| Class / Patent application number | Description | Number of patent applications / Date published |
|---|
| 713167000 | Object protection | 87 |
| 20080209212 | Integrated Secure And Non-Secure Display For A Handheld Communications Device - A handheld communications device is created with a touch sensitive display, a secure computing component, and a non-secure computing component. The secure component may comprise a secure CPU executing a secure operating system. The non-secure component may comprise a separate non-secure CPU executing a separate non-secure operating system. The touch sensitive display on the handheld communications device is divided into a secure portion and a non-secure portion such that information displayed in the secure portion is provided by the secure operating system, and information displayed in the non-secure portion is provided by the non-secure operating system. Similarly, data entered through the secure portion of the display is provided to the secure operating system, and data entered through the non-secure portion of the display is provided to the non-secure operating system. | 08-28-2008 |
| 20080215883 | PROVIDING SECURE INTER-APPLICATION COMMUNICATION FOR A MOBILE OPERATING ENVIRONMENT - Providing for secure and efficient communication for mobile applications executed in a mobile operating environment is described herein. As an example, a primary mobile application can initiate a handshake that includes a unique identifier of the primary application and a random number for signing and/or certifying responsive requests. A recipient application can reference the unique identifier with a list of certified primary applications to verify the primary application. If verified, the recipient responds with the random number and a second random number that can sign and/or certify data requests sent by the primary application. According to some embodiments, random numbers can be hashed and/or truncated to provide low power encryption for such numbers. Further, round-trip policies can be enforced to provide reliable transmission of data. Accordingly, reliable, secure and low power synchronous communication can be conducted in a mobile environment. | 09-04-2008 |
| 20080250242 | Method for Passing Selective Encrypted Attributes of Specific Versions of Objects in a Distributed System - The present invention provides a computer implemented method, system, and computer program product for selective encryption of a data transmission. A data transmission is received. When the data transmission is received, the data transmission is unmarshaled. When the transmission is unmarshaled, objects and a set of sensitive fields within the data transmission are identified by referencing a metadata database. Only the set of sensitive fields within the data transmission are encrypted to form a partially encrypted data transmission. The partially encrypted data transmission is marshaled to form a marshaled data transmission. The marshaled data transmission is transmitted to a recipient. | 10-09-2008 |
| 20090119507 | Reference Monitor for Enforcing Information Flow Policies - A reference monitor that authorizes information flows between elements of a data processing system is provided. The elements of the data processing system are associated with security data structures in a reference monitor. An information flow request is received from a first element to authorize an information flow from the first element to a second element. A first security data structure associated with the first element and a second security data structure associated with the second element are retrieved. At least one set theory operation is then performed on the first security data structure and the second security data structure to determine if the information flow from the first element to the second element is to be authorized. The security data structures may be labelsets having one or more labels identifying security policies to be applied to information flows involving the associated element. | 05-07-2009 |
| 20090187763 | SYSTEM AND METHOD FOR PROTECTING DATA ACCESSED THROUGH A NETWORK CONNECTION | 07-23-2009 |
| 20090228706 | PAGE ENCRYPTION SYSTEM - Text containing files are encrypted by first formatting the files for display. The display-formatted files are then run length coded to form files indicating the information. The files are encrypted. | 09-10-2009 |
| 20090240937 | SEPARATED STORAGE OF DATA AND KEY NECESSARY TO ACCESS THE DATA - A novel approach introduces an extra layer of data security by storing files and the keys required to access the files separately. When the files are being accessed, the host of the files sends a request to an access device that stores the keys to access the files. The key will be provided to the host only if at least one of the following conditions is met: the host is within close proximity of the access device, the identity of the person attempting to access the files is authenticated, or the security status of the host is verified. | 09-24-2009 |
| 20090249067 | System and Method for Pre-Placing Secure Content on an End User Storage Device - A system and method for pre-placing content from a provider on an end user storage device is described. The system includes a device connected to an end user network and a public network and used to interface with one or more digital keys, where each digital key is able to control one or more identity associations. A storage device attached to the end user network and is able to receive content from the provider using the identity association with the provider. The content is encrypted on the storage device using a keys established by the provider, such that the end user can only decrypt and access the content by agreeing to terms established by the provider using the digital key and identity association with the provider. | 10-01-2009 |
| 20100011210 | Method And Apparatus For Remotely Provisioning Software-Based Security Coprocessors - A virtual security coprocessor is created in a first processing system. The virtual security coprocessor is then transferred to a second processing system, for use by the second processing system. For instance, the second processing system may use the virtual security coprocessor to provide attestation for the second processing system. In an alternative embodiment, a virtual security coprocessor from a first processing system is received at a second processing system. After receiving the virtual security coprocessor from the first processing system, the second processing system uses the virtual security coprocessor. Other embodiments are described and claimed. | 01-14-2010 |
| 20100037050 | METHOD AND APPARATUS FOR AN ENCRYPTED MESSAGE EXCHANGE - An apparatus and method for exchanging encrypted messages or data. According to an embodiment, messages are encrypted according to credentials associated with a user and the encrypted messages are stored in memory. The credentials are encrypted and stored in a key services module. To retrieve a message, the user logs onto to a server with a password, and the server retrieves the encrypted credentials associated with the user from the key services and applies the user password to decrypt or recover the encrypted credentials. If the credentials are successfully recovered, the server uses the decrypted credentials to decrypt the message and the decrypted message is made available to the user. | 02-11-2010 |
| 20100037051 | METHOD FOR SHARING RIGHTS OBJECTS BETWEEN USERS - Provided is a method for delivering all or part of a rights object (RO) of a user associated with the content to other users. The method includes creating a rights object to be transmitted to a second user within a limit of the rights object held by the first user, and forwarding the created rights object to the second user. The method allows each user to share its own RO with other users within the limit of the RO without server authentication. | 02-11-2010 |
| 20100070763 | DECLARATIVE DATA SECURITY FOR A RAPID APPLICATION DEVELOPMENT TOOL COMPONENT - A security privilege view object instance. The security privilege view object instance provides security at the view object instance level, permitting multiple application modules to utilize a single entity object with different data privileges. In an embodiment, a view object implementation method is overridden to add selected security filters at instantiation of a view object instance. | 03-18-2010 |
| 20100122086 | METHOD FOR COMBINING DATA TO BE PROCESSED WITH A DATA-SPECIFIC APPARATUS, AND APPARATUS AND COMPUTER PROGRAM FOR IMPLEMENTING THE METHOD - The invention discloses a method and a system for combining data with an apparatus which is provided for processing the data, with the following steps: (a) determining an identifier associated with the apparatus; (b) generating a first key by using the identifier and a second secret key, which is independent of the identifier; (c) generating a decryption algorithm to be used for the second key and providing the decryption algorithm to the apparatus; (d) encrypting a rights object, which allows access to the data, using the first key and the second secret key; (e) transmitting the data and the rights object to the apparatus; (f) decrypting the rights object with the apparatus by using the identifier associated with the apparatus and the decryption algorithm associated with the apparatus; and (g) decrypting the data using a key selected by a rights owner and included in the decrypted rights object. | 05-13-2010 |
| 20100138653 | METHOD AND SYSTEM FOR SEARCHING FOR, AND COLLECTING, ELECTRONICALLY-STORED INFORMATION - A method and system for searching and collecting electronically stored information are described. Consistent with an embodiment of the invention, configuration and execution of a search are separated in time and location. For example, a search configuration application executing at a first computer system is utilized to generate a search configuration file, which controls the operation of a search agent when the search agent is executing at a target computer system and performing a search of storage devices act of the target computer system. Encryption is utilized to prevent unauthorized access to the search configuration file as well as the search results file generated by the search agent. | 06-03-2010 |
| 20100146271 | Service Accessing Control Method, Terminal And System - Embodiments of the present invention provide a service accessing control method, including generating a service group comprising more than one client, and generating a key for the service group; searching for, by the more than one client in the service group, a service component on a server, encrypting, by a client who first searches out the service component, the service component with the generated key; and accessing, by the other clients in the service group, the encrypted service component with the generated key. The embodiments of the present further also provide a terminal and system corresponding to the method. By the embodiments of the present invention, it can be guaranteed that a invitation flow is not disturbed by external users, thereby increasing the success rate of the invitation. | 06-10-2010 |
| 20100199088 | Method and System For Securing Digital Assets Using Process-Driven Security Policies - Techniques for dynamically altering security criteria used in a file security system are disclosed. The security criteria pertains to keys (or ciphers) used by the file security system to encrypt electronic files to be secured or to decrypt electronic files already secured. The security criteria can, among other things, include keys that are required to gain access to electronic files. Here, the keys can be changed automatically as electronic files transition between different states of a process-driven security policy. The dynamic alteration of security criteria enhances the flexibility and robustness of the security system. In other words, access restrictions on electronic files can be dependent on the state of the process-driven security policy. | 08-05-2010 |
| 20100217977 | SYSTEMS AND METHODS OF SECURITY FOR AN OBJECT BASED STORAGE DEVICE - The disclosure is related to systems and methods of security for a data storage device and in particular embodiments, an object based data storage device. In a particular embodiment, a system comprises an object based data storage device adapted to store objects received from a host The object based data storage device may be adapted to encrypt and decrypt objects without allowing access to an encryption key or decryption key from external to the object based data storage device. | 08-26-2010 |
| 20100235633 | AUTHENTICATION AND ENCRYPTION UTILIZING COMMAND INDENTIFIERS - A data processing system, recording device, data processing method and program providing medium are provided to execute authentication processing and content storing processing between apparatuses. Program localization is employed to restrict access to program content. A plurality of key blocks store key data for authentication processing. Key block designation information is set in a recorder/reproducer, which is configured for executing authentication processing with the recording device by designating a key block. The recorder/reproducer can set a key block for each product, model or the like. In addition, data stored according to a selected key block cannot be utilized in a recorder/reproducer in which a different key block is set. Furthermore, an encryption processing controlling section of a recording device executes control in accordance with a pre-defined setting sequence. Furthermore, an illegal instrument that has not completed the authentication processing can be prevented from utilizing program content. | 09-16-2010 |
| 20100250927 | INTEROPERABLE SYSTEMS AND METHODS FOR PEER-TO-PEER SERVICE ORCHESTRATION - Systems and methods are described for performing policy-managed, peer-to-peer service orchestration in a manner that supports the formation of self-organizing service networks that enable rich media experiences. In one embodiment, services are distributed across peer-to-peer communicating nodes, and each node provides message routing and orchestration using a message pump and workflow collator. Distributed policy management of service interfaces helps to provide trust and security, supporting commercial exchange of value. Peer-to-peer messaging and workflow collation allow services to be dynamically created from a heterogeneous set of primitive services. The shared resources are services of many different types, using different service interface bindings beyond those typically supported in a web service deployments built on UDDI, SOAP, and WSDL. In a preferred embodiment, a media services framework is provided that enables nodes to find one another, interact, exchange value, and cooperate across tiers of networks from WANs to PANs. | 09-30-2010 |
| 20100325431 | Feature-Specific Keys for Executable Code - A method for protecting software from tampering includes steps for processing first compiled software stored in a computer memory to generate a first key part, the first compiled software configured to perform software protection functions and defined second functions distinct from the software protection functions when executed, and the first key part consisting of a first portion of the first compiled software comprising executable code compiled from the software protection functions, generating an identifier and a second key part for each of the defined second functions, generating a cryptographic key determined from the first key part and the second key part, encrypting a second portion of the first compiled software using the cryptographic key to produce second compiled software comprising the first portion in unencrypted form and the second portion encrypted with the cryptographic key, wherein the second portion comprises executable code compiled from the defined second functions, and storing the second compiled software in a computer memory for distribution to a client device. | 12-23-2010 |
| 20110022840 | Method and System for Detecting Data modification within computing device - A method and apparatus for detecting data modification in a layered operating system is disclosed. Outbound content indicators at different layers are compared to detect potential outbound data modifications. Likewise, inbound content indicators at different layers are compared to detect potential inbound data modifications. Content indicators include checksum, cryptographic hash, signature, and fingerprint indicators. Embodiments of the present invention enable detection of data modifications across an operating system's kernel and user mode spaces, prevention of modified outbound data from reaching a network, prevention of modified input data from reaching a user application, and detection of malware and faults within an operating system. | 01-27-2011 |
| 20110060905 | SYSTEMS AND METHODS FOR PROVIDING ANONYMIZED USER PROFILE DATA - Embodiments facilitate confidential and secure sharing of anonymous user profile data to improve the delivery of customized content. Embodiments of the invention provide a data appliance to an entity such as a business to convert profile data about the business's customers into anonymous identifiers. A similar data appliance is provided to a content provider in one embodiment to generate identifiers for its user profile data. Because the anonymous identifiers are generated with the same anonymization method, identical identifiers are likely generated from profile data of the same users. Therefore, the identifiers can be used to anonymously match the customers of the business to the users of the content provider. Therefore, data can be shared to improve customized content such as advertisements that the business wishes to place with the content provider without requiring the business to disclose customer data in an unencrypted form, and any non-matched data can remain confidential. | 03-10-2011 |
| 20110126008 | Method and Apparatus for Sharing Documents - A method for securely sharing electronic documents on a document storage system. The method includes receiving an electronic document from a creating user, generating an encryption key unique to the electronic document, encrypting the electronic document using the encryption key to create an encrypted electronic document, and communicating the encrypted electronic document to a document repository for storage/ The method also includes identifying a resource locator for uniquely identifying the storage location of the encrypted electronic document and communicating the encryption key and the resource locator to the creating user. The method also includes receiving the encryption key and the resource locator from a requesting user, retrieving the encrypted electronic document from the document repository using the resource locator, decrypting the encrypted electronic document using the encryption key, and communicating the decrypted electronic document to the requesting user. | 05-26-2011 |
| 20110179271 | SECURE DATA PARSER METHOD AND SYSTEM - The present invention provides a method and system for securing sensitive data from unauthorized access or use. The method and system of the present invention is useful in a wide variety of settings, including commercial settings generally available to the public which may be extremely large or small with respect to the number of users. The method and system of the present invention is also useful in a more private setting, such as with a corporation or governmental agency, as well as between corporation, governmental agencies or any other entity. | 07-21-2011 |
| 20110197062 | METHOD AND SYSTEM FOR LICENSE MANAGEMENT - Embodiments of the invention relate to methods, apparatus and systems, including computer program products for license management in one or more computer systems. A first computer runs a master license server process instance. The master license service process instance is associated with a hardware identifier relates to the first computer and has a license to run a predefined number of concurrent production license server process instances that are responsible for license management towards clients. A request is received by the master license server process instance for a license from a production license server process instance in a second computer. The master license server process instance provides a virtual identifier to the production license server process instance to be used as a unique identifier for license management purposes towards clients by the production license server process instance. The virtual identifier is cryptographically secured against modification. | 08-11-2011 |
| 20110202764 | DATA REFERENCE SYSTEM, DATABASE PRESENTATION/DISTRIBUTION SYSTEM, AND DATA REFERENCE METHOD - An element-data generating device encrypts respective vectors each including plural pieces of data, generates a vector including encrypted texts, and outputs such a vector as element data. A database generating system has plural first distributed devices and outputs a sequence of all pieces of element data as a database. A database presentation system has plural second distributed devices, generates, based on a reference item specifying an item to be referred, plural sequences of data to be referred from the database, and performs order shuffling of individual elements of the sequences of the data by all of the second distributed devices so that the order shuffling of the elements of the data sequence is consistent throughout all data sequences. | 08-18-2011 |
| 20110219228 | Method And Device For Identifying Objects - The invention relates to a method for identifying an object comprising at least one object identifier with an object code that is used to verify the authenticity of the object. The method comprises the following steps: creation of a unique random system code consisting of a first and a second system code, the first part of the system code being generated from a first character set by a first random method and the second part of the system code being generated from a second character set by a second random method and saving of the system code together with at least one first object-specific information in a first data memory, the first part of the system code being encrypted by a first encryption method and the second part of the system code by a second encryption method prior to being saved; creation of a random encryption key from a third character set by a third random method, creation of a unique assignment identifier by an assignment method and saving of the encryption key, assignment identifier and at least one second object-specific piece of information in a second data memory; creation of the object code, consisting of the first part of the system code and the assignment key, encryption of the object identifier by a fourth encryption method and saving of the encrypted system code together with the encrypted object identifier in a third data memory; and attachment of the object code to the object. | 09-08-2011 |
| 20110246768 | SYSTEMS AND METHODS IMPROVING CRYPTOSYSTEMS WITH BIOMETRICS - In one aspect, systems and methods to improve a cryptosystem include computer-implemented operations such as scanning a biometric attribute for comparison with stored biometric data, and generating a keystream based upon the stored biometric data if the scanned biometric attribute substantially matches the stored biometric data. The computer-implemented method may also include operations for encrypting object data, and encrypting final data based upon the keystream and the encrypted object data. | 10-06-2011 |
| 20110296176 | METHOD AND SYSTEM FOR SHARING DATA - A method of sharing data between a first and a second party, a system for sharing data between a first and a second party and a computer readable data storage medium having stored thereon computer code means for instructing respective computer processors of a first party and a second party to execute a method of sharing data between the first and the second parties are provided. The method comprises the steps of performing respective randomization processes on data sets of the first and second parties; performing an exchange process between the first and second parties; performing an audit trail check process at the first and second parties respectively; and proceeding with performing a matching process at the first and second parties respectively only after a successful audit trail check by each party in the audit trail check process and the matching process is such that each party can determine whether the other party has provided a correct re-obfuscating number for determining common records between the first and second party. | 12-01-2011 |
| 20110302413 | Authorizing Information Flows Based on a Sensitivity of an Information Object - A system, apparatus, computer program product and method for authorizing information flows between devices of a data processing system are provided. In one illustrative embodiment, an information flow request is received from a first device to authorize an information flow from the first device to a second device. The information flow request includes an identifier of the second device. Based on an identifier of the first device and the second device, security information identifying an authorization level of the first device and second device is retrieved. A sensitivity of an information object that is to be transferred in the information flow is determined and the information flow is authorized or denied based only on the sensitivity of the information object and the authorization level of the first and second devices irregardless of the particular action being performed on the information object as part of the information flow. | 12-08-2011 |
| 20110314278 | ON-THE-FLY DATA MASKING - Described are methods, systems, and apparatus, including computer program products for securing data of a production server. The invention, in one implementation, includes reading a data value on the production server, obfuscating the data value in the memory of the server to create a masked value, transmitting the masked value to a non-production server, and storing the masked value on the non-production server. | 12-22-2011 |
| 20110314279 | Single-Use Authentication Methods for Accessing Encrypted Data - Single-use authentication methods for accessing encrypted data stored on a protected volume of a computer are described, wherein access to the encrypted data involves decrypting a key protector stored on the computer that holds a volume-specific cryptographic key needed to decrypt the protected volume. Such single-use authentication methods rely on the provision of a key protector that can only be used once and/or that requires a new access credential for each use. In certain embodiments, a challenge-response process is also used as part of the authentication method to tie the issuance of a key protector and/or access credential to particular pieces of information that can uniquely identify a user. | 12-22-2011 |
| 20120030463 | DATA SECURE SYSTEM AND METHOD OF STORING AND READING DATA - A data secure system includes a computer host and a storage device having a certification signature. The computer host includes an encryption/decryption program, a data transceiver unit, an encryption module, and a decryption module. The data transceiver unit is communicatively connected to the storage device and an external device for receiving a raw data from the external device. The encryption module reads certification signature from the storage device via the encryption/decryption program, encrypts the raw data into an encryption data according to the certification signature, and stores the encryption data in the storage device. The decryption module reads the certification signature and the encryption data from the storage device via the encryption/decryption program and decrypts the encryption data according to the certification signature. Moreover, a method of storing and reading data is also provided. | 02-02-2012 |
| 20120030464 | SECRET SHARING SYSTEM, SHARING APPARATUS, SHARE MANAGEMENT APPARATUS, ACQUISITION APPARATUS, PROCESSING METHODS THEREOF, SECRET SHARING METHOD, PROGRAM, AND RECORDING MEDIUM - A secure secret sharing system is implemented. Shares SH(α, h(α)) are generated by secret sharing of secret information separately for each subset SUB(α); each of share management apparatuses PA(α, h(α)) generates a shared secret value DSH(α, h(α)) by performing a common operation to a corresponding share SH(α, h(α)) and common information containing a common value σ(α) shared in each subset SUB(α); and an acquisition apparatus generates a reconstructed secret value SUBSK(α) by reconstruction processing for each subset SUB(α), using a plurality of shared secret values DSH(α, h(α)) corresponding to the same subset SUB(α), and generates generation information SK by using the reconstructed secret values SUBSK(α). | 02-02-2012 |
| 20120072726 | DATA STORAGE AND REMOVAL - A system and method for data storage and removal includes providing databases and providing encryption keys. Each database is associated with a database time period and each encryption key is associated with an encryption time period. Data items are received and each data item is encrypted using the encryption key associated with the encryption time period that corresponds to a time associated with the data item. Each encrypted data item is stored in the database associated with the database time period that corresponds to the time associated with the data item. Each encryption key is deactivated at a predetermined time after the associated encryption time period ends. Each database is made irretrievable upon a determination that all of the encryption keys associated with the data items stored in that database have been deactivated. | 03-22-2012 |
| 20120117384 | METHOD AND SYSTEM FOR DELETING DATA - Methods, computer systems, and computer program products for deleting data in a computing environment are provided. A computer system having at least first and second documents, a plurality of decryption keys, and a plurality of data segments stored therein is provided. Each of the plurality of data segments is decryptable by a selected one of the decryption keys. The decryption keys include a first set of decryption keys associated with the first document and not associated with the second document, a second set of decryption keys associated with the second document and not associated with the first document, and a third set of decryption keys associated with the first document and the second document. The first document is deleted, and in response, the first set of decryption keys is rendered unusable, and the second set of decryption keys and the third set of decryption keys are not rendered unusable. | 05-10-2012 |
| 20120166797 | Systems and Methods for Controlling Access to Encrypted Data Stored on a Mobile Device - Encrypted data on mobile devices is protected by remotely storing a decryption key. In order to decrypt the encrypted data on the mobile device, the mobile device obtains the decryption key from an access control system that is remote from the mobile device. The access control system can control access to the encrypted data by controlling access to the decryption key. For example, the access control system can implement user authentication as a condition for providing the decryption key. Access to the encrypted data can also be controlled by withholding the decryption key where, for instance, a mobile device has been reported to be lost or stolen, or once an individual's access privilege has been revoked, or at certain times of the day. | 06-28-2012 |
| 20120179909 | SYSTEMS AND METHODS FOR PROVIDING INDIVIDUAL ELECTRONIC DOCUMENT SECURE STORAGE, RETRIEVAL AND USE - Systems and methods for providing secure digital mail document storage, retrieval and use in a cloud computing environment, such as by advantageously configuring a hybrid cloud computing environment are described. In one, a privately hosted data processing system includes a private key and a PKI decryption subsystem, and a publicly hosted data processing system includes a symmetric key decryption subsystem, wherein digital documents are encrypted by a corresponding individual symmetric key and each of the symmetric keys is encrypted by a public key associated with the private key. In another configuration, document decryption is handled differently depending upon the type of client making the request. | 07-12-2012 |
| 20120179910 | SECURE DATA PARSER METHOD AND SYSTEM - The present invention provides a method and system for securing sensitive data from unauthorized access or use. The method and system of the present invention is useful in a wide variety of settings, including commercial settings generally available to the public which may be extremely large or small with respect to the number of users. The method and system of the present invention is also useful in a more private setting, such as with a corporation or governmental agency, as well as between corporation, governmental agencies or any other entity. | 07-12-2012 |
| 20120221854 | SECURE DATA PARSER METHOD AND SYSTEM - A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data that may be communicated using multiple communications paths. | 08-30-2012 |
| 20120221855 | SECURE DATA PARSER METHOD AND SYSTEM - A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data that may be communicated using multiple communications paths. | 08-30-2012 |
| 20120221856 | SECURE DATA PARSER METHOD AND SYSTEM - A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data that may be communicated using multiple communications paths. | 08-30-2012 |
| 20120226904 | SECURE DATA PARSER METHOD AND SYSTEM - A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data that may be communicated using multiple communications paths. | 09-06-2012 |
| 20120290837 | Method and system for secured management of online XML document services through structure-preserving asymmetric encryption - A system and method for encrypting/decrypting a document is provided. The encryption method includes encrypting portions within the document containing structural information with an asymmetric public key, encrypting portions within the document containing content information with a symmetric private key, and outputting the document, whereby a service provider provided with a public key is able to access and process only the structural information. | 11-15-2012 |
| 20120311327 | DATA CRYPTO METHOD FOR DATA DE-DUPLICATION AND SYSTEM THEREOF - A data crypto method for data de-duplication and a system thereof are described. The data crypto method includes the following steps. A client performs a data de-duplication procedure and generates a partitioned data block. Each client has a respective first key. The partitioned data block is enciphered by using the first key, and corresponding ciphertext data is generated. The ciphertext data is transported to a server. The server searches an crypto look-up table for the corresponding first key and restores the partitioned data block from the ciphertext data through the first key. The server generates stored data from the restored partitioned data block by using a second key. The server restores the partitioned data block from the stored data through the second key and enciphers the partitioned data block to be the ciphertext data according to the corresponding first key. The server transports the ciphertext data to the corresponding client. | 12-06-2012 |
| 20130046975 | SYSTEM, METHOD, AND PROGRAM FOR INFORMATION MANAGEMENT - A system and method of decrypting is provided. The method includes grouping domain data of the domain for authorized parties, encrypting a group of leaves in the grouped data having a tree structure using a common key, generating first public data, obtaining a common key by decrypting the first public data using a secret key of a link creator and decrypt the groups using the common key and the secret key, generating a, propagating records, generating second public data by encrypting the table using a common key, obtaining a common key by decrypting the first public data and the second public data using a secret key and generating a view by decrypting data received from a method for the link creator using the common key obtained by decrypting the first public data and the second public data using the secret key. | 02-21-2013 |
| 20130054965 | Usage Control of Digital Data Exchanged Between Terminals of a Telecommunications Network - The invention refers to a method of supporting a sending user device ( | 02-28-2013 |
| 20130097421 | Protecting Information Using Policies and Encryption - A technique and system protects documents at rest and in motion using declarative policies and encryption. Encryption in the system is provided transparently and can work in conjunction with policy enforcers installed at a system. A system can protect information or documents from: (i) insider theft; (ii) ensure confidentiality; and (iii) prevent data loss, while enabling collaboration both inside and outside of a company. | 04-18-2013 |
| 20130132720 | SYSTEM AND METHOD FOR MULTI-DIMENSIONAL SECRETION OF DIGITAL DATA - A system and method for multi-dimensional secretion of digital data. Digital data is received for secretion as a secret from one or more of a number of secretion parties. The secret is converted into a multi-dimensional object. The multi-dimensional object including at least four dimensions. Each of the plurality of secretion parties is assigned one of a number of dimensional attributes associated with the multi-dimensional object. The secret is recovered for the number of secretion parties in response to the number of secretion parties selecting a shape associated with the multi-dimensional object and providing all of the number of dimensional attributes previously associated with the multi-dimensional object. | 05-23-2013 |
| 20130173917 | SECURE SEARCH AND RETRIEVAL - A method and apparatus is disclosed herein for secure search and retrieval. In one embodiment, the method comprises receiving an encrypted, permuted search tree with nodes that have been permuted and encrypted, the encrypted permuted search tree having been encrypted with a first private encryption key; receiving, at a server, a query from a client, the query comprising a set of keywords, wherein each query term is encrypted with the first private encryption key; performing a search using the query, including performing an oblivious matching keyword test in which an evaluation occurs at each node of the tree to determine if one or more matches exist; and returning results based on a match of keywords for each document, the results including one or more encrypted leaf nodes of the tree, the encrypted leaf nodes encrypted with the first private encryption key. | 07-04-2013 |
| 20130173918 | DATA EXCHANGE TECHNOLOGY - A data exchange adaptor that synchronizes data between an enterprise system operated by a company and a cloud-based system operated by a third party other than the company. The data exchange adaptor enables exchange of data between the enterprise system and the cloud-based system and controls storage and retrieval of data at the enterprise system and the cloud-based system. The data exchange adaptor also performs transport level security for communications that exchange data between the enterprise system and the cloud-based system and access level security for data stored to the enterprise system and the cloud-based system. The data exchange adaptor further schedules synchronization of data between the enterprise system and the cloud-based system and allows the enterprise system to retain control over the synchronization of data between the enterprise system and the cloud-based system. | 07-04-2013 |
| 20130227282 | METHOD FOR SYNCHRONOUS ENCRYPTION BETWEEN A CLIENT AND A LICENSING AGENT - A licensing system is disclosed for performing synchronous encryption with a client over an IP-compliant network. In disclosed embodiments, the system includes a licensing agent configured to pass a data structure unencrypted in an initial communication between the licensing agent/client pair and pass a first key to said client responsive to an initial communication. The licensing agent then receives the data structure from the client having designated fields encrypted according to the first key. The licensing agent then sends a second key to the client for use in subsequent communications. | 08-29-2013 |
| 20130254540 | SYSTEM AND METHOD FOR ACCESSING INFORMATION RESOURCES USING CRYPTOGRAPHIC AUTHORIZATION PERMITS - A system and method for securing information associates a party with a node that communicates messages over one or more channels based on a channel access privilege. One or more authorities sign a cryptographic authorization permit (CAP) to authorize the channel access privilege, which can be a write privilege or a read privilege. In one embodiment, the authorization for the channel access privilege is based on a public key issued by an authority and the CAP comprises a cryptographic certificate digitally signed by the authority. | 09-26-2013 |
| 20130262866 | Large-scale data processing cloud computing system - A cloud computing system includes a native client; and a platform system providing distributed resources and dynamic resource allocation, for receiving raw data uploaded by the native client and returning computed results, including: a data extracting module for receiving the raw data; an encrypting and decrypting module, wherein only a single user is permitted to simultaneously invoke the data extracting module and the encrypting and decrypting module and process the raw data; the encrypting and decrypting module generates a key during encrypting and returns the key to the user for keeping and the computed results to the native client after receiving the key inputted by the user; and a data computing module, for computing raw data encrypted by the encrypting and decrypting module and returning results to the encrypting and decrypting module, wherein the data computing module is shared by all users and can be invoked simultaneously by several users. | 10-03-2013 |
| 20130275752 | METHOD AND SYSTEM FOR SECURE MULTIPARTY CLOUD COMPUTATION - One embodiment of the present invention provides a system for performing secure multiparty cloud computation. During operation, the system receives multiple encrypted datasets from multiple clients. An encrypted dataset associated with a client is encrypted from a corresponding plaintext dataset using a unique, client-specific encryption key. The system re-encrypts the multiple encrypted datasets to a target format, evaluates a function based on the re-encrypted multiple datasets to produce an evaluation outcome, and sends the evaluation outcome to the multiple clients, which are configured to cooperatively decrypt the evaluation outcome to obtain a plaintext evaluation outcome. | 10-17-2013 |
| 20130311775 | METHOD AND SYSTEM FOR UNIFIED MOBILE CONTENT PROTECTION - Media content is delivered to a variety of mobile devices in a protected manner based on client-server architecture with a symmetric (private-key) encryption scheme. A media preparation server (MPS) encrypts media content and publishes and stores it on a content delivery server (CDS), such as a server in a content distribution network (CDN). Client devices can freely obtain the media content from the CDS and can also freely distribute the media content further. They cannot, however, play the content without first obtaining a decryption key and license. Access to decryption keys is via a centralized rights manager, providing a desired level of DRM control. | 11-21-2013 |
| 20130339729 | NETWORK BASED MANAGEMENT OF PROTECTED DATA SETS - A system that includes an account management module configured to maintain protected accounts. For instance, a particular protected account includes a protected data set that is not readable outside of the system, and perhaps not even readable outside of the account. The particular data set corresponds to a particular entity assigned to the particular account and that includes keys corresponding to the particular entity. A security processor uses at least some of the plurality of keys to perform cryptographic processes in response to one or more trusted execution environment commands received from the particular entity. | 12-19-2013 |
| 20130346748 | SYSTEMS AND METHODS FOR SECURE MULTI-TENANT DATA STORAGE - Systems and methods are provided for transmitting data for secure storage. For each of two or more data sets, a plurality of shares are generated containing a distribution of data from an encrypted version of the data set. The shares are then stored in a shared memory device, wherein a data set may be reconstructed from a threshold number of the associated plurality of shares using an associated key. Also provided are systems and methods for providing access to secured data. A plurality of shares containing a distribution of data from an encrypted version of a data set are stored in a memory device. A client is provided with a virtual machine that indicates the plurality of shares, and the capability to reconstruct the data set from the plurality of shares using an associated key. | 12-26-2013 |
| 20140019756 | Obfuscating Trace Data - A tracer may obfuscate trace data such that the trace data may be used in an unsecure environment even though raw trace data may contain private, confidential, or other sensitive information. The tracer may obfuscate using irreversible or lossy hash functions, look up tables, or other mechanisms for certain raw trace data, rendering the obfuscated trace data acceptable for transmission, storage, and analysis. In the case of parameters passed to and from a function, trace data may be obfuscated as a group or as individual parameters. The obfuscated trace data may be transmitted to a remote server in some scenarios. | 01-16-2014 |
| 20140025948 | SYSTEM AND METHOD FOR DISTRIBUTED DEDUPLICATION OF ENCRYPTED CHUNKS - The present disclosure relates to an advantageous system and related methods for distributed deduplication of encrypted chunks. One embodiment relates to a method for storing encrypted chunks in which an encryption key is generated independently from a chunk payload. With this method, two encrypted chunks are identifiable as having identical chunk payloads even when the chunk payloads are encrypted with different encryption keys. Other embodiments, aspects and features are also disclosed. | 01-23-2014 |
| 20140032901 | SYSTEM FOR PROVIDING SESSION-BASED NETWORK PRIVACY, PRIVATE, PERSISTENT STORAGE, AND DISCRETIONARY ACCESS CONTROL FOR SHARING PRIVATE DATA - The invention provides secure and private communication over a network, as well as persistent private storage and private access control to the stored information, which is accomplished by imposing mechanisms that separate a user's actions from their identity. The system provides (i) anonymous network browsing, in which event the anonymity system is unaware of both the user's identity and browsing activities, (ii) private network storage and retrieval of data such as passwords, profiles and files in a manner such that the data can be stored into the system and later retrieved without the system knowing the contents or owners of the data, and (iii) the ability of the user to control and manage access to the remotely stored data without the system knowing the contents, owners, or accessors of the data. | 01-30-2014 |
| 20140068258 | Backup and restore in a secure appliance with integrity and confidentiality - A cloud deployment appliance includes a key stored internally and that is used during restore to decrypt encrypted backup images. That key is not available to an administrator of the appliance; instead, the administrator receives a “value” that has been generated externally to the appliance and, in particular, by applying a public key of a public key pair to the key. The value is possessed by the administrator, but it does not expose the key. Upon a given occurrence, such as a disk failure in the appliance, the administrator uses the value to obtain” the key, which is then used to restore an encrypted backup image. The key is obtained by having the administrator provide the value to an entity, e.g., the appliance manufacturer, who then recovers the key for the administrator (by applying the private key of the public key pair). | 03-06-2014 |
| 20140068259 | SECURE DATA ACCESS IN A DISPERSED STORAGE NETWORK - A method begins by a dispersed storage (DS) processing module receiving an access request regarding a data object, where the access request includes a data object identifier, requestor information, and addressing information. The method continues with the DS processing module determining a base key identifier based on the access request and determining content specific information based on the access request. The method continues with the DS processing module retrieving a set of base key slices utilizing the base key identifier and decoding the set of base key slices in accordance with an error encoding function to recover a base key. The method continues with the DS processing module generating an access specific key based on the recovered base key and the content specific information and executing the access request regarding the data object utilizing the access specific key. | 03-06-2014 |
| 20140095870 | DEVICE, METHOD, AND SYSTEM FOR CONTROLLING ACCESS TO WEB OBJECTS OF A WEBPAGE OR WEB-BROWSER APPLICATION - A method and device for securely displaying web content with secure web objects across untrusted channels includes downloading web content from a web server. The web content includes tags that a web browser uses to authenticate the current user and identify encrypted web objects packaged in the web content. The computing device authenticates the current user using a biometric recognition procedure. If the current user is authenticated and determined to be authorized to view the decrypted web object, the encrypted web object is decrypted and displayed to the user. If the user is unauthenticated, the encrypted web object is displayed in place of the encrypted web object such that the decrypted web object is displayed for only authorized persons physically present at the computing device. The biometric recognition procedure and web object decryption processes are protected through secure media path circuitry and secure memory. | 04-03-2014 |
| 20140101443 | METHOD AND APPARATUS FOR SELECTIVELY PROVIDING PROTECTION OF SCREEN INFORMATION DATA - A method and apparatus for enabling a cloud server to provide screen information data indicating a screen to be displayed on a client device are provided. The method of enabling a cloud server to provide screen information data relating to a screen to be displayed on a client device includes: generating the screen information data; determining whether or not to protect the generated screen information data based on characteristics of an object configuring the screen; encrypting the provided screen information data based on the determining; and transmitting the encrypted the screen information data to the client device. | 04-10-2014 |
| 20140108796 | STORAGE OF CRYPTOGRAPHICALLY-SPLIT DATA BLOCKS AT GEOGRAPHICALLY-SEPARATED LOCATIONS - A secure storage appliance is disclosed, along with methods of storing and reading data in a secure storage network. The secure storage appliance is configured to present to a client a virtual disk, the virtual disk mapped to the plurality of physical storage devices. The secure storage appliance is capable of executing program instructions configured to generate a plurality of secondary data blocks by performing splitting and encrypting operations on a primary data block received from the client for storage on the virtual disk. For security, the secondary data blocks are stored at geographically-distributed locations. The secure storage appliance is also capable of executing program instructions configured to reconstitute the primary data block from at least a portion of the plurality of secondary data blocks stored in shares on corresponding physical storage devices in response to a request from the client. | 04-17-2014 |
| 20140108797 | STORAGE COMMUNITIES OF INTEREST USING CRYPTOGRAPHIC SPLITTING - Methods and systems of presenting data in a secure data storage network are disclosed. One method includes defining a community of interest capable of accessing data stored in a secure data storage network, the community of interest including a plurality of users desiring access to a common set of data. The method also includes associating the community of interest with a workgroup key. and, upon identification of a client device as associated with a user from among the plurality of users in the community of interest, presenting a virtual disk to the client device, the virtual disk associated with the workgroup key and a volume containing the common set of data, the volume including a plurality of shares stored on a plurality of physical storage devices. | 04-17-2014 |
| 20140108798 | INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING CLIENT, ACCESS AUTHENTICATION METHOD, AND PROGRAM - There is provided an information processing device including a public key setter that sets a public key corresponding to a public-key authentication scheme in an access area defined as a given area of an object of access, and a device authentication processor that authenticates access to the access area against a secret key paired with the public key. | 04-17-2014 |
| 20140115331 | Secure Information Transfer Via Bar Codes - A method for providing a document using a secure bar code includes encrypting the document to generate an encrypted document, and mixing together bits for a security credential with bits for the encrypted document to generate a set of mixed bits having a predetermined order. The security credential is for decrypting the encrypted document. The method further includes inserting the set of mixed bits into the secure bar code and outputting the secure bar code. A bar code reader knows the predetermined order and is configured to read the secure bar code. The bar code reader may also be configured to un-mix the mixed bits based on the predetermined order, and decrypt the encrypted document with the security credential. | 04-24-2014 |
| 20140115332 | SECURE SHARING AND COLLABORATIVE EDITING OF DOCUMENTS IN CLOUD BASED APPLICATIONS - Collaboratively editing a document in a system of sharee clients includes creating a document change, generating a document token for encrypting the document change, encrypting the document change with the document token, making the encrypted document change available to the other sharee clients, and generating a plurality of copies of the sharee document token. Each sharee document token is encrypted with a respective sharee's public key. Each encrypted sharee document token is distributed to respective sharee clients. Each sharee client is configured to: decrypt a sharee document token using a respective private key, decrypt the encrypted document change using the share document token, and consolidate the document change into a document. | 04-24-2014 |
| 20140298013 | DYNAMIC ENCRYPTION METHOD - Disclosed is a method of transmitting a data set using encryption, wherein the method comprises the steps of: selecting a first encryption technique, wherein said first encryption technique comprises a first encryption algorithm for encrypting plain data into cipher data, and a first decryption algorithm for on provision of a specific key, decrypting cipher data and reproduce plain data; encrypting the first data package comprising plain data, using a first encryption program implementing the first encryption algorithm of said first encryption technique, creating a first encrypted data package comprising cipher data; obtaining a first decryption program; and transmitting said first decryption program and said first encrypted data package to a receiver, wherein the first decryption, upon provision of the specific key and the first encrypted data package, will decrypt the cipher data in the first encrypted data package and reproduce the plain data of the first data package. | 10-02-2014 |
| 20140304507 | CONTENT DELIVERY NETWORK ENCRYPTION - A system and method for delivering content to end users encrypted within a content delivery network (CDN) for content originators is disclosed. CDNs transport content for content originators to end user systems in a largely opaque manner. Caches and origin servers in the CDN are used to store content. Some or all of the content is encrypted within the CDN. When universal resource indicators (URIs) are received from an end user system, the CDN can determine the key used to decrypt the content object within the CDN before delivery. Where there is a cache miss, an origin server can be queried for the content object, which is encrypted in the CDN. | 10-09-2014 |
| 20140344574 | ECONOMICALLY SECURE DIGITAL MASS MEDIA SYSTEMS - Content is encoded with a watermark that associates it with a particular consumer. When presented for playback, the rendering equipment examines the watermark to confirm that the consumer with whom the content is associated, is also the consumer with whom the equipment is associated. If there is no watermark—or if the watermark is associated with a different consumer, then playback is refused. The equipment also desirably checks whether the content has a second watermark (or even a very feeble remnant thereof), indicating that the content has been derived from content earlier provided to a different consumer. If so, playback is again refused. Thus, this embodiment will refuse to play if there is no watermark; if there is one watermark not associated with the proprietor of the equipment; or if there are two or more watermarks. | 11-20-2014 |
| 20140359286 | CONTACT MANAGEMENT METHOD, APPARATUS AND SYSTEM FOR THIRD-PARTY APPLICATION - A contact management method, apparatus and system for a third-party application are described. The contact management method includes: detecting an instruction to obtain a contact, wherein the instruction is input by a user operating the third-patty application; reading contact data in an address book in responsive to the instruction to obtain the contact; encrypting the contact data and obtaining an encrypted contact data; importing the encrypted contact data into a contact data table of the third-party application; and uploading the encrypted contact data in the contact data table to a cloud server, so that a mapping relationship between account information of the user and the encrypted contact data is established at the cloud server, wherein the account information of the user is used for logging in the third-party application. In the method, the apparatus and the system, safety and reliability of the contact data can be improved. | 12-04-2014 |
| 20140359287 | METHOD AND SYSTEM FOR RECONSTRUCTION OF A DATA OBJECT FROM DISTRIBUTED REDUNDANT DATA PARTS - A data object is encoded in a redundant code. The redundant code defines a decoding scheme for reconstructing the data object from a sub-set of the encoded data parts. At least the sub-set of the encoded data parts is encrypted using a homomorphic encryption scheme, which allows equivalents of the arithmetic operations of a reconstruction process to be performed on encrypted encoded data parts. The data parts are stored distributed over a plurality of source terminals of a communication network, for use by a target terminal of the communication network. Upon a retrieval command from the target terminal, an upload management module determines which source terminals are available and the upload management module determines causes a selected set of terminals to transmit the encrypted encoded data parts each via its own connection to the network to a decoder server. The decoder server performs homomorphic equivalent operations of arithmetic operations of the reconstruction process and downloads the results to the target terminal. In this way the target terminal does not need to perform the entire reconstruction, without requiring decryption outside the target terminal. | 12-04-2014 |
| 20140372753 | METHOD AND APPARATUS FOR PERFORMING DISTRIBUTED PRIVACY-PRESERVING COMPUTATIONS ON USER LOCATIONS - A location-trace comparison system can perform privacy-preserving computations on locations traces for two or more users, for example, to determine a location-visit overlap for these users. During operation, the system obtains location-event descriptions for locations that a local user has visited and/or is likely to visit, such that a respective location-event description indicates a location identifier and a time-interval identifier. The system encrypts the location-event descriptions to generate a corresponding set of encrypted local-user events, and receives encrypted remote-user events from a remote device, for at least one remote user. The system compares the encrypted location events to determine an overlap between the set of encrypted local-user events and the set of encrypted remote-user events. The system then determines, from the encrypted-event overlap, location-event descriptions for locations that the local and remote users have both visited and/or are both likely to visit during the same time interval. | 12-18-2014 |
| 20140380046 | COLLABORATIVE STREAMING SYSTEM FOR PROTECTED MEDIA - The present disclosure is directed to a collaborative streaming system for protected media. A presentation device may interact with a group of trusted devices over a network to stream multimedia content. The presentation device may obtain a presentation content encryption key for presenting the content. Each trusted device in a group of trusted devices may obtain a download content encryption key allowing for download without presentation. A leader may be selected for managing the operation of the trusted devices. The leader may determine trusted device condition and assign one or more of the trusted devices to download portions of the content based on the condition. The leader may then consolidate the portions of the content and provide them to the presentation device. If the presentation device is the leader, the presentation device may perform similar operations and collect the portions of the content directly from the group of trusted devices. | 12-25-2014 |
| 20150074393 | Method, Apparatus, and System for Implementing Media Data Processing - Some embodiments disclose a method, an apparatus, and a system for implementing media data processing. A method includes dividing media data into several data blocks and selecting a part of the several data blocks using a preset rule shared with a requester. The method also includes encrypting the selected part of the several data blocks and sending the encrypted part of the several data blocks and another unencrypted part of the several data blocks to the requester. The requester can determine the encrypted part of the several data blocks according to the preset rule. | 03-12-2015 |
| 20150082031 | Method and System to Securely Migrate and Provision Virtual Machine Images and Content - A method, device, and system for securely migrating and provisioning a virtual machine image to a host device of a cloud service provider environment (CSPE) is disclosed. A customer device encrypts a virtual machine image (VMI) and stores the VMI in the CSPE. The host device retrieves the encrypted VMI from the object store and sends host trust data (including a symmetric key extracted from the encrypted VMI, the symmetric key being encrypted with the customer public key) to a key management server for trust attestation. If the key management server successfully attests the host device, the key management server decrypts the encrypted symmetric key using the customer private key and re-encrypts the symmetric key using the host public key. The host device receives the re-encrypted symmetric key from the key management server, decrypts it using the host private key, and decrypts the encrypted VMI using the symmetric key. | 03-19-2015 |
| 20150341175 | SYSTEM AND METHOD FOR CIRCULAR LINK RESOLUTION WITH HASH-BASED NAMES IN CONTENT-CENTRIC NETWORKS - One embodiment of the present invention provides a system for constructing a linked object. During operation, the system constructs a first portion of the linked object. The first portion includes at least a nonce, and the first portion is referenced by a self-certified name associated with the linked object. The system constructs a second portion of the linked object. The second portion includes at least the nonce and one or more external links, and a respective external link references a second linked object using a self-certified name associated with the second linked object. | 11-26-2015 |
| 20150341355 | IDENTIFYING PROTECTED MEDIA FILES - A user can have media files associated with a user account in a shared resource environment, enabling the user to access those files from multiple devices and locations. Instead of uploading each file, a process can scan the files to determine corresponding copies already stored to the shared resource environment, which can be associated with the user account without uploading another copy. In cases where encryption or other protection prevents the content of a file from being verified, a fingerprint of unencrypted records of the file can be generated and compared against an index of fingerprints for previously encountered files. If the fingerprint matches information stored for a media file, and the fingerprint meets at least one validity criterion, a copy of the media file can be associated with the user account even though the user's copy cannot be read, or potentially even played, by a component of the environment. | 11-26-2015 |
| 20150358298 | SECURE SHARING AND COLLABORATIVE EDITING OF DOCUMENTS IN CLOUD BASED APPLICATIONS - Collaboratively editing a document in a system of sharee clients includes creating a document change, generating a document token for encrypting the document change, encrypting the document change with the document token, making the encrypted document change available to the other sharee clients, and generating a plurality of copies of the sharee document token. Each sharee document token is encrypted with a respective sharee's public key. Each encrypted sharee document token is distributed to respective sharee clients. Each sharee client is configured to: decrypt a sharee document token using a respective private key, decrypt the encrypted document change using the share document token, and consolidate the document change into a document. | 12-10-2015 |
| 20160105436 | SECURITY VERIFICATION METHOD, APPARATUS AND TERMINAL - Disclosed are a security verification method, apparatus, and terminal. The method includes: acquiring a first verification code and prompting the first verification code, the content of the first verification code describing scenario information that is simple for a user to understand, and triggering the user to send a second verification code over a user terminal; receiving the second verification code, and acquiring an ID of the user terminal sending the second verification code; and obtaining a security verification result according to two verification results of the second verification code and the corresponding ID. A first verification code describing scenario information that is simple for a user to understand is displayed such that the user understands the scenario information corresponding to the first verification code and unauthorized users are prevented from stealing the verification codes using similar websites. | 04-14-2016 |
| 20160191472 | SYSTEM AND METHOD OF SENDING AND RECEIVING SECRET MESSAGE CONTENT OVER A NETWORK - The proliferation of personal computing devices in recent years, especially mobile personal computing devices, has led to increased concerns regarding the safety and security of documents and messages that are sent over networks. Users desire a system that provides for the setting of custom, content-agnostic, permissions at a message, document, and/or sub-document-level through communications networks. Such a system may allow users to apply customized privacy settings and encryption keys differently to particular parts of documents and/or messages. Such a system may also allow the user to manipulate outgoing message objects of pre-existing formats, so as to “hide” the encrypted document and/or message content within one or more portions of the message object that are not displayed in existing message viewer applications, e.g., metadata fields or unused headers. As such, only authorized message viewing applications may know where to look for (and have the necessary keys to decrypt) such hidden content. | 06-30-2016 |
| 20160253367 | CLIENT COMPUTER FOR QUERYING A DATABASE STORED ON A SERVER VIA A NETWORK | 09-01-2016 |
| 20160380775 | ROBOT MITIGATION - Computer systems, such as a client and a server operably interconnected via a network, are subject to stress on computational resources due to an abundance of automated-user traffic. To improve resource functionalities and control the resources available to automated-agents, value information of valuable assets is encrypted such that a client must perform an algorithm for calculating a decryption key in order to view the unencrypted content. Wherein the encryption is tuned in such a way that any computational delay caused by the encryption is imperceptible to a human-user and largely perceptible to an automated-agent such that the need to determine if a user is an automated-user or a human-user is irrelevant. | 12-29-2016 |
| 20180026952 | SECURE SHARING AND COLLABORATIVE EDITING OF DOCUMENTS IN CLOUD BASED APPLICATIONS | 01-25-2018 |
