Patents - stay tuned to the technology

Inventors list

Assignees list

Classification tree browser

Top 100 Inventors

Top 100 Assignees


File protection

Subclass of:

713 - Electrical computers and digital processing systems: support

713150000 - MULTIPLE COMPUTER COMMUNICATION USING CRYPTOGRAPHY

713164000 - Security kernel or utility

Patent class list (only not empty are listed)

Deeper subclasses:

Entries
DocumentTitleDate
20080215881Method Of Encrypting/Decrypting The Document And A Safety Management Storage Device And System Method Of Its Safety Management - A method of encrypting/decrypting the document and a safety management storage device and system method of its safety management, using for the safety management of electronic documents, the said system comprising a PC or mainframe installed with common reading software and a storage device of safety management connected to the said PC/mainframe through hot-plug; when connected to the mainframe, the said storage device is enumerated as a USB CDROM device at least. The user owns the said storage device can encrypt the electronic documents by using the encryption keys to generate an encrypted document with the same file type, also can open the encrypted document by using common reading software, and then use the document according to the predetermined operation authority. By using present invention, the users and the range of using the documents will be limited through the control of the distribution of the said storage devices, thus, a document safety management system with high security and easy-use will be established, and with the advantage of easy control, low cost of investment and maintenance.09-04-2008
20080263355Method and System for Encrypting Files Based on Security Rules - The present disclosure is directed to a method and system for encrypting files based on security rules. In accordance with a particular embodiment of the present disclosure, a request to store a file on a storage device is received. At least one security parameter associated with a security profile of the file is identified. It is determined whether to encrypt the file by applying at least one security rule to the security parameter. The security rule includes selection criteria. The file is encrypted if the security rule indicates the file should be encrypted. The file is stored on the storage device.10-23-2008
20080270792SYSTEM AND METHOD OF ENCRYPTING AND DECRYPTING DIGITAL FILES PRODUCED BY DIGITAL STILL DEVICES - An exemplary system of encrypting and decrypting a digital file in a digital device is disclosed. The digital file includes an encrypting module and a decrypting module. The encrypting module includes a file-choosing block choosing a digital file to be encrypted, a code-building block producing a code for the chosen digital file and an encrypting block rendering the code for storing in the EXIF of the chosen digital file. The decrypting module includes a file-selecting block selecting an encrypted digital file, a code-taking block receiving an input code, a code-checking block comparing the input code with the code stored in the EXIF, and a decrypting block decrypting the selected file when the input code is identical to the code stored in the EXIF.10-30-2008
20080320304Method of Accessing Data Content in Storage Devices - There is provided a data storage device (12-25-2008
20090024847KVM SWITCH - File management methods are disclosed, in which a host acquires at least one input signal from an input device via a keyboard-video-mouse (KVM) switch having a security key and determines whether the input signal comprises a first request for encrypting or decrypting at least one specific file. When the input signal comprises the first request by the host, the host acquires the security key from the KVM switch and encrypts or decrypts the specific file via the security key.01-22-2009
20090044010System and Methiod for Storing Data Using a Virtual Worm File System - A system and method for storing data in a virtual file system using write once read many (WORM) protection includes a WORM server in communication with one or more storage devices and a controller in communication with the WORM server. A first time stamping process for creating a first time stamp for a data object based on instructions applied by the controller for storage on the WORM server. A second time stamping process for creating a second time stamp for the data object for storage on the WORM server. The second time stamping process creates the second time stamp for the data object and first time stamp to ensure the integrity of the data object stored on the system.02-12-2009
20090070580Portable electronic file protection system - The portable electronic file protection system includes at least one memory device removably disposed in communicative relation with any one of a plurality of computers. The memory device includes computer readable content contained thereon wherein the content includes electronic file protection software and at least one set of encryption key data. Further, the said electronic file protection software is executable while the memory device is disposed in communicative relation with any one of said plurality of computers.03-12-2009
20090077377System and method of protecting content of an electronic file for sending and receiving - A system and method of protecting the content of an electronic file for sending and receiving. The invention includes providing unique local encryption key data correspondingly associated with a sender, and providing unique remote encryption key data correspondingly associated with a receiver. In addition, the method includes orienting the electronic file in an encrypted mode by utilizing at least one set of the unique local encryption key data and at least one set of the remote encryption key data.03-19-2009
20090077378QUERYING ENCRYPTED DATA IN A RELATIONAL DATABASE SYSTEM - A client-server relational database system, wherein data from the client computer is encrypted by the client computer and hosted by the server computer, the encrypted data is operated upon by the server computer, using one or more operators selected from a group of operators comprising: (a) inequality logic operators, (b) aggregation operators, and (c) wildcard matching operators, to produce an intermediate results set, the intermediate results set is sent from the server computer to the client computer, and the intermediate results set is decrypted and filtered by the client computer to produce actual results. The group of operators is limited because the encrypted results set, when decrypted, includes inaccuracies therein. The client computer applies a set of correction procedures to the decrypted results set to remove the inaccuracies therein.03-19-2009
20090083541METHOD AND APPARATUS FOR DISTRIBUTING DIGITAL CONTENT - The present invention provides a system in which audio files are distributed that include watermarks, digital signatures and/or encryption. The file may offer content owners some amount of playback control, while offering the consumer value-added content & services, and maintaining backward compatibility to existing digital file players such as MP3 players. By enticing the consumer with value-added content and services alongside the purchased songs, the consumer is encouraged to obtain these files from participating retailers and to replay the files using compliant players.03-26-2009
20090106552RIGHTS MANAGEMENT SERVICES-BASED FILE ENCRYPTION SYSTEM AND METHOD - A method to leverage Windows Rights Management Services (RMS) to provide protection and sharing of encryption keys to file systems. Windows Rights Management Services (RMS) that enables users to share protected content without having to exchange encryption certificates or passwords. Using the method any EFS can be extended to protect its FEKs and assign it user access rights using RMS. This enables EFSs to delegate key sharing, management and recovery to the RMS system. User rights to FEKs are derived from files security descriptor information or as explicitly specified by users. Whenever an encrypted file is created its FEK is protected using RMS and the resulting byte stream is stored in the file encryption metadata information. When a user tries to access an encrypted file and doesn't have a private key to decrypt the FEK, the EFS transparently extracts the RMS protected byte stream from the file encryption metadata information. It then uses RMS to try and obtain access to the FEK stored in the bytes stream using the user security context. If the user is authorized access and the FEK is successfully obtained then EFS is able to decrypt the file data and the user is granted access. The FEK is protected with the user master key, encryption certificate or password and cached in the system protected non-page memory or local stable storage. This enables the system to reuse the FEK for the user on the next file access. If the user doesn't hold rights to extract the FEK then the user is denied access.04-23-2009
20090138706TECHNIQUES FOR SEARCHING ENCRYPTED FILES - Techniques for efficiently searching encrypted searchable spaces. For example, embodiments of the present invention provide techniques for searching a plurality of files that are stored in encrypted (or ciphertext) form. According to embodiments of the present invention, the search can usually be performed by decrypting only a portion of the encrypted searchable space. According to an embodiment of the present invention, the search techniques determine a set of files comprising one or more files from the plurality of encrypted files that contain a user-specified query element. The set of files is usually determined by decrypting only a subset of the plurality of encrypted files.05-28-2009
20090144545COMPUTER SYSTEM SECURITY USING FILE SYSTEM ACCESS PATTERN HEURISTICS - A system for computer system security using file system access pattern heuristics is provided. The system includes access patterns to establish nominal read and write frequencies to a file system using heuristics, dynamic policies, and a policy manager. The policy manager monitors accesses to the file system to determine read and write access frequencies to the file system. The policy manager also compares the read and write access frequencies to the access patterns, and determines whether the read and write access frequencies exceed the access patterns per the dynamic policies. The policy manager further identifies an attack on the file system in response to exceeding the dynamic policies, where the identified attack is associated with a communication path to the file system. The policy manager additionally modifies an aspect of access via the communication path in accordance with the attack response in the dynamic policies to mitigate the attack.06-04-2009
20090158037SYSTEM AND METHOD FOR PROTECTING AN ELECTRONIC FILE - A method for protecting an electronic file is provided. The method symmetrically encrypts the electronic file with a symmetric key, and asymmetrically encrypts the symmetric key. In addition, the method calculates a message digest for the encrypted electronic file, and obtains a trusted timestamp for the message digest. The method may provide security and authenticity for the electronic file.06-18-2009
20090164779FILE SYSTEM FILTER AUTHENTICATION - A software entity on a host device attempting to access protected content in a secure memory device must be authenticated using a challenge/response authentication mechanism before the secure file system can be accessed. A file system filter determines whether requested content is protected. If the content is protected, the file system filter provides a challenge to the software entity and generates a file system filter response using the same challenge. The software entity must then send a software entity response using the challenge to the file system filter. If the file system filter determines that the software entity response matches the file system filter response, the software entity is allowed to access the protected content through a secure file system installed on the host device for the memory device.06-25-2009
20090164780VOLUME MANAGEMENT METHOD IN A STORAGE APPARATUS HAVING ENCRYPTION FEATURE - The invention provides a computer system including a storage apparatus having an encryption feature, a management computer for running a management program for managing the storage apparatus, and an application host computer, wherein when allocating a logical volume or creating a copy pair, the management program selects, from the storage apparatus, a logical volume that satisfies a security level required by an application program that uses the logical volume to allocate the logical volume or create a copy pair.06-25-2009
20090164781Methods and Apparatus for Secure Content Routing - Systems and methods are described which provide handling and secure routing of an article of content in accordance with a code or instruction set identifier embedded in or associated with the article of content. In one aspect, the invention provides a content handling system that comprises a digital data store containing a plurality of instruction sets, each defining a content handling workflow. The system further includes a content handling engine in communication with the store, wherein the content handling engine identifies a code associated with an article of content and executes workflow processing in accordance with an instruction set associated with the code. In various embodiments, an article of content comprises digitally encoded information (e.g., containing one or more of text, image, audio, video, data, and PACS data) and/or information otherwise convertible to digital format (e.g., printed matter, images, film, and audio recordings).06-25-2009
20090193252METHOD AND SYSTEM FOR SECURE PEER-TO-PEER COMMUNICATION - The invention provides a server system, client, method and program element for distributing content in a peer-to-peer network. The server system spits a file into segments and makes copies of the segments for clients to download. Each segment is encrypted with a unique encryption key and marked. Identifiers of encrypted segments are transmitted to clients such that each client receives a unique set of identifiers enabling the client to download a unique set of encrypted segments from other clients and/or from the server system.07-30-2009
20090300351FAST SEARCHABLE ENCRYPTION METHOD - The present invention provides a method, apparatus and system for fast searchable encryption. The data owner encrypts files and stores the ciphertext to the server. The data owner generates an encrypted index according to each keyword of the files, and stores the encrypted index to the server. The index is composed of keyword item sets each being identified by a keyword item set locator and containing at least one or more file locators of the files associated with the corresponding keyword. Each file locator contains ciphertext of information for retrieval of an encrypted file and only with the correct file locator decryption key can the ciphertext be decrypted. Data owner issues a keyword item set locator as well as file locator decryption key to a searcher to enable the searcher to search on the encrypted index and retrieve files related to a certain keyword.12-03-2009
20090319785METHOD AND SYSTEM OF ACCESSING COPY-PREVENTED ENCRYPTED DATA RESOURCES OVER A NETWORK - A system of accessing a copy-prevented encrypted data file transmitted over a network includes a server apparatus having data files; and a client apparatus comprising a read apparatus and a temporary storage. A data file in a server apparatus is accessed through the network from the client apparatus and cached in the temporary storage, and the data file cached in the temporary storage is obtainable by the read apparatus for human recognition of the content of the data file. The read apparatus is not capable of at least one of printing and saving as. The present invention also provides a method of accessing a copy-prevented encrypted data file from a server apparatus. The system and method improve data file transmission security and decrease the possibility of copying and decrypting the data file.12-24-2009
20090319786Electronic data security system and method - A security system capable of providing seamless access to, and encryption of, electronic data. The security system integrates into an operating environment and intercepts calls between the operating environment and one or more Productivity Applications within the operating environment, thereby ensuring security policies are properly applied to all sensitive data wherever the data travels or resides.12-24-2009
20090327711AUTHENTICATION OF BINARIES IN MEMORY WITH PROXY CODE EXECUTION - Presented is an anti-tampering method that validates and protects specific sections of a binary file. In one embodiment, this method permits a proxy engine to execute (via emulation by a virtual machine) the protected code on behalf of the binary in kernel mode upon successful completion of an integrity check. The integrity check can optionally check only the specific parts of code that the developer wishes to validate. The integrity check can cross binary boundaries. Moreover, the integrity check can be done on a hard drive or in memory. Furthermore, since the encrypted code is executed by the proxy engine in kernel mode, hackers are further deterred from modifying the code. Additionally, a method of creating a protected binary file is described herein.12-31-2009
20090327712SYSTEM AND METHOD FOR VARIABLE ENCRYPTION - A method for variable encryption of a plurality of files. The method serves a plurality of subscribers. The method includes receiving a request from one of the plurality of subscribers to download at least one of the plurality of files and receiving authorization to download the at least one of the plurality of files. The method also includes accessing the at least one of the plurality of files, encrypting the at least one of the plurality of files and inserting a key into the encrypted at least one of the plurality of files. Finally, the method includes downloading the encrypted at least one of the plurality of files to the one of the plurality of subscribers, extracting the key and deciphering the encrypted at least one of the plurality of files, thereby making available decrypted at least one of the plurality of files to the one of the plurality of subscribers.12-31-2009
20100005293Systems and Methods for Accessing Secure and Certified Electronic Messages - The present disclosure provides systems and methods for accessing secure and certified electronic messages using a combination of biometric security, a separate and secure network and email infrastructure, email management processes, and the addition of text, audio and visual format options to sending emails messages.01-07-2010
20100031034METHOD AND APPARATUS FOR PROTECTING FILE IN DIRECT PRINTING - Provided are a method and apparatus for protecting files to be directly printed. The method includes transmitting an encryption key, when an encrypted file is received, receiving a password of the file encrypted using the encryption key, decrypting the password using a decryption key corresponding to the encryption key, and decrypting the encrypted file using the decrypted password. Accordingly, in performing direct printing, the transmitted file can be protected by encryption. Also, since the password of the file is encrypted and decrypted, the password is not required to be directly input to the printing device and other printing devices can be safely used along with the printing device to which the password is input, thereby increasing convenience for user input.02-04-2010
20100037047Method for Controlling Access to File Systems, Related System, Sim Card and Computer Program Product for Use therein - Users of mobile terminals in a communication network are provided controlled access to files in a file system through the steps of configuring the files as a file body containing a file content and a file header containing content profile information; providing a security identity module and a secure agent; storing in the security identity module user profile information identifying a set of content profiles allowed for access to the file system; extracting, via the secure agent, the content profile information from the headers of the files; retrieving, via the secure agent, the user profile information stored in the security identity module; checking the user profile information and the content profile information; and providing the user with access to those files in the file system for which the user profile information and the content profile information are found to match.02-11-2010
20100037048INPUT/OUTPUT CONTROL AND EFFICIENCY IN AN ENCRYPTED FILE SYSTEM - An approach for improving input/output control and efficiency in an encrypted file system (EFS) is provided. In this approach, a software application writes data to a first buffer and then requests that an encrypted file system save the data onto a nonvolatile storage device. The encrypted file system encrypts the data and stores the encrypted data in a second buffer and then writes the encrypted data from the second buffer to the nonvolatile storage area. Meanwhile, the software application is able to resume writing additional data to the buffer after the data has been copied to the second buffer even if the data has not yet been written to the nonvolatile storage area02-11-2010
20100037049Case study devices, methods, and systems - The present disclosure includes devices, methods, and systems for creating a case study file that includes an image file from an imaging modality, executing a hash algorithm on the case study file to produce a hash key, compressing the case study file, bundling the hash key with the compressed file, encrypting the bundled file, and moving the encrypted bundled file through an Internet connection to a storage computing system, among other embodiments.02-11-2010
20100042832STORAGE SYSTEM FOR DATA ENCRYPTION - A storage system including a host interface connected via a network to a host computer; a disk interface connected to a disk drive; a memory module that stores control information of a cache memory for an access to the disk drive and the storage system; a processor that controls the storage system; a network that interconnects the host interface, the disk interface, the memory module, and the processor; and an encryption module that encrypts data read/written by the host computer, in which the processor reads data from an area of the disk drive from the memory module, decrypts the read data with a corresponding encryption key, encrypts the decrypted data with a different encryption key, and writes the encrypted data in a different area.02-18-2010
20100058054MSSAN - This invention allows users to maximise their use of existing storage, processing power and network bandwidth resources. This is achieved through providing an enhanced level of data backup and restore that employs the initial encryption of data and storing one user's data on another user's hard drives through an anonymsing process. The efficiency of this process is enhanced when this invention is used in conjunction with self authentication which then provides the ability to log into a network anonymously from potentially anywhere.03-04-2010
20100058055System and method for manipulating a computer file and/or program - A device for manipulating a computer file or program includes a processor. The device includes a network interface which receives commands. The device includes a receiver which receives the commands from the network interface and provides the commands to the processor. The device includes storage having a computer file or program in a memory. Wherein the processor, based on the commands, makes changes to the computer file or program in the memory and suspends and reestablishes user intervention to the computer file or program. A device for manipulating a computer file or program.03-04-2010
20100095115FILE ENCRYPTION WHILE MAINTAINING FILE SIZE - A technique for encrypting a file without changing file size may involve encrypting a first set of a plurality of blocks of a file in a first encryption mode using the first set of encryption keys and/or the first set of configuration rules, and a second set of the plurality of blocks of the file in a second encryption mode using a second set of the encryption keys and/or a second set of the configuration rules without causing the file to increase in size before and after the encryption. Here, the first and the second encryption modes are chosen to be different, so are the first and the second sets of the encryption keys and/or the configuration rules to reduce security risk of the file being encrypted.04-15-2010
20100146268Method for Saving a File - The present invention relates to a method for storing a file originating from a source location at a target location, comprising of receiving the file at the target location, storing the file at the target location, and encrypting the file irreversibly in at least a stored state at the target location using a key originating from the source location, this prior to storage at the target location. The invention also relates to a receiving device for storing a file originating from a source location at a target location and a system for storing a file originating from a source location at least one target location.06-10-2010
20100146269System To Secure Electronic Content, Enforce Usage Policies And Provide Configurable Functionalities - A computer implemented method and system for managing electronic content security and access within a networked environment are provided. A proprietary wrapper file is created for encapsulating the electronic content upon transferring the electronic content to the computing device of a user. The proprietary wrapper file is configured for enforcing content usage policies on the electronic content and for performing configurable functionalities. A security client application is provided on the computing device in response to a request for accessing the electronic content. A local software component employed for accessing the electronic content is embedded within the security client application. The user is granted controlled access to the electronic content by enforcing the content usage policies through the wrapper file. The activities of the user on the electronic content are monitored and tracked by the security client application to ensure compliance of the activities with the enforced content usage policies.06-10-2010
20100153716SYSTEM AND METHOD OF MANAGING FILES AND MOBILE TERMINAL DEVICE - In a system to realize prevention of leakage and loss of confidential information by inhibiting writing into a secondary storage device or writing into external storage media, created confidential data is archived by a secure method without being lost if communication is not available and a file server cannot save the information. For this purpose, first, a designated folder is created on a non-volatile storing memory being built in a mobile terminal and created confidential data is saved in the folder. Then, a filter driver controls access to the designated folder to prevent leakage of information by an application in a mobile phone by a malicious user. Further, a function to remove data in the designated folder in the mobile terminal from a mobile terminal management server through a telephone network prevents loss of saved confidential data due to loss of the mobile terminal.06-17-2010
20100161977ELECTRONIC FILE ACCESS CONTROL SYSTEM AND METHOD - A digital file is associated with a header in which identification data for a physical key is stored. The digital file content is encrypted, and may not be decrypted by a receiving computer unless a removable physical key that can be associated with the receiving computer includes identification data which matches the identification data stored in the file header. The digital content encrypted in the file may be compressed, and the header may also be encrypted. When the header is encrypted, the receiving computer may decrypt only the header unless the identification data of the header matches the identification data for a removable physical key. Improved security and reduction of pirating of the digital content are therefore provided.06-24-2010
20100174902PORTABLE STORAGE MEDIA WITH HIGH SECURITY FUNCTION - A portable storage media with high security function is disclosed. The portable storage media comprises a microprocessor, a sensor and a memory. The microprocessor is connected to a data transmission interface, a sensor transmission interface and a memory transmission interface, wherein the data transmission interface is adopted for connecting to a host end. The sensor is connected to the sensor transmission interface of said microprocessor, wherein said sensor is adopted for inputting a biological feature. The memory is connected to the memory transmission interface of the microprocessor. The biological features are used as the passwords for accessing the protected data or files stored in the portable storage media. An encrypting program is adopted for encrypting/decrypting the data or files to prevent any hackers from stealing the data or files from the portable storage media.07-08-2010
20100185852ENCRYPTION AND DECRYPTION METHOD FOR SHARED ENCRYPTED FILE - Encryption and decryption is achieved without the requirement for updating of the encryption key or re-encryption of an encrypted file when a shared encrypted file is generated, renamed or deleted.07-22-2010
20100185853LOCAL AREA NETWORK ARCHITECTURE - The present disclosure provides a local area network architecture including a server, a client and a data transfer system. The server uses a first operating system and includes an encryption chip and a server memory storing the encrypted files. The encryption chip includes an encryption system having a different operating environment with the first operating system. The encryption system includes a file converting module and an encryption module. The file converting module converts files to a format only recognizable for the encryption system and unrecognizable for the first operating system. The encryption module encrypts the converted files. The client uses a second operating system and includes a client memory storing the files from the server and a decryption chip. The decryption chip uses a decryption system including a file reverting module and a file decryption module. The data transfer system transmits files from the server to the client.07-22-2010
20100185854MULTIPLE CONTENT PROTECTION SYSTEMS IN A FILE - Supporting a plurality of content protection systems in a single container file. The protection systems share an encryption method which is accessible from a sample encryption box in the file. Each of the protection systems stores, in a protection system header box, information for decrypting the content in accordance with the corresponding protection system. In some embodiments, separate protection system header boxes in the file correspond to each of the protection systems. By using the common encryption method and sharing encryption expressions across the protection systems, the multiple content protection systems are supported in the file without creating additional copies of the content. In some embodiments, aspects of the disclosure extend the International Organization for Standardization (ISO) base media file format to support multiple digital rights management (DRM) systems in the single container file.07-22-2010
20100185855Data Repository and Method for Promoting Network Storage of Data - In general, the invention features methods by which more than one client program connected to a network stores the same data item on a storage device of a data repository connected to the network. In one aspect, the method comprises encrypting the data item using a key derived from the content of the data item, determining a digital fingerprint of the data item, and storing the data item on the storage device at a location or locations associated with the digital fingerprint. In a second aspect, the method comprises determining a digital fingerprint of the data item, testing for whether the data item is already stored in the repository by comparing the digital fingerprint of the data item to the digital fingerprints of data items already in storage in the repository, and challenging a client that is attempting to deposit a data item already stored in the repository, to ascertain that the client has the full data item.07-22-2010
20100191962FILE SYSTEM FILTER AUTHENTICATION - A method of accessing content includes installing a file system filter for a secure removable memory device on a host device. A challenge is sent from the file system filter to a software entity on the host device, and a software entity response is received at the file system filter in response to the challenge. A file system filter response is calculated at the file system filter using the challenge, and access to first content on the secure removable memory device is provided if the software entity response matches the file system filter response.07-29-2010
20100205433SYSTEM AND METHOD FOR REMOTE DEVICE REGISTRATION - A system and method for remote device registration, to monitor and meter the injection of keying or other confidential information onto a device, is provided. A producer who utilizes one or more separate manufacturers, operates a remote module that communicates over forward and backward channels with a local module at the manufacturer. Encrypted data transmissions are sent by producer to the manufacturer and are decrypted to obtain sensitive data used in the devices. As data transmissions are decrypted, credits from a credit pool are depleted and can be replenished by the producer through credit instructions. As distribution images are decrypted, usage records are created and eventually concatenated, and sent as usage reports back to the producer, to enable the producer to monitor and meter production at the manufacturer.08-12-2010
20100211776Digital rights management in a distributed network - The present invention is implemented within a distributed network operating environment (such as a CDN) in which content providers offload given content for delivery from servers (e.g., CDN edge servers) managed by a service provider (such as a CDN operator). It is assumed that the given content is secured using a digital rights management (DRM) scheme. According to the invention, a distributed set of license server processes are provided to manage the issuance of content licenses. Each of the license server processes is operative to generate licenses by which a given end user client obtains given rights for given content, typically the content served from the machine. A distributed set of license server processes operates in a de-centralized manner and without access to third party business logic (e.g., a payment mechanism) or authentication information associated with end users requesting the given content.08-19-2010
20100217976METHOD AND APPARATUS FOR IMPORTING CONTENT - A method and apparatus for protecting digital content in a digital rights management (DRM) system are provided. The method of importing a first content file into a second content file includes determining a usage rule of content included in the first content file based on information used to control remote access of the content included in the first content file; and generating the second content file that follows the determined usage rule.08-26-2010
20100223462METHOD AND DEVICE FOR ACCESSING SERVICES AND FILES - The present invention relates to a method and device for accessing services and files on a computer (4) in a home network (09-02-2010
20100235631DIGITAL RIGHTS MANAGEMENT HANDLER AND RELATED METHODS - A system and method of providing universal digital rights management system protection is described. One feature of the invention concerns systems and methods for repackaging and securing data packaged under any file format type, compression technique, or digital rights management system. Another feature of the invention is directed to systems and methods for securing data by providing scalability through the use of modular data manipulation software objects.09-16-2010
20100250925ENCRYPTED FILE DELIVERY/RECEPTION SYSTEM, ELECTRONIC FILE ENCRYPTION PROGRAM, AND ENCRYPTED FILE DELIVERY/RECEPTION METHOD - An encrypted file delivery/reception system comprises a first computer, a second computer, and a password management device connected to the first and second computers through a network. The first computer has means for encrypting an electronic file to create an encrypted file. The password management device has means for storing password information including the correspondence between the decryption password for decrypting the encrypted file and telephone number of the user of the second computer, means for identifying the telephone number of the caller of a call when receiving the call with caller number notification, means for identifying the decryption password corresponding to the identified telephone number by referencing the password information, and means for transmitting the identified decryption password to the second computer. The second computer has means for decrypting the encrypted file created by the first computer by using transmitted decryption password.09-30-2010
20100250926METHOD OF DIGITAL RIGHTS MANAGEMENT ABOUT A COMPRESSED FILE - Provided is a method for digital rights management of a compressed file created by compressing one or more original files. The method include the steps of: generating right information on an encrypted compressed file during the encryption of the compressed file by a digital rights management server; checking the user right to the compressed file by controlling a predetermined compression application program by a controller module installed in a user terminal when the user terminal to which the encrypted compressed file is downloaded opens the compressed file using the compression application program; requesting the digital rights management server to provide a certificate to decrypt the encrypted file by the controller module of the user terminal; generating the certificate according to a certificate request from the user terminal and sending the generated certificate to the user terminal by the digital right management server; and decrypting the encrypted compressed file by the controller module of the user terminal based on the received certificate.09-30-2010
20110022839Method and system for establishing a trusted and decentralized peer-to-peer network - The present invention offers a new and improved method and system to establish a trusted and decentralized peer-to-peer network for: the sharing of computer files between and among computing devices; trusted chat sessions; and for other applications of trusted peer-to-peer networks.01-27-2011
20110029772CLOUD-BASED APPLICATION WHITELISTING - Systems and methods for allowing authorized code to execute on a computer system are provided. According to one embodiment, an in-memory cache is maintained having entries containing execution authorization information regarding recently used modules. After authenticating a module, its execution authorization information is added to the cache. Activity relating to a module is intercepted. A hash value of the module is generated. The module is authenticated with reference to a multi-level whitelist including a global whitelist, a local whitelist and the cache. The authentication includes first consulting the cache and if the module is not found, then looking up its hash value in the local whitelist and if it is not found, then looking it up in the global whitelist. Finally, the module is allowed to be loaded and executed if its hash value matches a hash value of an approved code modules within the global whitelist.02-03-2011
20110035587DATA PROGRAMMING CONTROL SYSTEM WITH SECURE DATA MANAGEMENT AND METHOD OF OPERATION THEREOF - A method of operation of a data programming control system includes: providing a secure data management host server coupled to a network; encrypting a contract manufacturer job by the secure data management host server, including: providing a memory image file, creating a programmer encrypted file from the memory image file, and encrypting permissions and the programmer encrypted file to form the contract manufacturer job; decrypting the contract manufacturer job transmitted through the network by a secure data management local server; transmitting the programmer encrypted file by the secure data management local server to a device programmer; and programming a device with the memory image file decrypted by the device programmer.02-10-2011
20110055559DATA RETENTION MANAGEMENT - A file-based data retention management system is provided. A data source can store data files. An online backup file system can make a backup copy of the data files from the data source and store the backup copy of the data files on a backup server. A policy database can be maintained by the system, the policy database including data retention policies for the data files for retention management of the data files. A key management system can assign and manage encryption keys for the data files. The key management system can store the encryption keys on a separate system from the data files stored on the backup server.03-03-2011
20110093701Software Signature Tracking - A method for preventing unauthorized use of software may be achieved by executing computer-readable code with instructions for recording an indication of at least one selected file of a software application in a memory location accessible to a security component of the software application, in which software application the security component is configured to cause a hash signature of the at least one selected file to be generated in response to a signal arising from use of the software application, hashing the at least one selected file to generate a first file signature, transmitting the first file signature to a secure network-accessible computer memory for storage and subsequent comparison to at least one subsequent file signature generated via operation of the security component on a client device, comparing the first file signature to a second file signature generated by the security component in response to a signal arising from use of the software application on the client device, and disabling the software application on the client device, in response to determining that the first file signature does not match the second file signature.04-21-2011
20110113242PROTECTING MOBILE DEVICES USING DATA AND DEVICE CONTROL - A method for securing data on a mobile device includes establishing a remote connection between a server and a mobile device, receiving at the server a directory listing from the mobile device indicating files and folders stored on the mobile device, selecting one or more files or folders for securing on the mobile device, and transmitting from the server a secure command to the mobile device instructing the mobile device to secure the selected one or more files or folders. A system including a server and a mobile device can perform the method.05-12-2011
20110126006METHOD AND SYSTEM FOR SECURE NETWORK-BASED DISTRIBUTION OF CONTENT - A method and system for network-based distribution of content are disclosed. The distribution of content is not only secure but also controlled. The security restricts access to content within media files during downloads as well as while stored at a server or client. In one embodiment, each media file is encrypted with a different, randomly generated key. The control over the distribution of the media file can serve to limit the subsequent distribution of media files from clients to other clients. In another embodiment, the control can permit media files to be shared on a limited number of different clients affiliated with the same user. The clients can vary with application but generally are computing devices that have memory storage. Often, the clients are personal computers or other computing devices that are capable of storing and presenting content to their users.05-26-2011
20110126007SECURE BLOCK READ AND WRITE PROTOCOL FOR REMOTELY STORED FILES - A file transfer system including a client and a server capable of updating portions of the file stored on the server. The system is capable of uploading portions of a file before the file has been specified at the client side. The files are stored in raw at the client and the server, which preserves the block list mapping. The file transfer protocol is capable of compressing and encrypting transferred data. As a result, the partial file writes are possible while maintaining current bandwidth usage. The write request data structure is provided with additional features in the form of flags and fields to provide reliable transmission of partial file data.05-26-2011
20110138174BROWSER SECURITY STANDARDS VIA ACCESS CONTROL - A computing system is operable to contain a security module within an operating system. This security module may then act to monitor access requests by a web browser and apply mandatory access control security policies to such requests. It will be appreciated that the security module can apply mandatory access control security policies to such web browser access attempts.06-09-2011
20110154031Secure Kerberized Access of Encrypted File System - A file server receives a request from a client to mount an encrypted file system. The file server informs the client that the requested file system is encrypted and, in turn, receives a session ticket from the client that includes a security protocol mounting selection. The file server decrypts the client's user's encrypted private key, and then decrypts the requested encrypted file system using the private key. In turn, the file server sends the decrypted file system to the client over a secure channel, which is based upon the security protocol mounting selection. In one embodiment, a key distribution center server receives a request from the client for the client's user to access the encrypted file system at the file server. The key distribution center server retrieves an intermediate key; includes the intermediate key in a session ticket; and sends the session ticket to the client.06-23-2011
20110154032Mobile Security System and Method - A system and method for providing a secure environment for mobile telephones and other devices are disclosed. The system and method may utilize trust zoning, layered memory, and a secure matrix model having, for example, a memory protection module for protecting memory; a secure debug module for ensuring security of the debug module; a secure file system module for protecting the secure file system; and a trusted time source module for protecting components. Embodiments of the present invention may protect against security attacks on a variety of hardware and software components while permitting suitable levels of accessibility for developmental and maintenance purposes.06-23-2011
20110167260COMPUTER SYSTEM LOCK-DOWN - Systems and methods for allowing authorized code to execute on a computer system are provided. According to one embodiment, a method is provided for locking down a computer system. A customized, local whitelist database is stored with a memory of the computer system. The whitelist database forms a part of an authentication system operable within the computer system and contains therein cryptographic hash values of code modules expressly approved for execution by the computer system. A kernel mode driver of the authentication system intercepts file system or operating system activity relating to a code module. The authentication system determines whether to authorize the request by causing a cryptographic hash value of the code module to be authenticated against the whitelist database. The authentication system allows the code module to be loaded and executed within the computer system if the cryptographic hash value matches one of the cryptographic hash values.07-07-2011
20110167261SELECTIVE AUTHORIZATION OF THE LOADING OF DEPENDENT CODE MODULES BY RUNNING PROCESSES - Systems and methods for selective authorization of dependent code modules are provided. According to one embodiment, file system or operating system activity relating to a first code module is initiated by a running process associated with a second code module. The file system or operating system activity is intercepted by a kernel mode driver of a computer system. The kernel mode driver selectively authorizes loading of the first code module by the running process based at least in part on one or more attributes of the second code module.07-07-2011
20110173443SECURE EXTRANET SERVER - A Secure Extranet Server (SES) provides for secure and traceable communication and document exchange between a trusted network and an untrusted network by authenticated users. The SES includes a first partition in communication with the untrusted network and a second partition in communication with the trusted network. The second partition maintains a session table and is in communication with a user authentication and authorization module. Communication between the first and second partition is preferably initiated by a request from the second partition. Security tokens attached to messages provide constraint checking on user inputs, access to documents and servers within the trusted network, checkout and checkin of controlled documents, and a single sign-on capability for on-line applications as well as local applications operating on protected files at remote user computers.07-14-2011
20110173444IMAGE FORMING APPARATUS, IMAGE FORMATION PROCESSING METHOD, AND COMPUTER-READABLE RECORDING MEDIUM HAVING STORED THEREON COMPUTER PROGRAMS FOR THE IMAGE FORMATION PROCESSING METHOD - According to one embodiment, an image forming apparatus includes: an interface configured to communicate with an external storage device; a file acquiring unit configured to acquire a processing target file to be subjected to image formation processing from the external storage device via the interface; a user-information acquiring unit configured to acquire user information for identifying a user who instructs execution of the image formation processing on the processing target file; a determining unit configured to determine, if the processing target file is a file encrypted in a decryptable encryption system, whether user information for identifying a creator of the processing target file associated with the file and the user information acquired by the user-information acquiring unit coincide with each other; and a decrypting unit configured to decrypt the processing target file if the determining unit determines that the pieces of user information coincide with each other.07-14-2011
20110179270Data Retrieval System - A method is disclosed for retrieving data from a wireless device over a wireless network for submission to an application provided on a user terminal. The method includes the steps of detecting for a wireless device having a data file stored thereon when the application is running on the user terminal; and if a data file is detected, in response to an attempt by a user at the user terminal to access a document accessible through the application where data is required to complete a request for access to the document, determining whether the required data exists on the data file; retrieving the required data from the data file and submitting the retrieved data to the application for generation of an access request.07-21-2011
20110191583Methods For Upgrading Software Or Updating Contents In Terminal Devices Based On Digital TV Data Broadcast - A method for upgrading software or contents in a terminal device based on digital TV data broadcasting is provided. The method comprises steps of uploading an upgrading file or content file to an access gateway by a service provider via a data broadcasting system; transmitting the upgrading file or content file to the terminal device in a broadcast mode by the data broadcasting system; and receiving the transmitted upgrading file or content file by the terminal device. The method further comprises a step of determining whether the received upgrading file or content file is of a higher version than that of a currently used software file or content file of the terminal device; and if yes, upgrading the currently used software file or content file. The method according to the present invention decreases maintenance cost of the terminal device, facilitates upgrading system in time, maintains copyright benefit of the service provider, and is convenient for the user to upgrade his terminal device.08-04-2011
20110191584System and Method for Computationally Private Information Retrieval - A device is provided for use with a database server having a matrix of data stored therein, wherein the database can transmit a return vector based on the matrix of data. The device includes a communication portion, an encryption portion and a decryption portion. The encryption portion can generate an encrypted request to obtain a portion of the matrix of data, wherein the encrypted request includes a plurality of subqueries. The communication portion can transmit the encrypted request to the database server and can receive the return vector from the database server. One of the subqueries is based on a first random vector and a target vector corresponding to the portion of the matrix of data. One of the subqueries is based on a second random vector. The decryption portion can decrypt the return vector by way of a modulo summation.08-04-2011
20110202763TAPE BACKUP METHOD - A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths.08-18-2011
20110213971METHOD AND APPARATUS FOR PROVIDING RIGHTS MANAGEMENT AT FILE SYSTEM LEVEL - An approach is presented for providing rights management at file system level. A virtual file system rights management application receives a request to access a protected file. The rights management application binds the access request to the protected file in the file system, determines credentials associated with the request for accessing the protected file according to the binding and causes, at least in part, verification of the credentials according to a rights management system associated with the protected file. Based, at least in part, on the determination, the rights management application causes decryption of the protected content.09-01-2011
20110231658System, method and apparatus for controlling the dissemination of digital works - A system, business methodology and apparatus for facilitating controlled dissemination of digital works is disclosed. An audio and video organizer, entertainment, and communication unit that plays back audio and video media content received from a central storage server. The unit relies on a smartcard, which has a personalized key that unlocks encrypted content. Using the unit, a user can purchase music or other types of media using a appropriate ordering method. The central storage server then transmits a double-encrypted, compressed audio file to the unit, where it is decrypted based on the smartcard key, and available for listening.09-22-2011
20110238983NETWORK INTEGRITY MAINTENANCE - A device removal system securely removes an item of content or a device from a content-protected home network. An authorization table maintains a list of devices in the content-protected home network in addition to removed devices. The authorization table also maintains a list of deleted content. Through management of various cryptographic keys and techniques, devices and content will not play on a content-protected home network after they have been removed. A secret network ID reduces the possibility of unauthorized playing of content on the content-protected home network. A web server may join the content-protected home network as a device, providing backup for the secret network ID. Otherwise, the device manufacturer will provide the secret network ID in case of a device failure. Storing a verification value in each device ensures integrity of critical cryptographic values. This verification value is compared to network values to ensure network values have not been corrupted.09-29-2011
20110252232SYSTEM AND METHOD FOR WIPING ENCRYPTED DATA ON A DEVICE HAVING FILE-LEVEL CONTENT PROTECTION - Disclosed herein are systems, methods, and non-transitory computer-readable storage media for erasing user data stored in a file system. The method includes destroying all key bags containing encryption keys on a device having a file system encrypted on a per file and per class basis, erasing and rebuilding at least part of the file system associated with user data, and creating a new default key bag containing encryption keys. Also disclosed herein is a method of erasing user data stored in a remote file system encrypted on a per file and per class basis. The method includes transmitting obliteration instructions to a remote device, which cause the remote device to destroy all key bags containing encryption keys on the remote device, erase and rebuild at least part of the file system associated with user data, and create on the remote device a new default key bag containing encryption keys.10-13-2011
20110252233SYSTEM AND METHOD FOR BACKING UP AND RESTORING FILES ENCRYPTED WITH FILE-LEVEL CONTENT PROTECTION - Disclosed herein are systems, methods, and non-transitory computer-readable storage media for initiating a backup, backing up encrypted data, and restoring backed up encrypted data. The method for initiating a backup includes sending a backup secret to a backup device having an encrypted file system, receiving from the backup device a backup ticket created based on the backup secret, and storing the backup ticket. The method for backing up encrypted data includes receiving a backup ticket and a backup secret, retrieving an escrow key bag containing protection class keys, decrypting the protection class keys with the backup ticket, generating a backup key bag containing new protection class keys, selecting a set of encrypted files to back up, decrypting the file encryption keys with corresponding decrypted protection class keys, re-encrypting the file encryption keys with new protection class keys, and transferring the selected encrypted files, the backup key bag, and metadata.10-13-2011
20110252234SYSTEM AND METHOD FOR FILE-LEVEL DATA PROTECTION - Disclosed herein are systems, methods, and non-transitory computer-readable storage media for encryption and key management. The method includes encrypting each file on a computing device with a unique file encryption key, encrypting each unique file encryption key with a corresponding class encryption key, and encrypting each class encryption key with an additional encryption key. Further disclosed are systems, methods, and non-transitory computer-readable storage media for encrypting a credential key chain. The method includes encrypting each credential on a computing device with a unique credential encryption key, encrypting each unique credential encryption key with a corresponding credential class encryption key, and encrypting each class encryption key with an additional encryption key. Also disclosed is a method of verifying a password by decrypting a key bag, retrieving data from an encrypted file using an encryption key from the decrypted key bag, and verifying the password by comparing retrieved data with expected data.10-13-2011
20110258437SECURE LOCAL UPDATE OF CONTENT MANAGEMENT SOFTWARE - This document describes tools that enable a computing device to receive an update to content management software. The tools also enable the computing device to generate new public and private keys without the use of a key server.10-20-2011
20110258438System and Method for Providing Different Levels of Key Security for Controlling Access to Secured Items - With files secured by encryption techniques, keys are often required to gain access to the secured files. Techniques for providing and using multiple levels of keystores for securing the keys are disclosed. The keystores store keys that are needed by users in order to access secured files. The different levels of keystores offer compromises between security and flexibility/ease of use.10-20-2011
20110258439SECURE DATA PARSER METHOD AND SYSTEM - A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths.10-20-2011
20110271103Generic File Protection Format - A file may contain an unencrypted and an encrypted portion. The unencrypted portion may contain a layout section that may point to a published license, metadata, and a contents section, where the contents section is in the encrypted portion. The encrypted portion may contain the contents section which may act as a directory for one or more included files that may be compressed and stored in the encrypted portion. When the file is opened by a receiver, the receiver may read the published license and communicate with a security server to establish access rights and receive at least one key for decrypting at least a portion of the encrypted portion of the file. The receiver may then gain access to the included files.11-03-2011
20110276799PERSONAL COMMUNICATION SYSTEM HAVING INDEPENDENT SECURITY COMPONENT - A personal communication system (PCS) incorporates a secure storage device, which includes a device processor, a CPU interface, and a system interface, a storage means and a removable storage media component. The device processor is communicably connected to the CPU of the PCS through the CPU interface, which exclusively enables communications between the device processor and the CPU. The system interface enables the device processor to manage one or more hardware components of the PCS. A network interface is also included to enable the device processor to communicate over a network with select file servers to the exclusion of other file servers. The storage means is communicably connected to the device processor and includes first and second designated storage sections. The device processor has read-write access to both storage sections and gives the CPU read-only access to the first storage section and read-write access to the second storage section.11-10-2011
20110314275MANAGING ENCRYPTION KEYS - Methods, apparatus, and articles of manufacture to manage encryption keys are disclosed. An example method to manage encryption keys includes obtaining data including a private key, determining that the data cannot be read according to a first format by attempting to read the data in the first format, in response to determining that the data cannot be read according to the first format, accessing the private key by reading the data according to a second format different from the first format, and converting the data from the second format to a third format.12-22-2011
20110314276Communication verification system - A communication system verifying the source of a file. The system uses a first link between a sending computer and an authorizing computer which contains a request for a PIN associated with the intended receiving computer. This PIN is returned to the first computer via a second link which permits the sending computer to properly communicate in an encrypted manner with the receiving computer. An alert or notice is sent to the receiving computer by the authorizing computer to further verify the authenticity of the file being sent to the receiving computer from the sending computer.12-22-2011
20110314277ELECTRONIC AUTHORIZATION SYSTEM AND METHOD - An electronic authorization system comprising a data source system configured to transmit transaction data. A secure data system is coupled to the data source system over an open network, the secure data system is configured to receive the transaction data from the data source system, generate a unique encrypted identifier for the transaction data and to transmit the unique encrypted identifier to the data source system. The data source system is configured to receive the unique encrypted identifier and replace payment card data associated with the transaction data in a database with the unique encrypted identifier.12-22-2011
20120011359Mobile intellectual property protection apparatus and methodology - A mobile intellectual property protection apparatus and methodology maintains digitally recorded IP-related evidence using cryptographic techniques to definitively and securely maintain the secrecy of a digitally recorded evidence of an intellectual property by immediately establishing a tamper-proof time-stamp of the temporal existence of the recorded evidence. The digitally recorded intellectual property is designed to serve as a digital expert witness to assist in establishing, for example, the conception of an invention or other legal claims.01-12-2012
20120017084Storage Device and Method for Providing a Partially-Encrypted Content File to a Host Device - A storage device and method for providing a partially-encrypted content file to a host device are provided. In one embodiment, the storage device retrieves a content file from memory in the storage device and partially-encrypts the content file by encrypting some portions of the content file. The storage device sends the partially-encrypted content file to a host device and informs the host device of which portions of the partially-encrypted content file are encrypted. In one embodiment, the remaining portions of the content file are in clear text form and do not need to be decrypted. Because the host device only needs to decrypt the portions of the content file that are encrypted—and not the entire content file—the host device can decrypt the partially-encrypted content file, even if it does not have the processing power to decrypt a fully-encrypted version. In another embodiment, at least some of the remaining portions of the content file are encrypted with at least one additional key.01-19-2012
20120036356Method for Accessing Nominative Data Such As a Customised Medical File From a Local Generation Agent - A process of accessing to a customized computer file, comprising data of technical nature such as medical data as well as highly confidential nominative data. The process comprises the implementation of a generation agent of the customized computer file (DMN) contained in a storage device (02-09-2012
20120042162Cloud Data Management - The different illustrative embodiments provide a method, computer program product, and apparatus for managing data. An encrypted file containing the data is divided into a plurality of segments. The plurality of segments are sent to a plurality of cloud computing environments for storage in the plurality of cloud computing environments. Each cloud computing environment in the plurality of cloud computing environments receives a portion of the plurality of segments. The portion of the plurality of segments is associated with a cloud computing environment in the plurality of cloud computing environments to which the portion of the plurality of segments was sent.02-16-2012
20120072723SYSTEMS AND METHODS FOR SECURE DATA SHARING - Systems and methods are provided for creating and using a sharable file-level key to secure data files. The sharable file-level key is generated based on a workgroup key associated with the data file, as well as unique information associated with the data file. The sharable file-level key may be used to encrypt and split data using a Secure Parser. Systems and methods are also provided for sharing data without replicating the data on the machine of the end user. Data is encrypted and split across an external/consumer network and an enterprise/producer network. Access to the data is provided using a computing image generated by a server in the enterprise/producer network and then distributed to end users of the external/consumer network. This computing image may include preloaded files that provide pointers to the data that was encrypted and split. No access or replication of the data on the enterprise/producer network is needed in order for a user of the external/consumer network to access the data.03-22-2012
20120072724COMPUTER PROGRAM AND METHOD FOR BIOMETRICALLY SECURED, TRANSPARENT ENCRYPTION AND DECRYPTION - A computer program for secure encryption and decryption provides a user interface that allows a user to drag and drop files into and out of a secure repository, wherein the program automatically encrypts files transferred into the repository and automatically decrypts files transferred out of the repository. The user can transfer file folders into the repository, wherein the program encrypts all of the files within the folder and retains the original file/folder structure, such that individual files can be moved within the repository, moved out of the repository, and opened or executed directly from the repository. The program requires the user to submit biometric data and grants access to the secure repository only if the biometric data is authenticated. The program generates an encryption key based at least in part on biometric data received from the user. Additionally, the program destroys the key after termination of each encryption/decryption session.03-22-2012
20120072725CLOUD-BASED APPLICATION WHITELISTING - Systems and methods for allowing authorized code to execute on a computer system are provided. According to one embodiment, an in-memory cache is maintained having entries containing execution authorization information regarding recently used modules. After verifying a module, its execution authorization information is added to the cache. Activity relating to a module is intercepted. A hash value of the module is generated. The module is verified with reference to a multi-level whitelist including a global whitelist, a local whitelist and the cache. The verification includes first consulting the cache and if the module is not found, then looking up its hash value in the local whitelist and if it is not found, then looking it up in the global whitelist. Finally, the module is allowed to be executed if the code module is approved by the multi-level whitelist database architecture.03-22-2012
20120079270Hardware-Assisted Content Protection for Graphics Processor - Methods, systems, and computer program products for the secure handling of content provider protected multimedia content are disclosed. A method for providing secure handling of provider protected multimedia content, includes: decrypting, in a hardware-based multimedia content protection device (MMCP), the provider protected multimedia content using one or more provider keys; encrypting, in the MMCP, the decrypted multimedia content using one or more local keys to create locally protected multimedia content; and providing the locally protected multimedia content to a graphics processor over a secure connection. In an embodiment, the MMCP and the graphics processor are on the same board. In another embodiment, the MMCP is incorporated in the graphics processor to form a unified chip.03-29-2012
20120110327EVENT-DRIVEN PROVISION OF PROTECTED FILES - A system may include reception of a request for an encryption key pair including a first private encryption key and a first public encryption key, the encryption key pair associated with a future event, generation of the encryption key pair, transmission of the first public encryption key to a second device, reception, from the second device, of a file encrypted using the first public encryption key and using a second public encryption key of an intended recipient, transmission of the file to a third device associated with the intended recipient, detection of the future event, and, in response to the detection of the future event, transmission of the first private encryption key to the third device.05-03-2012
20120110328System and Method For Secure Storage of Virtual Machines - A virtual file system is described that is implemented in a virtualization platform as a stackable file system layer that intercepts file operations between a hypervisor and a physical file system. The virtual file system encrypts (at least in part) VM files to be stored, organizes the encrypted VM files into VM sets, and then maps and stores the encrypted VM sets into storage pools. Storage and access to files within the VM sets is controlled through the use of administrator-determined policies governing storage, security, access control, authentication, and auditing. The system and method described herein allow a seamless integration between a data center (e.g., a private cloud) and computing resources served across the internet and supported by cloud service providers (e.g., public clouds) while ensuring that the security needs of customers and cloud service providers are met.05-03-2012
20120117383System and Method for Secure Device Configuration Cloning - The subject application is directed to a system and method for secure device configuration cloning. Configuration data corresponding to software-settable configurations of a document processing device is received into a data storage. Schema data is generated on a processor in data communication with the data storage. The schema file includes segments and corresponds to a portion of the configuration data. At least one segment of the schema file is encrypted in accordance with a corresponding portion of the configuration data. Secure clone file data is then generated based upon the configuration data and the encrypted schema file and communicated to a second document processing device for configuration thereof.05-10-2012
20120131336Automatic Secure Escrowing of a Password for an Encrypted File or Partition Residing on an Attachable Storage Device that the Device can be Unlocked Without User Intervention - External data storage device queries the user for a password on at least the first attachment. The password is escrowed in encrypted form. If the user elects this option, the password is then passed to an encryption module which unlocks the encrypted file or partition and upon subsequent attachments of the external data storage device may automatically unlock the encrypted file or partition using the securely escrowed password. The escrow of the encrypted password is managed in an external storage device containing the encrypted file or partition.05-24-2012
20120137130System and Method for Providing Multi-Location Access Management to Secured Items - A system and method for providing access management to secured items through use of a plurality of server machines associated with different locations are disclosed. According to one embodiment, a local server can be dynamically reconfigured depending on a user's current location. Upon detecting that a user has moved to a new location, the local server for the new location can be reconfigured to add support for the user, while simultaneously, the local server for the previous location is reconfigured to remove support for the user. As a result, security is enhanced while the access management can be efficiently carried out to ensure that only one access from the user is permitted at any time across an entire organization, regardless of how many locations the organization has or what access privileges the user may be granted.05-31-2012
20120144192METHOD, DEVICE, AND SYSTEM FOR MANAGING PERMISSION INFORMATION - A method, a device, and a system for managing permission information are provided. The method includes: receiving a permission modification instruction, where the permission modification instruction is used to instruct modification of permission information of a file; modifying the permission information according to the permission modification instruction of the file; and sending an Identifier (ID) of the file and the modified permission information to a server. The device includes: a modification module, a processing module, and a first sending module. The system includes: a client and a server. The server and the file jointly store the permission information, thereby effectively improving the flexibility of file encryption, reducing the burden of the server, and improving the performance of the server.06-07-2012
20120179908SECURE PORTABLE MEDICAL INFORMATION SYSTEM AND METHODS RELATED THERETO - Using a secure portable reference to medical information, stored on a portable storage medium, various embodiments allow a patient to give to their doctor an easy-to-use access key that will enable access to desired medical information stored on a computer network. The secure portable reference provides greater transportability of medical records to a patient or medical data repository including a doctor's office, clinic, or hospital, while maintaining data security to satisfy medical data privacy regulations and expectations. Some described embodiments use encrypted information inside the secure portable reference to hide, for example, who is allowed access to the stored medical information, and the network location of the stored information. Some embodiments use a secret PIN to authenticate the user attempting access to the referenced medical information. The secure portable reference contains information on network resources used to enable download access to medical information, including medical records and medical images.07-12-2012
20120191972SELECTIVE AUTHORIZATION OF THE LOADING OF DEPENDENT CODE MODULES BY RUNNING PROCESSES - Systems and methods for selective authorization of dependent code modules are provided. According to one embodiment, a kernel mode driver of a computer system intercepts file system or operating system activity, by a running process, relating to a dependent code module. Loading of the dependent code module is selectively authorized by authenticating a cryptographic hash value of the dependent code module with reference to a multi-level whitelist. The multi-level whitelist includes a global whitelist database remote from the computer system, maintained by a trusted service provider and which contains cryptographic hash values of approved code modules known not to contain viruses or malicious code; and a local whitelist database that includes cryptographic hash values of a subset of the approved code modules. The running process is allowed to load the dependent code module when the cryptographic hash value matches one of the cryptographic hash values of the approved code modules.07-26-2012
20120198230Document Security System that Permits External Users to Gain Access to Secured Files - A system includes a server with an access manager configured to restrict access to files of an organization and maintain at least encryption keys for internal and external users and an external access server connected to the server and coupled between the server and a data network. The data network is configured to allow the external users use of the external access server. The external access server is also configured to permit file exchange between the internal users and the external users via the server.08-02-2012
20120204028Secure Kerberized Access of Encrypted File System - A file server receives a request from a client to mount an encrypted file system. The file server informs the client that the requested file system is encrypted and, in turn, receives a session ticket from the client that includes a security protocol mounting selection. The file server decrypts the client's user's encrypted private key, and then decrypts the requested encrypted file system using the private key. In turn, the file server sends the decrypted file system to the client over a secure channel, which is based upon the security protocol mounting selection. In one embodiment, a key distribution center server receives a request from the client for the client's user to access the encrypted file system at the file server. The key distribution center server retrieves an intermediate key; includes the intermediate key in a session ticket; and sends the session ticket to the client.08-09-2012
20120210126DOCUMENT ENCRYPTION AND DECRYPTION - A document encryption and decryption system and method for selectively encrypting and decrypting files and attachments, electronic mail, text messages, and any other items to protect or secure its contents by helping to prevent unauthorized individuals from viewing data in human-perceivable or readable form. The encryption and decryption system includes remote authentication to verify user credentials stored on a remote database hosted by a web server. The encryption system further includes remote deletion to automatically delete at least encrypted items stored on the user's computer, handheld or portable device, smartphone, tablet, and any other computer of any kind when enabled and logged onto a network. The encryption and decryption system includes selectively decrypting items by retrieving a decryption key and decrypting the item, and/or typing a decryption key if the item cannot be decrypted with the key, and/or sending an invitation to a recipient using the web server.08-16-2012
20120246471INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING SYSTEM, DISTRIBUTION METHOD, AND PROGRAM THEREOF - In order to assure security of classified information, in present invention, before data take-out, third and fourth distributed data are created from first and second distributed data, the first and the second distributed data are saved in a server, and the third and the fourth distributed data are used in take-out.09-27-2012
20120246472SYSTEM AND METHOD FOR SECURED BACKUP OF DATA - A system and method of selectively providing encrypted data is provided. Embodiments of the invention may store data in encrypted form on a storage device. Embodiments of the invention may selectively provide encrypted or decrypted data to a requestor of data based on configuration or other parameters. A filter driver or other module or unit may examine a request for, or communication of data from the storage device and may determine if data is to be provided in encrypted or decrypted form. Decrypted data may be provided to a caching system. A filter driver or other module or unit may examine a request for, or communication of data from the caching system. Data provided from the caching system may be selectively encrypted based on configuration or other parameters.09-27-2012
20120265988DUAL INTERFACE DEVICE FOR ACCESS CONTROL AND A METHOD THEREFOR - The invention provides a low-cost access control device for identification and authentication in both the “digital” and “physical” worlds by contact-bound respectively contact-less interfaces and where individual users of the device can securely update access control credentials and cryptographic keys from a remote system without the need for any additional hardware or specialized software. The access control credentials and the at least one cryptographic key shall be readable by an access control system via the contact-less interface of the device, thereby enabling or denying the holder of the device access.10-18-2012
20120272060ELECTRONIC FILE DELIVERING SYSTEM, RELEVANT MOBILE COMMUNICATION DEVICE, AND RELEVANT COMPUTER PROGRAM PRODUCT - A mobile communication device is disclosed, having a wireless communication interface, a challenge-response module, and a decryption module. The wireless communication interface is used to receive an encrypted electronic file and a challenge value. The challenge-response module is used to generate a response value according to the challenge value and a challenge-response generating algorithm. The decryption module is used to decrypt the encrypted electronic file with the response value. The decryption module may decrypt the encrypted electronic file when the response value generated according to the challenge value and the challenge-response generating algorithm matches the one used to encrypt the electronic file.10-25-2012
20120272061Method and Device for Accessing Files of a Secure File Server - A method and a device are provided for accessing data files of a secure file server, wherein a user or a process is authenticated; wherein access to the data files of the secure file server takes place by way of an encryption module of the secure file server; wherein the encryption module comprises an encryption agreement of a centralized security application; and wherein the access of the authenticated user or process to the secure file server takes place by way of an encrypted protocol taking into consideration the encryption agreement. Such a device may be included in a corresponding computer network.10-25-2012
20120278616System and Method for Securely Decrypting Files Wirelessly Transmitted to a Mobile Device - A method is provided for securely decrypting files that are wirelessly sent to a mobile device. A mobile device typically has a wireless interface, such as a cellular telephone or WiFi interface that can be used to accept an encrypted file from a first remote device. A decryption key representation is accepted from a second remote device via a personal proximity interface which can be a camera, microphone, or near-field radio frequency (RF) detector. In one aspect, the first device can, for example, be a multi-functional peripheral (MFP), a network server, or a computer. In another aspect, the first and second devices can be the same device, such as an MFP or a computer. A mobile device conversional application converts the decryption key representation to a digital decryption key, and the digital decryption key is then used to decrypt the encrypted file.11-01-2012
20120278617Method and System for Establishing a Trusted and Decentralized Peer-To-Peer Network - The present invention offers a new and improved method and system to establish a trusted and decentralized peer-to-peer network for: the sharing of computer files between and among computing devices; trusted chat sessions; and for other applications of trusted peer-to-peer networks.11-01-2012
20120284510BONDING CONTENTS ON SEPARATE STORAGE MEDIA - Local storage on player instruments provides the ability for adding further amendments and most recent supplements to the optical disc content. A problem arising with this technically applicable possibility is the protection of copyrights bound to disc and supplement data. The present invention describes a technique to ensure a security framework that is able to handle this, by creating a virtual file system (VFS) by merging optical disc data and local storage data based upon a common identifier.11-08-2012
20120297188PROVIDING MULTIPLE LAYERS OF SECURITY TO FILE STORAGE BY AN EXTERNAL STORAGE PROVIDER - A method that may include detecting, by a processor of a computing device, a network communication regarding transmission of a file to an external storage provider. The method may include causing encryption of the file to obtain an encrypted file, and associating authorization information with the encrypted file. The authorization information may include one or more restrictions on access to the encrypted file. The method may include transmitting the encrypted file to the external storage provider, and intercepting a request for access to the file. The method may include identifying requestor information regarding a requestor associated with the request, and determining, using the requestor information and a portion of the authorization information, that the requestor is authorized to access the encrypted file. The method may include causing decryption of the encrypted file to obtain the original file, and providing, to the requestor, by the processor, access to the original file.11-22-2012
20120297189Systems and Methods for Secure Handling of Data - The methods and systems described herein provide for secure implementation of external storage providers in an enterprise setting. Specifically, the present invention provides for allowing the secure use of processes that may transmit files to external storage providers or access files from an external storage provider. In some arrangements, process, such as an untrusted process, may request access to a file. A security agent may intercept the request and encrypt the file. The file can then be transmitted to the external storage provider. A user may subsequently request access to the file. A security agent may intercept a message in connection with this request, determine whether the user is authorized to access the file, and decrypt the file.11-22-2012
20120303953Method and terminal equipment for applying digital rights management - A method and terminal equipment for applying digital rights management are disclosed by the present disclosure. The method includes the following steps: performing encryption processing on a portion of the content of a multimedia file using a pre-generated key when downloading the multimedia file; and downloading the encrypted multimedia file to a designated terminal equipment. With the present disclosure, the downloading speed of the multimedia file can be increased, and the waiting time for playing the file can be decreased.11-29-2012
20120303954Managing method, device and terminal for application program - A managing method for an application program is disclosed, which includes that: a first terminal converts a file of a specified application program stored by the first terminal per se into an intermediate file in a predetermined intermediate format, wherein the intermediate format can be identified by other terminals having a running environment of the application program (S11-29-2012
20120317414METHOD AND SYSTEM FOR SECURING DOCUMENTS ON A REMOTE SHARED STORAGE RESOURCE - This invention discloses a novel system and method for displaying electronic documents on remote devices and enabling collaborative editing in conjunction with a content management system where the documents that are shared are securely encrypted on the system in a manner that avoids a single point of failure in the security.12-13-2012
20120317415Method, apparatus, terminal and system for channel encryption - The disclosure discloses a method, an apparatus, a terminal and a system for channel encryption. The method includes that: a relay server receives a channel encryption request from a client, and acquires encrypted information, client information and a locally stored channel Extensible Markup Language (XML) file of the client from the channel encryption request (S12-13-2012
20120324220DIGITAL FINGERPRINTING VIA SQL FILESTREAM WITH COMMON TEXT EXCLUSION - A method provides data loss protection of sensitive data using digital fingerprinting. The method includes assigning a security level to each document of a plurality of documents associated with a data loss protection server, and storing the plurality of documents in a digital asset management server, wherein only a single copy of each document of plurality of documents is stored in the digital asset management server. The method also includes sending a query to the digital asset management server from the data loss protection server, and receiving a query response by the data loss protection server from the digital asset management server, the query response including at least one document file. The method further includes creating a digital fingerprint of the at least one document file by the data loss protection server.12-20-2012
20120324221Identification of a Compromised Content Player - A system and method for identifying the player that leaked content encryption keys by loading a set of player keys into individual content players and determining the number of encryptions and the number of encryption keys to use in multiple encrypting critical content. The method produces copies of critical data content packets, each copy of which is separately encrypted using any one of a set of encryption keys that are related to one another through a mathematical algorithm. The related set of encryption keys and data describing key relationship and content player identity are transmitted to a previously determined license management agency. The transmitted encrypted content is written to a receiving device or file, or streamed to an individual player for non-synchronous playback. This abstract is not to be considered limiting, since other embodiments may deviate from the features described in this abstract.12-20-2012
20130024687SELECTIVE SHREDDING IN A DEDUPLICATION SYSTEM - Making a target file impractical to be retrieved comprises decrypting a directory manager file using a first directory manager file key. The directory manager file includes an encryption key for a segment that is used when reconstructing a target file. The directory manager file is modified by deleting a reference to the target file. The reference includes a file encryption key. Retrieving the target file is made impractical by the deletion of the reference to the target file in the directory manager file. The modified directory manager file is encrypted using a second directory manager file key.01-24-2013
20130042106Security Management In A Group Based Environment - Techniques are provided for securely storing data files in, or retrieving data files from, cloud storage. A data file transmitted to cloud storage from a client in an enterprise computing environment is intercepted by at least one network device. Using security information received from a management server, the data file is converted into an encrypted object configured to remain encrypted while at rest in the cloud storage.02-14-2013
20130042107System and Method for Enabling Device Dependent Rights Protection - A system and method for enhancing the protection of digital properties while also increasing the flexibility of distribution of the digital properties. In one embodiment, the digital property is protected through the binding of at least one unique client device identifier with the digital property prior to distribution. Decryption at a client device would therefore be dependent on a comparison of the unique client device identifier that is extracted from the encrypted digital property with a unique client device identifier of the device that is seeking to access the digital property.02-14-2013
20130046974DYNAMIC SYMMETRIC SEARCHABLE ENCRYPTION - Described herein is an efficient, dynamic Symmetric Searchable Encryption (SSE) scheme. A client computing device includes a plurality of files and a dictionary of keywords. An index is generated that indicates, for each keyword and each file, whether a file includes a respective keyword. The index is encrypted and transmitted (with encryptions of the files) to a remote repository. The index is dynamically updateable at the remote repository, and can be utilized to search for files that include keywords in the dictionary without providing the remote repository with information that identifies content of the file or the keyword.02-21-2013
20130061048CONTENT DELIVERY SYSTEM, DELIVERY SERVER, AND USER TERMINAL - Provided are a content delivery system, a delivery server and a user terminal whereby the load of a party who transmits content data cau be reduced. A delivery server (03-07-2013
20130061049DISTRIBUTED NETWORK SYSTEM - A method of storing data from a first node on a peer-to-peer network. The method includes creating a public and private key pair from a data item. The method also includes determining a hash value for the public key and assigning the hash value as a user identifier for the user of the node. The method also includes storing the public key within a distributed hash table of the peer-to-peer network. The user identifier corresponds to the key for the public key within the distributed hash table.03-07-2013
20130067225APPLIANCE, SYSTEM, METHOD AND CORRESPONDING SOFTWARE COMPONENTS FOR ENCRYPTING AND PROCESSING DATA - Disclosed is an appliance, system, method and corresponding software application for encrypting and processing data. A symbol based encryption module may be adapted to encrypt data on a symbol basis such that some or all of the encrypted data remains processable.03-14-2013
20130080772DYNAMIC ENCRYPTION - Systems and methods for encrypting a media file for streaming and/or downloading over a network are disclosed. These systems and methods may be part of a larger media servicing network that can be used to, among other things, process uploaded media content, provide it for streaming, and collect metric information regarding the streaming. The disclosed systems and methods provide for receiving requests for a media file or a chunk of a media file and responding to these requests by encrypting the requested chunks dynamically and providing the chunks to the requesting entity. These systems and methods, which can be utilized with a dynamic chunk generation and dynamic index file generation, enable a high degree of flexibility in streaming chunked media files and preclude the need to encrypt the chunks prior to streaming. The systems and methods may also be applied to encrypting files for continuous streaming protocols as well as for progressive download.03-28-2013
20130080773FILE PROTECTING METHOD AND A SYSTEM THEREFOR - The invention discloses a file protecting method and a system therefor, relating to the information security field. The method includes: an application receives an instruction for opening a protected file sent by a user and invokes an upper interface of an operation system, and the upper interface sends an instruction for opening the protected file sent by a file system, and a filter driver intercepts the instruction for opening the protected file sent by the upper-layer interface to the file system, if the filter driver determines that the application is valid, it creates an image file on a virtual disk for the protected file, and returns a handler of the image file and reads or writes the protected file by the handler, which avoids a possible disclosure of plain text of the protected file in a buffer in prior art.03-28-2013
20130117563SECURING INFORMATION IN A CLOUD COMPUTING SYSTEM - The method and system for secure data (information) inside a cloud computing system, allow data to be encrypted everywhere in the cloud on storage devices and in communication lines so that only the information owner has the encryption key and may decrypt the data. The main idea is using software filter technology inside the cloud virtual machine for encrypting and decrypting data and keeping the encryption key(s) only in the hand of the owner of the information outside the cloud. The encryption key is loaded into the appropriate filter only by permission of the information owner or an allowed user. The method allows combination of data encryption with application control and user control.05-09-2013
20130124861SHIELDING A SENSITIVE FILE - An apparatus for shielding a sensitive file includes a client computer having various units. An encryption-decryption unit performs a cryptographic operation on the sensitive file with a cryptographic key, which corresponds to the encryption key ID. An encryption key ID is associated with the sensitive file. A key storing unit stores the cryptographic key. A compliance requirements storing unit stores security compliance requirements from the server computer, which define a plurality of compliant operating conditions of the client computer. A security requirements monitoring unit determines whether the client computer complies with the security compliance requirements in response to a file access instruction for the sensitive file by application software, and passes the cryptographic key from the key storing unit to the encryption-decryption unit in response to a determination that the client computer complies with the security compliance requirements.05-16-2013
20130138954MODE SENSITIVE ENCRYPTION - Mechanisms are provided to implement framework level mode specific file access operations. In a mode such as a work or enterprise mode, read and write accesses are directed to one or more secured locations. File data and metadata may be secured with encryption and/or authentication mechanisms. Conventional mobile solutions provide only for mode encryption distinctions at the application level, e.g. one work application may prevent access to certain data, but a different application may want to allow access to that same data. Various embodiments provide framework level mode sensitive encryption that does not require different, mutually exclusive, or possibly conflicting applications or platforms. A device and associated applications may have access to different data based on a current mode.05-30-2013
20130138955CLIENT-SIDE ENCRYPTION IN A DISTRIBUTED ENVIRONMENT - Methods and systems for encrypting and decrypting data are described. In one embodiment, a client computing system sends to a server computing system over a network a first network request to perform multiple operations such as a lease operation and a fetch operation. In response, the server computing system performs the operations. Subsequently, the client computing system can send subsequent network requests to write re-encrypted data and to relinquish the lease. The subsequent network requests may also be single network requests that perform lease operations, as well as other operations, such as operations for block alignment purposes. The client computing system can send an actual end of file when relinquishing the lease so that the server computing system can handle a remainder of data that is used for subsequently decrypting the re-encrypted data.05-30-2013
20130151850Auto File Locker - Novel tools and techniques to provide an online file locker system. Some such tools can employ a USB memory drive, a residential gateway, and/or a data server over a network. In some cases, when the USB memory drive is inserted into a USB port of the RG, data stored on the USB memory drive is automatically uploaded to, and/or synchronized with data stored on, the data server, which is in communication with the RG over the network. In other cases, data deletion is accomplished in a similar manner, for example, upon removal of the USB drive and/or upon detection of files deleted from the USB drive.06-13-2013
20130159708SYSTEM AND METHOD FOR THE PROVISION OF MULTIMEDIA MATERIALS - A method for enabling the storage, distribution, and use of associated text and media files comprises a webpage interface coupled to an information and support system, an account creation and login system, a user media storage system, a solicitation assistance and user matching system, a solicitation and collaboration agreement system, a media collaboration and project creation system, and a product gallery and sales system. Means are provided for a user to gain access to the inventive systems through an Internet connection on a local user computing device. In accordance with the invention, information is input into a database storage medium coupled to an operator system computing device which then combines the information into an augmented text-media file output. The inventive systems also distribute augmented text-media file output products to users of the inventive systems through a webpage interface system.06-20-2013
20130166908SYSTEM AND METHOD OF PROTECTING DATA ON A COMMUNICATION DEVICE - A system and method of protecting data on a communication device are provided. Data received when the communication device is in a first operational state is encrypted using a first cryptographic key and algorithm. When the communication device is in a second operational state, received data is encrypted using a second cryptographic key and algorithm. Received data is stored on the communication device in encrypted form.06-27-2013
20130173916SECURE STORAGE SYSTEM FOR DISTRIBUTED DATA - The present invention relates to a system for distributed data storage that ensures the safety of the user data. In particular, the system of the present invention provides that the data stored in a cloud storage service are encrypted and their cryptographic keys are created from a remote device. In the context of the present invention, cloud is a set of servers that form an online service over the Internet, these servers are invisible to the user of the service pretending they form only a single server, thus forming a “cloud servers”. These keys will be divided and stored in cloud storage part and part on other devices.07-04-2013
20130179684ENCRYPTED DATABASE SYSTEM, CLIENT TERMINAL, ENCRYPTED DATABASE SERVER, NATURAL JOINING METHOD, AND PROGRAM - A client terminal is provided with a column encryption unit that, from an encryption key, a table identifier, and a column identifier, generates a column private key, a column public key, and a comparison value, from which the unit generates a concealed comparison value and a ciphertext, encrypting a particular column; and an encrypted table natural joining request unit that issues a natural joining request text that requests natural joining with regards to columns encrypted from the encryption key, the table identifier, and the column identifier. The natural joining request text contains as a table joining key the column private key generated by a group of generating elements and the encryption key from the table identifier of a first and second table and the column identifier of an a-th column and a b-th column. An encrypted database server executes natural joining using the table joining key, and returns the results.07-11-2013
20130185555SYSTEM AND METHOD FOR SECURE ERASE IN COPY-ON-WRITE FILE SYSTEMS - Disclosed herein are systems, methods, and non-transitory computer-readable storage media for a delayed secure deletion of files from a copy-on-write file system. A system configured to practice the method receives a change to a file, writes a copy of the file in a first block of a storage device, the copy including the change, determines whether the change meets a predetermined condition, adds an entry into a delayed secure deletion list when the change triggers the predetermined condition, the entry storing an address associated with the first block, and deletes the first block when another change to the file is received, wherein the another change triggers another predetermined event.07-18-2013
20130205135SYSTEM AND METHOD OF STORING DATA - There is a system and method for storing data of others using a processor and a memory device. The system includes an account module configured to manage a plurality of accounts, each account associated with an entity. The system includes an avatar module configured to permit entities to generate avatars for their accounts, wherein an avatar associates data with an account that is not required to be consistent with the account and not required to be consistent with data in other avatars of that same account. The system includes a transaction module configured to facilitate a plurality of transactions using trusted entity data. The system includes an encryption module configured to encrypt, using a processor, the transaction data with a plurality of paired half-keys.08-08-2013
20130219176Secure Virtual File Management System - A virtual file management system provides user access to managed content on mobile devices. The system comprises storage domains storing the managed content distributively using file systems, and a data infrastructure that organizes the managed content into a virtual file system that maintains information of storage domain specific file system primitives for accessing corresponding portions of the managed content. The data infrastructure, which maintains metadata of the storage domains and the mobile devices, comprises a policy definition and decision component that maintains policies defining controls for permissible operations on the managed content, the permissible operations including the file system primitives. A client application hosted on the mobile devices is coupled to the data infrastructure and the storage domains and includes an enforcement component that communicates with the policy definition and decision component to retrieve and enforce the policies by applying the controls on the mobile devices.08-22-2013
20130227279METHOD OF OPERATING A COMPUTING DEVICE, COMPUTING DEVICE AND COMPUTER PROGRAM - Data is stored on a computing device in an encrypted form using a control application. A data access application requests access to the data. It is determined whether the data access application has available a shared encryption key that is available to the control application. If a shared encryption key is available, the shared encryption key is used to encrypt a request for access to the data. If a shared encryption key is not available, a shared encryption key is negotiated with the control application, and the negotiated shared encryption key is used to encrypt the request for access to the data. The control application receives the encrypted request, decrypts the encrypted request using the shared encryption key, and makes the data stored on the computing device in encrypted form available to the data access application in response to the decrypted request.08-29-2013
20130227280METHOD OF OPERATING A COMPUTING DEVICE, COMPUTING DEVICE AND COMPUTER PROGRAM - A data access application key is generated. The data access application key is for use by a data access application to enable decryption of data that is stored in encrypted form on a computing device using the data access application key. The data access application key is generated using an identifier of the data access application and an application key that is specific to at least one of the computing device and/or a user of the computing device.08-29-2013
20130227281MANAGING DATA - One example discloses a data manager of a data collector (DCDM) 08-29-2013
20130238898Method for Providing Information for a Controller - A method for providing items of information that are provided for the operation of a control device for a motor vehicle and are stored in at least one original data file, in which at least one selected item of information from the at least one original data file is encrypted, and in which at least one selected item of information from the at least one original data file remains unencrypted, so that at least one partially encrypted data file is provided.09-12-2013
20130238899System and Method for Remote Device Registration - A system and method for remote device registration, to monitor and meter the injection of keying or other confidential information onto a device, is provided. A producer who utilizes one or more separate manufacturers, operates a remote module that communicates over forward and backward channels with a local module at the manufacturer. Encrypted data transmissions are sent by producer to the manufacturer and are decrypted to obtain sensitive data used in the devices. As data transmissions are decrypted, credits from a credit pool are depleted and can be replenished by the producer through credit instructions. As distribution images are decrypted, usage records are created and eventually concatenated, and sent as usage reports back to the producer, to enable the producer to monitor and meter production at the manufacturer.09-12-2013
20130238900DISPERSED STORAGE NETWORK SECURE HIERARCHICAL FILE DIRECTORY - A method to generate a secure hierarchical file directory system begins by a processing module, for a child level directory of the secure hierarchical file directory system, obtaining a unique inner encryption key for encrypting the child level directory and creating one or more outer encryption keys for encrypting the unique inner encryption key. For each of the one or more outer encryption keys, the method continues with the processing module encrypting the unique inner encryption key to create one or more encrypted inner encryption keys. The method continues with the processing module creating one or more entries in a parent level directory, where each entry includes a path name, a dispersed storage network (DSN) address of the child level directory, a corresponding one of the one or more encrypted inner encryption keys, and an indicator for a corresponding one of the one or more outer encryption keys.09-12-2013
20130254536SECURE SERVER SIDE ENCRYPTION FOR ONLINE FILE SHARING AND COLLABORATION - This invention discloses a novel system and method for securing files and folders containing files on a computer system whereby the files are encrypted using a hierarchy of encryption keys that permit authorized sharing but are resistant to tampering or hacking or other malicious access of the data.09-26-2013
20130254537SYSTEMS AND METHODS FOR SECURE THIRD-PARTY DATA STORAGE - A computer-implemented method for secure third-party data storage may include 1) identifying, at a server-side computing device, a request from a client system to access an encrypted file stored under a user account, 2) identifying, in response to the request, an asymmetric key pair designated for the user account that includes an encryption key and a decryption key that has been encrypted with a client-side key, 3) receiving, from the client system, the client-side key, 4) decrypting the decryption key with the client-side key, and 5) using the decryption key to access an unencrypted version of the encrypted file. Various other methods, systems, and computer-readable media are also disclosed.09-26-2013
20130254538SYSTEMS AND METHODS FOR SECURING DATA IN MOTION - The systems and methods of the present invention provide a solution that makes data provably secure and accessible—addressing data security at the bit level—thereby eliminating the need for multiple perimeter hardware and software technologies. Data security is incorporated or weaved directly into the data at the bit level. The systems and methods of the present invention enable enterprise communities of interest to leverage a common enterprise infrastructure. Because security is already woven into the data, this common infrastructure can be used without compromising data security and access control. In some applications, data is authenticated, encrypted, and parsed or split into multiple shares prior to being sent to multiple locations, e.g., a private or public cloud. The data is hidden while in transit to the storage location, and is inaccessible to users who do not have the correct credentials for access.09-26-2013
20130254539CONTAINERLESS DATA FOR TRUSTWORTHY COMPUTING AND DATA SERVICES - A digital escrow pattern and trustworthy platform is provided for data services including mathematical transformation techniques, such as searchable encryption techniques, for obscuring data stored at remote site or in a cloud service, distributing trust across multiple entities to avoid a single point of data compromise. Using the techniques of a trustworthy platform, data (and associated metadata) is decoupled from the containers that hold the data (e.g., file systems, databases, etc.) enabling the data to act as its own custodian through imposition of a shroud of mathematical complexity that is pierced with presented capabilities, such as keys granted by a cryptographic key generator of a trust platform. Sharing of, or access to, the data or a subset of that data is facilitated in a manner that preserves and extends trust without the need for particular containers for enforcement.09-26-2013
20130262862HIGH PRIVACY OF FILE SYNCHRONIZATION WITH SHARING FUNCTIONALITY - Systems and methods for providing privacy of file synchronization with sharing functionality are presented. In embodiments, a file synchronization system comprises one or more folders associated with one or more non-shared encryption keys, which may be a managed key shared across an organization, and/or a personal key that is not shared or has limited third-party sharing. The one or more non-shared encryption keys are not known to the data storage service. The file synchronization system may also contain one or more folders associated with a shared encryption key that is shared with the data storage service, and in embodiments, with a set of users of the service. The system may include a mapping correlating folders to encryption type so items in each folder can be handled appropriately. The system may have additional folders, such as one or more public folders that may be available with limited or no restrictions.10-03-2013
20130262863SEARCHABLE ENCRYPTION PROCESSING SYSTEM - In the searchable encryption processing system, a data base server retaining data, a registration client which deposits the data into the data base server, and a search client which causes the data base server to search the data collaborate across a network, wherein the registration client, using a probabilistic encryption method which uses a mask using a homomorphic function and a hash value, deposits the encrypted data into the server, whereupon the search client, using probabilistic encryption which uses the mask which uses the homomorphic function for encryption of the search query, outputs the search query and non-corresponding data as search results without causing the data base server to unmask the mask and without allowing the frequency of occurrences of the data corresponding to the search to leak to the data base server.10-03-2013
20130262864METHOD AND SYSTEM FOR SUPPORTING SECURE DOCUMENTS - A secure document is formed having a first secure section for being accessed by a first target. The first secure section includes encrypted data displayable within the document and for forming part of the displayed secure document. The secure document also includes a first security section for use in decrypting of the first secure section. The first security section has first section security data secured therein by first target security data that is accessible to the first target. Also, the first section security section is for being displayed within the document. Another secure document is formed having a reference to secure content, which reference can be decoded, whereupon a user can be authenticated, and the secure content downloaded and viewed by the authenticated user.10-03-2013
20130262865DISTRIBUTED FILE SYSTEMS - A method of providing a distributed file system allowing the storage of data comprising a plurality of directories and files arranged in a hierarchical structure on a key addressable storage system, the storage system being accessible by a plurality of users, the method comprising the steps of: storing data of a child directory on the storage system and creating a datamap which provides the at least one location of the stored data; assigning an identifier to the child directory and to a parent directory for the child directory; encrypting the datamap using both the child directory identifier and the parent directory identifier; and storing the encrypted datamap on the storage system using at least part of the child directory identifier as the key.10-03-2013
20130268756COMPUTATIONAL SYSTEMS AND METHODS FOR ANONYMIZED STORAGE OF DOUBLE-ENCRYPTED DATA - Methods, apparatuses, computer program products, devices and systems are described that carry out receiving level-two encrypted data and at least one associated hash; storing the level-two encrypted data and at least one associated hash; and transmitting the level-two encrypted data and at least one associated hash in response to a request for at least one of the level-two encrypted data or the at least one associated hash.10-10-2013
20130283048COMPUTING DEVICE AND METHOD FOR PROTECTING SOFTWARE OF THE COMPUTING DEVICE - In a method for protecting software of a computing device, a hypertext preprocessor (PHP) software program of the computing device is encrypted using an encryption rule to obtain an encrypted file. When the encrypted file needs to be decrypted, the method determines whether a predetermined hardware lock is connected to the computing device. When the predetermined hardware lock is not connected to the computing device, the method displays a prompt that indicates the predetermined hardware lock is not connected to the computing device. When the predetermined hardware lock is connected to the computing device, the method decrypts the encrypted file with a decryption rule corresponding to the encryption rule.10-24-2013
20130283049METHOD AND DEVICES FOR PROVIDING SECURE DATA BACKUP FROM A MOBILE COMMUNICATION DEVICE TO AN EXTERNAL COMPUTING DEVICE - A method and devices for providing secure data backup from a mobile communication device to an external computing device is described. In one embodiment, there is provided a method of backing up data from a mobile communication device to an external computing device, the mobile communication device being in communication with the external computing device, the method includes: receiving a request to backup one or more data items stored on the mobile communication device; encrypting a data item using an encryption key stored in a protected memory of the mobile communication device; and transferring the encrypted data item to the external computing device for storage by the external computing device. A method of restoring backup data to a mobile communication device from an external computing device is also provided, as are mobile communication devices and computing devices configured for implementing the backup and restore operations.10-24-2013
20130290708CONFIGURATION PROTECTION FOR PROVIDING SECURITY TO CONFIGURATION FILES - The embodiments include a method for providing security for a set of configuration files corresponding to a remote monitoring application. The method may include accessing a server configured to store the set of configuration files. The server is also configured to receive a connection request, over a network, from an agent having the remote monitoring application, generate an encryption key in response to receiving the connection request, transmit the encryption key, over the network, to the agent, encrypt the set of configuration files according to an encryption algorithm and the encryption key, and transmit the encrypted set of configuration files to the agent. According to one embodiment, the server may be accessed by performing one or more maintenance actions on the server.10-31-2013
20130305045INDISCRIMINATE VIRTUAL CONTAINERS FOR PRIORITIZED CONTENT-OBJECT DISTRIBUTION - A system may be provided for dynamically serving a content file with embedded content objects over the Internet to an end user system. A content object request function may receive a request for a webpage defined by the content file, the content file comprising embedded content objects. A content-file modifier may modify the content file to inject a reporting code that instructions to generate one or more reports comprising information relating to the content objects. A report receiver may receive the reports, the reports indicating where the content objects were rendered within the webpage. An object prioritizor may prioritize the content objects based on where the content objects were rendered. A delivery controller may adapt protocols for delivering the content objects to improve access to high-priority content objects.11-14-2013
20130326217SELF-KEYED PROTECTION OF ANTICIPATORY CONTENT - Systems and methods are provided to facilitate anticipatory pushing of content to clients of a communications network in such a way that the content is unusable by the anticipatory clients until explicitly requested. Embodiments apply one or more self-keying techniques to a content dataset to generate an anticipatory dataset, such that the anticipatory dataset cannot be used to reconstruct the content dataset without a keying dataset that also can only be generated using the content dataset. The anticipatory dataset is pre-pushed to a client in anticipation of a future request for the content. If and when the client subsequently issues a request for the content dataset, the server intercepts the new copy of the content dataset received in response to the request, uses the content dataset to generate the keying dataset, and communicates the keying dataset to the client for local reconstruction of the content dataset by the client.12-05-2013
20130332728ELECTRONIC FILE ACCESS CONTROL SYSTEM AND METHOD - A method for controlling access to a digital file includes: associating digital content with a header, the header including data identifying a permitted access identity corresponding to a physical key removable from a reading computer. The method also includes encrypting the header and the digital content, the header being susceptible to decryption separate from the content by a key interface.12-12-2013
20130332729SEARCH SYSTEM, SEARCH METHOD OF SEARCH SYSTEM, INFORMATION PROCESSING DEVICE, SEARCH PROGRAM, CORRESPONDING KEYWORD MANAGEMENT DEVICE, AND CORRESPONDING KEYWORD MANAGEMENT PROGRAM - A searchable encryption resistant to frequency analysis. A conversion rule management device generates a conversion rule table associating a search keyword with a conversion keyword group. Based on the conversion rule table, a data registration device generates registration data associating encrypted data with an encrypted keyword, and registers the registration data in a server device. An information processing device obtains from the conversion rule table a conversion keyword group associated with a specified search keyword, generates an encrypted keyword group, and requests a data search by specifying the encrypted keyword group. Using as a search key an encrypted keyword included in the encrypted keyword group, the server device searches for encrypted data associated with the search key, and returns searched encrypted data. The information processing device decrypts the searched encrypted data, and outputs as a search result search data obtained by decryption.12-12-2013
20140013112ENCRYPTING FILES WITHIN A CLOUD COMPUTING ENVIRONMENT - A system, computer readable medium and a method for encrypting a file, the method may include retrieving the file from a storage service; segmenting the file into multiple file segments; calculating a file segment signature for each of the multiple file segments to provide multiple file segment signatures; encrypting each of the multiple file segments to provide multiple encrypted file segments by using encryption keys that are in response to the multiple file segment signatures; wherein the multiple encrypted file segments form an encrypted file; and sending the multiple encrypted file segments to the storage service.01-09-2014
20140013113SECURE NON-INVASIVE METHOD AND SYSTEM FOR DISTRIBUTION OF DIGITAL ASSETS - A client computer system receives a file that is at least partially encrypted. The client computer also receives a file manager and user input. In response to the user input matching data stored in an encrypted user profile, the client computer uses the file manager to decrypt the file based on a key stored in the encrypted user profile. The file is unusable if copied to another client computer, and the file manager manages usage of the file based on one or more terms of usage.01-09-2014
20140019755DATA STORAGE IN CLOUD COMPUTING - A redundant cloud storage solution may be created from individual cloud storage solutions. Files may be split into pieces and stored in separate cloud storage solutions and then retrieved from the cloud storage solutions to assemble the original ale. When splitting the files, the data may be encrypted for additional security. Additionally, redundancy may be obtained by duplicating data across multiple cloud storage solutions, such as in a RAID level 5 configuration. A server may intervene between a client device and the cloud storage solutions to perform the file splitting, encrypting, and management functions. Thus, the client access to the redundant cloud solution may function as any other network drive.01-16-2014
20140032899Method and system for secure form delivery - A system, for secure form delivery, may include a detector to detect a request to submit an electronic form that includes associated application data; an encryption module to respond to the request to submit the electronic form by automatically accessing an encryption key, determining destination information, and encrypting the associated application data, utilizing the encryption key; and a submit module to submit the electronic form to a destination, utilizing the destination information.01-30-2014
20140032900VERSIONING OF MODIFIABLE ENCRYPTED DOCUMENTS - In some embodiments, a method includes receiving a modifiable electronic document. The method includes generating a new version of the modifiable electronic document. The method also includes encrypting the new version of the modifiable electronic document using an encryption key that is used to encrypt the modifiable electronic document and different versions of the modifiable electronic document. The method includes saving the new version of the modifiable electronic document.01-30-2014
20140059344FILE PROTECTION USING SESSION-BASED DIGITAL RIGHTS MANAGEMENT - Systems and methods are provided for encrypting electronic files during a transfer to a low-security storage location is provided. In one embodiment, a method comprises receiving a file copy request for a file stored on a source storage system to be copied to a destination storage system; determining a desired file security level of the file based on a desired security level for the file when the file is accessed; determining a destination security level of the destination storage system; comparing the file security level and the destination security level; encrypting the file to create an encrypted file when the destination security level is less than the file security level prior to copying the file; and copying at least one of the file and the encrypted file to the destination storage system as a function of the comparison of the file security level and the destination security level.02-27-2014
20140059345OBLIVIOUS TRANSFER WITH HIDDEN ACCESS CONTROL LISTS - A method, apparatus, and a computer readable storage medium having computer readable instructions to carry out the steps of the method for anonymous access to a database. Each record of the database has different access control permissions (e.g. attributes, roles, or rights). The method allows users to access the database record while the database does not learn who queries a record. The database does not know which record is being queried: (i) the access control list of that record or (ii) whether a user's attempt to access a record had been successful. The user can only obtain a single record per query and only those records for which he has the correct permissions. The user does not learn any other information about the database structure and the access control lists other than whether he was granted access to the queried record, and if so, the content of the record.02-27-2014
20140068254UPLOAD AND DOWNLOAD STREAMING ENCRYPTION TO/FROM A CLOUD-BASED PLATFORM - Embodiments of the present disclosure include systems and methods for upload and/or download streaming encryption to/from an online service, or cloud-based platform or environment. The encryption process includes the following parts: Upload encryption, download decryption, and a central piece of infrastructure called the Interval Key Server (IKS). During both upload and download, the encryption and decryption processes are performed while the files are being uploaded/downloaded, (e.g., the files are being encrypted/decrypted as they are being streamed).03-06-2014
20140068255METHOD OF MANAGING MEDICAL INFORMATION IN OPERATING SYSTEM FOR MEDICAL INFORMATION DATABASE - Provided is a method of managing medical information in an operating system for a medical information database, the method including encrypting, by a first user, medical information having patient treatment information by using a group key, and second medical information having patient private key by using a private key, generating, by the first user, an index corresponding to the encrypted first medical information, storing the encrypted first and second medical information and the index to the medical information database, searching, by a second user, the medical information database for the encrypted first medical information by using the index; and decrypting the searched encrypted first medical information by using the group key.03-06-2014
20140068256METHODS AND APPARATUS FOR SECURE MOBILE DATA STORAGE - A computer-implemented method for securing data to be stored in a computing device programmed to perform the method includes determining in the computing device, a save request from an application running upon the computing device to an operating system of the computing device to save a file in a memory of the computing device, determining in the computing device, whether a first key is available, and when the first key is available, the method includes automatically encrypting in the computing device, the file using the first key to form an encrypted file, in response to the save request, and automatically requesting with the computing device, the operating system of the computing device to store the encrypted file in the memory.03-06-2014
20140075187SELECTIVE AUTHORIZATION OF THE LOADING OF DEPENDENT CODE MODULES BY RUNNING PROCESSES - Systems and methods for selective authorization of dependent code modules are provided. According to one embodiment, responsive to a monitored file system or operating system event initiated by an active process, a real-time authentication process is performed or bypassed on a code module to which the monitored event relates with reference to a whitelist that includes cryptographic hash values of approved code modules, which are known not to contain viruses or malicious code. The active process is allowed to load the code module when the authentication process is bypassed or when the cryptographic hash value of the code module matches one of the cryptographic hash values of approved code modules within the whitelist.03-13-2014
20140082354SYSTEM AND METHOD FOR OBTAINING KEYS TO ACCESS PROTECTED INFORMATION - A server uses an encryption key to decrypt authentication information thereby facilitating communication with network-accessible applications that may be remotely located from the server. Servers can also use encryption keys to decrypt files containing sensitive data. The encryption key is obtained by a collection of software agents, each providing a portion of information necessary for generating the encryption key. Each software agent performs a respective examination, the results of which determine whether the respective portion of information is valid or not. A complete encryption key can be obtained only when all of the contributing portions of information are valid.03-20-2014
20140082355SECURE SYSTEM FOR ALLOWING THE EXECUTION OF AUTHORIZED COMPUTER PROGRAM CODE - Systems and methods for selective authorization of code modules are provided. According to one embodiment, a whitelist containing cryptographic hash values of code modules that are approved for loading into memory of a computer system and execution on the computer system is maintained by a kernel mode driver of the computer system. At least a subset of the cryptographic hash values has been included within the whitelist based upon results of application of one or more behavior analysis techniques to a corresponding subset of code modules. The kernel mode driver monitors a set of events occurring within one or more of a file system accessible by the computer system and an operating system that manages resources of the computer system. The kernel mode driver causes a cryptographic hash value of a code module relating to an observed event of the set of events to be authenticated with reference to the whitelist. When the cryptographic hash value matches one of the cryptographic hash values of approved code modules within the whitelist, the code module is allowed to be loaded and executed within the computer system.03-20-2014
20140082356PROTECTION OF INTERPRETED SOURCE CODE IN VIRTUAL APPLIANCES - Protection of interpreted programming language code filesystem files from access and alteration may be provided by encrypting a file to be protected in a boot sequence. Run-time examination of a virtual appliance may be deterred by hiding the boot sequence in a restricted virtual appliance platform. No shell or filesystem access may be provided. Thus, permissions on a read-only filesystem (for example) may be kept from being altered. The permissions may be set along with filesystem access control lists to prevent unauthorized examination of the source files.03-20-2014
20140089662SYSTEMS AND METHODS FOR SHARING FILES AMONG MULTIPLE TERMINALS - Embodiments of the disclosure provide a method and apparatus for sharing data. The method includes: initiating the data sharing application on a first terminal; inserting the file to be shared in a webpage of the data sharing application on the first terminal, and generating an URL for the file in the data sharing application; the data-sharing application of the first terminal broadcasts the URL to other terminal, so that other terminals can share the file via the URL. The present disclosure can reduce the cost of data sharing while improve on the real-timeliness.03-27-2014
20140095868SYSTEM AND METHOD FOR MULTI-LAYERED SENSITIVE DATA PROTECTION IN A VIRTUAL COMPUTING ENVIRONMENT - Systems and methods for providing sensitive data protection in a virtual computing environment. The systems and methods utilize a sensitive data control monitor on a virtual appliance machine administering guest virtual machines in a virtual computing environment, wherein each of the guest virtual machines may include a local sensitive data control agent. The sensitive data control monitor generates encryption keys for each guest virtual machine which are sent to the local sensitive data control agents and used to encrypt data locally on a protected guest virtual machine. In this manner the data itself on the virtual (or physical) disc associated with the guest virtual machine is encrypted while access attempts are gated by a combination of the local agent and the environment-based monitor, providing for secure yet administrable sensitive data protection.04-03-2014
20140095869SECURE DATA STORAGE - Methods and systems for obscuring the location of critical system files are provided. In particular, the locations of files stored within a file system are selected by applying various inputs to a hash algorithm. For system files, the inputs applied to the hash algorithm can include a user name and password. For data files, the information provided to the hash algorithm can include the file name. In addition to providing random file locations, a file system in accordance with embodiments of the present invention can homogenize other information, including file names, sizes and creation dates.04-03-2014
20140108792Controlling Device Access to Enterprise Resources in an Orchestration Framework for Connected Devices - Aspects described herein allow multiple devices to function as a coherent whole, allowing each device to take on distinct functions that are complementary to one another. Aspects described herein also allow the devices function as a coherent whole when interconnected devices and their respective applications are configured to operate in various operation modes, when management policies are employed to control the operation of the interconnected devices and their respective applications, when transferring content between the interconnected devices and storing the content at those devices, when obtaining access credentials for the interconnected devices that enable the devices to access enterprise resources, when a policy agent applies management policies to control operation of and interaction between the interconnected devices, and when the interconnected devices are used to access an enterprise application store.04-17-2014
20140108793CONTROLLING MOBILE DEVICE ACCESS TO SECURE DATA - Various aspects of the disclosure relate to providing secure containers or data vaults for data of one or more managed applications. In some embodiments, each managed application may be assigned its own private data vault and/or may be assigned a shared data vault that is accessible to at least one other managed application. As the managed application executes, calls for access to the data may be intercepted and redirected to the secure containers. Data stored in a secure container may be encrypted according to a policy. Other aspects relate to deleting data from a secure container, such as via a selective wipe of data associated with a managed application. Further aspects relate to configuring and creating the secure containers, retrieving key information required to encrypt/decrypt the data stored in the secure containers, and publishing the managed applications, policy information and key information for download to a mobile device.04-17-2014
20140108794CONTROLLING MOBILE DEVICE ACCESS TO SECURE DATA - Various aspects of the disclosure relate to providing secure containers or data vaults for data of one or more managed applications. In some embodiments, each managed application may be assigned its own private data vault and/or may be assigned a shared data vault that is accessible to at least one other managed application. As the managed application executes, calls for access to the data may be intercepted and redirected to the secure containers. Data stored in a secure container may be encrypted according to a policy. Other aspects relate to deleting data from a secure container, such as via a selective wipe of data associated with a managed application. Further aspects relate to configuring and creating the secure containers, retrieving key information required to encrypt/decrypt the data stored in the secure containers, and publishing the managed applications, policy information and key information for download to a mobile device.04-17-2014
20140108795METHOD AND APPARATUS FOR FILE ENCRYPTION/DECRYPTION - A file encrypting method and apparatus, and a file decrypting method and apparatus is provided. The method includes following steps: creating a virtual disk; the virtual disk receiving a writing request from a file system, encrypting data in the writing request; and notifying the file system to write the encrypted data into a corresponding physical disk, so that the file system writes the encrypted data into the corresponding physical disk after receiving a notification from the virtual disk. The methods and apparatuses can employ the virtual disk to encrypt data in the writing request and decrypt the data required by the reading request, and this manner achieves highly-reliable, secure and effective file encrypting.04-17-2014
20140115327TRUST SERVICES DATA ENCRYPTION FOR MULTIPLE PARTIES - In one scenario, a computer system accesses a first principal's public key to generate a group private key that is encrypted using the first principal's public key. The generated group private key provides access to data keys that are used to encrypt data resources. The computer system accesses a second principal's public key to encrypt the generated group private key using the second principal's public key and encrypts at least one of the data keys using a group public key, where the data key allows access to encrypted data resources. The first principal then decrypts the group private key using the first principal's private key, decrypts the data key using the decrypted group private key and accesses the data resource using the decrypted data key. The second principal also performs these functions with their private key to access the data resource.04-24-2014
20140115328FORMAT FRIENDLY ENCRYPTION - Techniques are disclosed for encrypting application data files using a format-friendly encryption process. A software agent may create an encrypted version of an application file using the same data file format of the unencrypted file. For example, when a user encrypts a word processing document, the software agent outputs a word processing document which includes an encrypted copy of the first word processing document. Application data files for other file formats may be encrypted in a similar manner. Further, format-friendly encrypted documents may include instructions for accessing the encrypted content, allowing the standard applications for accessing a given file format to present the instructions to a user. Creating encrypted document using the format-friendly encryption formats allows users who access an encrypted file hosted by a cloud storage provider to receive the information needed to access that application file.04-24-2014
20140115329SYSTEMS AND METHODS FOR DATA VERIFCATION AND REPLAY PREVENTION - A system and method are provided for the secure sharing of information stored using cloud storage services and for performing data verification and replay protection for information stored on an open network.04-24-2014
20140129830Process for Storing Data on a Central Server - This disclosure describes a process for storing data on a central server with a plurality of users, each of them having their own user password used for creating a user key, being respectively assigned to some of these users, and some of the data, being divided into data blocks to be uploaded, and each data block being compared to data blocks on the server based on a unique data block ID value in order to determine whether a corresponding data block is already stored on the server and to upload to the server those data blocks which are not already present, a data block list to be uploaded being created and uploaded to the central server, so that in a data recovery step data stored on the central server which are requested by the user can be restored in their original form based on said list.05-08-2014
20140129831Computer-Implemented System And Method For Individual Message Encryption Using A Unique Key - A computer-implemented system and method for individual record encryption is provided. A plurality of records associated with incoming calls to a call center are maintained. A unique encryption key is randomly generated for each record. The records are each encrypted using the encryption key generated for that record. The keys are stored in a location separate from the encrypted records.05-08-2014
20140129832TRANSPARENT REAL-TIME ACCESS TO ENCRYPTED NON-RELATIONAL DATA - Embodiments include a computer system, method and program product for encrypted file access. An access program module, connected to at least one file system, intercepts a data request for accessing a plaintext file with information stored physically and consecutively on a hard disk and having a pre-determined order and length expected by a program that sends the data request, wherein the plaintext file includes a plaintext record having a key field and a plaintext data field. The access program module determines an encrypted file, associated with the plaintext file, based on a configuration file and the data request, wherein the configuration file indicates the encrypted file associated with the plaintext file. The access program module determines one or more encryption keys based on the configuration file. The access program module accesses an encrypted data field within the encrypted file based on the encryption keys and the key field.05-08-2014
20140129833MANAGEMENT OF SECURE DATA IN CLOUD-BASED NETWORK - A processor receives a request to access secure data. The processor translates the request in order to locate the secure data in a secure data store. The processor retrieves the secure data from the secure data store. The processor encodes the secure data to generate protected secure data. The processor transmits the protected secure data from the secure data store to at least one instantiated virtual machine in a cloud-based network.05-08-2014
20140136840COMPUTER SYSTEM FOR STORING AND RETRIEVAL OF ENCRYPTED DATA ITEMS USING A TABLET COMPUTER AND COMPUTER-IMPLEMENTED METHOD - A computer system comprising multiple sets of client computers coupled to a database system via a network. Each client computer having installed thereon an application program that comprises client computer specific log-in information. The database system having a log-in component for logging-in the client computers, and being partitioned into multiple relational databases. Each one of the relational databases being assigned to one set of the sets of client computers. Each one of the relational databases storing encrypted data items. Each data item being encrypted with one of the user or user-group specific cryptographic keys. A key identifier of the cryptographic key with which one of the data items is encrypted being stored in the relational database as an attribute of the one of the encrypted data items. The log-in component comprising assignment information indicative of the assignment of the databases to the set of client computers.05-15-2014
20140143540Method and Apparatus for Splitting and Encrypting Files in Computer Device - A method for splitting a file in a computer device, the method comprising defining a moving window with a specified length and a random value; obtaining a content of the file by aligning the moving window to a specific place of the file; computing a result according to a cryptographic function of the content of the file; determining a cutting point according to the result and the random value; and splitting the file into segments according to the cutting point.05-22-2014
20140143541Method and Apparatus for Managing Encrypted Files in Network System - A method for managing a file in a remote folder in a shared storage in a network system is disclosed. The method comprises generating a symmetric cryptographic key for the file; generating a ciphertext according to a symmetric encrypting function of the file operating with the symmetric cryptographic key for the file; generating a metadata according to the symmetric encrypting function of the symmetric cryptographic key for the file operating with a symmetric cryptographic key for the remote folder; and uploading the ciphertext and the metadata to the remote folder.05-22-2014
20140143542Method and Apparatus for Managing Encrypted Folders in Network System - A method for managing an encrypted folder in a shared storage in a network system, the method comprising generating a symmetric cryptographic key for a folder; generating a first metadata according to a symmetric encrypting function of the symmetric cryptographic key for the folder operating with a symmetric cryptographic key for a remote folder; and creating the folder with the first metadata in the remote folder; wherein the remote folder has a second metadata or an access control list comprising at least one entry with at least one identity of at least one collaborator, at least one public key of the at least one collaborator and at least one encryption of the symmetric cryptographic key for the remote folder according to an asymmetric encrypting function operating with the at least one public key of the at least one collaborator, for providing the symmetric cryptographic key for the remote folder.05-22-2014
20140156991METHOD AND SYSTEM FOR SECURING ELECTRONIC DATA - The various embodiments herein provide a method for securing electronic data using an automatic key management technique to manage cryptographic keys. The method for securing electronic data comprises providing a data to a writer module, embedding a data usage policy, encrypting the data through a symmetric key encryption, creating a secure data file format for the data, accessing the secure data file format through a reader module, checking for a data file usage policy, dynamically updating the data file usage policy, if there is a change in the file usage policy on an application server, authenticating a user as per the file usage policy, decrypting the secure data file format, invoking one or more adapters and enforcing the data file usage policy. The secure data file format herein comprises data encrypted with a layered structure, instructions for computation of keys along with randomized data and instructions for de-randomizing of data.06-05-2014
20140164766PRIVACY MANAGEMENT FOR TRACKED DEVICES - A system is disclosed that protects private data of users while permitting the monitoring or tracking of electronic devices that are shared for both business and private purposes. The electronic devices may be configured to selectively encrypt location data, and/or other types of data, before such data is transmitted to a monitoring center. For example, data collected or generated on a user device outside of work hours may be encrypted with a private key of the device's user prior to transmission to the monitoring center, so that the data is not accessible to the employer. Data collected or generated during work hours may be transmitted without such encryption.06-12-2014
20140173277SYSTEM AND METHOD OF MOBILE LIGHTWEIGHT CRYPTOGRAPHIC DIRECTORY ACCESS - A system for handling an LDAP service request to an LDAP server for an LDAP service comprises a client program executable on a client system and a handler program executable on a handler system. The client program is operable to generate LDAP service request data corresponding to the LDAP service and provide the LDAP service request data for transmission from the client system, and further operable to receive LDAP service reply data in response to the LDAP service request data. The handler program is operable to receive the LDAP service request data transmitted from the client system and execute the LDAP service request to the LDAP server, receive LDAP service reply data from the LDAP server during one or more passes, and upon completion of the LDAP service, provide the LDAP service reply data for transmission to the client system in a single pass.06-19-2014
20140181510CONTROL SYSTEM, INFORMATION PROCESSING APPARATUS, TERMINAL DEVICE, CONTROL METHOD, AND COMPUTER READABLE MEDIUM - A control system includes an information processing apparatus and a terminal device which perform wireless communication with each other, wherein the terminal device is moved with a user, and includes: a switching request signal transmission section that transmits a switching request signal, the information processing apparatus includes: a received signal strength measuring section that measures a received signal strength of a transmitted signal; and a control section that sets the received signal strength measured when receiving the switching request signal to a switching threshold value, and switches the information processing apparatus from the second status to the first status when the received signal strength becomes less than the switching threshold value, and switches it from the first status to the second status when the received signal strength becomes larger than the switching threshold value.06-26-2014
20140181511SECURE SYSTEM FOR ALLOWING THE EXECUTION OF AUTHORIZED COMPUTER PROGRAM CODE - Systems and methods for selective authorization of code modules are provided. According to one embodiment, file system or operating system activity relating to a code module is intercepted by a kernel mode driver of a computer system. The code module is selectively authorized by authenticating a cryptographic hash value of the code module with reference to a multi-level whitelist. The multi-level whitelist includes (i) a global whitelist database remote from the computer system that is maintained by a trusted service provider and that contains cryptographic hash values of approved code modules, which are known not to contain viruses or malicious code and (ii) a local whitelist database containing cryptographic hash values of at least a subset of the approved code modules. The activity relating to the code module is allowed when the cryptographic hash value matches one of the cryptographic hash values of approved code modules within the multi-level whitelist.06-26-2014
20140181512COMPUTER IMPLEMENTED METHOD FOR PERFORMING CLOUD COMPUTING ON DATA BEING STORED PSEUDONYMOUSLY IN A DATABASE - The invention relates to a computer implemented method for performing cloud computing on data of a first user employing cloud components, the cloud components comprising a first database and a data processing component, wherein an asymmetric cryptographic key pair is associated with the first user, said asymmetric cryptographic key pair comprising a public key and a private key, the data being stored pseudonymously non-encrypted in the first database with the data being assigned to an identifier, wherein the identifier comprises the public key, the method comprising retrieving the data from the first database by the data processing component, wherein retrieving the data from the first database comprises receiving the identifier and retrieving the data assigned to the identifier from the first database, wherein the method further comprises processing the retrieved data by the data processing component and providing a result of the analysis.06-26-2014
20140189348Integrated Data Deduplication and Encryption - The subject disclosure is directed towards encryption and deduplication integration between computing devices and a network resource. Files are partitioned into data blocks and deduplicated via removal of duplicate data blocks. Using multiple cryptographic keys, each data block is encrypted and stored at the network resource but can only be decrypted by an authorized user, such as domain entity having an appropriate deduplication domain-based cryptographic key. Another cryptographic key referred to as a content-derived cryptographic key ensures that duplicate data blocks encrypt to substantially equivalent encrypted data.07-03-2014
20140189349Decrypting Files for Data Leakage Protection in an Enterprise Network - A method of decrypting an encrypted file within an enterprise network is provided. The method includes identifying by a password collecting module a password entered during a file encryption procedure performed at a terminal and storing the password; receiving an encrypted file by a data leakage protection (DLP) module; and attempting to decrypt the encrypted file with the password by the DLP module.07-03-2014
20140195802PAGE ENCRYPTION SYSTEM - Text containing files are encrypted by first formatting the files for display. The display-formatted files are then coded to form files indicating the information. The files are encrypted. The coding can determine a distance of a transition between a first color and a second color in the display file, and code that distance to form coded distance information and encrypt the coded distance information07-10-2014
20140201524Systems and Methods for Securing Data in a Cloud Computing Environment Using In-Memory Techniques and Secret Key Encryption - In one embodiment, a computer-implemented method comprises determining, by a controller, whether a first data store is in an initialization mode. The first data store stores client data. A second data store stores credential data of the first user and credential data of a second user. An application server includes a first secret key store. An in-memory database server includes a second secret key store. The method further comprises, if the first data store is in the initialization mode, receiving, by the controller, from the second user a secret key for encrypting the client data stored in the first data store; and storing, in the first key store, the secret key. The method further comprises, in an operational mode, authenticating the first user based on the credential data of the first user; if the first user is authenticated, processing, in the application server, a user request from the first user.07-17-2014
20140201525SYSTEM AND METHOD FOR MULTI-LAYERED SENSITIVE DATA PROTECTION IN A VIRTUAL COMPUTING ENVIRONMENT - Systems and methods for providing sensitive data protection in a virtual computing environment. The systems and methods utilize a sensitive data control monitor on a virtual appliance machine administering guest virtual machines in a virtual computing environment, wherein each of the guest virtual machines may include a local sensitive data control agent. The sensitive data control monitor generates encryption keys for each guest virtual machine which are sent to the local sensitive data control agents and used to encrypt data locally on a protected guest virtual machine. In this manner the data itself on the virtual (or physical) disc associated with the guest virtual machine is encrypted while access attempts are gated by a combination of the local agent and the environment-based monitor, providing for secure yet administrable sensitive data protection.07-17-2014
20140201526SYSTEM, METHOD, AND APPARATUS FOR DATA, DATA STRUCTURE, OR ENCRYPTION KEY COGNITION INCORPORATING AUTONOMOUS SECURITY PROTECTION - A system, method, and apparatus for securing a date file or a cognitive encryption key data file stored in a storage medium or memory device. The date file or encryption key file having stored instructions for an embedded autonomous executable program which is executed each time there is an attempt to access, control, or manipulate the encryption key file includes querying a user of the date file or encryption key file, the user environment of the date file or encryption key file, or both, for information required for analyzing a computational environment in relation to required security parameters for the cognitive date file or encryption key file. The information in relation to the security parameters is received and analyzed. The computational environment of the user is determined and analyzed in relation to the required security parameters. Access to and/or use of the date file or encryption key file is either permitted or denied based on the analysis of the user and computational environment. Autonomous embedded data cognition enables data, cryptographic data, authentication codes, etc. to perform real-time environmental configuration control, self-manage, self-obfuscate, perform analyses, determine its current situation, and evaluate behavior to respond accordingly. Data-to-data reasoning and analyses can be performed.07-17-2014
20140208102METHOD OF PROTECTING DIGITAL INFORMATION - The method provides encoding digital information by assigning encoding values from a plurality of collectives of encoding values to the message symbols. The collectives are unbound from each other, are selected randomly, and setting a correspondence between the symbols and encoding values of the selected collectives is random. Elements of the encoded message can be further assigned encoding values of further selected collectives. The method can be implemented both in virtual form using Cloud Computing technology and in a physical form, where encryption and decryption blocks are implemented in one environment physically protected against unauthorized access, writing and copying. Performing encoding and decoding in a user-inaccessible environment and providing the user only with the results of encoding and decoding processes prevents unauthorized access thereto from occurring.07-24-2014
20140208103FILE ENCRYPTION, DECRYPTION AND ACCESSVIA NEAR FIELD COMMUNICATION - Methods and devices for NFC-tap file encryption, decryption and access via Near Field Communication (NFC) are disclosed. A user can select an unencrypted file stored in a computing device for encryption. Upon encryption, the file name of the selected file and the encryption key used to encrypt the selected file are transmitted to an NFC-enabled wireless device for storage. The user can select an encrypted file stored in the computing device for access. As the user taps the computing device with the wireless device, the file name of the selected file is transmitted to the wireless device, which in turn transmits a decryption key for decrypting the selected file to the computing device. The computing device decrypts the selected file with the decryption key. The user can now access the decrypted file.07-24-2014
20140215208VIRTUAL STORAGE SYSTEM AND FILE ENCRYPTION METHODS - A virtual storage system in data communication with a user computing device via a communication network and file encryption methods for encrypting electronic documents to be uploaded into a virtual storage system where the virtual storage system includes at least one processor which captures a data stream corresponding to an electronic document retrieved from an external system, to be uploaded to the virtual storage system, and creates at least one encryption parameter and encrypts the data stream captured using the at least one encryption parameter created. The virtual storage system further includes a plurality of redundant physical storage devices in data communication with the at least one processor and each configured to store the encrypted data stream corresponding to the electronic document.07-31-2014
20140215209ENTERPRISE DISTRIBUTED FREE SPACE FILE SYSTEM - A method and system for effective utilization of free space in electronic devices with a non-volatile memory, across an enterprise is disclosed. The enterprise distributed free space file system disclosed herein comprises a central server and multiple nodes with an agent in each node. The agent creates hidden blocks of configurable sizes in the free spaces of each electronic device and reports the availability of blocks to the central server. The central server encrypts the content to be stored in the blocks and generates an encryption key for each block. The encryption keys are randomly generated and stored in the database of the central server. The encrypted content is invisible to the owner of the electronic device. The encryption key is not shared with nodes or any other system. Further, the stored content in the free spaces can be accessed only through the central server.07-31-2014
20140215210Data Sharing Method and Device - A method includes receiving a request by a second user through a uniform resource locator (URL) for a user key of a shared file of a first user. The second user is a legitimate user authorized by the first user through a trust center to access the shared file. The shared file is a shared file encrypted by using the user key of the first user. A file description of the corresponding shared file is obtained from a cloud server according to the URL. The file description is a file description obtained by encrypting the user key by using a public key of the trust center. The file description is decrypted using a private key corresponding to the public key of the trust center to obtain the user key of the first user. The user key is sent to the second user.07-31-2014
20140223176AUTOMATING THE CREATION AND MAINTENANCE OF POLICY COMPLIANT ENVIRONMENTS - Embodiments of the present invention provide for a method, system, and apparatus for creating a policy compliant environment on a computer. In an embodiment of the invention, an encrypted file can be loaded into memory of a computing. The encrypted file can define a security policy for the computing device. The method can further include validating the encrypted file to ensure an authenticity of the encrypted file and updating the security policy of a target computing device in response to a successful validation of the encrypted file according to the validated encrypted file.08-07-2014
20140223177ELECTRONIC DATA SHARING DEVICE AND METHOD OF USE - An electronic data sharing device configured to exchange a first tag with a corresponding tag from a further electronic data sharing device, wherein the first and second tags provide information that enables respective users of the electronic data sharing devices to share information via a server enabled internet-connected software system associated with the electronic data sharing devices, wherein the electronic data sharing device is either configured with a pre-shared key or is able to encrypt a session key, wherein the pre-shared key or session key are used to generate tags to ensure that: the electronic data sharing device and tags can only be made use of by the server.08-07-2014
20140237230COMPUTER SYSTEM FOR STORING AND RETRIEVAL OF ENCRYPTED DATA ITEMS, CLIENT COMPUTER, COMPUTER PROGRAM PRODUCT AND COMPUTER-IMPLEMENTED METHOD - A system is disclosed comprising multiple sets of client computers each client computer having installed thereon an application program The application program comprising client computer specific log-in information, a database system coupled to the set of client computers via a network. The database system having a log-in component for logging-in the client computers, and being partitioned into multiple relational databases each one of which is assigned to one set of the sets of client computers. Each database further storing encrypted data items, each data item being encrypted with one of the user or user-group specific cryptographic keys, the key identifier of the cryptographic key with which one of the data items is encrypted being stored in the database as an attribute of the one of the encrypted data items. The log-in component comprising assignment information indicative of the assignment of the databases to the set of client computers.08-21-2014
20140237231COMPUTER SYSTEM FOR STORING AND RETRIEVAL OF ENCRYPTED DATA ITEMS, CLIENT COMPUTER, COMPUTER PROGRAM PRODUCT AND COMPUTER-IMPLEMENTED METHOD - A system is disclosed comprising multiple sets of client computers each client computer having installed thereon an application program. The application program comprising client computer specific log-in information, a database system coupled to the set of client computers via a network. The database system having a log-in component for logging-in the client computers, and being partitioned into multiple relational databases each one of which is assigned to one set of the sets of client computers. Each database further storing encrypted data items, each data item being encrypted with one of the user or user-group specific cryptographic keys, the key identifier of the cryptographic key with which one of the data items is encrypted being stored in the database as an attribute of the one of the encrypted data items. The log-in component comprising assignment information indicative of the assignment of the databases to the set of client computers.08-21-2014
20140237232SELECTIVE SHREDDING IN A DEDUPLICATION SYSTEM - Making a target file impratical to be retrieved comprises decrypting a directory manager file using a first directory manager file key. The directory manager file includes an encryption key for a segment that is used when reconstructing a target file. The directory manager file is modified by deleting a reference to the target file. The reference includes a file encryption key. Retrieving the target file is made impractical by the deletion of the reference to the target file in the directory manager file. The modified directory manager file is encrypted using a second directory manager file key.08-21-2014
20140237233METHOD AND APPARATUS FOR PROVIDING CONTENT - Methods and systems for enabling content to be securely and conveniently distributed to authorized users are provided. More particularly, content is maintained in encrypted form on sending and receiving devices, and during transport. In addition, policies related to the use of, access to, and distribution of content can be enforced. Features are also provided for controlling the release of information related to users. The distribution and control of contents can be performed in association with a client application that presents content and that manages keys.08-21-2014
20140237234ENHANCED SYSTEM SECURITY - Methods and systems for maintaining the confidentiality of data provided by an organization for storage on a third party database system are provided. The data can be encrypted on an internal network of the organization and sent to the third party database system for storage. The third party database system can associate metadata with the encrypted data and can store the encrypted data. Accordingly, when a request for the encrypted data is received from a computing device communicating with an internal network of the organization, the encrypted data and associated metadata can be sent to the computing device. A key that is stored on an internal network of the organization can be called through an applet, which utilizes information within the metadata to locate the key on the internal network of the organization.08-21-2014
20140237235INFORMATION PROCESSING DEVICE, INFORMATION STORAGE DEVICE, SERVER, INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING METHOD, AND PROGRAM - Content usage control is realized on condition of the establishment of user authentication without having to communicate with a server or the like. An information storage device such as a memory card stores an encrypted content, a converted title key obtained by converting a title key which is an encryption key, and a user token obtained by converting binding secret information to be applied to calculate the title key from the converted title key. A reproducing device that decrypts and reproduces the encrypted content acquires the converted title key and the user token, and generates an authentication key on the basis of user identification information such as a user ID. Furthermore, the binding secret information is calculated by computation processing between the user token and the authentication key, the title key is calculated from the converted title key by applying the calculated binding secret information, and decryption processing of the encrypted content is executed by applying the calculated title key.08-21-2014
20140250300SECURE STORAGE AND ACCELERATED TRANSMISSION OF INFORMATION OVER COMMUNICATION NETWORKS - A system and method for securely obfuscating, storing, and transmitting digital information includes a computing device configured to parse at least a portion of one or more bit streams to form a plurality of first datasets. The computing device is configured to disperse the plurality of first datasets into multiple data blocks to form t volumes as part of a plurality of second bit streams such that m number of volumes contain a complete data set, wherein m09-04-2014
20140258717CLOUD APPLICATION INSTALLED IN CLIENT TERMINAL CONNECTED TO CLOUD SERVER - A cloud application system installed in a client terminal that is connected to a cloud server via a network, the cloud application system comprising: a first driver controlling module configured to display a list of folders of a relevant user in the cloud server by communicating with the cloud server; a second cloud driver controlling module configured to encrypt a file of the cloud server to store it as the encrypted security file when the file is stored in the client terminal.09-11-2014
20140258718METHOD AND SYSTEM FOR SECURE TRANSMISSION OF BIOMETRIC DATA - The invention relates to a system (09-11-2014
20140258719DISTRIBUTED ENCRYPTION AND ACCESS CONTROL SCHEME IN A CLOUD ENVIRONMENT - System, computer readable medium and method for decryption. The method may include receiving, by a third computerized system and from a fourth computerized system, a first encrypted file entity key and signed access metadata. The first encrypted file entity key is created by encrypting a file entity key by a first computerized system using an encryption key of a second computerized system. The signed access metadata is signed by the file entity key. The encrypted file entity is created by encrypting a file entity by the first computerized system using the file entity key. Sending, by the third computerized system, the signed access metadata and the first encrypted file entity key to the second computerized system. Receiving a response from the second computerized system. Determining, based on the response from the second computerized system, whether to facilitate a decryption of the encrypted file entity by the fourth computerized entity.09-11-2014
20140258720SYSTEMS AND METHODS FOR TRANSPARENT PER-FILE ENCRYPTION AND DECRYPTION VIA METADATA IDENTIFICATION - A new approach is proposed that contemplates systems and methods to support encryption and decryption of files including data and source code associated with a software application running in a virtual environment on a per-file basis outside of a kernel of an operating system. The proposed approach utilizes metadata of the files associated with the software application to determine the files to be encrypted and decrypted and to monitor various properties of the files including the sizes of the unencrypted files for accurate reporting of information about the files. Under such an approach, the source code of the applications are encrypted and decrypted transparently at the file level without modifying or altering any of the source code of the application, the kernel and libraries of the operating system, and/or any components which are proprietary to the virtual environment.09-11-2014
20140281512SECURE QUERY PROCESSING OVER ENCRYPTED DATA - The subject disclosure is directed towards secure query processing over encrypted database records without disclosing information to an adversary except for permitted information. In order to adapting semantic security to a database encryption scheme, a security model for all query processing is specified by a client and used to determine which information is permitted to be disclosed and which information is not permitted. Based upon the security model, a trusted, secure query processor transforms each query and an encrypted database into secure query results. Even though the adversary can view the secure query results during communication to the client, the adversary cannot determine any reliable information regarding the secure query results or the encrypted database.09-18-2014
20140281513BLOCK ENCRYPTION - A method of storing a file is provided. The method includes splitting the file into a plurality of file chunks and encrypting each file chunk of the plurality of file chunks. The method also includes generating a first security key that decrypts a first encrypted file chunk of the plurality of encrypted file chunks and storing ones of the plurality of encrypted file chunks at a second location separate and distinct from the first location. The method also includes storing a second security key that decrypts a second encrypted file chunk of the plurality of file chunks at the first encrypted file chunk where access is gained to the second security key when the first encrypted file chunk is decrypted using the first security key.09-18-2014
20140281514AUTOMATIC FILE ENCRYPTION - A method for automatically encrypting files is disclosed. In some cases, the method may be performed by computer hardware comprising one or more processors. The method can include detecting access to a first file, which may be stored in a primary storage system. Further, the method can include determining whether the access comprises a write access. In response to determining that the access comprises a write access, the method can include accessing file metadata associated with the first file and accessing a set of encryption rules. In addition, the method can include determining whether the file metadata satisfies the set of encryption rules. In response to determining that the file metadata satisfies the set of encryption rules, the method can include encrypting the first file to obtain a first encrypted file and modifying an extension of the first encrypted file to include an encryption extension.09-18-2014
20140281515ENCRYPTED FILE PRESENTATION - A method for automatically encrypting files is disclosed. In some cases, the method may be performed by computer hardware comprising one or more processors. The method can include detecting access to a first file, which may be stored in a primary storage system. Further, the method can include determining whether the access comprises a write access. In response to determining that the access comprises a write access, the method can include accessing file metadata associated with the first file and accessing a set of encryption rules. In addition, the method can include determining whether the file metadata satisfies the set of encryption rules. In response to determining that the file metadata satisfies the set of encryption rules, the method can include encrypting the first file to obtain a first encrypted file and modifying an extension of the first encrypted file to include an encryption extension.09-18-2014
20140281516AUTOMATIC FILE DECRYPTION - A method for automatically encrypting files is disclosed. In some cases, the method may be performed by computer hardware comprising one or more processors. The method can include detecting access to a first file, which may be stored in a primary storage system. Further, the method can include determining whether the access comprises a write access. In response to determining that the access comprises a write access, the method can include accessing file metadata associated with the first file and accessing a set of encryption rules. In addition, the method can include determining whether the file metadata satisfies the set of encryption rules. In response to determining that the file metadata satisfies the set of encryption rules, the method can include encrypting the first file to obtain a first encrypted file and modifying an extension of the first encrypted file to include an encryption extension.09-18-2014
20140281517FILE BACKUP WITH SELECTIVE ENCRYPTION - A method for automatically encrypting files is disclosed. In some cases, the method may be performed by computer hardware comprising one or more processors. The method can include detecting access to a first file, which may be stored in a primary storage system. Further, the method can include determining whether the access comprises a write access. In response to determining that the access comprises a write access, the method can include accessing file metadata associated with the first file and accessing a set of encryption rules. In addition, the method can include determining whether the file metadata satisfies the set of encryption rules. In response to determining that the file metadata satisfies the set of encryption rules, the method can include encrypting the first file to obtain a first encrypted file and modifying an extension of the first encrypted file to include an encryption extension.09-18-2014
20140281518MULTI-TIER FILE RESTORATION - A method for automatically encrypting files is disclosed. In some cases, the method may be performed by computer hardware comprising one or more processors. The method can include detecting access to a first file, which may be stored in a primary storage system. Further, the method can include determining whether the access comprises a write access. In response to determining that the access comprises a write access, the method can include accessing file metadata associated with the first file and accessing a set of encryption rules. In addition, the method can include determining whether the file metadata satisfies the set of encryption rules. In response to determining that the file metadata satisfies the set of encryption rules, the method can include encrypting the first file to obtain a first encrypted file and modifying an extension of the first encrypted file to include an encryption extension.09-18-2014
20140281519ENCRYPTED FILE BACKUP - A method for automatically encrypting files is disclosed. In some cases, the method may be performed by computer hardware comprising one or more processors. The method can include detecting access to a first file, which may be stored in a primary storage system. Further, the method can include determining whether the access comprises a write access. In response to determining that the access comprises a write access, the method can include accessing file metadata associated with the first file and accessing a set of encryption rules. In addition, the method can include determining whether the file metadata satisfies the set of encryption rules. In response to determining that the file metadata satisfies the set of encryption rules, the method can include encrypting the first file to obtain a first encrypted file and modifying an extension of the first encrypted file to include an encryption extension.09-18-2014
20140281520SECURE CLOUD DATA SHARING - A system and method for sharing an encrypted file stored on a cloud server is disclosed. In certain embodiments, the method includes generating a file key associated with the encrypted file stored in the cloud server; generating a share message, the share message including the generated file key and identifying a recipient user and the encrypted file stored in the cloud server; encrypting the file key using an identification key of the recipient user to generate a share key; storing the share key in the cloud server; notifying the recipient user of the encrypted file and share key stored on the cloud server; retrieving the encrypted file and the share key from the cloud server; decrypting the share key using the identification key of the recipient user to reconstruct the file key; and using the reconstructed file key to decrypt the encrypted file.09-18-2014
20140281521Method, System, Network Server And Storage Medium For Anonymous Dating - In a method, system, network server and storage medium for anonymous dating, the system obtains dating information transmitted by a dating information sender; encrypts an account of the dating information sender; performs random pairing for the dating information sender in the system for anonymous network dating; determines information of a dating information receiver according to a pairing result; and transmits to the dating information receiver the dating information after the account is encrypted.09-18-2014
20140289517METHODS AND APPARATUSES FOR SECURING TETHERED DATA - Embodiments of a method and apparatus for securing and accessing files are generally described herein. In some embodiments, the method includes adding a communication portion to the file. The communication portion may communicate with an authentication agent on the first computing device. The method may include encrypting data of the file using a first key received through the communication portion from the authentication agent. The first key may be generated based on identification information of a second computing device in a trusted network of computing devices with the first computing device. The method may include saving the file to a remote file storage location.09-25-2014
20140289518Method and Apparatus for Privately and Securely Sharing Information Using Public Social or Sharing Network Infrastructure - A method of securely storing and sharing information through social networking websites is disclosed. The method makes it possible to proscribe image data that retains information even through the JPEG compression process typically used in social networking sites. This embedding technique is coupled with encryption and information salting techniques to build a robust information encoding technique to store arbitrary, sensitive data in images. The invention further incorporates methods of permitting advertising through the information sharing process.09-25-2014
20140298012SYSTEMS AND METHODS FOR SECURE DATA SHARING - Systems and methods are provided for creating and using a sharable file-level key to secure data files. The file-level key is generated based on a workgroup key associated with the data file and unique information associated with the data file. The file-level key may be used to encrypt and split data. Systems and methods are also provided for sharing data without replicating the data on an end user machine. Data is encrypted and split across an external/consumer network and an enterprise/producer network. Access to the data is provided using a computing image generated by a server in the enterprise/producer network and then distributed to end users of the external/consumer network. This computing image may include preloaded files that provide pointers to the data. No access or replication of the data on the enterprise/producer network is needed in order for a user of the external/consumer network to access the data.10-02-2014
20140304505ABSTRACTION LAYER FOR DEFAULT ENCRYPTION WITH ORTHOGONAL ENCRYPTION LOGIC SESSION OBJECT; AND AUTOMATED AUTHENTICATION, WITH A METHOD FOR ONLINE LITIGATION - Embodiments herein provide methods, apparatus, computer program products, software and means for (1) an abstraction layer for default encryption, (2) with orthogonal encryption logic session object, and (3) automated authentication, (4) with a method for online litigation. In some cases subject matter disclosed herein relates to default data encryption; use a user's registration data to generate an encryption logic and related executable code, including servers and client applications; encryption as an automatic background task occurring through variable encryption logic, with authentication; embodiments are also described for conducting online litigation through pleadings formed as meta-files that trigger litigation related algorithms in order to automate and coordinate litigation.10-09-2014
20140304506NETWORK BASED MANAGEMENT OF PROTECTED DATA SETS - A system that includes an account management module configured to maintain protected accounts. For instance, a particular protected account includes a protected data set that is not readable outside of the system, and perhaps not even readable outside of the account. The particular data set corresponds to a particular entity assigned to the particular account and that includes keys corresponding to the particular entity. A security processor uses at least some of the plurality of keys to perform cryptographic processes in response to one or more trusted execution environment commands received from the particular entity.10-09-2014
20140310518Dynamic Adaptive Streaming Over Hypertext Transfer Protocol Service Protection - A method comprising encrypting a segment in response to receiving a segment request to generate an encrypted segment, and sending the encrypted segment, wherein encrypting the segment comprises encrypting a data content segment and a non-media segment in accordance with information provided in a dynamic adaptive streaming over hypertext transfer protocol (HTTP) (DASH) media presentation description (MPD), and wherein encrypting the segment generates an encrypted data content segment and an encrypted non-media segment. A method comprising sending a segment request, receiving an encrypted segment, wherein the encrypted segment comprises an encrypted data content segment and an encrypted non-media segment, and decrypting the encrypted segment in accordance with information provided in a DASH MPD to generate a data content segment and a non-media segment, wherein the non-media segment comprises a non-playable media.10-16-2014
20140310519METHOD AND APPARATUS FOR CONTROLLING ACCESS IN A SOCIAL NETWORK SERVICE - A key-based method for controlling access in a social network service includes: generating a core key and sub keys by segmenting a master key that is unique to a file owner, with the sub keys assigned differently to multiple groups that are divided according to trust level and relationship type; determining the group to which a file requester belongs by using at least one of a friend list of the file requester, a trust level between the file requester and the file owner, and a friend list of the file owner, and distributing a sub key corresponding to the determined group to the file requester, when the file requester requests a key distribution; and determining whether or not access to a file of the file owner is authorized by using the sub key distributed to the file requester and the core key, when the file requester requests the file.10-16-2014
20140310520METHOD FOR COMMUNICATING DATA AND ELECTRONIC DEVICE THEREOF - A method for transmitting control data and an electronic device are provided. The electronic device includes a control data processor for generating control data, and a file processor for generating a control data file comprising the control data generated by the control data processor and transmitting the control data file to another electronic device using a file transfer protocol.10-16-2014
20140310521ENCRYPTED DATA MANAGEMENT DEVICE, ENCRYPTED DATA MANAGEMENT METHOD, AND ENCRYPTED DATA MANAGEMENT PROGRAM - An invalidation scheme of a secret key is implemented, which is usable for a functional encryption scheme. In a cryptographic processing system 10-16-2014
20140325213BLOCK MANAGEMENT UNIFICATION SYSTEM AND METHOD - A block management unification system and method for communicating a data file that includes a source component, a first rearrangement criterion, a first block encryption key, a second rearrangement criterion, a second block encryption key, a compression module, and an encryption module. The source component accesses the data file that is divided into a plurality of blocks. The first rearrangement criterion organize the blocks according to the first rearrangement criterion. The first block encryption key is inserted into the blocks. The second rearrangement criterion organize the blocks according to the second rearrangement criterion. The second block encryption key is inserted into the blocks. A compression module compresses the rearranged blocks. An encryption module encrypts the rearranged blocks with the first block encryption key and the second block encryption key.10-30-2014
20140325214ENCRYPTION SOLUTION FOR PROTECTING FILE SYSTEMS IN MULTI-HOST CLUSTERS - A method of managing file security in a cluster environment is provided. The method includes passing a request for a file from a secure file system layer to a secure volume manager layer and locking at least a portion of the file as affected by the request, at a cluster file system layer. The method includes passing one or more keys from the secure file system layer to the secure volume manager layer. The method includes decrypting the file as received, in response to the request for the file including a read request for the file, prior to sending the decrypted file to the secure file system layer. The method includes encrypting the file as received, in response to the request for the file including a write request for the file, prior to sending the encrypted file to the input/output layer.10-30-2014
20140325215Encryption Method and System - Methods and systems for encrypting data are disclosed. A circuit uses a white noise generator to capture a random string of bits as an encryption key. The encryption key is generated at a central server and is provided to a subscriber on a physical memory device. The subscriber uses the encryption key to encrypt a source data file. The encrypted data file is sent to the central server, which uses the encryption key to decrypt the encrypted data file and to recover the source data file. The file name for the source data file may be encrypted into the encrypted data file and a new name assigned to the encrypted data file. A random number index may be used to identify the starting point of the encrypted file.10-30-2014
20140325216SEGMENT DEDUPLICATION SYSTEM WITH ENCRYPTION AND COMPRESSION OF SEGMENTS - A system for storing encrypted compressed data comprises a processor and a memory. The processor is configured to determine whether an encrypted compressed segment has been previously stored. The encrypted compressed segment was determined by breaking a data stream, a data block, or a data file into one or more segments and compressing and then encrypting each of the one or more segments. The processor is further configured to store the encrypted compressed segment in the event that the encrypted compressed segment has not been previously stored. The memory is coupled to the processor and configured to provide the processor with instructions.10-30-2014
20140325217DATABASE APPARATUS, METHOD, AND PROGRAM - Provided a database apparatus comprising a control means to execute data access control on a database, wherein the control means, receiving a database operation command from a user apparatus, comprises, regarding data and/or metadata to be handled associated with the database operation command, means for executing database operation or computation on encrypted data and/or encrypted metadata as is in ciphertext and means for executing database operation or computation on plaintext data and/or plaintext metadata, and the control means sends a processing result to the user apparatus.10-30-2014
20140331043ELECTRO DEVICE FOR PROTECTING USER'S PRIVACY AND METHOD FOR CONTROLLING THEREOF - A method of controlling a first electronic device to acquire content in cooperation with a second electronic device is provided. The method includes performing a mutual authorization, acquiring content, generating an encryption key based on a first personal key and a second public key of the first electronic device, encrypting the content based on the encryption key, and storing the encrypted content.11-06-2014
20140331044SECURE SEARCH METHOD AND SECURE SEARCH DEVICE - In search that uses searchable code, the search query and the secure index is collated in round-robins fashion, registering the required secure index and a characteristic quantity of deposited data in a database server to realize the searchable code. The server uses the characteristic quantity to perform clustering on the secure index. For search, collation is first performed only for representative data of a cluster. For a hit, the collation priority is raised for all the data included in the cluster. When there is no hit, the priority is lowered. After calculating the priority, collation is performed sequentially for all the data on the basis of the priority.11-06-2014
20140344570Data Protection For Organizations On Computing Devices - An application on a device can communicate with organization services. The application accesses a protection system on the device, which encrypts data obtained by the application from an organization service using an encryption key, and includes with the data an indication of a decryption key usable to decrypt the encrypted data. The protection system maintains a record of the encryption and decryption keys associated with the organization. The data can be stored in various locations on at least the device, and can be read by various applications on at least the device. If the organization determines that data of the organization stored on a device is to no longer be accessible on the device (e.g., is to be revoked from the device), a command is communicated to the device to revoke data associated with the organization. In response to this command, the protection system deletes the decryption key.11-20-2014
20140344571Data Protection For Organizations On Computing Devices - An application on a device can communicate with organization services. The application accesses a protection system on the device, which encrypts data obtained by the application from an organization service using an encryption key, and includes with the data an indication of a decryption key usable to decrypt the encrypted data. The protection system maintains a record of the encryption and decryption keys associated with the organization. The data can be stored in various locations on at least the device, and can be read by various applications on at least the device. If the organization determines that data of the organization stored on a device is to no longer be accessible on the device (e.g., is to be revoked from the device), a command is communicated to the device to revoke data associated with the organization. In response to this command, the protection system deletes the decryption key.11-20-2014
20140344572SECURE CLOUD STORAGE AND SYNCHRONIZATION SYSTEMS AND METHODS - A secure cloud storage and synchronization system and method is described that provides, among other things: (1) local password recovery, including a mechanism by which the user of the system can recover their password without having stored it on a remote server; (2) secure, private versioning of files, including a mechanism to privately store a version history of files on one or more remote servers in such a way that it is technically infeasible for anyone other than the legitimate owner to access any component of the file history; (3) secure, private de-duplication of files stored on one or more remote servers that reduces storage requirements by allowing for the storage of a single file when there are duplicates, even across users; and (4) secure, private sharing of files between users of the system that allows one user to share a file on the “cloud” with another user without deciphering or transporting the file.11-20-2014
20140344573Decrypting Files for Data Leakage Protection in an Enterprise Network - Techniques are provided for decrypting an encrypted file within an enterprise network. The techniques include identifying by a password collecting module a password entered during a the encryption procedure performed at a terminal and storing the password: receiving an encrypted file by a data leakage protection (DLP) module; and attempting to decrypt the encrypted file with the password by the DLP module.11-20-2014
20140351587PROTECTING CRYPTOGRAPHIC SECRETS USING FILE SYSTEM ATTRIBUTES - Techniques are disclosed for protecting cryptographic secrets stored locally in a device, such as a mobile phone. A client device creates or downloads a shared secret to be used in a server transaction. To protect this shared secret locally, the client device encrypts the shared secret using a key generated a file system attributes value, along with other sources of entropy. The file system attributes value may correspond to the inode of a file in a UNIX-based file system. Thereafter, when the shared secret is required for logical computation, the client device reconstructs the key using the file system attributes value and the other previous sources of entropy. The client device may use the key to decrypt the information and use the shared secret for its required purpose, e.g., in generating a one-time password for a login session.11-27-2014
20140359282SYSTEMS AND METHODS FOR ENABLING SEARCHABLE ENCRYPTION - A system and method for enabling searchable encryption of encrypted documents stored by a client on one or more storage providers includes a broker server in communication with the client and the one or more storage providers. The broker server is adapted to transfer the encrypted documents between the client and the one or more storage providers and to maintain information indicating where the encrypted documents are transferred. The broker server further stores information for at least one encrypted index for the encrypted documents and a test function for a searchable encryption mechanism used to encrypt the at least one encrypted index.12-04-2014
20140359283INTERLOCKING APPLICATIONS AND FILES - A file system monitoring layer is positioned between a virtual file system (VFS) encryption layer and a lower level file system layer. The file system monitoring layer stores a list of applications that are allowed to access encrypted files stored in the lower level file system. The monitoring layer receives from the VFS encryption layer a request by an application to access an encrypted file. If the application is not listed on the list, the VFS encryption layer is instructed to provide the application a denial of service. If the application is listed, the VFS encryption layer is instructed to decrypt the encrypted file for the application.12-04-2014
20140359284COMPUTER PROGRAM AND METHOD FOR BIOMETRICALLY SECURED, TRANSPARENT ENCRYPTION AND DECRYPTION - A computer program for enabling secured, transparent encryption and decryption provides a user interface that allows a user to drag and drop files into and out of a secure repository and automatically encrypts files transferred into the repository and automatically decrypts files transferred out of the repository. The user can transfer file folders into the repository, wherein the program encrypts all of the files within the folder and retains the original file/folder structure, such that individual files can be moved within the repository, moved out of the repository, and opened or executed directly from the repository. The program requires the user to submit biometric data and grants access to the secure repository only if the biometric data is authenticated. The program generates an encryption key based at least in part on biometric data received from the user. Additionally, the program destroys the key after termination of each encryption/decryption session.12-04-2014
20140359285METHOD AND SYSTEM FOR TRANSFERRING DATA INSTRUCTIONS THROUGH A HOST FILE SYSTEM - A method for encrypting data may generate an encryption instruction and combine it with a payload of data to form a packet. The packet is associated with a command and passed to a host file system process. The packet, now associated with a second command, is received from the host file system process. The encryption instruction and the payload of data are extracted from the packet. At least a portion of the payload of data is encrypted based on the encryption instruction. A method for decrypting data may receive a packet and generate a decryption instruction. At least a portion of the packet is decrypted using at least the decryption instruction. The second packet comprising the decrypted packet is passed to a host file system process. A third packet comprising the decrypted packet is received from the host file system process. The decrypted packet is extracted from the third packet.12-04-2014
20140372750CLIENT-SIDE ENCRYPTION - Methods and systems of encrypting files at a client in a cloud-based file system are provided. A first key corresponding to an organization to which the client belongs is obtained. Then a first file is encrypted using the first key. Then the encrypted first file is transmitted to a server via a secure channel, for storage in a storage device shared among multiple organizations, the storage device containing one or more files encrypted using keys different than the first key.12-18-2014
20140372751Enabling Reliable Communications Between Computing Instances - Systems and methods for enabling reliable transactions of data communications are provided. A processing device according to one embodiment includes a management interface and a security module. The management interface is configured to initialize a transaction having a plurality of transaction elements. The transaction is a unit of work including a set of one or more logically related data elements or functions for accomplishing a single task. The management interface is further configured to determine at least one expected value for at least one transaction element and to compare at least one actual value with the at least one expected value to obtain a comparison element. The security module is configured to execute security processes based on the comparison element.12-18-2014
20140372752METHOD AND DATABASE SYSTEM FOR SECURE STORAGE AND COMMUNICATION OF INFORMATION - A secure communications system for the secure storage and communication of authenticated user identity and personal information. The system includes a database of anonymised, individually encrypted user records. Access to the records is only permissible using a user key which is stored in a user keychain on a client device. The keychain itself is password protected and cryptographically tied to the client device.12-18-2014
20150012745PRECALCULATING HASHES TO SUPPORT DATA DISTRIBUTION - A content server precomputes a hash value corresponding to content stored by the server. The server receives a request for the hash value from a first client device and provides the hash value to the first client device. The server receives a request for the content corresponding to the hash value from the first client device and provides the content to the first client device. The server receives a request for the hash value from a second client device and provides the hash value to the second client device, wherein the second client device obtains the content from the first client device or a local cache over a higher bandwidth connection.01-08-2015
20150026460Systems, Methods and Media for Selective Decryption of Files Containing Sensitive Data - Systems, methods and media are provided for selective decryption of files. One method includes monitoring a secure file storage area including at least one file using a selective decryption process associated with the secure file storage area. Content of each of the at least one file is protected with an encryption. The method also includes detecting a request by an application program for one of the at least one file. The method further includes determining whether the application program needs to access the content of the requested file. The method also includes, when it is determined that the application program does not need to access the content of the requested file, allowing the application program to access the file content without decrypting the encryption.01-22-2015
20150026461System and Method to Create Resilient Site Master-key for Automated Access - A system encrypts a private key with a master key and includes a storage device for storing a protected private key at a site location, a processor that determines a plurality of derivatives by selecting an order of site characteristics from a plurality of disjoint sets of site characteristics unique to a software installation or site location, wherein the processor applies a hash algorithm to each site characteristic. The system further includes a buffer storage device for storing an order of random selections of the site characteristics for the derivatives. The system encrypts the master key with the derivatives and additionally stores the encrypted form of the master key in a storage device.01-22-2015
20150026462METHOD AND SYSTEM FOR ACCESS-CONTROLLED DECRYPTION IN BIG DATA STORES - A method and system for access-controlled decryption in big data stores is provided. In an implementation, a system provides a method for encryption that stores meta-information about sensitive data elements being encrypted in a big data store, such as a Hadoop system, in which the bulk of the data may remain unencrypted. In an implementation, the system reads the stored meta-information at decryption time to determine where the encrypted data is within a large and unencrypted file system, and to determine whether or not an individual user has access rights to decrypt a given element of sensitive data. The system allows fine-grain control over access rights to sensitive data during decryption.01-22-2015
20150026463SECURE SYSTEM FOR ALLOWING THE EXECUTION OF AUTHORIZED COMPUTER PROGRAM CODE - Systems and methods for selective authorization of code modules are provided. According to one embodiment, file system or operating system activity relating to a code module is intercepted by a kernel mode driver of a computer system. The code module is selectively authorized by the kernel mode driver by authenticating a content authenticator of the code module with reference to a multi-level whitelist. The multi-level whitelist includes (i) a global whitelist database remote from the computer system that contains content authenticators of approved code modules that are known not to contain viruses or malicious code and (ii) a local whitelist database containing content authenticators of at least a subset of the approved code modules. The activity relating to the code module is allowed when the content authenticator matches one of the content authenticators of approved code modules within the multi-level whitelist.01-22-2015
20150033013Network-based Service Content Protection - Network-based service content protection techniques are described. In one or more implementations, content is edited locally by a computing device. The edited content is automatically encrypted without any user intervention by the computing device using an encryption credential, e.g., encryption key or other secret. The automatic encryption is performed responsive to a request to store the content at a network-based service provider such that the encrypted content can only be decrypted and accessed with the encryption credential and the encrypted content is uploaded to the network-based service provider.01-29-2015
20150039885CONJUNCTIVE SEARCH IN ENCRYPTED DATA - A method comprises receiving a first cryptographic token for one search term and a second cryptographic token is generated using the one search term and at least another search term. A first search is conducted using the first cryptographic token to generate a first result set, and the second cryptographic token is used for computing a subset of results of the first result set.02-05-2015
20150039886SECURE APPLICATION ACCESS SYSTEM - A proxy server creates an index of keywords, receives at least a portion of a file, and, when a keyword in the index is encountered in the at least a portion of the file as the at least a portion of the file is being encrypted, associates in the index an encrypted record location identifier with the encountered keyword. The proxy server receives a search query and uses the keyword index to retrieve encrypted records from the server. The encrypted records are decrypted and sent as search results in response to the search query.02-05-2015
20150039887SECURE APPLICATION ACCESS SYSTEM - A proxy server creates an index of keywords, receives an encrypted record, decrypts the received encrypted record as decrypted data and, when a keyword in the index is encountered in the decrypted data, associates in the index an encrypted record location identifier with the encountered keyword. The proxy server receives a search query and uses the keyword index to retrieve encrypted records from the server. The encrypted records are decrypted and sent as search results in response to the search query.02-05-2015
20150046705APPARATUS AND METHOD FOR DEPLOYING ENCRYPTED MOBILE OFF-LINE WEB APPLICATIONS - A mobile device is configured to execute encrypted source files and includes a transceiver configured to receive an archive file comprising encrypted source files. The mobile device also includes a storage unit configured to store the received archive file. A local web server in the mobile device is configured to interpret a format of the received archive file, retrieve at least one source file from the archive file in response to a request from a device browser, decrypt the retrieved source file, and forward unencrypted information associated with the decrypted source file to the device browser. The device browser in the mobile device is configured to display the unencrypted information.02-12-2015
20150046706System and Method for Controlling Access to Encrypted Files - Disclosed are systems, methods and computer program products for controlling access to encrypted files. In one aspect, the system detects a request from an application to access an encrypted file. The system identifies the application that requested access to the encrypted file and one or more file access policies associated with the application. The file access policy specifies at least a file access method associated with the application. The system then controls access to the file based on the identified one or more file access policies.02-12-2015
20150052353System and Method For Synchronizing An Encrypted File With A Remote Storage - A method and system for synchronizing an encrypted file with a remote storage is disclosed. According to one embodiment, a computer-implemented method comprises providing a user with a user application and an encryption key in a portable memory device. The user runs the user application to securely access to a storage on a cloud storage system. A file is encrypted with the encryption key stored in the portable memory device and synchronized with the cloud storage system.02-19-2015
20150052354DISTRIBUTED FRAGMENTS FILE SYSTEM - The present invention relates to a distributed storage scheme, the distributed storage scheme, every file is encrypted, interleaved and fragmented, and the various fragments are stored on different constituent physical file systems.02-19-2015
20150058623WATERMARK ACCESS/CONTROL SYSTEM AND METHOD - A digital file is associated with a security attribute related to watermarking criteria. The digital file content is encrypted, and may not be decrypted by a receiving computer unless the watermarking criteria is met. The receiving computer may decrypt only the encrypted portion of the security attribute unless the watermarking criteria are continuously met at the receiving computer. Improved security and reduction of pirating of the digital content is therefore provided.02-26-2015
20150067325Protection Against Unintentional File Changing - Files are protected against intrusion. A first embodiment protects certain files against changes. A second embodiment encrypts the files that are stored using user's personal information.03-05-2015
20150067326PARALLEL DATA PROCESSING SYSTEM BASED ON LOCATION CONTROL AND METHOD THEREOF - A parallel data processing system based on location control and a method thereof can divide a data into smaller data and store and manage the divided data using a location control technique which divides a file, distributes the divided files, and stores and manages information on corresponding areas. The parallel data processing system includes an encryption and decryption server, a location control server and a storage device. Further, the system may reduce the time required for storing and reading a data and improve the speed of controlling encryption and decryption of the data as a result, by distributing the data in a plurality of storage devices and processing the data in parallel in encrypting, storing and restoring a data which requires security. In addition, performance of a plurality of storage devices and efficiency of the storage may be enhanced.03-05-2015
20150082030Security Mechanism for Video Storage System - A video storage system includes a security mechanism between a CVR unit and a CVR manager. The security mechanism provides public and private keys according to asymmetric cryptography. The public key is sent to the CVR manager. The CVR manager produces a plaintext of a video footage from an IP camera. The CVR manager produces and uses a random key according to symmetric cryptography to turn the plaintext of the video footage into an encrypted text, uses the public key to turn the random key into an encrypted text, and respectively sends the encrypted texts into video and key databases in the CVR unit. The encrypted texts can be received from the databases. The private key turns the encrypted text of the random key into the random key. The random key turns the encrypted text of the video footage into the plaintext.03-19-2015
20150089219SYSTEMS AND METHODS FOR ENFORCING THIRD PARTY OVERSIGHT OF DATA ANONYMIZATION - A modifiable server is utilized to reliably seal and unseal data according to a measurement of the server, by structuring the server to have a modifiable sandbox component for sealing, unsealing the data, and a non-modifiable checker component for enabling or disabling said sandbox component. The checker component determines whether the sandbox component complies with pre-determined standards. If the sandbox component is compliant, the checker component enables the sandbox component to seal and unseal the data using a measurement of the checker component. Otherwise, the checker component disables the sandbox component.03-26-2015
20150095643ENCRYPTING IMAGES ON A CLIENT DEVICE FOR SECURE TRANSMISSION AND STORAGE ON A STORAGE DEVICE - A device may identify an image to be encrypted, and may convert the image to a first string in a first format. The first string may represent the image. The device may receive information that identifies a key for encrypting the first string, and may generate a first encrypted string by encrypting the first string using the key. The device may convert the first encrypted string, in the first format, to a second encrypted string in a second format. The device may provide the second encrypted string to a storage device without providing the key or the image to the storage device. The storage device may be unable to recover the image using the second encrypted string.04-02-2015
20150100781CONTENT GATHERING USING SHARED KEY - The gathering of content (such as a file) from a variety of different sources. Rather than provide the whole content, a given one of the sources instead provides only a portion of the information represented by the content. The source also provides a share of, but not the entirety of, the shared secret that will be used to decode. For instance, in one embodiment, the source might encode only a portion of the content using the shared key, and then transmit the encoded portion. As an alternative, the source might encode the entire content, and then transmit a portion of that encoded content. Thus, the transmitter has security with their private content, while still allowing widely available content to be transferred for the benefit of the greater whole04-09-2015
20150106619CLIENT COMPUTER FOR QUERYING A DATABASE STORED ON A SERVER VIA A NETWORK - The invention relates to a client computer for querying a database stored on a server via a network, the server being coupled to the client computer via the network, wherein the database comprises first data items and suffix items, wherein each suffix item describes a suffix of at least one first data item of the first data items, wherein for each suffix item a first referential connection exists in the database assigning said suffix item to the at least one first data item comprising the suffix of said suffix item, wherein each suffix item is encrypted with a suffix cryptographic key in the database, wherein each first data item is encrypted with a first cryptographic key in the database, wherein the client computer has installed thereon an application program, the application program being operational to: 04-16-2015
20150113270Method and System for Securing Documents on a Remote Shared Storage Resource - This invention discloses a novel system and method for displaying electronic documents on remote devices and enabling collaborative editing in conjunction with a content management system where the documents that are shared are securely encrypted on the system in a manner that avoids a single point of failure in the security.04-23-2015
20150127937SERVER & METHOD FOR SECURE AND ECONOMICAL SHARING OF DATA - The present invention relates to a web server having a web application using published API of one or more cloud storage providers, said web application being dedicated to secure and economical sharing of encrypted files residing at the cloud storage providers, said files being managed under a virtual folder which is shared by a group of different entities.05-07-2015
20150143112SYSTEM AND METHOD FOR DYNAMIC, NON-INTERACTIVE, AND PARALLELIZABLE SEARCHABLE SYMMETRIC ENCRYPTION - A method of searching encrypted data includes generating with a client computing device a search index identifier corresponding to a search term in an encrypted search table and transmitting the search index identifier, a first single use key and a second single use key to a server. The method includes generating a set of decrypted data with the server for a set of data in an encrypted search table corresponding to the search index identifier using the first single use key to decrypt a first portion of the data and the second single use key to decrypt a second portion of the data. The method further includes identifying one or more encrypted files stored on the server that include the encrypted search term based on the decrypted data from the search table, and transmitting the encrypted files or encrypted file identifiers to the client computing device.05-21-2015
20150143113METHOD AND SYSTEM FOR ENCRYPTING INFORMATION UTILIZING THREE-DIMENSIONAL SHAPES - Method and system is disclosed for encrypting information utilizing three-dimensional shapes. The method includes receiving one or more computer device usage metrics, one or more user files having information, and instructions for encrypting the one or more user files, selecting shape type from a plurality of predetermined shape types, determining shape dimensions and shape volume based upon quantity of information associated with the one or more user files, generating a shape based upon the selected shape type, the shape dimensions, and the shape volume, distributing axis coordinates for each axis, wherein a node is define at least by axis coordinates within the generated shape, associating information of the one or more user files with axis coordinates within the generated shape, and transmitting generated shape and data based upon the associating.05-21-2015
20150143114INFORMATION PROCESSING SYSTEM AND CONTROL METHOD OF INFORMATION PROCESSING SYSTEM - A first information processing device holds data and a key for encryption. A second information processing device does not have rights to share data not encrypted with the first information processing device and a client. The first information processing device transmits data and key to the client when receiving a request to use the data. The first information processing device generates first encrypted data encrypted with the key, and transmits it to the second information processing device. The client transmits information obtained by encrypting the result of processing on the data with the key to the second information processing device until the use of the data ends. The first information processing device acquires second encrypted data received by the second information processing device from the second information processing device, and decrypts and stores it when notified that the use of the data has ended.05-21-2015
20150149771BLOCK ENCRYPTION METHOD AND BLOCK DECRYPTION METHOD HAVING INTEGRITY VERIFICATION - An encryption method and decryption method are provided. The encryption method divides an electronic file into a plurality of message blocks, wherein the message blocks have a sequence. The encryption method sets a checking vector as the last message block. The encryption method performs the following steps on each message block according to the sequence: generating an input block, deriving an output block by encrypting the input block by an encryption key, and deriving an encrypted block by applying XOR operation to the output block and the previous message block, wherein the input block is equivalent to applying XOR operation to the message block, the output block corresponding to the previous message block, and the message block before the previous one. The encryption method generates an electronic encrypted file by concatenating the encrypted blocks. The decryption method performs a series of operations corresponding to the above operations.05-28-2015
20150295941Protecting Documents Using Policies and Encryption - A system protects documents at rest and in motion using declarative policies and encryption. A document at rest includes documents on a device such as the hard drive of a computer. A document in motion is a document that is passing through a policy enforcement point. The policy enforcement point can be a server (e.g., mail server, instant messenger server, file server, or network connection server).10-15-2015
20150310219SYSTEMS AND METHODS FOR SECURITY HARDENING OF DATA IN TRANSIT AND AT REST VIA SEGMENTATION, SHUFFLING AND MULTI-KEY ENCRYPTION - Systems and methods for security hardening of a file in transit and at rest via segmentation, shuffling and multi-key encryption are presented. The method including segmenting at a first computer system a file into a plurality of file segments, and encrypting the plurality of file segments using a plurality of encryption keys in order to generate a corresponding plurality of encrypted file segments, wherein each file segment of the plurality of file segments is encrypted using a respective encryption key of the plurality of encryption keys. Additionally included is bidirectional data transformation of a file by obfuscating at a first computer system digital values of the file in order to generate corresponding obfuscated digital values of the file, wherein the obfuscated digital values of the file retain their contextual integrity and referential integrity10-29-2015
20150317488ACCESS CONTROL APPARATUS, COMPUTER-READABLE MEDIUM, AND ACCESS CONTROL SYSTEM - An access control apparatus comprises a control unit that, based on predetermined access control information, restricts access to an electronic file by software that is permitted to access or prohibited from accessing the electronic file. An access control system comprises: an access control apparatus that has a control unit that, based on predetermined access control information, restricts access to an electronic file by software that is permitted to access or prohibited from accessing the electronic file; and a management apparatus that is provided outside the access control apparatus, and provides, to the access control apparatus, at least one of the predetermined access control information and a judgment result based on the predetermined access control information.11-05-2015
20150319147SYSTEM AND METHOD FOR FILE ENCRYPTING AND DECRYPTING - A system and method of file encrypting/decrypting is disclosed. The system comprises an external device and a host comprising a communication port, a processor, a storage module and an agent module. The processor connects to the communication port and the storage module. The communication port connects to the external device. The storage module stores an operation system, and is configured to have an encryption partition, in which a plurality of encrypted files is stored. The processor executes the operation system and the agent module. The agent module verifies the identification information in order to determine whether to mount the encryption partition. When the encryption partition is mounted into the operation system, the agent module encrypts the plaintext file stored in the encryption partition as an encrypted file, or accesses an encrypted file from the encryption partition. The agent module decrypts the encrypted file and outputs a corresponding plaintext file.11-05-2015
20150324592SYSTEMS AND METHODS FOR DOCUMENT AND DATA PROTECTION - The present disclosure includes a method comprising encrypting sensitive data, generating a token comprising a data identifier, tokenizing the encrypted sensitive data, and/or storing the encrypted sensitive data in association with the token to a token vault. Tokenizing may comprise mapping the encrypted sensitive data to the token. The method may further comprise storing the token to a cloud application, wherein the cloud application comprises a software application that functions within a cloud computing environment.11-12-2015
20150347780Asymmetric Multi-Apparatus Electronic Information Storage and Retrieval - The present invention provides a system and automated methods to enable a collection of electronic information to be divided into multiple asymmetric scrambled subsets, stored across a plurality of disparate apparatuses, and reconstructed as needed. The present invention provides automated methods to adjust the relative size of the scrambled subsets based upon characteristics such as performance, cost and available space of the apparatuses on which the subsets are stored. The present invention enables the scrambled subsets of electronic information to be created, accessed and manipulated as though they are located on a local device in an integrated and unscrambled state. The present invention enables fault tolerance and enhanced performance through optional redundancy and parity capabilities. The present invention generates an electronic blueprint used to deconstruct the original collection of electronic information and reconstruct it as needed. This electronic blueprint may be encrypted, transferred and shared as required.12-03-2015
20150347782SYSTEMS AND METHODS FOR DATA VERIFICATION AND REPLAY PREVENTION - A system and method are provided for the secure sharing of information stored using cloud storage services and for performing data verification and replay protection for information stored on an open network.12-03-2015
20150356314SYSTEMS AND METHODS FOR IMPLEMENTING AN ENCRYPTED SEARCH INDEX - In accordance with disclosed embodiments, there are provided systems and methods for implementing an encrypted search index. According to a particular embodiment such a system a processor and a memory to execute instructions at the system; a search index stored on disk within the system comprised of a plurality of individual search index files, the search index having customer information stored therein, wherein at least one of the individual search index files constitutes a term dictionary or a term index type file having internal structure which allows a portion of the individual search index file to be updated, encrypted, and/or decrypted without affecting the internal structure of the individual search index file; a file input/output (IO) layer to encrypt the customer information being written into the individual search index file and to decrypt the customer information being read from the individual search index file, wherein the file IO layer encrypts and decrypts only a portion of the individual search index file in reply to an operation without requiring decryption or encryption of the individual search index file in its entirety; and a query interface to execute the operation against the customer information stored in the memory in its decrypted form. Other related embodiments are disclosed.12-10-2015
20150363607METHODS, SYSTEMS AND COMPUTER PROGRAM PRODUCT FOR PROVIDING ENCRYPTION ON A PLURALITY OF DEVICES - The described embodiments relate to methods, systems, and products for providing data protection and encryption on a plurality of devices configured for electronic communication with a server. Specifically, the methods, systems, and products can automatically and securely synchronize a user's file encryption/decryption keys across a plurality of devices, authenticating the user on each device before receiving and processing information from the server necessary to recreate the user's file encryption/decryption keys.12-17-2015
20150363608SECURE CLOUD STORAGE DISTRIBUTION AND AGGREGATION - Methods and systems for vendor independent and secure cloud storage distribution and aggregation are provided. According to one embodiment, an application programming interface (API) is provided by a cloud storage gateway device logically interposed between third-party cloud storage platforms and users of an enterprise. The API facilitates storing of files, issuing of search requests against the files and retrieval of content of the files. A file storage policy is assigned to each user, which defines access rights, storage diversity requirements and a type of encryption to be applied to files. Responsive to receiving a request to store a file, (i) searchable encrypted data is created relating to content and/or metadata of the file based on the assigned file storage policy; and (ii) the searchable encrypted data is distributed among the third-party cloud storage platforms based on the storage diversity requirements defined by the assigned file storage policy.12-17-2015
20150363609Information Processing Method and Apparatus, Information Retrieval Method and Apparatus, User Terminal, and Server - An information processing method and apparatus, an information retrieval method and apparatus, a user terminal, and a server are provided. The retrieval method includes receiving, by a first user terminal, information from a second user terminal, about an address used to save an encrypted file of the second user terminal, acquiring, from a cloud server and a trusted server, privacy information, non-privacy information, and a shared key that correspond to the address information, obtaining address information of a to-be-accessed file by searching the privacy information and the non-privacy information, acquiring, from the cloud server, a first encrypted file corresponding to the address information of the to-be-accessed file, and decrypting the first encrypted file by using the shared key, to obtain the to-be-accessed file.12-17-2015
20150363611SECURE CLOUD STORAGE DISTRIBUTION AND AGGREGATION - Methods and systems for secure cloud storage are provided. According to one embodiment, a trusted gateway device establishes and maintains multiple cryptographic keys. A request is received by the gateway from a user of an enterprise network to store a file. The file is partitioned into chunks. A directory is created within a cloud storage service having a name attribute based on an encrypted version of a name of the file. For each chunk: (i) a cryptographic key is selected; (ii) existence of data is identified within the chunk associated with one or more predefined search indices; (iii) searchable encrypted metadata is generated based on the identified data and the selected cryptographic key; (iv) an encrypted version of the chunk is generated; and (v) a file is created within the directory in which a name attribute includes the searchable encrypted metadata and the file content includes the encrypted chunk.12-17-2015
20150371012PROCESS AND DEVICE FOR ENCODING OF SOURCE FILES FOR SECURE DELIVERY OF SOURCE CODE - A computer implemented process of encoding of at least one source file for obtaining an executable binary file that is executable by compilation of the at least one source file according to at least one instruction file, the process including: obtaining the at least one source file and the at least one instruction file; obtaining a plurality of encryption keys, at least two keys from the plurality of encryption keys being of different types, each type of encryption key being associated with a particular access right to the at least one source file; selecting each of the keys from the plurality of encryption keys and encrypting the source file according to the key selected and generating the source file encrypted according to the key selected; generating a package containing the at least one instruction file and the source files encrypted according to each key of the plurality of encryption keys.12-24-2015
20150371052ENCRYPTION OF USER DATA FOR STORAGE IN A CLOUD SERVER - Disclosed are systems, methods and computer program products for encryption of user data for storage on a remote network server. In one aspect, an example method includes collecting, by a software client, one or more sets of user authentication data from a user device; performing user authentication using one or more sets of user authentication data; when user authentication is successful, calculating a hash of at least one set of the user authentication data; generating an encryption key from the hash of the user authentication data; encrypting the user data using the generated encryption key; and transmitting the encrypted user data to the remote network server for storage.12-24-2015
20150371055HOST CONTROLLER AND SYSTEM-ON-CHIP - A host controller that controls a storage device includes an encryption unit that is selectively configured in response to file encryption information and disk encryption information to encrypt data. The encryption unit encrypts the data using a file encryption operation based on the file encryption information and/or a disk encryption operation based on the disk encryption information.12-24-2015
20150379286CRYPTOGRAPHIC KEY - A method for managing a file, including receiving a request to encrypt the file, the request identifying a target location; determining a plurality of coordinates based on the target location; generating a cryptographic key based on the plurality of coordinates; generating an encrypted version of the file using the cryptographic key; and storing the encrypted version of the file.12-31-2015
20150379292SYSTEMS AND METHODS FOR JURISDICTION INDEPENDENT DATA STORAGE IN A MULTI-VENDOR CLOUD ENVIRONMENT - The present invention relates to a cloud based system for providing data security. The system comprises a processor which receives a data file from a user. The data file is directed to a first file location and encrypted and segmented into a plurality of data blocks. The plurality of data blocks is then assigned with a unique identifier and redirected to a plurality of cloud based storage providers. The plurality of cloud based storage providers are located in a plurality of jurisdictions. Each of the plurality of data blocks is then assigned a second file location. The unique identifier and the file locations of each of the plurality of data blocks is updated in the system.12-31-2015
20150379295SYSTEMS AND METHODS FOR AUTOMATICALLY HANDLING MULTIPLE LEVELS OF ENCRYPTION AND DECRYPTION - Systems and methods are provided for automatically handling multiple levels of encryption and decryption. An electronic file is received to add to encrypted storage. The electronic file is encrypted to generate a new level of encryption for the electronic file using an encryption process that uses encryption data to generate the new level of encryption and to decrypt the new level of encryption. A set of existing encryption data associated with the electronic file is identified, wherein each existing encryption data from the set of existing encryption data is associated with an existing level of encryption already applied to the electronic file. The encryption data is added to the set of existing encryption data associated with the electronic file so that the existing levels of encryption and the new level of encryption can be decrypted.12-31-2015
20150381587UPLOAD AND DOWNLOAD STREAMING ENCRYPTION TO/FROM A CLOUD-BASED PLATFORM - Embodiments of the present disclosure include systems and methods for upload and/or download streaming encryption to/from an online service, or cloud-based platform or environment. The encryption process includes the following parts: Upload encryption, download decryption, and a central piece of infrastructure called the Interval Key Server (IKS). During both upload and download, the encryption and decryption processes are performed while the files are being uploaded/downloaded, (e.g., the files are being encrypted/decrypted as they are being streamed).12-31-2015
20160004874A METHOD AND SYSTEM FOR PRIVACY PRESERVING MATRIX FACTORIZATION - A method includes: receiving a set of records from a source, wherein each record in the set of records includes a set of tokens and a set of items, and wherein each record is kept secret from parties other than the source, receiving at least one separate item, and evaluating the set of records and the at least one separate item by using a garbled circuit based on matrix factorization, wherein the output of the garbled circuit includes an item profile for each at least one separate item. An apparatus includes: a processor that communicates with at least one input/output interface, and at least one memory in signal communication with the processor, wherein the processor is configured to perform the method.01-07-2016
20160004877Secure Data Replication in a Storage Grid - A method for securing data in a storage grid is provided. The method includes generating a storage key from key shares of at least two storage clusters of a storage grid having at least three storage clusters and generating a grid key from the storage key and an external secret. The method includes encrypting data with the grid key to yield once encrypted data and encrypting the once encrypted data with the storage key to yield twice encrypted data. The method includes storing the twice encrypted data in a first storage cluster of the storage grid and storing the twice encrypted data in a second storage cluster of the storage grid, wherein at least one method operation is performed by a processor.01-07-2016
20160006703SECURE PROCESSING ENVIRONMENT FOR PROTECTING SENSITIVE INFORMATION - A processor-implemented method for a secure processing environment for protecting sensitive information is provided. The processor-implemented method may include receiving encrypted data and routing the encrypted data to the secure processing environment. Then the encrypted data may be decrypted and fields containing sensitive information may be found. The method may also include obfuscating the sensitive information and returning, by the secure processing environment, the decrypted data and obfuscated data.01-07-2016
20160012063DATA CONVERSION METHOD01-14-2016
20160012233VERIFYING INTEGRITY OF BACKUP FILE IN A MULTIPLE OPERATING SYSTEM ENVIRONMENT01-14-2016
20160012243SYSTEM AND METHOD FOR CREATING AND PROTECTING SECRETS FOR A PLURALITY OF GROUPS01-14-2016
20160012247SENSITIVE DATA PROTECTION DURING USER INTERFACE AUTOMATION TESTING SYSTEMS AND METHODS01-14-2016
20160021109METHOD AND DEVICE FOR FILE ENCRYPTION - A method for encryption and sealing of a plaintext file by hashing the plaintext file to produce a plaintext hash, encrypting the plaintext file to produce ciphertext, hashing the ciphertext to produce a ciphertext hash, hashing the plaintext hash and the ciphertext hash to produce a result hash, and sealing the ciphertext together with the result hash. This provides verification for non-repudiation and protects against undetected malware corrupting the plaintext or ciphertext files.01-21-2016
20160026776Content Access for Duration of Calendar Events - Content access for the duration of a calendar event may be provided. Upon receiving a calendar invitation comprising a start time, an end time, and an encrypted attachment, a user may accept or reject the calendar invitation. If the calendar invitation is accepted, an acceptance notification associated with the calendar invitation may be transmitted. Upon receiving a request to access the encrypted attachment, a determination as to whether the request to access the encrypted attachment occurs within the start time and the end time of the calendar invitation may be made. If the request to access the encrypted attachment does not occur within the start time and the end time of the calendar invitation, access to the encrypted attachment may be refused.01-28-2016
20160026804SECURE DOCUMENT REPOSITORY - Embodiments for secure data storage that include systems and methods that receive, from a second system maintained by a second entity, a data payload to be stored by the system; secure the data payload at a first time; store the secured data payload; receive a request for access to the data payload; and provide certification, corresponding to a second time subsequent to the first time, that the data payload has not been altered since the first time.01-28-2016
20160026805SPLIT STORAGE AND COMMUNICATION OF DOCUMENTS - Embodiments for preventing data loss and allowing selective access data include systems and methods that receive a data payload to be stored by the system; split the data payload into a plurality of payload components; secure each of the plurality of payload components; store at least a first of the plurality of payload components at a first repository and at least a second of the plurality of payload components at a second repository; receive a request for access to the data payload; and provide certification that the data payload has not been altered since storing.01-28-2016
20160026817SECURE DATA STORAGE - Methods and systems for obscuring the location of critical system files are provided. In particular, the locations of files stored within a file system are selected by applying various inputs to a hash algorithm. For system files, the inputs applied to the hash algorithm can include a user name and password. For data files, the information provided to the hash algorithm can include the file name. In addition to providing random file locations, a file system in accordance with embodiments of the present invention can homogenize other information, including file names, sizes and creation dates.01-28-2016
20160042157MULTIMEDIA NETWORK SYSTEM WITH CONTENT IMPORTATION, CONTENT EXPORTATION, AND INTEGRATED CONTENT MANAGEMENT - This system provides wired and/or wireless access throughout a multimedia network built on a distributed architecture which can be transparent to the user. This multimedia network includes content which is imported or generated within the network. The system allows for the content provider to determine the license status of content and update the license status of content which was previously provided by that provider. The external content can be accessed in real time or downloaded and stored within the system for later access at the convenience of the user. The usage of some content is controlled by the use of encryption and other protection methods. The system allows for storage of live video by storing the digitized video and allowing the user to control how, when and where the content is viewed. The system makes available multiple multimedia services to all users in the network or connected via the internet.02-11-2016
20160055347DATA ACCESS CONTROL METHOD IN CLOUD - A data access control method includes requesting, by the data owner unit, the generation of a data encryption key (DEK) from the manager unit, generating, by the manager unit, the DEK, generating, by the manager unit, the result of the Ciphertext Policy-Attribute Based Encryption (CP-ABE) of the DEK and a secret key used to decrypt the result of the CP-ABE encryption, and then responding, by the manager unit, to the data owner unit, obtaining, by the data owner unit, the DEK by performing the CP-ABE decryption of the result of the CP-ABE encryption using the secret key, encrypting, by the data owner unit, data with the obtained DEK, and uploading, by the data owner unit, the encrypted data and DEK information to the cloud.02-25-2016
20160062991ELECTRONIC DISCOVERY MANAGEMENT SYSTEM - An electronic discovery management system communicatively coupled with a communications network including a database for storing electronic documents, wherein each electronic document is associated with a fingerprint. The system also includes a server configured for: receiving a plurality of documents and generating a fingerprint of each document; receiving a request for a set of documents of the plurality of documents; accessing the set of documents in the database and generating a subsequent fingerprint for each document of the set, and comparing said subsequent fingerprint with a corresponding fingerprint stored in association with said document in the database; if, for each document of the set, said subsequent fingerprint is identical to the fingerprint stored in association with said document in the database, then transmitting, over the communications network, the set of documents; and providing documents that have not been tampered with.03-03-2016
20160063264METHOD FOR SECURING A PLURALITY OF CONTENTS IN MOBILE ENVIRONMENT, AND A SECURITY FILE USING THE SAME - There is provided a method for protecting a plurality of contents in mobile terminal, the method includes; storing a header portion for storing file names and folder structure of the plurality of contents; and a body portion for storing file binary values of the plurality of contents, when the plurality of contents are stored; wherein the file binary values of the plurality of contents is partially encrypted.03-03-2016
20160063278Privacy Compliance Event Analysis System - This invention relates to a data system that anonymizes personalized event data, by receiving the personalized event data containing an encrypted personal identifier and determining whether an entry exists for the encrypted personal identifier in a key database. The encrypted personal identifier may be associated with a system identifier that uniquely identifies the encrypted personal identifier and is uniquely associated to one system identifier. If no entry is detected in the key database for the received encrypted personal identifier, then a new entry for the key database is generated in which the received encrypted personal identifier is uniquely associated to a new system identifier. The received encrypted personal identifier associated to the new system identifier is stored as the new entry in the key database and the new system identifier associated to the event data contained in the personalized event data in an event database is stored where the event database stores system identifiers in association with the corresponding event data.03-03-2016
20160078232COMPUTING DEVICE AND METHOD FOR ACCESSING FILES - A method for accessing files in a computing device includes presetting authorized electronic devices. When an electronic device is detected to be within a range of a wireless device of the computing device and an access request is received from the electronic device, the computing device determines whether the electronic device is authorized. When the electronic device is authorized, a user of the electronic device is allowed to access the computing device. When the electronic device is not authorized, the user is denied access to the computing device.03-17-2016
20160078233SYSTEM AND METHOD FOR DATA COLLECTION AND EXCHANGE WITH PROTECTED MEMORY DEVICES - A method, apparatus, and article of manufacture for collecting and exchanging data are disclosed. In one embodiment, the apparatus comprises a non-volatile memory device, which includes an interface for coupling the non-volatile memory device to a host system; non-volatile memory for storing data, including a plurality of executables at least two of which are executable on different operating systems or devices. The plurality of executables includes a data collection executable and a data transfer executable. The non-volatile memory device also includes a controller to cause execution of at least one executable in the plurality of executables, including the data collection executable and the data transfer executable, where execution of the data collection executable causes data to be collected and stored in the non-volatile memory, and execution of which causes the collected data to be transferred to a location external to the non-volatile memory device.03-17-2016
20160080149Secure Key Management for Roaming Protected Content - Content on a device is encrypted and protected based on a data protection key corresponding to a particular identity of the user of the device. The protected content can then be stored to cloud storage, and from the cloud storage the protected content can be transferred to various other ones of the user's devices. A data protection key that is used to retrieve the plaintext content from the protected content is maintained by the user's device. This data protection key can be securely transferred to other of the user's devices, allowing any of the user's devices to access the protected content.03-17-2016
20160085985MULTI-SERVICE CLOUD STORAGE DECISION OPTIMIZATION PROCESS - A method for storage management of client files in a multi-service cloud environment is provided. The method includes receiving a mapped list of available cloud storage services of the multi-service cloud environment. The method further includes receiving categorization of the client files. The method further includes performing a qualitative analysis of the received mapped list of available cloud storage services and the categorized client files, to generate a decision data structure representative of cloud storage preferences of a client. The method further includes storing the client files in the multi-service cloud environment. The method further includes determining whether to encrypt the stored client files. The method further includes tagging individual files of the stored client files, or groups of client files of the stored client files, or a combination of the individually stored client files or the groups of client files for encrypting the stored client files.03-24-2016
20160098571TRUSTED USER CIRCLES - A trusted user circle server for encryption key distribution and authentication support, as well as a client-side application which resides on user's devices are disclosed. In particular, the trusted user circle server manages a repository for static public keys (SPUK) which are used for authentication and secure distribution of a dynamic private context key (DPCK) used for the end-to-many encryption. Accordingly, posting users encrypt posted document using the DPCK and viewing users retrieve the DPCK to decrypt the posted document. These keys are associated to the trusted user circle and are generated dynamically for a given circle policy context (CPC). The CPC is an identifier that represents a group of members of a trusted user circle. It changes whenever any member of the trusted user circle leave it, when a new trusted user circle is created or when the DPCK expires after a pre-determined period of time.04-07-2016
20160110377METHOD FOR SYNCHRONIZING FILE - Provided is a method of file synchronizing. The method includes: determining whether there is a changed matter in a file which is divided into a plurality of chunk files; calculating a hash value for each of plurality of divided chunk files when it is determined that there is a changed matter in file; transmitting a hash value list configured by calculated hash values to a server; receiving a transmission request for a chunk file corresponding to a hash value which is not stored in server, among hash values included in hash value list; and transmitting chunk file to the server in response to the transmission request.04-21-2016
20160117518File Encryption/Decryption Device And File Encryption/Decryption Method - Provided are a file encryption and decryption device and file encryption and decryption method. The encryption device comprises: one or more non-transitory computer readable medium configured to store computer-executable instruction; at least one processor to execute the computer-executable instruction to cause: selecting important data in a source file to be encrypted; receiving the important data selected by the selector and encrypting the important data according to a pre-set encryption algorithm; receiving the encrypted important data provided by the encryptor and storing the encrypted important data at a specified first location; a deletion component for deleting the unencrypted important data in the source file; generating encryption information according to the above encryption procedure and storing the encryption information at a specified second location, the encryption information at least including the original location of the important data in the source file.04-28-2016
20160119142Encryption, Decryption, and Triggered Delivery of Files - Encrypting information includes receiving a question/answer pair, generating a file pass phrase, encrypting the file with the file pass phrase, normalizing the answer, encrypting the file pass phrase with the normalized answer, creating a hash of the normalized answer; delivering encrypted information includes alerting the recipient of the encrypted file to be downloaded, providing the recipient with questions associated with the encrypted file, normalizing answers provided by the recipient, creating a hash of the normalized answers, comparing the hash to stored hashes associated with the encrypted file, allowing download of the encrypted file when a predetermined number of the stored hashes match the normalized hashes; and storing and triggering delivery of encrypted information to a recipient includes storing encrypted information about a recipient, determining a triggering event associated with the encrypted information, delivering to the recipient an invitation to retrieve the encrypted information upon occurrence of the triggering event.04-28-2016
20160119292RE-ENCRYPTION SYSTEM, RE-ENCRYPTION APPARATUS, AND PROGRAM - A re-encryption system according to this embodiment includes a file sharing apparatus and a re-encryption apparatus. Upon receiving a file request from the client apparatus, the file sharing apparatus acquires a first encrypted file based on the file request, and transmits a re-encryption request including the first encrypted file to the re-encryption apparatus. The re-encryption apparatus re-encrypts the first encrypted file included in the re-encryption request to the second encrypted file based on the re-encryption key, and transmits the second encrypted file to the file sharing apparatus. The file sharing apparatus transmits the second encrypted file to the client apparatus. The client apparatus obtains the file by decrypting the second encrypted file based on a private key corresponding to the public key of the member.04-28-2016
20160125198SEARCHABLE ENCRYPTION WITH SECURE AND EFFICIENT UPDATES - Methods, systems, and computer-readable storage media for selecting columns for using searchable encryption to query a database storing encrypted data. Implementations include actions of receiving a set of search indices, receiving a search token, and in response: searching at least one search index of the set of search indices based on the search token, and determining that the at least one search index is absent an entry corresponding to the search token, and in response, receiving one or more identifiers, each identifier being associated with a respective ciphertext that is determined to be responsive to the search token, and updating the at least one index to include an entry based on the search token and the one or more identifiers; and transmitting search results, the search results including the one or more ciphertexts that are determined to be responsive to the search token.05-05-2016
20160132675SECURE SYSTEM FOR ALLOWING THE EXECUTION OF AUTHORIZED COMPUTER PROGRAM CODE - Systems and methods for selective authorization of code modules are provided. According to one embodiment, a kernel mode driver monitors events occurring within a file system or an operating system. Responsive to observation of a trigger event performed by or initiated by an active process, in which the active process corresponds to a first code module within the file system and the event relates to a second code module within the file system, performing or bypassing a real-time authentication process on the second code module with reference to a multi-level whitelist database architecture. The active process is allowed to load the second code module into memory when the real-time authentication process is bypassed or when it is performed and results in an affirmative determination.05-12-2016
20160132684SECURE DATABASE BACKUP AND RECOVERY - As disclosed herein a computer system for secure database backup and recovery in a secure database network has N distributed data nodes. The computer system includes program instructions that include instructions to receive a database backup file, fragment the file using a fragment engine, and associate each fragment with one node, where the fragment is not stored on the associated node. The program instructions further include instructions to encrypt each fragment using a first encryption key, and store, randomly, encrypted fragments on the distributed data nodes. The program instructions further include instructions to retrieve the encrypted fragments, decrypt the encrypted fragments using the first encryption key, re-encrypt the decrypted fragments using a different encryption key, and store, randomly, the re-encrypted fragments on the distributed data nodes. A computer program product and method corresponding to the above computer system are also disclosed herein.05-12-2016
20160132694Preventing Sharing of Sensitive Information Through Code Repositories - Methods, systems, and computer program products for preventing sharing of sensitive information through code repositories are provided herein. A method includes detecting one or more items of sensitive information in a check-in associated with a given user in a shared version management system; automatically refactoring the one or more items of sensitive information in the check-in by externalizing the one or more items of sensitive information as an encrypted file; and upon acceptance by the user of one or more changes to the check-in, automatically (i) decrypting the encrypted file using one or more code repository credentials associated with the given user, and (ii) incorporating the one or more items of sensitive information into the check-in.05-12-2016
20160134422SYSTEM AND METHOD FOR IDENTIFYING SOFTWARE CHANGES - One embodiment includes an enterprise trust server (ETS) programmed to execute machine readable instructions. The ETS includes a user interface configured to initiate generation of a first file signature associated with a first file accessed from a file system associated with a computer system at a first time and generation of a second file signature associated with a second file accessed from the file system at a second time subsequent to the first time. The ETS also includes a file signature comparator configured to compare the first and second file signatures to determine a difference set of file signatures. The ETS can be configured to send a request comprising the difference set of file signatures to a trust repository and to receive a response that identifies a software product associated with the first and second files that changed between the first and second times based on the difference set of file signatures.05-12-2016
20160134601Using a Hash of a Filename to Control Encoding/Decoding of a Digital File - Methods, devices, systems, and non-transitory process-readable storage media for a computing device to reversibly obfuscate contents of a digital file includes generating a binary string by applying a shared hash function to a public filename of the digital file. The method may include subdividing the digital file into a first plurality of data segments corresponding to one of a number of bits represented by the generated binary string and a file size of the digital file, shuffling the first plurality of data segments using a shared, looping shuffle algorithm. Each shuffling operation of the shared, looping shuffle algorithm may use a different bit of the generated binary string in a predefined first sequence. The shuffled first plurality of data segments may be combined to obtain a shuffled digital file. A reverse of the method may be performed to obtain the original digital file.05-12-2016
20160140347AUTOMATICALLY GENERATE ATTRIBUTES AND ACCESS POLICIES FOR SECURELY PROCESSING OUTSOURCED AUDIT DATA USING ATTRIBUTE-BASED ENCRYPTION - Methods, systems, and computer-readable storage media for secure storage of and selective access to encrypted audit data. Implementations include actions of receiving a set of audit data in response to occurrence of an incident, determining a set of static audit data and a set of dynamic audit data based on the set of audit data, encrypting items in the set of static audit data using a first attribute-based encryption scheme to provide a set of encrypted static audit data, and items in the set of dynamic audit data using a second attribute-based encryption scheme to provide a set of encrypted dynamic audit data, and transmitting the set of encrypted static audit data and the set of encrypted dynamic audit data to an off-premise database for storage and selective access.05-19-2016
20160148013SYSTEMS AND METHODS FOR PROVIDING FILE LEVEL SECURITY - Storage end points, whether they are local, remote, network, or cloud, such as DROPBOX and APPLE, present security issues for the general public and corporate consumers. These storage end points are not always encrypted. Even when the end user does perform encryption, the drawback to normal implementations is that the entirety of the file, the file key, and the key store are encrypted and stored in a single location. Computers can be hacked and encryption can be broken when given access and time. Disclosed is a system and method that enhances file level security by shredding the file, file pointers, and key store into parts, allowing the parts to be stored in different storage end points specified by the user.05-26-2016
20160154970Method and Apparatus for Secure Communication06-02-2016
20160162699OPTIMIZED ENCRYPTION FILTERING OF FILES - Read data blocks are selectively decrypted and write data bocks are selectively encrypted in an input-output path between an application and a file system driver. If a read data block contains all zeroes, the read data block is not decrypted even though the read data block is a block of an encrypted file. Likewise, if a write data block contains all zeroes, the write data block is not encrypted even though the write data block is a block of an encrypted file. In this manner, the handling of zero blocks of an encrypted file is efficiently processed outside the file system without relying on bitmaps or other data structure maintained by the file system that may inform which blocks contain all zeroes06-09-2016
20160171227Privacy-Protective Data Transfer06-16-2016
20160180081Systems And Methods For Security In Computer Systems06-23-2016
20160182461TECHNIQUE FOR SECURELY COMMUNICATING AND STORING PROGRAMMING MATERIAL IN A TRUSTED DOMAIN06-23-2016
20160182474SECONDARY COMMUNICATIONS CHANNEL FACILITATING DOCUMENT SECURITY06-23-2016
20160188894RETENTION MANAGEMENT IN A FACILITY WITH MULTIPLE TRUST ZONES AND ENCRYPTION BASED SECURE DELETION - A computing facility, including a storage management system belonging to a first trust zone having a first privilege level, a metadata management system belonging to a second trust zone having a second privilege level higher than the first privilege level, and a security management system belonging to a third trust zone having a third privilege level higher than or equal to the second privilege level. The storage management system is and configured to store multiple content entities, and the metadata management system is configured to manage, for each of the multiple content entities, metadata including a respective content encryption key and a respective retention time, each of the content entities being encrypted by its respective content encryption key. The security management system is configured to manage a master encryption key used to create the respective content encryption keys, and to confirm expiration of the respective retention times.06-30-2016
20160191476KEY MANAGEMENT FOR COMPROMISED ENTERPRISE ENDPOINTS - Threat detection instrumentation is simplified by providing and updating labels for computing objects in a context-sensitive manner. This may include simple labeling schemes to distinguish between objects, e.g., trusted/untrusted processes or corporate/private data. This may also include more granular labeling schemes such as a three-tiered scheme that identifies a category (e.g., financial, e-mail, game), static threat detection attributes (e.g., signatures, hashes, API calls), and explicit identification (e.g., what a file or process calls itself). By tracking such data for various computing objects and correlating these labels to malware occurrences, rules can be written for distribution to endpoints to facilitate threat detection based on, e.g., interactions of labeled objects, changes to object labels, and so forth. In this manner, threat detection based on complex interactions of computing objects can be characterized in a platform independent manner and pre-processed on endpoints without requiring significant communications overhead with a remote threat management facility.06-30-2016
20160205082SECURE AUTHENTICATION AND SWITCHING TO ENCRYPTED DOMAINS07-14-2016
20160253491SECURE SYSTEM FOR ALLOWING THE EXECUTION OF AUTHORIZED COMPUTER PROGRAM CODE09-01-2016
20160253515A System and a Method for Management of Confidential Data09-01-2016
20160253516CONTENT ENCRYPTION TO PRODUCE MULTIPLY ENCRYPTED CONTENT09-01-2016
20160253517FILE STORAGE SYSTEM AND USER TERMINAL09-01-2016
20160380982Tokenization of Structured Data - Structured data, such as email addresses, social security numbers, and the like is accessed for encoding. A set of encoding rules including one or more encoding actions and/or encoding components corresponding to each of one or more structured data components is accessed. The set of encoding rules can include one or more encoding actions and/or one or more encoding components corresponding to each of one or more structured data components. Encoding actions can include tokenization, encryption, data masking, data modification, and the like. The one or more components of the structured data are encoded based on the accessed set of encoding rules. The encoded structured data is stored, processed, or outputted to an external entity.12-29-2016
20170235552COMPUTING DEVICE COMPRISING A TABLE NETWORK08-17-2017
20170235966PROCESS-LEVEL CONTROL OF ENCRYPTED CONTENT08-17-2017
20170235967BEHAVIORAL-BASED CONTROL OF ACCESS TO ENCRYPTED CONTENT BY A PROCESS08-17-2017
20170237567METHOD, APPARATUS, SYSTEM, AND NON-TRANSITORY MEDIUM FOR PROTECTING A FILE08-17-2017
20170237711TECHNIQUES FOR PREVENTING LARGE-SCALE DATA BREACHES UTILIZING DIFFERENTIATED PROTECTION LAYERS08-17-2017
20180026979DATABASE MANAGEMENT SYSTEM SHARED LEDGER SUPPORT01-25-2018
20220138328VALIDATION OF TRANSACTION LEDGER CONTENT USING JAVA SCRIPT OBJECT NOTATION SCHEMA DEFINITION - Embodiments may be associated with a secure, distributed transaction ledger. The system may include a Database that contains electronic records providing JSON schema content format requirements. A computer processor of a content validation smart contract creation platform, coupled to the JSON schema data store, may access information in the JSON schema data store. The content validation smart contract creation platform may then automatically create a content validation smart contract based on the JSON schema content format requirements. The content validation smart contract may then be deployed by the content validation smart contract creation platform to the secure, distributed transaction ledger.05-05-2022

Patent applications in class File protection

Website © 2023 Advameg, Inc.