XSETTE TECHNOLOGY, INC.
    Inventors: Albert Carlson, Steven B. Cohen, Lawrence duBoef, H. Stan Johnson
  • Publication number: 20140325216
    Abstract: A system for storing encrypted compressed data comprises a processor and a memory. The processor is configured to determine whether an encrypted compressed segment has been previously stored. The encrypted compressed segment was determined by breaking a data stream, a data block, or a data file into one or more segments and compressing and then encrypting each of the one or more segments. The processor is further configured to store the encrypted compressed segment in the event that the encrypted compressed segment has not been previously stored. The memory is coupled to the processor and configured to provide the processor with instructions.
    Type: Application
    Filed: April 3, 2014
    Publication date: October 30, 2014
    Applicant: EMC Corporation
    Inventor: Christopher R. Lumb
  • Publication number: 20140325214
    Abstract: A method of managing file security in a cluster environment is provided. The method includes passing a request for a file from a secure file system layer to a secure volume manager layer and locking at least a portion of the file as affected by the request, at a cluster file system layer. The method includes passing one or more keys from the secure file system layer to the secure volume manager layer. The method includes decrypting the file as received, in response to the request for the file including a read request for the file, prior to sending the decrypted file to the secure file system layer. The method includes encrypting the file as received, in response to the request for the file including a write request for the file, prior to sending the encrypted file to the input/output layer.
    Type: Application
    Filed: August 30, 2013
    Publication date: October 30, 2014
    Applicant: Vormetric, Inc.
    Inventor: Masoud Sadrolashrafi
  • Publication number: 20140325215
    Abstract: Methods and systems for encrypting data are disclosed. A circuit uses a white noise generator to capture a random string of bits as an encryption key. The encryption key is generated at a central server and is provided to a subscriber on a physical memory device. The subscriber uses the encryption key to encrypt a source data file. The encrypted data file is sent to the central server, which uses the encryption key to decrypt the encrypted data file and to recover the source data file. The file name for the source data file may be encrypted into the encrypted data file and a new name assigned to the encrypted data file. A random number index may be used to identify the starting point of the encrypted file.
    Type: Application
    Filed: March 11, 2014
    Publication date: October 30, 2014
    Inventor: Greg J. Wright
  • Publication number: 20140325217
    Abstract: Provided a database apparatus comprising a control means to execute data access control on a database, wherein the control means, receiving a database operation command from a user apparatus, comprises, regarding data and/or metadata to be handled associated with the database operation command, means for executing database operation or computation on encrypted data and/or encrypted metadata as is in ciphertext and means for executing database operation or computation on plaintext data and/or plaintext metadata, and the control means sends a processing result to the user apparatus.
    Type: Application
    Filed: November 9, 2012
    Publication date: October 30, 2014
    Applicant: NEC CORPORATION
    Inventor: NEC CORPORATION
  • Patent number: 8875271
    Abstract: Mechanisms are disclosed that allow for execution of unsigned content and the securing of resources in a closed system when such unsigned content is executing on the system. For example, an access layer is used between an operating system layer of the closed system and the actual unsigned content. This access layer may contain various sub-layers, such as a graphics layer, an audio layer, an input layer, and a storage layer. These layers can control access that the unsigned content can have to the native operating system layers and the associated resources of the closed system. By providing such an access layer, unsigned content, e.g., video games, can run on the closed system that is typically designed to run only signed content.
    Type: Grant
    Filed: December 8, 2006
    Date of Patent: October 28, 2014
    Assignee: Microsoft Corporation
    Inventors: Ronnie Donnel Yates, Jr., Albert Sing Ho, Thomas Wayne Miller, Jr., Paul L. Bleisch
  • Patent number: 8874909
    Abstract: There is a system and method for storing data of others using a processor and a memory device. The system includes an account module configured to manage a plurality of accounts, each account associated with an entity. The system includes an avatar module configured to permit entities to generate avatars for their accounts, wherein an avatar associates data with an account that is not required to be consistent with the account and not required to be consistent with data in other avatars of that same account. The system includes a transaction module configured to facilitate a plurality of transactions using trusted entity data. The system includes an encryption module configured to encrypt, using a processor, the transaction data with a plurality of paired half-keys.
    Type: Grant
    Filed: February 4, 2013
    Date of Patent: October 28, 2014
    Inventor: Daniel Joseph Lutz
  • Patent number: 8874907
    Abstract: Providing authentication of users accessing an NFS shared file system. A shared secret is used as a component of the mount point used to access the NFS share. Upon receiving a request to access to the data in the NFS share, the process creates at least one cryptographic value and then creates a path to the mount point which incorporates the cryptographic value. The process then creates the mount point at the path, e.g., /PATH:k1, where k1 is the cryptographic value. Creation of the mount point is preferably performed using NFS protocol semantics, without requiring any changes to the NFS protocol semantics. A second cryptographic value, k2, may be used for unmounting the mount point.
    Type: Grant
    Filed: September 28, 2007
    Date of Patent: October 28, 2014
    Assignee: Symantec Operating Corporation
    Inventors: Aaron Christensen, Prabhu Damodharan, William Browning, Weibao Wu, Xianbo Zhang
  • Patent number: 8874912
    Abstract: A system for transferring secured data has an authentication facilitator that transmits data indicative of a graphical key pad to a remote display device of a user computing device and, in response, receives from the user computing device icon location data indicative of locations of icons selected by a user. Additionally, the authentication facilitator recovers a personal identifier (PI) from the icon location data, translates the recovered PI to obtain a translated PI, and transmits the translated PI. The system further has a partner computing apparatus that receives the translated PI and allows the user access to a secured area based upon the translated PI.
    Type: Grant
    Filed: October 4, 2011
    Date of Patent: October 28, 2014
    Assignee: Accullink, Inc.
    Inventor: Timothy W. Barnett
  • Patent number: 8875310
    Abstract: A system and method of protecting digital media contents, which maintain compatibility with an existing system and block any attempt to illegally use the digital media contents having various formats, and which reduce a system load and maximize a possibility of reusing the digital media contents. The system includes a packager for analyzing a format of contents and encoding at least a portion of a data region located in a payload of the contents, and for generating encoded contents by inserting encoding information including at least one of an encoding key value and contents information into the contents; and a digital rights management (DRM) server for receiving a request for a license and the encoding information from an external device which receives the encoded contents, for confirming the encoding information and then generating a license which is used to decode the encoded contents, and for providing the generated license to the external device.
    Type: Grant
    Filed: March 19, 2010
    Date of Patent: October 28, 2014
    Assignee: Fasoo.com Co., Ltd.
    Inventors: Eunbum Kim, Kwanghoon Kim
  • Patent number: 8874934
    Abstract: Disclosed is an operating method of a non-volatile memory device which comprises randomizing data to store the randomized data; erasing the randomized data; and outputting erase data according to information of a flag cell of the non-volatile memory device at a read operation.
    Type: Grant
    Filed: February 24, 2010
    Date of Patent: October 28, 2014
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Jung Hoon Park, Sung Soo Lee
  • Patent number: 8874908
    Abstract: This disclosure describes a process for storing data on a central server with a plurality of users, each of them having their own user password used for creating a user key, being respectively assigned to some of these users, and some of the data, being divided into data blocks to be uploaded, and each data block being compared to data blocks on the server based on a unique data block ID value in order to determine whether a corresponding data block is already stored on the server and to upload to the server those data blocks which are not already present, a data block list to be uploaded being created and uploaded to the central server, so that in a data recovery step data stored on the central server which are requested by the user can be restored in their original form based on said list.
    Type: Grant
    Filed: November 7, 2012
    Date of Patent: October 28, 2014
    Assignee: Wolfgang Raudaschl
    Inventor: Wolfgang Raudaschl
  • Patent number: 8869283
    Abstract: A method or system of receiving an electronic file containing content data in a predetermined data format, the method comprising the steps of: receiving the electronic file, determining the data format, parsing the content data, to determine whether it conforms to the predetermined data format, and if the content data does conform to the predetermined data format, regenerating the parsed data to create a regenerated electronic file in the data format.
    Type: Grant
    Filed: April 4, 2012
    Date of Patent: October 21, 2014
    Assignee: Glasswall (IP) Limited
    Inventor: Nicholas John Scales
  • Patent number: 8869292
    Abstract: A 3D object is protected by a first device that receives the 3D object, generates translation vectors that are added to the points of the 3D object to obtain a protected 3D object, and outputs the protected 3D object. The protected 3D object is unprotected by a second device by receiving the protected 3D object, generating translation vectors that are subtracted from the points of the protected 3D object to obtain an unprotected 3D object, and outputting the unprotected 3D object. Also provided are the first device, the second device and computer readable storage media.
    Type: Grant
    Filed: May 1, 2012
    Date of Patent: October 21, 2014
    Assignee: Thomson Licensing
    Inventors: Marc Eluard, Yves Maetz, Sylvain Lelievre
  • Patent number: 8869240
    Abstract: A system for pairing two devices includes a monitoring system and a server. The monitoring system receives a request made by a local submitter, such as servicing device or a technician operating the servicing device, for accessing diagnostic data of the monitoring system. The monitoring system initiates a request made to the server for connecting the monitoring system with the servicing device. The server generates pairing information and transmits the pairing information to the monitoring system. The server determines that a pairing key is received as input at the servicing device and/or monitored device and determines if the pairing key matches the pairing identification. If the server determines that there is a match, the server relays diagnostic data received from the monitoring system to the servicing device.
    Type: Grant
    Filed: November 28, 2011
    Date of Patent: October 21, 2014
    Assignee: Xerox Corporation
    Inventors: Frederic Roulland, Nicolas Hairon, Ruhul Islam, Yves Hoppenot
  • Publication number: 20140310519
    Abstract: A key-based method for controlling access in a social network service includes: generating a core key and sub keys by segmenting a master key that is unique to a file owner, with the sub keys assigned differently to multiple groups that are divided according to trust level and relationship type; determining the group to which a file requester belongs by using at least one of a friend list of the file requester, a trust level between the file requester and the file owner, and a friend list of the file owner, and distributing a sub key corresponding to the determined group to the file requester, when the file requester requests a key distribution; and determining whether or not access to a file of the file owner is authorized by using the sub key distributed to the file requester and the core key, when the file requester requests the file.
    Type: Application
    Filed: April 10, 2014
    Publication date: October 16, 2014
    Applicant: Foundation of Soongsil University-Industry Cooperation
    Inventors: MyungSik Yoo, Wenji Quan
  • Publication number: 20140310520
    Abstract: A method for transmitting control data and an electronic device are provided. The electronic device includes a control data processor for generating control data, and a file processor for generating a control data file comprising the control data generated by the control data processor and transmitting the control data file to another electronic device using a file transfer protocol.
    Type: Application
    Filed: April 16, 2014
    Publication date: October 16, 2014
    Applicant: Samsung Electronics Co., Ltd.
    Inventors: Hak-Bong CHO, In-Chul LEE
  • Publication number: 20140310521
    Abstract: An invalidation scheme of a secret key is implemented, which is usable for a functional encryption scheme. In a cryptographic processing system 10 employing an encryption scheme with which if attribute information and key information set in encrypted data do not correspond to attribute information and key information set in a secret key, the encrypted data cannot be decrypted using the secret key, an encrypted data management device 200 is provided, which carries out a relay between a user terminal 100 carrying out encryption and decryption of data and an encrypted data storage device 300 storing encrypted data. The encrypted data management device 200 determines whether or not a user whose secret key is invalid is included in users having attribute information set in the encrypted data acquired from the encrypted data storage device 300, and sets a different value as key information in the encrypted data based on the determination result.
    Type: Application
    Filed: December 20, 2011
    Publication date: October 16, 2014
    Applicant: Mitsubishi Electric Corporation
    Inventors: Sachihiro Ichikawa, Nori Matsuda, Tadakazu Yamanaka, Katsuyuki Takashima
  • Publication number: 20140310518
    Abstract: A method comprising encrypting a segment in response to receiving a segment request to generate an encrypted segment, and sending the encrypted segment, wherein encrypting the segment comprises encrypting a data content segment and a non-media segment in accordance with information provided in a dynamic adaptive streaming over hypertext transfer protocol (HTTP) (DASH) media presentation description (MPD), and wherein encrypting the segment generates an encrypted data content segment and an encrypted non-media segment. A method comprising sending a segment request, receiving an encrypted segment, wherein the encrypted segment comprises an encrypted data content segment and an encrypted non-media segment, and decrypting the encrypted segment in accordance with information provided in a DASH MPD to generate a data content segment and a non-media segment, wherein the non-media segment comprises a non-playable media.
    Type: Application
    Filed: April 8, 2014
    Publication date: October 16, 2014
    Applicant: Futurewei Technologies, Inc.
    Inventor: Alexander Giladi
  • Patent number: 8863307
    Abstract: Disclosed are various embodiments of generating a user signature associated with a user and authenticating a user. At least one behavior associated with at least one sensor in a computing device is identified. A timestamp is generated and associated with the behavior. A user signature corresponding to a user based at least in part upon the behavior and the timestamp is generated and stored.
    Type: Grant
    Filed: June 29, 2012
    Date of Patent: October 14, 2014
    Assignee: Broadcom Corporation
    Inventor: Noam Sorek
  • Patent number: 8863302
    Abstract: A digital content protection apparatus and method for digital rights management (DRM) are provided in which a content file including a plurality of content parts is imported such that a header is included which stores location information required for decoding each of the content parts. Therefore, the number of content parts constituting the content file can be recognized, and a license that is required for the use of each of the content parts can be acquired by analyzing header information without necessitating the parsing of the transport packets of the content file. Accordingly, preparation time for using content can be reduced.
    Type: Grant
    Filed: September 19, 2006
    Date of Patent: October 14, 2014
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Young-sun Yoon, Bong-seon Kim
  • Patent number: 8863241
    Abstract: The present invention disclose a system for securing managing usage rights of plurality of software applications in plurality of client computers devices to be authorized by a server application.
    Type: Grant
    Filed: February 8, 2011
    Date of Patent: October 14, 2014
    Inventors: Michael Ratiner, Alexander Aurovsky, Anatoly Hurgin, Alexander Rubinov
  • Patent number: 8862877
    Abstract: A method and system for providing data anonymously is provided. The method involves receiving an encrypted operator match ID by a client device from a first entity, where the encrypted operator match ID is encrypted using a first encryption key; decrypting the encrypted operator match ID using a first decryption key, associated with the first encryption key, by the client device to obtain a decrypted operator match ID; encrypting the decrypted operator match ID using a second encryption key by the client device to obtain a re-encrypted operator match ID; and sending the client device usage information with the re-encrypted operator match ID by the client device to a second entity through an anonymous channel, where the second entity decrypts the re-encrypted operator match ID using a second decryption key, associated with the second encryption key, to obtain the operator match ID.
    Type: Grant
    Filed: August 12, 2008
    Date of Patent: October 14, 2014
    Assignee: TiVo Inc.
    Inventor: David C. Platt
  • Patent number: 8863224
    Abstract: Herewith disclosed a method and system for computerized managing a plurality of data protection (DP) resources. The computerized management comprises obtaining data related to at least part of the DP resources among said plurality of DP resources, wherein at least part of data is obtained by automated collecting; accommodating the obtained data in a data repository thus giving rise to accommodated data; processing the accommodated data, said processing resulting in at least one of the following: a) identifying one or more data protection (DP) schemes characterizing DP resources and/or relationship thereof; and b) identifying one or more data protection (DP) gaps.
    Type: Grant
    Filed: May 22, 2008
    Date of Patent: October 14, 2014
    Assignee: Continuity Software Ltd.
    Inventors: Gil Hecht, Doron Pinhas, Doron Gordon
  • Patent number: 8862879
    Abstract: An encryption based method of enabling a plurality of parties to share, create, hide, or reveal message or token information over a network includes a commutative group cipher (CGC), where the underlying CGC is secure against ciphertext-only attack (COA) and plaintext attacks (KPA), and is deterministic. The protocols do not require a trusted third party (TTP), and execute rapidly enough on ordinary consumer computers as to be effective for realtime play among more than two players. Protocols are defined which include VSM-L-OL, VSM-VL, VSM-VPUM, and VSM-VL-VUM, wherein the letters V, O, SM, P, and UM represent, respectively, Verified, Locking Round, Open, Shuffle-Masking Round, Partial, and Unmasking Round.
    Type: Grant
    Filed: April 13, 2011
    Date of Patent: October 14, 2014
    Inventor: Sergio Demian Lerner
  • Publication number: 20140304506
    Abstract: A system that includes an account management module configured to maintain protected accounts. For instance, a particular protected account includes a protected data set that is not readable outside of the system, and perhaps not even readable outside of the account. The particular data set corresponds to a particular entity assigned to the particular account and that includes keys corresponding to the particular entity. A security processor uses at least some of the plurality of keys to perform cryptographic processes in response to one or more trusted execution environment commands received from the particular entity.
    Type: Application
    Filed: June 23, 2014
    Publication date: October 9, 2014
    Inventors: Mark F. Novak, Andrew John Layman, Magnus Nyström, Stefan Thom
  • Publication number: 20140304505
    Abstract: Embodiments herein provide methods, apparatus, computer program products, software and means for (1) an abstraction layer for default encryption, (2) with orthogonal encryption logic session object, and (3) automated authentication, (4) with a method for online litigation. In some cases subject matter disclosed herein relates to default data encryption; use a user's registration data to generate an encryption logic and related executable code, including servers and client applications; encryption as an automatic background task occurring through variable encryption logic, with authentication; embodiments are also described for conducting online litigation through pleadings formed as meta-files that trigger litigation related algorithms in order to automate and coordinate litigation.
    Type: Application
    Filed: March 15, 2013
    Publication date: October 9, 2014
    Inventor: William Johnson Dawson
  • Patent number: 8856521
    Abstract: The invention discloses a file protecting method and a system therefor, relating to the information security field. The method includes: an application receives an instruction for opening a protected file sent by a user and invokes an upper interface of an operation system, and the upper interface sends an instruction for opening the protected file sent by a file system, and a filter driver intercepts the instruction for opening the protected file sent by the upper-layer interface to the file system, if the filter driver determines that the application is valid, it creates an image file on a virtual disk for the protected file, and returns a handler of the image file and reads or writes the protected file by the handler, which avoids a possible disclosure of plain text of the protected file in a buffer in prior art.
    Type: Grant
    Filed: May 4, 2011
    Date of Patent: October 7, 2014
    Assignee: Feitian Technologies Co., Ltd.
    Inventors: Zhou Lu, Huazhang Yu
  • Patent number: 8856920
    Abstract: A system and method are provided for supporting storage and analysis by law enforcement agency premises equipment of intercepted network traffic. The system and method provide integrity of the intercepted network traffic stored in an archive in accordance with lawful intercept requirements by storing all of the intercepted traffic, both benign and malicious, in the archive in its original form. The system and method furthermore provide for security from any malicious data packets of the archive by separating the malicious packets from the benign packets and forwarding only the benign packets to analysis applications of the law enforcement agency premises equipment.
    Type: Grant
    Filed: September 18, 2006
    Date of Patent: October 7, 2014
    Assignee: Alcatel Lucent
    Inventors: Faud Ahmad Khan, Dmitri Vinokurov, Vinod Kumar Choyi
  • Patent number: 8856520
    Abstract: Secure key management includes populating a section of information associated with a key, the section of information being populated with information relating to a level of protection of the key accumulated over time. Secure key management further includes securely binding the section of information to the key, wherein the key is encrypted.
    Type: Grant
    Filed: October 15, 2012
    Date of Patent: October 7, 2014
    Assignee: International Business Machines Corporation
    Inventors: Todd W. Arnold, Elizabeth A. Dames, Carsten D. Frehr, Michael J. Kelly, Kenneth B. Kerr, Richard V. Kisley, Eric D. Rossman, Eric B. Smith
  • Publication number: 20140298012
    Abstract: Systems and methods are provided for creating and using a sharable file-level key to secure data files. The file-level key is generated based on a workgroup key associated with the data file and unique information associated with the data file. The file-level key may be used to encrypt and split data. Systems and methods are also provided for sharing data without replicating the data on an end user machine. Data is encrypted and split across an external/consumer network and an enterprise/producer network. Access to the data is provided using a computing image generated by a server in the enterprise/producer network and then distributed to end users of the external/consumer network. This computing image may include preloaded files that provide pointers to the data. No access or replication of the data on the enterprise/producer network is needed in order for a user of the external/consumer network to access the data.
    Type: Application
    Filed: April 8, 2014
    Publication date: October 2, 2014
    Applicant: SECURITY FIRST CORP.
    Inventors: Rick L. Orsini, Mark S. O'Hare, Gabriel D. Landau, Matthew Staker, William Yakamovich
  • Patent number: 8850596
    Abstract: Embodiments relate to a process for identifying data leakage in a data storage system. A table is created with multiple units. Each unit in the table has a unique identifier as a leading key in a schema. Two partitions are set in the table, and one of the partitions is set as unavailable. One or more queries are run on the table. Any queries that attempt to access the unavailable partition are identified through an error message or other alert.
    Type: Grant
    Filed: November 8, 2012
    Date of Patent: September 30, 2014
    Assignee: Microsoft Corporation
    Inventor: Chandru Ramakrishnan
  • Patent number: 8850193
    Abstract: Systems and methods for selective authorization of code modules are provided. According to one embodiment, file system or operating system activity relating to a code module is intercepted by a kernel mode driver of a computer system. The code module is selectively authorized by authenticating a cryptographic hash value of the code module with reference to a multi-level whitelist. The multi-level whitelist includes (i) a global whitelist database remote from the computer system that is maintained by a trusted service provider and that contains cryptographic hash values of approved code modules, which are known not to contain viruses or malicious code and (ii) a local whitelist database containing cryptographic hash values of at least a subset of the approved code modules. The activity relating to the code module is allowed when the cryptographic hash value matches one of the cryptographic hash values of approved code modules within the multi-level whitelist.
    Type: Grant
    Filed: January 14, 2014
    Date of Patent: September 30, 2014
    Assignee: Fortinet, Inc.
    Inventors: Andrew F. Fanton, John J. Gandee, William H. Lutton, Edwin L. Harper, Kurt E. Godwin, Anthony A. Rozga
  • Patent number: 8850512
    Abstract: Each virtual machine in a set of virtual machines managed by the virtual machine manager is identified. For each virtual machine in the set, it is determined whether the respective virtual machine is online. For at least the virtual machines determined to be offline, a machine image is collected for each offline virtual machine. Security of the offline virtual machines is assessed from the collected images. For virtual machines identified as online, an agent is loaded on each online virtual machine in the set via the virtual machine manager. The loaded agents are used to assess security of the online virtual machines in the set.
    Type: Grant
    Filed: October 13, 2011
    Date of Patent: September 30, 2014
    Assignee: McAfee, Inc.
    Inventors: Michael Price, Anthony Bettini
  • Patent number: 8848919
    Abstract: Providing revocation status of at least one associated credential includes providing a primary credential that is at least initially independent of the associated credential, binding the at least one associated credential to the primary credential, and deeming the at least one associated credential to be revoked if the primary credential is revoked. Providing revocation status of at least one associated credential may also include deeming the at least one associated credential to be not revoked if the primary credential is not revoked. Binding may be independent of the contents of the credentials and may be independent of whether any of the credentials authenticate any other ones of the credentials. The at least one associated credential may be provided on an integrated circuit card (ICC). The ICC may be part of a mobile phone or a smart card.
    Type: Grant
    Filed: June 18, 2012
    Date of Patent: September 30, 2014
    Assignee: Assa Abloy AB
    Inventors: Eric F. Le Saint, Robert S. Dulude
  • Patent number: 8850231
    Abstract: Disclosed are a method and apparatus for a data storage library comprising a plurality of drives and a combination bridge controller device adapted to direct and make compatible communication traffic between a client and the plurality of drives. The combination bridge controller device is further adapted to encrypt a first data package received from the client. The combination bridge controller device is further adapted to transmit the encrypted first data package, a first moniker and a first message authentication code to one of the plurality of drives for storage to a cooperating mobile storage medium. The combination bridge controller device is further adapted to decrypt the first data package when used in combination with a first key associated with the first moniker and guarantee the decryption of the first data package was successfully accomplished with authentication of the first message authentication code.
    Type: Grant
    Filed: December 18, 2009
    Date of Patent: September 30, 2014
    Assignee: Spectra Logic Corporation
    Inventors: Matthew Thomas Starr, Jeff Robert Boyton, Nathan Christopher Thompson
  • Patent number: 8850526
    Abstract: A computer implemented method and system for protecting information and resources in an online environment is provided. A process initialization monitor application monitors process initialization of a client application provided on a user's communication device. The client application identifies and authenticates one or more components operating on the communication device and one or more third party applications attempting to access the client application. The client application performs the authentication by performing a code integrity check integrated in the client application independent of the communication device, and grants access to the authenticated components and the authenticated third party applications. The client application protects information being processed, exchanged, stored, and displayed within the client application.
    Type: Grant
    Filed: June 23, 2011
    Date of Patent: September 30, 2014
    Assignee: K7 Computing Private Limited
    Inventors: Kesavardhanan Jayaraman, Ahmad Abdul Lateef, Gregory Ravi Panakkal, Babu Katchapalayam
  • Publication number: 20140289518
    Abstract: A method of securely storing and sharing information through social networking websites is disclosed. The method makes it possible to proscribe image data that retains information even through the JPEG compression process typically used in social networking sites. This embedding technique is coupled with encryption and information salting techniques to build a robust information encoding technique to store arbitrary, sensitive data in images. The invention further incorporates methods of permitting advertising through the information sharing process.
    Type: Application
    Filed: March 17, 2014
    Publication date: September 25, 2014
    Inventor: Tuhin Sinha
  • Publication number: 20140289517
    Abstract: Embodiments of a method and apparatus for securing and accessing files are generally described herein. In some embodiments, the method includes adding a communication portion to the file. The communication portion may communicate with an authentication agent on the first computing device. The method may include encrypting data of the file using a first key received through the communication portion from the authentication agent. The first key may be generated based on identification information of a second computing device in a trusted network of computing devices with the first computing device. The method may include saving the file to a remote file storage location.
    Type: Application
    Filed: March 19, 2013
    Publication date: September 25, 2014
    Inventors: Matthew D. Neumann, Michael W. Smith
  • Patent number: 8843442
    Abstract: Systems and methods for publishing datasets are provided herein. According to some embodiments, methods for publishing datasets may include receiving a request to publish a dataset to at least one of an internal environment located within a secured zone and an external environment located outside the secured zone, the request comprising at least one selection criteria, selecting the dataset based upon the at least one selection criteria, the dataset being selected from an index of collected datasets, and responsive to the request, publishing the dataset to at least one of the internal environment and the external environment.
    Type: Grant
    Filed: January 18, 2013
    Date of Patent: September 23, 2014
    Assignee: Recommind, Inc.
    Inventor: Robert Tennant
  • Patent number: 8843915
    Abstract: A computing device to determine whether to update using a computer file by generating a file signature for that computer file based on its file header information and comparing the file signature to a collection of file signatures for updates already applied for matches.
    Type: Grant
    Filed: July 28, 2011
    Date of Patent: September 23, 2014
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventor: Fletcher Liverance
  • Patent number: 8842840
    Abstract: Systems and methods providing a key management platform that generates and distributes demand-based encryption and decryption keys are described. In one embodiment, among others, a key management system comprises a processor to receive, from a requester system, a request to generate a private encryption key and a public encryption key; receive, from the requester system, identification information identifying a receiver system; generate a first private encryption key and a first public encryption key in response to receiving the request; send the first private encryption key to the requester system; and send the first public encryption key to the receiver system.
    Type: Grant
    Filed: November 2, 2012
    Date of Patent: September 23, 2014
    Inventor: Arvind Gidwani
  • Patent number: 8842837
    Abstract: Methods and apparatus for providing seamless functionality in a computer are disclosed. For example, an encrypted file system manager is included to layer an encoded File Allocation Table on top of a disk and to pass to the operating system an Embedded Root Key to provide access to an encrypted Firmware Interface System Partition.
    Type: Grant
    Filed: March 5, 2012
    Date of Patent: September 23, 2014
    Assignee: Intel Corporation
    Inventors: Vincent J. Zimmer, Michael A. Rothman
  • Patent number: 8843998
    Abstract: Embodiments of apparatus, systems and methods facilitate deployment of distributed computing applications on hybrid public-private infrastructures by facilitating secure access to selected services running on private infrastructures by distributed computing applications running on public cloud infrastructures. In some embodiments, a secure tunnel may be established between proxy processes on the public and private infrastructures and communication between the distributed computing application and the selected services may occur through the proxy processes over the secure tunnel.
    Type: Grant
    Filed: November 25, 2011
    Date of Patent: September 23, 2014
    Assignee: Cliqr Technologies, Inc.
    Inventors: Tianying Fu, Gaurav Manglik, Xuefeng Zhu