Inventors list

Assignees list

Classification tree browser

Top 100 Inventors

Top 100 Assignees


File protection

Subclass of:

713 - Electrical computers and digital processing systems: support

713150000 - MULTIPLE COMPUTER COMMUNICATION USING CRYPTOGRAPHY

713164000 - Security kernel or utility

Patent class list (only not empty are listed)

Deeper subclasses:

Entries
DocumentTitleDate
20090106552RIGHTS MANAGEMENT SERVICES-BASED FILE ENCRYPTION SYSTEM AND METHOD - A method to leverage Windows Rights Management Services (RMS) to provide protection and sharing of encryption keys to file systems. Windows Rights Management Services (RMS) that enables users to share protected content without having to exchange encryption certificates or passwords. Using the method any EFS can be extended to protect its FEKs and assign it user access rights using RMS. This enables EFSs to delegate key sharing, management and recovery to the RMS system. User rights to FEKs are derived from files security descriptor information or as explicitly specified by users. Whenever an encrypted file is created its FEK is protected using RMS and the resulting byte stream is stored in the file encryption metadata information. When a user tries to access an encrypted file and doesn't have a private key to decrypt the FEK, the EFS transparently extracts the RMS protected byte stream from the file encryption metadata information. It then uses RMS to try and obtain access to the FEK stored in the bytes stream using the user security context. If the user is authorized access and the FEK is successfully obtained then EFS is able to decrypt the file data and the user is granted access. The FEK is protected with the user master key, encryption certificate or password and cached in the system protected non-page memory or local stable storage. This enables the system to reuse the FEK for the user on the next file access. If the user doesn't hold rights to extract the FEK then the user is denied access.04-23-2009
20110191584System and Method for Computationally Private Information Retrieval - A device is provided for use with a database server having a matrix of data stored therein, wherein the database can transmit a return vector based on the matrix of data. The device includes a communication portion, an encryption portion and a decryption portion. The encryption portion can generate an encrypted request to obtain a portion of the matrix of data, wherein the encrypted request includes a plurality of subqueries. The communication portion can transmit the encrypted request to the database server and can receive the return vector from the database server. One of the subqueries is based on a first random vector and a target vector corresponding to the portion of the matrix of data. One of the subqueries is based on a second random vector. The decryption portion can decrypt the return vector by way of a modulo summation.08-04-2011
20110202763TAPE BACKUP METHOD - A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths.08-18-2011
20120246472SYSTEM AND METHOD FOR SECURED BACKUP OF DATA - A system and method of selectively providing encrypted data is provided. Embodiments of the invention may store data in encrypted form on a storage device. Embodiments of the invention may selectively provide encrypted or decrypted data to a requestor of data based on configuration or other parameters. A filter driver or other module or unit may examine a request for, or communication of data from the storage device and may determine if data is to be provided in encrypted or decrypted form. Decrypted data may be provided to a caching system. A filter driver or other module or unit may examine a request for, or communication of data from the caching system. Data provided from the caching system may be selectively encrypted based on configuration or other parameters.09-27-2012
20130080772DYNAMIC ENCRYPTION - Systems and methods for encrypting a media file for streaming and/or downloading over a network are disclosed. These systems and methods may be part of a larger media servicing network that can be used to, among other things, process uploaded media content, provide it for streaming, and collect metric information regarding the streaming. The disclosed systems and methods provide for receiving requests for a media file or a chunk of a media file and responding to these requests by encrypting the requested chunks dynamically and providing the chunks to the requesting entity. These systems and methods, which can be utilized with a dynamic chunk generation and dynamic index file generation, enable a high degree of flexibility in streaming chunked media files and preclude the need to encrypt the chunks prior to streaming. The systems and methods may also be applied to encrypting files for continuous streaming protocols as well as for progressive download.03-28-2013
20130080773FILE PROTECTING METHOD AND A SYSTEM THEREFOR - The invention discloses a file protecting method and a system therefor, relating to the information security field. The method includes: an application receives an instruction for opening a protected file sent by a user and invokes an upper interface of an operation system, and the upper interface sends an instruction for opening the protected file sent by a file system, and a filter driver intercepts the instruction for opening the protected file sent by the upper-layer interface to the file system, if the filter driver determines that the application is valid, it creates an image file on a virtual disk for the protected file, and returns a handler of the image file and reads or writes the protected file by the handler, which avoids a possible disclosure of plain text of the protected file in a buffer in prior art.03-28-2013
20130042107System and Method for Enabling Device Dependent Rights Protection - A system and method for enhancing the protection of digital properties while also increasing the flexibility of distribution of the digital properties. In one embodiment, the digital property is protected through the binding of at least one unique client device identifier with the digital property prior to distribution. Decryption at a client device would therefore be dependent on a comparison of the unique client device identifier that is extracted from the encrypted digital property with a unique client device identifier of the device that is seeking to access the digital property.02-14-2013
20130042106Security Management In A Group Based Environment - Techniques are provided for securely storing data files in, or retrieving data files from, cloud storage. A data file transmitted to cloud storage from a client in an enterprise computing environment is intercepted by at least one network device. Using security information received from a management server, the data file is converted into an encrypted object configured to remain encrypted while at rest in the cloud storage.02-14-2013
20100042832STORAGE SYSTEM FOR DATA ENCRYPTION - A storage system including a host interface connected via a network to a host computer; a disk interface connected to a disk drive; a memory module that stores control information of a cache memory for an access to the disk drive and the storage system; a processor that controls the storage system; a network that interconnects the host interface, the disk interface, the memory module, and the processor; and an encryption module that encrypts data read/written by the host computer, in which the processor reads data from an area of the disk drive from the memory module, decrypts the read data with a corresponding encryption key, encrypts the decrypted data with a different encryption key, and writes the encrypted data in a different area.02-18-2010
20090158037SYSTEM AND METHOD FOR PROTECTING AN ELECTRONIC FILE - A method for protecting an electronic file is provided. The method symmetrically encrypts the electronic file with a symmetric key, and asymmetrically encrypts the symmetric key. In addition, the method calculates a message digest for the encrypted electronic file, and obtains a trusted timestamp for the message digest. The method may provide security and authenticity for the electronic file.06-18-2009
20130046974DYNAMIC SYMMETRIC SEARCHABLE ENCRYPTION - Described herein is an efficient, dynamic Symmetric Searchable Encryption (SSE) scheme. A client computing device includes a plurality of files and a dictionary of keywords. An index is generated that indicates, for each keyword and each file, whether a file includes a respective keyword. The index is encrypted and transmitted (with encryptions of the files) to a remote repository. The index is dynamically updateable at the remote repository, and can be utilized to search for files that include keywords in the dictionary without providing the remote repository with information that identifies content of the file or the keyword.02-21-2013
20090044010System and Methiod for Storing Data Using a Virtual Worm File System - A system and method for storing data in a virtual file system using write once read many (WORM) protection includes a WORM server in communication with one or more storage devices and a controller in communication with the WORM server. A first time stamping process for creating a first time stamp for a data object based on instructions applied by the controller for storage on the WORM server. A second time stamping process for creating a second time stamp for the data object for storage on the WORM server. The second time stamping process creates the second time stamp for the data object and first time stamp to ensure the integrity of the data object stored on the system.02-12-2009
20120191972SELECTIVE AUTHORIZATION OF THE LOADING OF DEPENDENT CODE MODULES BY RUNNING PROCESSES - Systems and methods for selective authorization of dependent code modules are provided. According to one embodiment, a kernel mode driver of a computer system intercepts file system or operating system activity, by a running process, relating to a dependent code module. Loading of the dependent code module is selectively authorized by authenticating a cryptographic hash value of the dependent code module with reference to a multi-level whitelist. The multi-level whitelist includes a global whitelist database remote from the computer system, maintained by a trusted service provider and which contains cryptographic hash values of approved code modules known not to contain viruses or malicious code; and a local whitelist database that includes cryptographic hash values of a subset of the approved code modules. The running process is allowed to load the dependent code module when the cryptographic hash value matches one of the cryptographic hash values of the approved code modules.07-26-2012
20130061049DISTRIBUTED NETWORK SYSTEM - A method of storing data from a first node on a peer-to-peer network. The method includes creating a public and private key pair from a data item. The method also includes determining a hash value for the public key and assigning the hash value as a user identifier for the user of the node. The method also includes storing the public key within a distributed hash table of the peer-to-peer network. The user identifier corresponds to the key for the public key within the distributed hash table.03-07-2013
20130061048CONTENT DELIVERY SYSTEM, DELIVERY SERVER, AND USER TERMINAL - Provided are a content delivery system, a delivery server and a user terminal whereby the load of a party who transmits content data cau be reduced. A delivery server (03-07-2013
20130067225APPLIANCE, SYSTEM, METHOD AND CORRESPONDING SOFTWARE COMPONENTS FOR ENCRYPTING AND PROCESSING DATA - Disclosed is an appliance, system, method and corresponding software application for encrypting and processing data. A symbol based encryption module may be adapted to encrypt data on a symbol basis such that some or all of the encrypted data remains processable.03-14-2013
20120117383System and Method for Secure Device Configuration Cloning - The subject application is directed to a system and method for secure device configuration cloning. Configuration data corresponding to software-settable configurations of a document processing device is received into a data storage. Schema data is generated on a processor in data communication with the data storage. The schema file includes segments and corresponds to a portion of the configuration data. At least one segment of the schema file is encrypted in accordance with a corresponding portion of the configuration data. Secure clone file data is then generated based upon the configuration data and the encrypted schema file and communicated to a second document processing device for configuration thereof.05-10-2012
20130166908SYSTEM AND METHOD OF PROTECTING DATA ON A COMMUNICATION DEVICE - A system and method of protecting data on a communication device are provided. Data received when the communication device is in a first operational state is encrypted using a first cryptographic key and algorithm. When the communication device is in a second operational state, received data is encrypted using a second cryptographic key and algorithm. Received data is stored on the communication device in encrypted form.06-27-2013
20090083541METHOD AND APPARATUS FOR DISTRIBUTING DIGITAL CONTENT - The present invention provides a system in which audio files are distributed that include watermarks, digital signatures and/or encryption. The file may offer content owners some amount of playback control, while offering the consumer value-added content & services, and maintaining backward compatibility to existing digital file players such as MP3 players. By enticing the consumer with value-added content and services alongside the purchased songs, the consumer is encouraged to obtain these files from participating retailers and to replay the files using compliant players.03-26-2009
20110035587DATA PROGRAMMING CONTROL SYSTEM WITH SECURE DATA MANAGEMENT AND METHOD OF OPERATION THEREOF - A method of operation of a data programming control system includes: providing a secure data management host server coupled to a network; encrypting a contract manufacturer job by the secure data management host server, including: providing a memory image file, creating a programmer encrypted file from the memory image file, and encrypting permissions and the programmer encrypted file to form the contract manufacturer job; decrypting the contract manufacturer job transmitted through the network by a secure data management local server; transmitting the programmer encrypted file by the secure data management local server to a device programmer; and programming a device with the memory image file decrypted by the device programmer.02-10-2011
20100235631DIGITAL RIGHTS MANAGEMENT HANDLER AND RELATED METHODS - A system and method of providing universal digital rights management system protection is described. One feature of the invention concerns systems and methods for repackaging and securing data packaged under any file format type, compression technique, or digital rights management system. Another feature of the invention is directed to systems and methods for securing data by providing scalability through the use of modular data manipulation software objects.09-16-2010
20110167261SELECTIVE AUTHORIZATION OF THE LOADING OF DEPENDENT CODE MODULES BY RUNNING PROCESSES - Systems and methods for selective authorization of dependent code modules are provided. According to one embodiment, file system or operating system activity relating to a first code module is initiated by a running process associated with a second code module. The file system or operating system activity is intercepted by a kernel mode driver of a computer system. The kernel mode driver selectively authorizes loading of the first code module by the running process based at least in part on one or more attributes of the second code module.07-07-2011
20120110327EVENT-DRIVEN PROVISION OF PROTECTED FILES - A system may include reception of a request for an encryption key pair including a first private encryption key and a first public encryption key, the encryption key pair associated with a future event, generation of the encryption key pair, transmission of the first public encryption key to a second device, reception, from the second device, of a file encrypted using the first public encryption key and using a second public encryption key of an intended recipient, transmission of the file to a third device associated with the intended recipient, detection of the future event, and, in response to the detection of the future event, transmission of the first private encryption key to the third device.05-03-2012
20090138706TECHNIQUES FOR SEARCHING ENCRYPTED FILES - Techniques for efficiently searching encrypted searchable spaces. For example, embodiments of the present invention provide techniques for searching a plurality of files that are stored in encrypted (or ciphertext) form. According to embodiments of the present invention, the search can usually be performed by decrypting only a portion of the encrypted searchable space. According to an embodiment of the present invention, the search techniques determine a set of files comprising one or more files from the plurality of encrypted files that contain a user-specified query element. The set of files is usually determined by decrypting only a subset of the plurality of encrypted files.05-28-2009
20110191583Methods For Upgrading Software Or Updating Contents In Terminal Devices Based On Digital TV Data Broadcast - A method for upgrading software or contents in a terminal device based on digital TV data broadcasting is provided. The method comprises steps of uploading an upgrading file or content file to an access gateway by a service provider via a data broadcasting system; transmitting the upgrading file or content file to the terminal device in a broadcast mode by the data broadcasting system; and receiving the transmitted upgrading file or content file by the terminal device. The method further comprises a step of determining whether the received upgrading file or content file is of a higher version than that of a currently used software file or content file of the terminal device; and if yes, upgrading the currently used software file or content file. The method according to the present invention decreases maintenance cost of the terminal device, facilitates upgrading system in time, maintains copyright benefit of the service provider, and is convenient for the user to upgrade his terminal device.08-04-2011
20110173444IMAGE FORMING APPARATUS, IMAGE FORMATION PROCESSING METHOD, AND COMPUTER-READABLE RECORDING MEDIUM HAVING STORED THEREON COMPUTER PROGRAMS FOR THE IMAGE FORMATION PROCESSING METHOD - According to one embodiment, an image forming apparatus includes: an interface configured to communicate with an external storage device; a file acquiring unit configured to acquire a processing target file to be subjected to image formation processing from the external storage device via the interface; a user-information acquiring unit configured to acquire user information for identifying a user who instructs execution of the image formation processing on the processing target file; a determining unit configured to determine, if the processing target file is a file encrypted in a decryptable encryption system, whether user information for identifying a creator of the processing target file associated with the file and the user information acquired by the user-information acquiring unit coincide with each other; and a decrypting unit configured to decrypt the processing target file if the determining unit determines that the pieces of user information coincide with each other.07-14-2011
20120110328System and Method For Secure Storage of Virtual Machines - A virtual file system is described that is implemented in a virtualization platform as a stackable file system layer that intercepts file operations between a hypervisor and a physical file system. The virtual file system encrypts (at least in part) VM files to be stored, organizes the encrypted VM files into VM sets, and then maps and stores the encrypted VM sets into storage pools. Storage and access to files within the VM sets is controlled through the use of administrator-determined policies governing storage, security, access control, authentication, and auditing. The system and method described herein allow a seamless integration between a data center (e.g., a private cloud) and computing resources served across the internet and supported by cloud service providers (e.g., public clouds) while ensuring that the security needs of customers and cloud service providers are met.05-03-2012
20090193252METHOD AND SYSTEM FOR SECURE PEER-TO-PEER COMMUNICATION - The invention provides a server system, client, method and program element for distributing content in a peer-to-peer network. The server system spits a file into segments and makes copies of the segments for clients to download. Each segment is encrypted with a unique encryption key and marked. Identifiers of encrypted segments are transmitted to clients such that each client receives a unique set of identifiers enabling the client to download a unique set of encrypted segments from other clients and/or from the server system.07-30-2009
20130024687SELECTIVE SHREDDING IN A DEDUPLICATION SYSTEM - Making a target file impractical to be retrieved comprises decrypting a directory manager file using a first directory manager file key. The directory manager file includes an encryption key for a segment that is used when reconstructing a target file. The directory manager file is modified by deleting a reference to the target file. The reference includes a file encryption key. Retrieving the target file is made impractical by the deletion of the reference to the target file in the directory manager file. The modified directory manager file is encrypted using a second directory manager file key.01-24-2013
20110271103Generic File Protection Format - A file may contain an unencrypted and an encrypted portion. The unencrypted portion may contain a layout section that may point to a published license, metadata, and a contents section, where the contents section is in the encrypted portion. The encrypted portion may contain the contents section which may act as a directory for one or more included files that may be compressed and stored in the encrypted portion. When the file is opened by a receiver, the receiver may read the published license and communicate with a security server to establish access rights and receive at least one key for decrypting at least a portion of the encrypted portion of the file. The receiver may then gain access to the included files.11-03-2011
20110173443SECURE EXTRANET SERVER - A Secure Extranet Server (SES) provides for secure and traceable communication and document exchange between a trusted network and an untrusted network by authenticated users. The SES includes a first partition in communication with the untrusted network and a second partition in communication with the trusted network. The second partition maintains a session table and is in communication with a user authentication and authorization module. Communication between the first and second partition is preferably initiated by a request from the second partition. Security tokens attached to messages provide constraint checking on user inputs, access to documents and servers within the trusted network, checkout and checkin of controlled documents, and a single sign-on capability for on-line applications as well as local applications operating on protected files at remote user computers.07-14-2011
20080215881Method Of Encrypting/Decrypting The Document And A Safety Management Storage Device And System Method Of Its Safety Management - A method of encrypting/decrypting the document and a safety management storage device and system method of its safety management, using for the safety management of electronic documents, the said system comprising a PC or mainframe installed with common reading software and a storage device of safety management connected to the said PC/mainframe through hot-plug; when connected to the mainframe, the said storage device is enumerated as a USB CDROM device at least. The user owns the said storage device can encrypt the electronic documents by using the encryption keys to generate an encrypted document with the same file type, also can open the encrypted document by using common reading software, and then use the document according to the predetermined operation authority. By using present invention, the users and the range of using the documents will be limited through the control of the distribution of the said storage devices, thus, a document safety management system with high security and easy-use will be established, and with the advantage of easy control, low cost of investment and maintenance.09-04-2008
20120297189Systems and Methods for Secure Handling of Data - The methods and systems described herein provide for secure implementation of external storage providers in an enterprise setting. Specifically, the present invention provides for allowing the secure use of processes that may transmit files to external storage providers or access files from an external storage provider. In some arrangements, process, such as an untrusted process, may request access to a file. A security agent may intercept the request and encrypt the file. The file can then be transmitted to the external storage provider. A user may subsequently request access to the file. A security agent may intercept a message in connection with this request, determine whether the user is authorized to access the file, and decrypt the file.11-22-2012
20100146269System To Secure Electronic Content, Enforce Usage Policies And Provide Configurable Functionalities - A computer implemented method and system for managing electronic content security and access within a networked environment are provided. A proprietary wrapper file is created for encapsulating the electronic content upon transferring the electronic content to the computing device of a user. The proprietary wrapper file is configured for enforcing content usage policies on the electronic content and for performing configurable functionalities. A security client application is provided on the computing device in response to a request for accessing the electronic content. A local software component employed for accessing the electronic content is embedded within the security client application. The user is granted controlled access to the electronic content by enforcing the content usage policies through the wrapper file. The activities of the user on the electronic content are monitored and tracked by the security client application to ensure compliance of the activities with the enforced content usage policies.06-10-2010
20080270792SYSTEM AND METHOD OF ENCRYPTING AND DECRYPTING DIGITAL FILES PRODUCED BY DIGITAL STILL DEVICES - An exemplary system of encrypting and decrypting a digital file in a digital device is disclosed. The digital file includes an encrypting module and a decrypting module. The encrypting module includes a file-choosing block choosing a digital file to be encrypted, a code-building block producing a code for the chosen digital file and an encrypting block rendering the code for storing in the EXIF of the chosen digital file. The decrypting module includes a file-selecting block selecting an encrypted digital file, a code-taking block receiving an input code, a code-checking block comparing the input code with the code stored in the EXIF, and a decrypting block decrypting the selected file when the input code is identical to the code stored in the EXIF.10-30-2008
20100005293Systems and Methods for Accessing Secure and Certified Electronic Messages - The present disclosure provides systems and methods for accessing secure and certified electronic messages using a combination of biometric security, a separate and secure network and email infrastructure, email management processes, and the addition of text, audio and visual format options to sending emails messages.01-07-2010
20120272061Method and Device for Accessing Files of a Secure File Server - A method and a device are provided for accessing data files of a secure file server, wherein a user or a process is authenticated; wherein access to the data files of the secure file server takes place by way of an encryption module of the secure file server; wherein the encryption module comprises an encryption agreement of a centralized security application; and wherein the access of the authenticated user or process to the secure file server takes place by way of an encrypted protocol taking into consideration the encryption agreement. Such a device may be included in a corresponding computer network.10-25-2012
20120272060ELECTRONIC FILE DELIVERING SYSTEM, RELEVANT MOBILE COMMUNICATION DEVICE, AND RELEVANT COMPUTER PROGRAM PRODUCT - A mobile communication device is disclosed, having a wireless communication interface, a challenge-response module, and a decryption module. The wireless communication interface is used to receive an encrypted electronic file and a challenge value. The challenge-response module is used to generate a response value according to the challenge value and a challenge-response generating algorithm. The decryption module is used to decrypt the encrypted electronic file with the response value. The decryption module may decrypt the encrypted electronic file when the response value generated according to the challenge value and the challenge-response generating algorithm matches the one used to encrypt the electronic file.10-25-2012
20090164779FILE SYSTEM FILTER AUTHENTICATION - A software entity on a host device attempting to access protected content in a secure memory device must be authenticated using a challenge/response authentication mechanism before the secure file system can be accessed. A file system filter determines whether requested content is protected. If the content is protected, the file system filter provides a challenge to the software entity and generates a file system filter response using the same challenge. The software entity must then send a software entity response using the challenge to the file system filter. If the file system filter determines that the software entity response matches the file system filter response, the software entity is allowed to access the protected content through a secure file system installed on the host device for the memory device.06-25-2009
20090164781Methods and Apparatus for Secure Content Routing - Systems and methods are described which provide handling and secure routing of an article of content in accordance with a code or instruction set identifier embedded in or associated with the article of content. In one aspect, the invention provides a content handling system that comprises a digital data store containing a plurality of instruction sets, each defining a content handling workflow. The system further includes a content handling engine in communication with the store, wherein the content handling engine identifies a code associated with an article of content and executes workflow processing in accordance with an instruction set associated with the code. In various embodiments, an article of content comprises digitally encoded information (e.g., containing one or more of text, image, audio, video, data, and PACS data) and/or information otherwise convertible to digital format (e.g., printed matter, images, film, and audio recordings).06-25-2009
20090164780VOLUME MANAGEMENT METHOD IN A STORAGE APPARATUS HAVING ENCRYPTION FEATURE - The invention provides a computer system including a storage apparatus having an encryption feature, a management computer for running a management program for managing the storage apparatus, and an application host computer, wherein when allocating a logical volume or creating a copy pair, the management program selects, from the storage apparatus, a logical volume that satisfies a security level required by an application program that uses the logical volume to allocate the logical volume or create a copy pair.06-25-2009
20120198230Document Security System that Permits External Users to Gain Access to Secured Files - A system includes a server with an access manager configured to restrict access to files of an organization and maintain at least encryption keys for internal and external users and an external access server connected to the server and coupled between the server and a data network. The data network is configured to allow the external users use of the external access server. The external access server is also configured to permit file exchange between the internal users and the external users via the server.08-02-2012
20090024847KVM SWITCH - File management methods are disclosed, in which a host acquires at least one input signal from an input device via a keyboard-video-mouse (KVM) switch having a security key and determines whether the input signal comprises a first request for encrypting or decrypting at least one specific file. When the input signal comprises the first request by the host, the host acquires the security key from the KVM switch and encrypts or decrypts the specific file via the security key.01-22-2009
20120079270Hardware-Assisted Content Protection for Graphics Processor - Methods, systems, and computer program products for the secure handling of content provider protected multimedia content are disclosed. A method for providing secure handling of provider protected multimedia content, includes: decrypting, in a hardware-based multimedia content protection device (MMCP), the provider protected multimedia content using one or more provider keys; encrypting, in the MMCP, the decrypted multimedia content using one or more local keys to create locally protected multimedia content; and providing the locally protected multimedia content to a graphics processor over a secure connection. In an embodiment, the MMCP and the graphics processor are on the same board. In another embodiment, the MMCP is incorporated in the graphics processor to form a unified chip.03-29-2012
20080263355Method and System for Encrypting Files Based on Security Rules - The present disclosure is directed to a method and system for encrypting files based on security rules. In accordance with a particular embodiment of the present disclosure, a request to store a file on a storage device is received. At least one security parameter associated with a security profile of the file is identified. It is determined whether to encrypt the file by applying at least one security rule to the security parameter. The security rule includes selection criteria. The file is encrypted if the security rule indicates the file should be encrypted. The file is stored on the storage device.10-23-2008
20130219176Secure Virtual File Management System - A virtual file management system provides user access to managed content on mobile devices. The system comprises storage domains storing the managed content distributively using file systems, and a data infrastructure that organizes the managed content into a virtual file system that maintains information of storage domain specific file system primitives for accessing corresponding portions of the managed content. The data infrastructure, which maintains metadata of the storage domains and the mobile devices, comprises a policy definition and decision component that maintains policies defining controls for permissible operations on the managed content, the permissible operations including the file system primitives. A client application hosted on the mobile devices is coupled to the data infrastructure and the storage domains and includes an enforcement component that communicates with the policy definition and decision component to retrieve and enforce the policies by applying the controls on the mobile devices.08-22-2013
20100153716SYSTEM AND METHOD OF MANAGING FILES AND MOBILE TERMINAL DEVICE - In a system to realize prevention of leakage and loss of confidential information by inhibiting writing into a secondary storage device or writing into external storage media, created confidential data is archived by a secure method without being lost if communication is not available and a file server cannot save the information. For this purpose, first, a designated folder is created on a non-volatile storing memory being built in a mobile terminal and created confidential data is saved in the folder. Then, a filter driver controls access to the designated folder to prevent leakage of information by an application in a mobile phone by a malicious user. Further, a function to remove data in the designated folder in the mobile terminal from a mobile terminal management server through a telephone network prevents loss of saved confidential data due to loss of the mobile terminal.06-17-2010
20120246471INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING SYSTEM, DISTRIBUTION METHOD, AND PROGRAM THEREOF - In order to assure security of classified information, in present invention, before data take-out, third and fourth distributed data are created from first and second distributed data, the first and the second distributed data are saved in a server, and the third and the fourth distributed data are used in take-out.09-27-2012
20100161977ELECTRONIC FILE ACCESS CONTROL SYSTEM AND METHOD - A digital file is associated with a header in which identification data for a physical key is stored. The digital file content is encrypted, and may not be decrypted by a receiving computer unless a removable physical key that can be associated with the receiving computer includes identification data which matches the identification data stored in the file header. The digital content encrypted in the file may be compressed, and the header may also be encrypted. When the header is encrypted, the receiving computer may decrypt only the header unless the identification data of the header matches the identification data for a removable physical key. Improved security and reduction of pirating of the digital content are therefore provided.06-24-2010
20100185855Data Repository and Method for Promoting Network Storage of Data - In general, the invention features methods by which more than one client program connected to a network stores the same data item on a storage device of a data repository connected to the network. In one aspect, the method comprises encrypting the data item using a key derived from the content of the data item, determining a digital fingerprint of the data item, and storing the data item on the storage device at a location or locations associated with the digital fingerprint. In a second aspect, the method comprises determining a digital fingerprint of the data item, testing for whether the data item is already stored in the repository by comparing the digital fingerprint of the data item to the digital fingerprints of data items already in storage in the repository, and challenging a client that is attempting to deposit a data item already stored in the repository, to ascertain that the client has the full data item.07-22-2010
20100185852ENCRYPTION AND DECRYPTION METHOD FOR SHARED ENCRYPTED FILE - Encryption and decryption is achieved without the requirement for updating of the encryption key or re-encryption of an encrypted file when a shared encrypted file is generated, renamed or deleted.07-22-2010
20100185854MULTIPLE CONTENT PROTECTION SYSTEMS IN A FILE - Supporting a plurality of content protection systems in a single container file. The protection systems share an encryption method which is accessible from a sample encryption box in the file. Each of the protection systems stores, in a protection system header box, information for decrypting the content in accordance with the corresponding protection system. In some embodiments, separate protection system header boxes in the file correspond to each of the protection systems. By using the common encryption method and sharing encryption expressions across the protection systems, the multiple content protection systems are supported in the file without creating additional copies of the content. In some embodiments, aspects of the disclosure extend the International Organization for Standardization (ISO) base media file format to support multiple digital rights management (DRM) systems in the single container file.07-22-2010
20100191962FILE SYSTEM FILTER AUTHENTICATION - A method of accessing content includes installing a file system filter for a secure removable memory device on a host device. A challenge is sent from the file system filter to a software entity on the host device, and a software entity response is received at the file system filter in response to the challenge. A file system filter response is calculated at the file system filter using the challenge, and access to first content on the secure removable memory device is provided if the software entity response matches the file system filter response.07-29-2010
20100185853LOCAL AREA NETWORK ARCHITECTURE - The present disclosure provides a local area network architecture including a server, a client and a data transfer system. The server uses a first operating system and includes an encryption chip and a server memory storing the encrypted files. The encryption chip includes an encryption system having a different operating environment with the first operating system. The encryption system includes a file converting module and an encryption module. The file converting module converts files to a format only recognizable for the encryption system and unrecognizable for the first operating system. The encryption module encrypts the converted files. The client uses a second operating system and includes a client memory storing the files from the server and a decryption chip. The decryption chip uses a decryption system including a file reverting module and a file decryption module. The data transfer system transmits files from the server to the client.07-22-2010
20090077378QUERYING ENCRYPTED DATA IN A RELATIONAL DATABASE SYSTEM - A client-server relational database system, wherein data from the client computer is encrypted by the client computer and hosted by the server computer, the encrypted data is operated upon by the server computer, using one or more operators selected from a group of operators comprising: (a) inequality logic operators, (b) aggregation operators, and (c) wildcard matching operators, to produce an intermediate results set, the intermediate results set is sent from the server computer to the client computer, and the intermediate results set is decrypted and filtered by the client computer to produce actual results. The group of operators is limited because the encrypted results set, when decrypted, includes inaccuracies therein. The client computer applies a set of correction procedures to the decrypted results set to remove the inaccuracies therein.03-19-2009
20090077377System and method of protecting content of an electronic file for sending and receiving - A system and method of protecting the content of an electronic file for sending and receiving. The invention includes providing unique local encryption key data correspondingly associated with a sender, and providing unique remote encryption key data correspondingly associated with a receiver. In addition, the method includes orienting the electronic file in an encrypted mode by utilizing at least one set of the unique local encryption key data and at least one set of the remote encryption key data.03-19-2009
20100217976METHOD AND APPARATUS FOR IMPORTING CONTENT - A method and apparatus for protecting digital content in a digital rights management (DRM) system are provided. The method of importing a first content file into a second content file includes determining a usage rule of content included in the first content file based on information used to control remote access of the content included in the first content file; and generating the second content file that follows the determined usage rule.08-26-2010
20100146268Method for Saving a File - The present invention relates to a method for storing a file originating from a source location at a target location, comprising of receiving the file at the target location, storing the file at the target location, and encrypting the file irreversibly in at least a stored state at the target location using a key originating from the source location, this prior to storage at the target location. The invention also relates to a receiving device for storing a file originating from a source location at a target location and a system for storing a file originating from a source location at least one target location.06-10-2010
20100250925ENCRYPTED FILE DELIVERY/RECEPTION SYSTEM, ELECTRONIC FILE ENCRYPTION PROGRAM, AND ENCRYPTED FILE DELIVERY/RECEPTION METHOD - An encrypted file delivery/reception system comprises a first computer, a second computer, and a password management device connected to the first and second computers through a network. The first computer has means for encrypting an electronic file to create an encrypted file. The password management device has means for storing password information including the correspondence between the decryption password for decrypting the encrypted file and telephone number of the user of the second computer, means for identifying the telephone number of the caller of a call when receiving the call with caller number notification, means for identifying the decryption password corresponding to the identified telephone number by referencing the password information, and means for transmitting the identified decryption password to the second computer. The second computer has means for decrypting the encrypted file created by the first computer by using transmitted decryption password.09-30-2010
20100211776Digital rights management in a distributed network - The present invention is implemented within a distributed network operating environment (such as a CDN) in which content providers offload given content for delivery from servers (e.g., CDN edge servers) managed by a service provider (such as a CDN operator). It is assumed that the given content is secured using a digital rights management (DRM) scheme. According to the invention, a distributed set of license server processes are provided to manage the issuance of content licenses. Each of the license server processes is operative to generate licenses by which a given end user client obtains given rights for given content, typically the content served from the machine. A distributed set of license server processes operates in a de-centralized manner and without access to third party business logic (e.g., a payment mechanism) or authentication information associated with end users requesting the given content.08-19-2010
20100250926METHOD OF DIGITAL RIGHTS MANAGEMENT ABOUT A COMPRESSED FILE - Provided is a method for digital rights management of a compressed file created by compressing one or more original files. The method include the steps of: generating right information on an encrypted compressed file during the encryption of the compressed file by a digital rights management server; checking the user right to the compressed file by controlling a predetermined compression application program by a controller module installed in a user terminal when the user terminal to which the encrypted compressed file is downloaded opens the compressed file using the compression application program; requesting the digital rights management server to provide a certificate to decrypt the encrypted file by the controller module of the user terminal; generating the certificate according to a certificate request from the user terminal and sending the generated certificate to the user terminal by the digital right management server; and decrypting the encrypted compressed file by the controller module of the user terminal based on the received certificate.09-30-2010
20120131336Automatic Secure Escrowing of a Password for an Encrypted File or Partition Residing on an Attachable Storage Device that the Device can be Unlocked Without User Intervention - External data storage device queries the user for a password on at least the first attachment. The password is escrowed in encrypted form. If the user elects this option, the password is then passed to an encryption module which unlocks the encrypted file or partition and upon subsequent attachments of the external data storage device may automatically unlock the encrypted file or partition using the securely escrowed password. The escrow of the encrypted password is managed in an external storage device containing the encrypted file or partition.05-24-2012
20120036356Method for Accessing Nominative Data Such As a Customised Medical File From a Local Generation Agent - A process of accessing to a customized computer file, comprising data of technical nature such as medical data as well as highly confidential nominative data. The process comprises the implementation of a generation agent of the customized computer file (DMN) contained in a storage device (02-09-2012
20110113242PROTECTING MOBILE DEVICES USING DATA AND DEVICE CONTROL - A method for securing data on a mobile device includes establishing a remote connection between a server and a mobile device, receiving at the server a directory listing from the mobile device indicating files and folders stored on the mobile device, selecting one or more files or folders for securing on the mobile device, and transmitting from the server a secure command to the mobile device instructing the mobile device to secure the selected one or more files or folders. A system including a server and a mobile device can perform the method.05-12-2011
20090327712SYSTEM AND METHOD FOR VARIABLE ENCRYPTION - A method for variable encryption of a plurality of files. The method serves a plurality of subscribers. The method includes receiving a request from one of the plurality of subscribers to download at least one of the plurality of files and receiving authorization to download the at least one of the plurality of files. The method also includes accessing the at least one of the plurality of files, encrypting the at least one of the plurality of files and inserting a key into the encrypted at least one of the plurality of files. Finally, the method includes downloading the encrypted at least one of the plurality of files to the one of the plurality of subscribers, extracting the key and deciphering the encrypted at least one of the plurality of files, thereby making available decrypted at least one of the plurality of files to the one of the plurality of subscribers.12-31-2009
20090327711AUTHENTICATION OF BINARIES IN MEMORY WITH PROXY CODE EXECUTION - Presented is an anti-tampering method that validates and protects specific sections of a binary file. In one embodiment, this method permits a proxy engine to execute (via emulation by a virtual machine) the protected code on behalf of the binary in kernel mode upon successful completion of an integrity check. The integrity check can optionally check only the specific parts of code that the developer wishes to validate. The integrity check can cross binary boundaries. Moreover, the integrity check can be done on a hard drive or in memory. Furthermore, since the encrypted code is executed by the proxy engine in kernel mode, hackers are further deterred from modifying the code. Additionally, a method of creating a protected binary file is described herein.12-31-2009
20090319786Electronic data security system and method - A security system capable of providing seamless access to, and encryption of, electronic data. The security system integrates into an operating environment and intercepts calls between the operating environment and one or more Productivity Applications within the operating environment, thereby ensuring security policies are properly applied to all sensitive data wherever the data travels or resides.12-24-2009
20090319785METHOD AND SYSTEM OF ACCESSING COPY-PREVENTED ENCRYPTED DATA RESOURCES OVER A NETWORK - A system of accessing a copy-prevented encrypted data file transmitted over a network includes a server apparatus having data files; and a client apparatus comprising a read apparatus and a temporary storage. A data file in a server apparatus is accessed through the network from the client apparatus and cached in the temporary storage, and the data file cached in the temporary storage is obtainable by the read apparatus for human recognition of the content of the data file. The read apparatus is not capable of at least one of printing and saving as. The present invention also provides a method of accessing a copy-prevented encrypted data file from a server apparatus. The system and method improve data file transmission security and decrease the possibility of copying and decrypting the data file.12-24-2009
20100223462METHOD AND DEVICE FOR ACCESSING SERVICES AND FILES - The present invention relates to a method and device for accessing services and files on a computer (4) in a home network (09-02-2010
20120144192METHOD, DEVICE, AND SYSTEM FOR MANAGING PERMISSION INFORMATION - A method, a device, and a system for managing permission information are provided. The method includes: receiving a permission modification instruction, where the permission modification instruction is used to instruct modification of permission information of a file; modifying the permission information according to the permission modification instruction of the file; and sending an Identifier (ID) of the file and the modified permission information to a server. The device includes: a modification module, a processing module, and a first sending module. The system includes: a client and a server. The server and the file jointly store the permission information, thereby effectively improving the flexibility of file encryption, reducing the burden of the server, and improving the performance of the server.06-07-2012
20090070580Portable electronic file protection system - The portable electronic file protection system includes at least one memory device removably disposed in communicative relation with any one of a plurality of computers. The memory device includes computer readable content contained thereon wherein the content includes electronic file protection software and at least one set of encryption key data. Further, the said electronic file protection software is executable while the memory device is disposed in communicative relation with any one of said plurality of computers.03-12-2009
20080320304Method of Accessing Data Content in Storage Devices - There is provided a data storage device (12-25-2008
20130138954MODE SENSITIVE ENCRYPTION - Mechanisms are provided to implement framework level mode specific file access operations. In a mode such as a work or enterprise mode, read and write accesses are directed to one or more secured locations. File data and metadata may be secured with encryption and/or authentication mechanisms. Conventional mobile solutions provide only for mode encryption distinctions at the application level, e.g. one work application may prevent access to certain data, but a different application may want to allow access to that same data. Various embodiments provide framework level mode sensitive encryption that does not require different, mutually exclusive, or possibly conflicting applications or platforms. A device and associated applications may have access to different data based on a current mode.05-30-2013
20130138955CLIENT-SIDE ENCRYPTION IN A DISTRIBUTED ENVIRONMENT - Methods and systems for encrypting and decrypting data are described. In one embodiment, a client computing system sends to a server computing system over a network a first network request to perform multiple operations such as a lease operation and a fetch operation. In response, the server computing system performs the operations. Subsequently, the client computing system can send subsequent network requests to write re-encrypted data and to relinquish the lease. The subsequent network requests may also be single network requests that perform lease operations, as well as other operations, such as operations for block alignment purposes. The client computing system can send an actual end of file when relinquishing the lease so that the server computing system can handle a remainder of data that is used for subsequently decrypting the re-encrypted data.05-30-2013
20110029772CLOUD-BASED APPLICATION WHITELISTING - Systems and methods for allowing authorized code to execute on a computer system are provided. According to one embodiment, an in-memory cache is maintained having entries containing execution authorization information regarding recently used modules. After authenticating a module, its execution authorization information is added to the cache. Activity relating to a module is intercepted. A hash value of the module is generated. The module is authenticated with reference to a multi-level whitelist including a global whitelist, a local whitelist and the cache. The authentication includes first consulting the cache and if the module is not found, then looking up its hash value in the local whitelist and if it is not found, then looking it up in the global whitelist. Finally, the module is allowed to be loaded and executed if its hash value matches a hash value of an approved code modules within the global whitelist.02-03-2011
20100037049Case study devices, methods, and systems - The present disclosure includes devices, methods, and systems for creating a case study file that includes an image file from an imaging modality, executing a hash algorithm on the case study file to produce a hash key, compressing the case study file, bundling the hash key with the compressed file, encrypting the bundled file, and moving the encrypted bundled file through an Internet connection to a storage computing system, among other embodiments.02-11-2010
20100037048INPUT/OUTPUT CONTROL AND EFFICIENCY IN AN ENCRYPTED FILE SYSTEM - An approach for improving input/output control and efficiency in an encrypted file system (EFS) is provided. In this approach, a software application writes data to a first buffer and then requests that an encrypted file system save the data onto a nonvolatile storage device. The encrypted file system encrypts the data and stores the encrypted data in a second buffer and then writes the encrypted data from the second buffer to the nonvolatile storage area. Meanwhile, the software application is able to resume writing additional data to the buffer after the data has been copied to the second buffer even if the data has not yet been written to the nonvolatile storage area02-11-2010
20100058055System and method for manipulating a computer file and/or program - A device for manipulating a computer file or program includes a processor. The device includes a network interface which receives commands. The device includes a receiver which receives the commands from the network interface and provides the commands to the processor. The device includes storage having a computer file or program in a memory. Wherein the processor, based on the commands, makes changes to the computer file or program in the memory and suspends and reestablishes user intervention to the computer file or program. A device for manipulating a computer file or program.03-04-2010
20110154032Mobile Security System and Method - A system and method for providing a secure environment for mobile telephones and other devices are disclosed. The system and method may utilize trust zoning, layered memory, and a secure matrix model having, for example, a memory protection module for protecting memory; a secure debug module for ensuring security of the debug module; a secure file system module for protecting the secure file system; and a trusted time source module for protecting components. Embodiments of the present invention may protect against security attacks on a variety of hardware and software components while permitting suitable levels of accessibility for developmental and maintenance purposes.06-23-2011
20110252234SYSTEM AND METHOD FOR FILE-LEVEL DATA PROTECTION - Disclosed herein are systems, methods, and non-transitory computer-readable storage media for encryption and key management. The method includes encrypting each file on a computing device with a unique file encryption key, encrypting each unique file encryption key with a corresponding class encryption key, and encrypting each class encryption key with an additional encryption key. Further disclosed are systems, methods, and non-transitory computer-readable storage media for encrypting a credential key chain. The method includes encrypting each credential on a computing device with a unique credential encryption key, encrypting each unique credential encryption key with a corresponding credential class encryption key, and encrypting each class encryption key with an additional encryption key. Also disclosed is a method of verifying a password by decrypting a key bag, retrieving data from an encrypted file using an encryption key from the decrypted key bag, and verifying the password by comparing retrieved data with expected data.10-13-2011
20110252233SYSTEM AND METHOD FOR BACKING UP AND RESTORING FILES ENCRYPTED WITH FILE-LEVEL CONTENT PROTECTION - Disclosed herein are systems, methods, and non-transitory computer-readable storage media for initiating a backup, backing up encrypted data, and restoring backed up encrypted data. The method for initiating a backup includes sending a backup secret to a backup device having an encrypted file system, receiving from the backup device a backup ticket created based on the backup secret, and storing the backup ticket. The method for backing up encrypted data includes receiving a backup ticket and a backup secret, retrieving an escrow key bag containing protection class keys, decrypting the protection class keys with the backup ticket, generating a backup key bag containing new protection class keys, selecting a set of encrypted files to back up, decrypting the file encryption keys with corresponding decrypted protection class keys, re-encrypting the file encryption keys with new protection class keys, and transferring the selected encrypted files, the backup key bag, and metadata.10-13-2011
20110252232SYSTEM AND METHOD FOR WIPING ENCRYPTED DATA ON A DEVICE HAVING FILE-LEVEL CONTENT PROTECTION - Disclosed herein are systems, methods, and non-transitory computer-readable storage media for erasing user data stored in a file system. The method includes destroying all key bags containing encryption keys on a device having a file system encrypted on a per file and per class basis, erasing and rebuilding at least part of the file system associated with user data, and creating a new default key bag containing encryption keys. Also disclosed herein is a method of erasing user data stored in a remote file system encrypted on a per file and per class basis. The method includes transmitting obliteration instructions to a remote device, which cause the remote device to destroy all key bags containing encryption keys on the remote device, erase and rebuild at least part of the file system associated with user data, and create on the remote device a new default key bag containing encryption keys.10-13-2011
20110154031Secure Kerberized Access of Encrypted File System - A file server receives a request from a client to mount an encrypted file system. The file server informs the client that the requested file system is encrypted and, in turn, receives a session ticket from the client that includes a security protocol mounting selection. The file server decrypts the client's user's encrypted private key, and then decrypts the requested encrypted file system using the private key. In turn, the file server sends the decrypted file system to the client over a secure channel, which is based upon the security protocol mounting selection. In one embodiment, a key distribution center server receives a request from the client for the client's user to access the encrypted file system at the file server. The key distribution center server retrieves an intermediate key; includes the intermediate key in a session ticket; and sends the session ticket to the client.06-23-2011
20120303954Managing method, device and terminal for application program - A managing method for an application program is disclosed, which includes that: a first terminal converts a file of a specified application program stored by the first terminal per se into an intermediate file in a predetermined intermediate format, wherein the intermediate format can be identified by other terminals having a running environment of the application program (S11-29-2012
20120303953Method and terminal equipment for applying digital rights management - A method and terminal equipment for applying digital rights management are disclosed by the present disclosure. The method includes the following steps: performing encryption processing on a portion of the content of a multimedia file using a pre-generated key when downloading the multimedia file; and downloading the encrypted multimedia file to a designated terminal equipment. With the present disclosure, the downloading speed of the multimedia file can be increased, and the waiting time for playing the file can be decreased.11-29-2012
20100058054MSSAN - This invention allows users to maximise their use of existing storage, processing power and network bandwidth resources. This is achieved through providing an enhanced level of data backup and restore that employs the initial encryption of data and storing one user's data on another user's hard drives through an anonymsing process. The efficiency of this process is enhanced when this invention is used in conjunction with self authentication which then provides the ability to log into a network anonymously from potentially anywhere.03-04-2010
20110258438System and Method for Providing Different Levels of Key Security for Controlling Access to Secured Items - With files secured by encryption techniques, keys are often required to gain access to the secured files. Techniques for providing and using multiple levels of keystores for securing the keys are disclosed. The keystores store keys that are needed by users in order to access secured files. The different levels of keystores offer compromises between security and flexibility/ease of use.10-20-2011
20120204028Secure Kerberized Access of Encrypted File System - A file server receives a request from a client to mount an encrypted file system. The file server informs the client that the requested file system is encrypted and, in turn, receives a session ticket from the client that includes a security protocol mounting selection. The file server decrypts the client's user's encrypted private key, and then decrypts the requested encrypted file system using the private key. In turn, the file server sends the decrypted file system to the client over a secure channel, which is based upon the security protocol mounting selection. In one embodiment, a key distribution center server receives a request from the client for the client's user to access the encrypted file system at the file server. The key distribution center server retrieves an intermediate key; includes the intermediate key in a session ticket; and sends the session ticket to the client.08-09-2012
20090144545COMPUTER SYSTEM SECURITY USING FILE SYSTEM ACCESS PATTERN HEURISTICS - A system for computer system security using file system access pattern heuristics is provided. The system includes access patterns to establish nominal read and write frequencies to a file system using heuristics, dynamic policies, and a policy manager. The policy manager monitors accesses to the file system to determine read and write access frequencies to the file system. The policy manager also compares the read and write access frequencies to the access patterns, and determines whether the read and write access frequencies exceed the access patterns per the dynamic policies. The policy manager further identifies an attack on the file system in response to exceeding the dynamic policies, where the identified attack is associated with a communication path to the file system. The policy manager additionally modifies an aspect of access via the communication path in accordance with the attack response in the dynamic policies to mitigate the attack.06-04-2009
20110258437SECURE LOCAL UPDATE OF CONTENT MANAGEMENT SOFTWARE - This document describes tools that enable a computing device to receive an update to content management software. The tools also enable the computing device to generate new public and private keys without the use of a key server.10-20-2011
20110055559DATA RETENTION MANAGEMENT - A file-based data retention management system is provided. A data source can store data files. An online backup file system can make a backup copy of the data files from the data source and store the backup copy of the data files on a backup server. A policy database can be maintained by the system, the policy database including data retention policies for the data files for retention management of the data files. A key management system can assign and manage encryption keys for the data files. The key management system can store the encryption keys on a separate system from the data files stored on the backup server.03-03-2011
20110258439SECURE DATA PARSER METHOD AND SYSTEM - A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths.10-20-2011
20110022839Method and system for establishing a trusted and decentralized peer-to-peer network - The present invention offers a new and improved method and system to establish a trusted and decentralized peer-to-peer network for: the sharing of computer files between and among computing devices; trusted chat sessions; and for other applications of trusted peer-to-peer networks.01-27-2011
20110126007SECURE BLOCK READ AND WRITE PROTOCOL FOR REMOTELY STORED FILES - A file transfer system including a client and a server capable of updating portions of the file stored on the server. The system is capable of uploading portions of a file before the file has been specified at the client side. The files are stored in raw at the client and the server, which preserves the block list mapping. The file transfer protocol is capable of compressing and encrypting transferred data. As a result, the partial file writes are possible while maintaining current bandwidth usage. The write request data structure is provided with additional features in the form of flags and fields to provide reliable transmission of partial file data.05-26-2011
20110126006METHOD AND SYSTEM FOR SECURE NETWORK-BASED DISTRIBUTION OF CONTENT - A method and system for network-based distribution of content are disclosed. The distribution of content is not only secure but also controlled. The security restricts access to content within media files during downloads as well as while stored at a server or client. In one embodiment, each media file is encrypted with a different, randomly generated key. The control over the distribution of the media file can serve to limit the subsequent distribution of media files from clients to other clients. In another embodiment, the control can permit media files to be shared on a limited number of different clients affiliated with the same user. The clients can vary with application but generally are computing devices that have memory storage. Often, the clients are personal computers or other computing devices that are capable of storing and presenting content to their users.05-26-2011
20110138174BROWSER SECURITY STANDARDS VIA ACCESS CONTROL - A computing system is operable to contain a security module within an operating system. This security module may then act to monitor access requests by a web browser and apply mandatory access control security policies to such requests. It will be appreciated that the security module can apply mandatory access control security policies to such web browser access attempts.06-09-2011
20110093701Software Signature Tracking - A method for preventing unauthorized use of software may be achieved by executing computer-readable code with instructions for recording an indication of at least one selected file of a software application in a memory location accessible to a security component of the software application, in which software application the security component is configured to cause a hash signature of the at least one selected file to be generated in response to a signal arising from use of the software application, hashing the at least one selected file to generate a first file signature, transmitting the first file signature to a secure network-accessible computer memory for storage and subsequent comparison to at least one subsequent file signature generated via operation of the security component on a client device, comparing the first file signature to a second file signature generated by the security component in response to a signal arising from use of the software application on the client device, and disabling the software application on the client device, in response to determining that the first file signature does not match the second file signature.04-21-2011
20090300351FAST SEARCHABLE ENCRYPTION METHOD - The present invention provides a method, apparatus and system for fast searchable encryption. The data owner encrypts files and stores the ciphertext to the server. The data owner generates an encrypted index according to each keyword of the files, and stores the encrypted index to the server. The index is composed of keyword item sets each being identified by a keyword item set locator and containing at least one or more file locators of the files associated with the corresponding keyword. Each file locator contains ciphertext of information for retrieval of an encrypted file and only with the correct file locator decryption key can the ciphertext be decrypted. Data owner issues a keyword item set locator as well as file locator decryption key to a searcher to enable the searcher to search on the encrypted index and retrieve files related to a certain keyword.12-03-2009
20100037047Method for Controlling Access to File Systems, Related System, Sim Card and Computer Program Product for Use therein - Users of mobile terminals in a communication network are provided controlled access to files in a file system through the steps of configuring the files as a file body containing a file content and a file header containing content profile information; providing a security identity module and a secure agent; storing in the security identity module user profile information identifying a set of content profiles allowed for access to the file system; extracting, via the secure agent, the content profile information from the headers of the files; retrieving, via the secure agent, the user profile information stored in the security identity module; checking the user profile information and the content profile information; and providing the user with access to those files in the file system for which the user profile information and the content profile information are found to match.02-11-2010
20100031034METHOD AND APPARATUS FOR PROTECTING FILE IN DIRECT PRINTING - Provided are a method and apparatus for protecting files to be directly printed. The method includes transmitting an encryption key, when an encrypted file is received, receiving a password of the file encrypted using the encryption key, decrypting the password using a decryption key corresponding to the encryption key, and decrypting the encrypted file using the decrypted password. Accordingly, in performing direct printing, the transmitted file can be protected by encryption. Also, since the password of the file is encrypted and decrypted, the password is not required to be directly input to the printing device and other printing devices can be safely used along with the printing device to which the password is input, thereby increasing convenience for user input.02-04-2010
20120042162Cloud Data Management - The different illustrative embodiments provide a method, computer program product, and apparatus for managing data. An encrypted file containing the data is divided into a plurality of segments. The plurality of segments are sent to a plurality of cloud computing environments for storage in the plurality of cloud computing environments. Each cloud computing environment in the plurality of cloud computing environments receives a portion of the plurality of segments. The portion of the plurality of segments is associated with a cloud computing environment in the plurality of cloud computing environments to which the portion of the plurality of segments was sent.02-16-2012
20120072723SYSTEMS AND METHODS FOR SECURE DATA SHARING - Systems and methods are provided for creating and using a sharable file-level key to secure data files. The sharable file-level key is generated based on a workgroup key associated with the data file, as well as unique information associated with the data file. The sharable file-level key may be used to encrypt and split data using a Secure Parser. Systems and methods are also provided for sharing data without replicating the data on the machine of the end user. Data is encrypted and split across an external/consumer network and an enterprise/producer network. Access to the data is provided using a computing image generated by a server in the enterprise/producer network and then distributed to end users of the external/consumer network. This computing image may include preloaded files that provide pointers to the data that was encrypted and split. No access or replication of the data on the enterprise/producer network is needed in order for a user of the external/consumer network to access the data.03-22-2012
20120210126DOCUMENT ENCRYPTION AND DECRYPTION - A document encryption and decryption system and method for selectively encrypting and decrypting files and attachments, electronic mail, text messages, and any other items to protect or secure its contents by helping to prevent unauthorized individuals from viewing data in human-perceivable or readable form. The encryption and decryption system includes remote authentication to verify user credentials stored on a remote database hosted by a web server. The encryption system further includes remote deletion to automatically delete at least encrypted items stored on the user's computer, handheld or portable device, smartphone, tablet, and any other computer of any kind when enabled and logged onto a network. The encryption and decryption system includes selectively decrypting items by retrieving a decryption key and decrypting the item, and/or typing a decryption key if the item cannot be decrypted with the key, and/or sending an invitation to a recipient using the web server.08-16-2012
20110167260COMPUTER SYSTEM LOCK-DOWN - Systems and methods for allowing authorized code to execute on a computer system are provided. According to one embodiment, a method is provided for locking down a computer system. A customized, local whitelist database is stored with a memory of the computer system. The whitelist database forms a part of an authentication system operable within the computer system and contains therein cryptographic hash values of code modules expressly approved for execution by the computer system. A kernel mode driver of the authentication system intercepts file system or operating system activity relating to a code module. The authentication system determines whether to authorize the request by causing a cryptographic hash value of the code module to be authenticated against the whitelist database. The authentication system allows the code module to be loaded and executed within the computer system if the cryptographic hash value matches one of the cryptographic hash values.07-07-2011
20120011359Mobile intellectual property protection apparatus and methodology - A mobile intellectual property protection apparatus and methodology maintains digitally recorded IP-related evidence using cryptographic techniques to definitively and securely maintain the secrecy of a digitally recorded evidence of an intellectual property by immediately establishing a tamper-proof time-stamp of the temporal existence of the recorded evidence. The digitally recorded intellectual property is designed to serve as a digital expert witness to assist in establishing, for example, the conception of an invention or other legal claims.01-12-2012
20120017084Storage Device and Method for Providing a Partially-Encrypted Content File to a Host Device - A storage device and method for providing a partially-encrypted content file to a host device are provided. In one embodiment, the storage device retrieves a content file from memory in the storage device and partially-encrypts the content file by encrypting some portions of the content file. The storage device sends the partially-encrypted content file to a host device and informs the host device of which portions of the partially-encrypted content file are encrypted. In one embodiment, the remaining portions of the content file are in clear text form and do not need to be decrypted. Because the host device only needs to decrypt the portions of the content file that are encrypted—and not the entire content file—the host device can decrypt the partially-encrypted content file, even if it does not have the processing power to decrypt a fully-encrypted version. In another embodiment, at least some of the remaining portions of the content file are encrypted with at least one additional key.01-19-2012
20120072725CLOUD-BASED APPLICATION WHITELISTING - Systems and methods for allowing authorized code to execute on a computer system are provided. According to one embodiment, an in-memory cache is maintained having entries containing execution authorization information regarding recently used modules. After verifying a module, its execution authorization information is added to the cache. Activity relating to a module is intercepted. A hash value of the module is generated. The module is verified with reference to a multi-level whitelist including a global whitelist, a local whitelist and the cache. The verification includes first consulting the cache and if the module is not found, then looking up its hash value in the local whitelist and if it is not found, then looking it up in the global whitelist. Finally, the module is allowed to be executed if the code module is approved by the multi-level whitelist database architecture.03-22-2012
20120072724COMPUTER PROGRAM AND METHOD FOR BIOMETRICALLY SECURED, TRANSPARENT ENCRYPTION AND DECRYPTION - A computer program for secure encryption and decryption provides a user interface that allows a user to drag and drop files into and out of a secure repository, wherein the program automatically encrypts files transferred into the repository and automatically decrypts files transferred out of the repository. The user can transfer file folders into the repository, wherein the program encrypts all of the files within the folder and retains the original file/folder structure, such that individual files can be moved within the repository, moved out of the repository, and opened or executed directly from the repository. The program requires the user to submit biometric data and grants access to the secure repository only if the biometric data is authenticated. The program generates an encryption key based at least in part on biometric data received from the user. Additionally, the program destroys the key after termination of each encryption/decryption session.03-22-2012
20100095115FILE ENCRYPTION WHILE MAINTAINING FILE SIZE - A technique for encrypting a file without changing file size may involve encrypting a first set of a plurality of blocks of a file in a first encryption mode using the first set of encryption keys and/or the first set of configuration rules, and a second set of the plurality of blocks of the file in a second encryption mode using a second set of the encryption keys and/or a second set of the configuration rules without causing the file to increase in size before and after the encryption. Here, the first and the second encryption modes are chosen to be different, so are the first and the second sets of the encryption keys and/or the configuration rules to reduce security risk of the file being encrypted.04-15-2010
20120317415Method, apparatus, terminal and system for channel encryption - The disclosure discloses a method, an apparatus, a terminal and a system for channel encryption. The method includes that: a relay server receives a channel encryption request from a client, and acquires encrypted information, client information and a locally stored channel Extensible Markup Language (XML) file of the client from the channel encryption request (S12-13-2012
20100205433SYSTEM AND METHOD FOR REMOTE DEVICE REGISTRATION - A system and method for remote device registration, to monitor and meter the injection of keying or other confidential information onto a device, is provided. A producer who utilizes one or more separate manufacturers, operates a remote module that communicates over forward and backward channels with a local module at the manufacturer. Encrypted data transmissions are sent by producer to the manufacturer and are decrypted to obtain sensitive data used in the devices. As data transmissions are decrypted, credits from a credit pool are depleted and can be replenished by the producer through credit instructions. As distribution images are decrypted, usage records are created and eventually concatenated, and sent as usage reports back to the producer, to enable the producer to monitor and meter production at the manufacturer.08-12-2010
20110179270Data Retrieval System - A method is disclosed for retrieving data from a wireless device over a wireless network for submission to an application provided on a user terminal. The method includes the steps of detecting for a wireless device having a data file stored thereon when the application is running on the user terminal; and if a data file is detected, in response to an attempt by a user at the user terminal to access a document accessible through the application where data is required to complete a request for access to the document, determining whether the required data exists on the data file; retrieving the required data from the data file and submitting the retrieved data to the application for generation of an access request.07-21-2011
20120137130System and Method for Providing Multi-Location Access Management to Secured Items - A system and method for providing access management to secured items through use of a plurality of server machines associated with different locations are disclosed. According to one embodiment, a local server can be dynamically reconfigured depending on a user's current location. Upon detecting that a user has moved to a new location, the local server for the new location can be reconfigured to add support for the user, while simultaneously, the local server for the previous location is reconfigured to remove support for the user. As a result, security is enhanced while the access management can be efficiently carried out to ensure that only one access from the user is permitted at any time across an entire organization, regardless of how many locations the organization has or what access privileges the user may be granted.05-31-2012
20100174902PORTABLE STORAGE MEDIA WITH HIGH SECURITY FUNCTION - A portable storage media with high security function is disclosed. The portable storage media comprises a microprocessor, a sensor and a memory. The microprocessor is connected to a data transmission interface, a sensor transmission interface and a memory transmission interface, wherein the data transmission interface is adopted for connecting to a host end. The sensor is connected to the sensor transmission interface of said microprocessor, wherein said sensor is adopted for inputting a biological feature. The memory is connected to the memory transmission interface of the microprocessor. The biological features are used as the passwords for accessing the protected data or files stored in the portable storage media. An encrypting program is adopted for encrypting/decrypting the data or files to prevent any hackers from stealing the data or files from the portable storage media.07-08-2010
20120317414METHOD AND SYSTEM FOR SECURING DOCUMENTS ON A REMOTE SHARED STORAGE RESOURCE - This invention discloses a novel system and method for displaying electronic documents on remote devices and enabling collaborative editing in conjunction with a content management system where the documents that are shared are securely encrypted on the system in a manner that avoids a single point of failure in the security.12-13-2012
20120179908SECURE PORTABLE MEDICAL INFORMATION SYSTEM AND METHODS RELATED THERETO - Using a secure portable reference to medical information, stored on a portable storage medium, various embodiments allow a patient to give to their doctor an easy-to-use access key that will enable access to desired medical information stored on a computer network. The secure portable reference provides greater transportability of medical records to a patient or medical data repository including a doctor's office, clinic, or hospital, while maintaining data security to satisfy medical data privacy regulations and expectations. Some described embodiments use encrypted information inside the secure portable reference to hide, for example, who is allowed access to the stored medical information, and the network location of the stored information. Some embodiments use a secret PIN to authenticate the user attempting access to the referenced medical information. The secure portable reference contains information on network resources used to enable download access to medical information, including medical records and medical images.07-12-2012
20120265988DUAL INTERFACE DEVICE FOR ACCESS CONTROL AND A METHOD THEREFOR - The invention provides a low-cost access control device for identification and authentication in both the “digital” and “physical” worlds by contact-bound respectively contact-less interfaces and where individual users of the device can securely update access control credentials and cryptographic keys from a remote system without the need for any additional hardware or specialized software. The access control credentials and the at least one cryptographic key shall be readable by an access control system via the contact-less interface of the device, thereby enabling or denying the holder of the device access.10-18-2012
20120324221Identification of a Compromised Content Player - A system and method for identifying the player that leaked content encryption keys by loading a set of player keys into individual content players and determining the number of encryptions and the number of encryption keys to use in multiple encrypting critical content. The method produces copies of critical data content packets, each copy of which is separately encrypted using any one of a set of encryption keys that are related to one another through a mathematical algorithm. The related set of encryption keys and data describing key relationship and content player identity are transmitted to a previously determined license management agency. The transmitted encrypted content is written to a receiving device or file, or streamed to an individual player for non-synchronous playback. This abstract is not to be considered limiting, since other embodiments may deviate from the features described in this abstract.12-20-2012
20120324220DIGITAL FINGERPRINTING VIA SQL FILESTREAM WITH COMMON TEXT EXCLUSION - A method provides data loss protection of sensitive data using digital fingerprinting. The method includes assigning a security level to each document of a plurality of documents associated with a data loss protection server, and storing the plurality of documents in a digital asset management server, wherein only a single copy of each document of plurality of documents is stored in the digital asset management server. The method also includes sending a query to the digital asset management server from the data loss protection server, and receiving a query response by the data loss protection server from the digital asset management server, the query response including at least one document file. The method further includes creating a digital fingerprint of the at least one document file by the data loss protection server.12-20-2012
20120278617Method and System for Establishing a Trusted and Decentralized Peer-To-Peer Network - The present invention offers a new and improved method and system to establish a trusted and decentralized peer-to-peer network for: the sharing of computer files between and among computing devices; trusted chat sessions; and for other applications of trusted peer-to-peer networks.11-01-2012
20120278616System and Method for Securely Decrypting Files Wirelessly Transmitted to a Mobile Device - A method is provided for securely decrypting files that are wirelessly sent to a mobile device. A mobile device typically has a wireless interface, such as a cellular telephone or WiFi interface that can be used to accept an encrypted file from a first remote device. A decryption key representation is accepted from a second remote device via a personal proximity interface which can be a camera, microphone, or near-field radio frequency (RF) detector. In one aspect, the first device can, for example, be a multi-functional peripheral (MFP), a network server, or a computer. In another aspect, the first and second devices can be the same device, such as an MFP or a computer. A mobile device conversional application converts the decryption key representation to a digital decryption key, and the digital decryption key is then used to decrypt the encrypted file.11-01-2012
20110276799PERSONAL COMMUNICATION SYSTEM HAVING INDEPENDENT SECURITY COMPONENT - A personal communication system (PCS) incorporates a secure storage device, which includes a device processor, a CPU interface, and a system interface, a storage means and a removable storage media component. The device processor is communicably connected to the CPU of the PCS through the CPU interface, which exclusively enables communications between the device processor and the CPU. The system interface enables the device processor to manage one or more hardware components of the PCS. A network interface is also included to enable the device processor to communicate over a network with select file servers to the exclusion of other file servers. The storage means is communicably connected to the device processor and includes first and second designated storage sections. The device processor has read-write access to both storage sections and gives the CPU read-only access to the first storage section and read-write access to the second storage section.11-10-2011
20130173916SECURE STORAGE SYSTEM FOR DISTRIBUTED DATA - The present invention relates to a system for distributed data storage that ensures the safety of the user data. In particular, the system of the present invention provides that the data stored in a cloud storage service are encrypted and their cryptographic keys are created from a remote device. In the context of the present invention, cloud is a set of servers that form an online service over the Internet, these servers are invisible to the user of the service pretending they form only a single server, thus forming a “cloud servers”. These keys will be divided and stored in cloud storage part and part on other devices.07-04-2013
20130179684ENCRYPTED DATABASE SYSTEM, CLIENT TERMINAL, ENCRYPTED DATABASE SERVER, NATURAL JOINING METHOD, AND PROGRAM - A client terminal is provided with a column encryption unit that, from an encryption key, a table identifier, and a column identifier, generates a column private key, a column public key, and a comparison value, from which the unit generates a concealed comparison value and a ciphertext, encrypting a particular column; and an encrypted table natural joining request unit that issues a natural joining request text that requests natural joining with regards to columns encrypted from the encryption key, the table identifier, and the column identifier. The natural joining request text contains as a table joining key the column private key generated by a group of generating elements and the encryption key from the table identifier of a first and second table and the column identifier of an a-th column and a b-th column. An encrypted database server executes natural joining using the table joining key, and returns the results.07-11-2013
20130124861SHIELDING A SENSITIVE FILE - An apparatus for shielding a sensitive file includes a client computer having various units. An encryption-decryption unit performs a cryptographic operation on the sensitive file with a cryptographic key, which corresponds to the encryption key ID. An encryption key ID is associated with the sensitive file. A key storing unit stores the cryptographic key. A compliance requirements storing unit stores security compliance requirements from the server computer, which define a plurality of compliant operating conditions of the client computer. A security requirements monitoring unit determines whether the client computer complies with the security compliance requirements in response to a file access instruction for the sensitive file by application software, and passes the cryptographic key from the key storing unit to the encryption-decryption unit in response to a determination that the client computer complies with the security compliance requirements.05-16-2013
20110213971METHOD AND APPARATUS FOR PROVIDING RIGHTS MANAGEMENT AT FILE SYSTEM LEVEL - An approach is presented for providing rights management at file system level. A virtual file system rights management application receives a request to access a protected file. The rights management application binds the access request to the protected file in the file system, determines credentials associated with the request for accessing the protected file according to the binding and causes, at least in part, verification of the credentials according to a rights management system associated with the protected file. Based, at least in part, on the determination, the rights management application causes decryption of the protected content.09-01-2011
20110231658System, method and apparatus for controlling the dissemination of digital works - A system, business methodology and apparatus for facilitating controlled dissemination of digital works is disclosed. An audio and video organizer, entertainment, and communication unit that plays back audio and video media content received from a central storage server. The unit relies on a smartcard, which has a personalized key that unlocks encrypted content. Using the unit, a user can purchase music or other types of media using a appropriate ordering method. The central storage server then transmits a double-encrypted, compressed audio file to the unit, where it is decrypted based on the smartcard key, and available for listening.09-22-2011
20110238983NETWORK INTEGRITY MAINTENANCE - A device removal system securely removes an item of content or a device from a content-protected home network. An authorization table maintains a list of devices in the content-protected home network in addition to removed devices. The authorization table also maintains a list of deleted content. Through management of various cryptographic keys and techniques, devices and content will not play on a content-protected home network after they have been removed. A secret network ID reduces the possibility of unauthorized playing of content on the content-protected home network. A web server may join the content-protected home network as a device, providing backup for the secret network ID. Otherwise, the device manufacturer will provide the secret network ID in case of a device failure. Storing a verification value in each device ensures integrity of critical cryptographic values. This verification value is compared to network values to ensure network values have not been corrupted.09-29-2011
20130151850Auto File Locker - Novel tools and techniques to provide an online file locker system. Some such tools can employ a USB memory drive, a residential gateway, and/or a data server over a network. In some cases, when the USB memory drive is inserted into a USB port of the RG, data stored on the USB memory drive is automatically uploaded to, and/or synchronized with data stored on, the data server, which is in communication with the RG over the network. In other cases, data deletion is accomplished in a similar manner, for example, upon removal of the USB drive and/or upon detection of files deleted from the USB drive.06-13-2013
20120284510BONDING CONTENTS ON SEPARATE STORAGE MEDIA - Local storage on player instruments provides the ability for adding further amendments and most recent supplements to the optical disc content. A problem arising with this technically applicable possibility is the protection of copyrights bound to disc and supplement data. The present invention describes a technique to ensure a security framework that is able to handle this, by creating a virtual file system (VFS) by merging optical disc data and local storage data based upon a common identifier.11-08-2012
20130185555SYSTEM AND METHOD FOR SECURE ERASE IN COPY-ON-WRITE FILE SYSTEMS - Disclosed herein are systems, methods, and non-transitory computer-readable storage media for a delayed secure deletion of files from a copy-on-write file system. A system configured to practice the method receives a change to a file, writes a copy of the file in a first block of a storage device, the copy including the change, determines whether the change meets a predetermined condition, adds an entry into a delayed secure deletion list when the change triggers the predetermined condition, the entry storing an address associated with the first block, and deletes the first block when another change to the file is received, wherein the another change triggers another predetermined event.07-18-2013
20130159708SYSTEM AND METHOD FOR THE PROVISION OF MULTIMEDIA MATERIALS - A method for enabling the storage, distribution, and use of associated text and media files comprises a webpage interface coupled to an information and support system, an account creation and login system, a user media storage system, a solicitation assistance and user matching system, a solicitation and collaboration agreement system, a media collaboration and project creation system, and a product gallery and sales system. Means are provided for a user to gain access to the inventive systems through an Internet connection on a local user computing device. In accordance with the invention, information is input into a database storage medium coupled to an operator system computing device which then combines the information into an augmented text-media file output. The inventive systems also distribute augmented text-media file output products to users of the inventive systems through a webpage interface system.06-20-2013
20110314277ELECTRONIC AUTHORIZATION SYSTEM AND METHOD - An electronic authorization system comprising a data source system configured to transmit transaction data. A secure data system is coupled to the data source system over an open network, the secure data system is configured to receive the transaction data from the data source system, generate a unique encrypted identifier for the transaction data and to transmit the unique encrypted identifier to the data source system. The data source system is configured to receive the unique encrypted identifier and replace payment card data associated with the transaction data in a database with the unique encrypted identifier.12-22-2011
20110314276Communication verification system - A communication system verifying the source of a file. The system uses a first link between a sending computer and an authorizing computer which contains a request for a PIN associated with the intended receiving computer. This PIN is returned to the first computer via a second link which permits the sending computer to properly communicate in an encrypted manner with the receiving computer. An alert or notice is sent to the receiving computer by the authorizing computer to further verify the authenticity of the file being sent to the receiving computer from the sending computer.12-22-2011
20110314275MANAGING ENCRYPTION KEYS - Methods, apparatus, and articles of manufacture to manage encryption keys are disclosed. An example method to manage encryption keys includes obtaining data including a private key, determining that the data cannot be read according to a first format by attempting to read the data in the first format, in response to determining that the data cannot be read according to the first format, accessing the private key by reading the data according to a second format different from the first format, and converting the data from the second format to a third format.12-22-2011
20120297188PROVIDING MULTIPLE LAYERS OF SECURITY TO FILE STORAGE BY AN EXTERNAL STORAGE PROVIDER - A method that may include detecting, by a processor of a computing device, a network communication regarding transmission of a file to an external storage provider. The method may include causing encryption of the file to obtain an encrypted file, and associating authorization information with the encrypted file. The authorization information may include one or more restrictions on access to the encrypted file. The method may include transmitting the encrypted file to the external storage provider, and intercepting a request for access to the file. The method may include identifying requestor information regarding a requestor associated with the request, and determining, using the requestor information and a portion of the authorization information, that the requestor is authorized to access the encrypted file. The method may include causing decryption of the encrypted file to obtain the original file, and providing, to the requestor, by the processor, access to the original file.11-22-2012
20130205135SYSTEM AND METHOD OF STORING DATA - There is a system and method for storing data of others using a processor and a memory device. The system includes an account module configured to manage a plurality of accounts, each account associated with an entity. The system includes an avatar module configured to permit entities to generate avatars for their accounts, wherein an avatar associates data with an account that is not required to be consistent with the account and not required to be consistent with data in other avatars of that same account. The system includes a transaction module configured to facilitate a plurality of transactions using trusted entity data. The system includes an encryption module configured to encrypt, using a processor, the transaction data with a plurality of paired half-keys.08-08-2013

Patent applications in class File protection