A computer of a data processing system includes a software encryption engine and path circuitry that initially provides one or more paths for conveying data of storage I/O requests to and from a storage device, the paths including an encrypting path having a hardware encrypting component. According to a failover technique, in a first operating state, (a) the data of the storage I/O requests is conveyed via the encrypting path with encryption and decryption of the data being performed by the hardware encrypting component, and (b) monitoring is performed for occurrence of an event indicating that the hardware encrypting component has become unavailable for encrypting and decrypting the data of the storage I/O requests. Upon occurrence of the event, if the path circuitry provides a non-encrypting path for conveying the data of the storage I/O requests to and from the storage device, then operation is switched to a second operating state in which the data of the storage I/O requests is conveyed via the non-encrypting path and is encrypted and decrypted by the software encryption engine. A failback technique provides for reverting to hardware-assisted encryption under proper circumstances.

In an embodiment, a method and system for responding to receipt of an identifier of a first member having an account in an online social network is disclosed herein. One or more members connected to the first member are determined based on a same web browser identifier associated with each of the first member and the one or more members. There is caused to be displayed one or more graphical elements, such as a first graphical element visually depicting a connection between the first member to each of the respective one or more members and a second graphical element visually depicting account information and account access information of the first member and the one or more members.

Systems and methods that efficiently combine multiple wireless networks or devices resulting in faster, more reliable, and more secure mobile Internet. A Virtual Private Network (VPN) service application is operated to route outgoing and incoming data packets of a mobile device. The mobile device is (i) either coupled to a remote server through the VPN service application for data packets transfer between the remote server and the mobile device or (ii) performs cross-layer translation for data packets transfer between the mobile device and direct target hosts on the Internet. Concurrently using multiple channels secures data packets transfer by sending encrypted data packets over multiple channels and receiving the encrypted data packets by a single apparatus. Data packets are designated to be transferred via a Wi-Fi channel or a cellular channel, and then transferred using both the Wi-Fi channel and the cellular channel.

A method of conferring security trust and privileges between proximally positioned devices in the presence of a root trust device includes configuring a microprocessor to activate at least one wireless communications module to receive a unique environmental signal (UES) and a proximally positioned device's unique device identifier (UDI) in response to detecting a threshold charge capacity in a battery during its initial charging, imprinting a primary device asymmetric key pair, the UDI, and the UES as a primary device pairing event, transmitting a primary device certificate to the proximally positioned device, encrypting device content on the proximally positioned device by multiplexing a device content signal with an asymmetric key, and decrypting the device content on another proximally positioned device using a corresponding asymmetric key from a shared certificate while in the presence of the root trust device.

According to one embodiment, an electronic device includes a content transmitter. The content transmitter is configured to output a content item including first data and second data to one transmission path, by applying a first copyright protection system to copyright protection of the first data and applying a second copyright protection system to copyright protection of the second data. The first copyright protection system involves encryption of data to be copyright-protected. The second copyright protection system involves no encryption of data to be copyright-protected.

A method and apparatus to enable a user to send an action message including secure credential is described. The system comprises a receiving logic to receive the action message from a user, a repository including encrypted user-specific data, and an agent to access a resource through a network, the agent directed as specified by a connector object invoked by the action message. The agent further comprises logic to utilize the encrypted user-specific data from the repository to log into the resource through the network, and in one embodiment, action logic to perform one or more actions as instructed by the connector invoked by the action message. The agent further comprises, in one embodiment, extraction logic for extracting information resulting from of the agent's access to the data resource specified by the connector, and communication logic to communicate a result to the user or to another agent for further use.

A computer receives a request for protected user data with an access token presented by a client as authorization for the client to access the protected user data in a delegated environment. The computer parses the request to create a device fingerprint identifying the device submitting the request for the client. The computer compares the device fingerprint of the request to a previously stored device fingerprint of an authorized device associated with the access token. The computer automatically determines whether to identify the access token as potentially misappropriated based on the comparison of the device fingerprint of the request to the previously stored device fingerprint.

Described herein are methods, systems, and software for encrypting and erasing data objects in a content node. In one example, a method of operating a content node that caches content divided into one or more data objects includes encrypting the one or more data objects using separate encryption keys for each of the one or more data objects, the separate encryption keys comprising a common portion shared by the one or more data objects and an individualized portion unique to each data object. The method further provides receiving a purge request to erase at least one data object and, responsive to the purge request, erasing at least one of the common portion or the individualized portion for the at least one data object based on the purge request.

According to an embodiment, a biometric reference information storage apparatus transmits, to the biometric reference information certificate generation apparatus, a biometric authentication context including the challenge information, the hash value of the biometric reference information, and a first digital signature. The biometric reference information certificate generation apparatus verifies the challenge information and the first digital signature. The biometric reference information certificate generation apparatus transmits a biometric reference information certificate to the biometric reference information storage apparatus. The biometric reference information storage apparatus writes the biometric reference information and the biometric reference information certificate in a storage module.

A system for providing access to the internet, comprises a network of routers (R) hereinafter designated “new routers”) wherein each new router (R) has a CPU (112) that has, or is associated with, a public area (142) that allows simultaneous access to the new router's CPU by more than one user account. The system is so arranged that a pre-registered user with a user account identified by an identifier, typically a user name and/or password, can access the internet from any new router (R) in the network by connecting to the public area (142) of the new router's CPU (112) and entering the account identifier of the pre-registered user account.