Category Archives: Encryption
Meta, Twitter, Apple, Google urged to up encryption game in post-Roe America – The Register
Facebook, Twitter, Google, Apple, and others today faced renewed pressure to protect the privacy of messaging app users seeking healthcare treatment.
Now that America has entered its post-Roe era, in which more than a dozen states have banned abortion, digital rights advocacy group Fight for the Future has called on tech companies to implement strong on-by-default end-to-end encryption (E2EE) across their messaging services to secure users' communications, and prevent conversations from being shared with police and others.
Crucially, campaigners want to ensure that people's chats discussing procedures outlawed at the state level can't be obtained by the cops and used to build a criminal case against them.
"When our messages are protected from interlopers, we can communicate freely, without the fear of being watched," said Caitlin Seeley George, Fight for the Future's campaigns and managing director, in a statement.
Tech companies are throwing their users to the wolves by allowing company employees, cops, and other third parties to access unprotected messages
"After the reversal of Roe v. Wade and with more rights cutbacks on the way, tech companies are throwing their users to the wolves by allowing company employees, cops, and other third parties to access unprotected messages."
In theory, E2EE should prevent anyone other than the two (or more) people involved in the private conversation from accessing its contents. This means that, for example, if the Facebook chats between a Nebraska teen daughter and her mom about an abortion had instead happened on a service like Signal or Meta's WhatsApp, both of which use E2EE by default, then Meta, even when served with a subpoena to turn over the private conversations, would not have been able to access their contents.
Meta, for its part, has committed to enabling default E2EE on both Messenger and Instagram "sometime in 2023," according to Meta spokesperson Alex Dziedzan.
Right now, customers have the option to enable the optional feature on both services, he added.
"The challenge for us is twofold," Dziedzan told The Register. "It's a technical one as well as a human-rights one."
Meta delivers 160 billion messages everyday across its Messenger, Instagram, and WhatsApp services, he said."Considering the size and scale, we can't afford to create a situation where messages get lost or the system falls down," Dziedzan said.
The second element, he added, addresses human rights. "How do we build end-to-end encryption in a thoughtful, critical manner? Are we building tools with enough safety for people, so they have the ability to block people? It's a massive engineering task it's not just flipping a switch," Dziedzan said.
Massive engineering task is right: Facebook staff aren't even sure where exactly people's data is stored, due to the sprawling distributed nature of the social network, which is used by billions of people every month.
Aside from Meta, none of the other messaging services responded to The Register's inquiries about their plans for E2EE.
This includes Twitter, which hasn't announced plans to implement encryption. This year it emerged that Twitter had suffered a security snafu that exposed Twitter account IDs linked to phone numbers and email addresses of a reported 5.4 million users. And, more recently, its former security boss alleged that about half of Twitter's roughly 10,000 staff have access to live production systems and user data, and that some staff quietly installed spyware on their computers on behalf of foreign intelligence.
Apple also did not respond to The Register's questions. While iMessage texts are end-to-end encrypted by default when sent between iPhones, messages between iPhone and Android devices don't use E2EE.
Google has called on Apple to "fix texting" by adopting Rich Communications Services (RCS), a protocol used by most mobile industry vendors but not the iPhone maker. So far that campaign hasn't worked.
RCS originally did not include E2EE, but Google Messages added support in late 2020; Group messages got E2E encryption this year. Google Chat, however, is not end-to-end encrypted.
Discord, which also does not use E2EE for messaging, did not respond to The Register's unencrypted requests for comments, either.
A Slack spokesperson, in an email to The Register, noted that while not E2EE, it does encrypt data at rest and data in transit.
"We also offer EKM (Enterprise Key Management), a security add-on for Slack Enterprise Grid that allows organizations to manage their own encryption keys using Amazon Key Management Service (KMS)," the spokesperson wrote.
"Slack will not share customer data with government entities or third parties unless we're legally obligated to do so and we make it our practice to challenge any unclear, overbroad, or inappropriate requests."
Go here to read the rest:
Meta, Twitter, Apple, Google urged to up encryption game in post-Roe America - The Register
Patent Issued for Homomorphic encryption in a healthcare network environment, system and methods (USPTO 11431687): Nanthealth Inc. – Insurance News…
2022 SEP 21 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- A patent by the inventors Kupwade-Patil, Harsh (Plano, TX, US), Seshadri, Ravi (Plano, TX, US), Soon-Shiong, Patrick (Culver City, CA, US), Witchey, Nicholas J. (Laguna Hills, CA, US), filed on May 27, 2021, was published online on August 30, 2022, according to news reporting originating from Alexandria, Virginia, by NewsRx correspondents.
Patent number 11431687 is assigned to Nanthealth Inc. (Culver City, California, United States).
The following quote was obtained by the news editors from the background information supplied by the inventors: The background description includes information that may be useful in understanding the present disclosure. It is not an admission that any of the information provided herein is prior art or relevant to the disclosure, or that any publication specifically or implicitly referenced is prior art.
The healthcare industry is going through a digital revolution stimulated in part by the American Recovery and Reinvestment Act of 2009. Modernizing healthcare has led to a new age of digital health and wellness, in which healthcare data is collected from disparate sources (e.g., sensors connected to patients), and stored in disparate healthcare clouds (e.g., private, community and public clouds). Moreover, the volume of agglomerated healthcare data is large enough to qualify as big data. As healthcare clouds become a prominent feature in the healthcare industry, there is a greater need for securely sharing patient information across such disparate healthcare clouds. Furthermore, with Accountable Care Organizations (ACOS) (e.g., healthcare care providers such as doctors, hospitals and insurance providers) coming together to provide high-quality care in a cost-effective manner, demand for seamless connectivity across the healthcare clouds is greater than ever. A simplified patient-centric model is desirable where patients can change providers and still share their information in a timely manner, for better diagnosis and treatment, and eventually for improved global health.
At present, healthcare providers who host sensitive patient data in private healthcare clouds across the globe are hesitant to share that information because of security and privacy issues. As healthcare providers move to community and public cloud based services, a need for secure interaction between disparate healthcare clouds increases. Furthermore, security regulations imposed by Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) place an onerous task on healthcare Information Technology (IT) infrastructure to be compliant with privacy and security regulations. In addition, with emerging Internet of Things (IoT) market and its integration in the big data cloud platform, there is increased concern about security and privacy with the healthcare cloud paradigm.
In addition to the background information obtained for this patent, NewsRx journalists also obtained the inventors summary information for this patent: Apparatus, systems and methods for homomorphic encryption in a healthcare network environment is provided and includes receiving data at a data custodian server in a plurality of formats from various data sources, encrypting the data according to a homomorphic encryption scheme, receiving a query at the data custodian server from a data consumer device concerning a portion of the encrypted data, initiating a secure homomorphic work session between the data custodian server and the data consumer device, generating a homomorphic work space associated with the homomorphic work session, compiling, by the data custodian server, a results set satisfying the query, loading the results set into the homomorphic work space, and building an application programming interface (API) compatible with the results set, the API facilitating encrypted analysis on the results set in the homomorphic work space.
Various objects, features, aspects and advantages of the subject matter will become more apparent from the following detailed description of preferred embodiments, along with the accompanying drawing figures in which like numerals represent like components.
The claims supplied by the inventors are:
1. A system for developing predictive algorithms using private healthcare data, the system comprising: a data custodian including an encrypted database distributed among a plurality of storage devices, the encrypted database storing a disease registry including homomorphically encrypted concomitancy and comorbidity data of a plurality of patients; and a user device operable to access the data custodian over a cloud network, retrieve a subset of the homomorphically encrypted concomitancy and comorbidity data, and execute a predictive analytics model on the retrieved data, wherein, in response to the user device accessing the data custodian over the cloud network, the data custodian instantiates a homomorphic work space (HWS) that has access to the homomorphically encrypted concomitancy and comorbidity data stored in the encrypted database, wherein the data custodian provides the user device with access to the HWS via an API, wherein the API translates a query from the user device, the subset of the homomorphically encrypted concomitancy and comorbidity data being pulled from the encrypted database and inserted into the HWS in response to the translated query, wherein the query comprises an unstructured keyword query.
2. The system of claim 1, wherein, in response to the user device accessing the data custodian over the cloud network, the data custodian provides a public cryptographic key to the user device, the public cryptographic key having a corresponding private cryptographic key to the HWS.
3. The system of claim 1, wherein, in response to the user device accessing the data custodian over the cloud network, the data custodian generates a structured encrypted vector from the subset of the homomorphically encrypted concomitancy and comorbidity data and sends the structured encrypted vector and the API to the user device.
4. The system of claim 1, wherein the HWS is instantiated only at the data custodian.
5. The system of claim 1, wherein the HWS comprises a virtual memory space distributed across one or more memory locations.
6. The system of claim 1, wherein the HWS is built on top of homomorphic encryption primitives from a homomorphic encryption library.
7. The system of claim 1, wherein, in response to the user device accessing the data custodian over the cloud network, the data custodian constructs a symmetric cryptographic session.
8. The system of claim 1, wherein, in response to the user device accessing the data custodian over the cloud network, the data custodian creates a query-specific vector space with a vector containing the subset of the homomorphically encrypted concomitancy and comorbidity data.
9. The system of claim 1, wherein the data custodian authenticates one or more anonymized operations performed on the homomorphically encrypted concomitancy and comorbidity data by the user device.
10. The system of claim 1, further comprising a patient device operable to define a set of permissions authorizing the retrieval of the subset of the homomorphically encrypted concomitancy and comorbidity data by the user device.
11. The system of claim 1, wherein the data custodian decrypts a result of the predictive analytics model and sends the decrypted result to the user device.
12. The system of claim 1, wherein the API includes homomorphic encryption primitives from a homomorphic encryption library.
13. A method of supporting the development of predictive algorithms using private healthcare data, the method comprising: storing a disease registry including homomorphically encrypted concomitancy and comorbidity data of a plurality of patients in an encrypted database of a data custodian, the encrypted database being distributed among a plurality of storage devices; and, in response to a user device accessing the data custodian over a cloud network, providing a subset of the homomorphically encrypted concomitancy and comorbidity data to the user device for execution of a predictive analytics model on the provided data and instantiating a homomorphic work space (HWS) that has access to the homomorphically encrypted concomitancy and comorbidity data stored in the encrypted database, wherein the data custodian provides the user device with access to the HWS via an API, wherein the API translates a query from the user device, the subset of the homomorphically encrypted concomitancy and comorbidity data being pulled from the encrypted database and inserted into the HWS in response to the translated query, wherein the query comprises an unstructured keyword query.
14. A non-transitory computer readable storage medium on which are stored instructions executable by a processor to perform operations for supporting the development of predictive algorithms using private healthcare data, the operations comprising: storing a disease registry including homomorphically encrypted concomitancy and comorbidity data of a plurality of patients in an encrypted database of a data custodian, the encrypted database being distributed among a plurality of storage devices; and, in response to a user device accessing the data custodian over a cloud network, providing a subset of the homomorphically encrypted concomitancy and comorbidity data to the user device for execution of a predictive analytics model on the provided data and instantiating a homomorphic work space (HWS) that has access to the homomorphically encrypted concomitancy and comorbidity data stored in the encrypted database, wherein the data custodian provides the user device with access to the HWS via an API, wherein the API translates a query from the user device, the subset of the homomorphically encrypted concomitancy and comorbidity data being pulled from the encrypted database and inserted into the HWS in response to the translated query, wherein the query comprises an unstructured keyword query.
15. A system for developing predictive algorithms using private healthcare data, the system comprising: a data custodian including an encrypted database distributed among a plurality of storage devices, the encrypted database storing a disease registry including homomorphically encrypted concomitancy and comorbidity data of a plurality of patients; and a user device operable to access the data custodian over a cloud network, retrieve a subset of the homomorphically encrypted concomitancy and comorbidity data, and execute a predictive analytics model on the retrieved data, wherein, in response to the user device accessing the data custodian over the cloud network, the data custodian instantiates a homomorphic work space (HWS) that has access to the homomorphically encrypted concomitancy and comorbidity data stored in the encrypted database, wherein the data custodian provides the user device with access to the HWS via an API, wherein, in response to the user device accessing the data custodian over the cloud network, the data custodian generates a structured encrypted vector from the subset of the homomorphically encrypted concomitancy and comorbidity data and sends the structured encrypted vector and the API to the user device.
16. The system of claim 15, wherein the API translates a query from the user device, the subset of the homomorphically encrypted concomitancy and comorbidity data being pulled from the encrypted database and inserted into the HWS in response to the translated query.
17. The system of claim 15, wherein, in response to the user device accessing the data custodian over the cloud network, the data custodian provides a public cryptographic key to the user device, the public cryptographic key having a corresponding private cryptographic key to the HWS.
18. The system of claim 15, wherein the HWS is instantiated only at the data custodian.
19. The system of claim 15, wherein the HWS comprises a virtual memory space distributed across one or more memory locations.
20. The system of claim 15, wherein the HWS is built on top of homomorphic encryption primitives from a homomorphic encryption library.
21. The system of claim 15, wherein, in response to the user device accessing the data custodian over the cloud network, the data custodian constructs a symmetric cryptographic session.
22. The system of claim 15, wherein, in response to the user device accessing the data custodian over the cloud network, the data custodian creates a query-specific vector space with a vector containing the subset of the homomorphically encrypted concomitancy and comorbidity data.
23. The system of claim 15, wherein the data custodian authenticates one or more anonymized operations performed on the homomorphically encrypted concomitancy and comorbidity data by the user device.
24. The system of claim 15, further comprising a patient device operable to define a set of permissions authorizing the retrieval of the subset of the homomorphically encrypted concomitancy and comorbidity data by the user device.
25. The system of claim 15, wherein the data custodian decrypts a result of the predictive analytics model and sends the decrypted result to the user device.
26. The system of claim 15, wherein the API includes homomorphic encryption primitives from a homomorphic encryption library.
There are additional claims. Please visit full patent to read further.
URL and more information on this patent, see: Kupwade-Patil, Harsh. Homomorphic encryption in a healthcare network environment, system and methods. U.S. Patent Number 11431687, filed May 27, 2021, and published online on August 30, 2022. Patent URL: http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PALL&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.htm&r=1&f=G&l=50&s1=11431687.PN.&OS=PN/11431687RS=PN/11431687
(Our reports deliver fact-based news of research and discoveries from around the world.)
It Can Take Three Appeals to Make a Claim Construction Go Rightor Three Bites by Apple – Lexology
In a nonprecedential opinion on remand from the US Court of Appeals for the Federal Circuit and a US Patent & Trademark Office (PTO) Director-granted request for review, the Patent Trial & Appeal Board (Board) reconstrued claim terms it had previously construed in consideration of the patent specification, prosecution history and Federal Circuit construction of similar terms in a related case. Apple Inc. v. Personalized Media Communications, LLC, IPR2016-00754, IPR2016-01520 (P.T.A.B. Sept. 8, 2022) (Turner, APJ.)
In March 2016, Apple filed a petition to institute an inter partes review (IPR) against a patent (635 patent) owned by Personalized Media Communications, LLC (PMC). After PMC filed its Patent Owner Preliminary Response (POPR), the Board instituted the IPR on some, but not all, of Apples requested grounds. Per Board procedure, PMC filed its Patent Owner Response (POR) and a contingent motion to amend its patents claims. In response, Apple filed a reply and an opposition to the contingent motion, and PMC filed a reply to Apples opposition. After oral argument the Board issued a Final Written Decision (754-FWD) finding all challenged claims unpatentable and denying the contingent motion to amend. PMC first sought rehearing of the Boards decision and, after rehearing was denied, appealed the Boards decision to the Federal Circuit.
Similarly, in July 2016, Apple filed another petition against the same PMC patent. After considering PMCs POPR, the Board instituted an IPR on some of Apples requested grounds. PMC again filed a POR and a contingent motion to amend, to which Apple filed a reply and opposition (to which PMC filed its reply and Apple a sur-reply). Again, the Board held an oral hearing and issued a Final Written Decision (FWD) finding all challenged claims unpatentable and denying the contingent motion to amend. PMC again sought rehearing of the Boards decision and, after rehearing was denied, appealed the Boards decision to the Federal Circuit.
On appeal of each proceeding, PMC moved, and the Federal Circuit granted remand in light of and consistent with the 2021 Supreme Court decision in U.S. v. Arthrex, Inc., where a five-justice majority found that the appointment of Board administrative patent judges was unconstitutional and a seven-justice majority concluded that the remedy was to vest the PTO Director with authority to overrule Board decisions.
On remand to the PTO, PMC filed a request for director review, which the Commissioner for Patents (performing the functions and duties of the PTO Director) granted. The Commissioners Granting Order agreed with PMCs argument that the Board, in these two cases, had construed the claim terms encrypted and decrypted in a manner that could include scrambling and descrambling operations on digital information, but could also include on analog information and was inconsistent with the Federal Circuits partial reversal of the Boards construction in yet another IPR proceeding (755-IPR regarding another related PMC patent) between Apple and PMC. As to the related patent IPR, the Federal Circuit ultimately construed encrypted digital information transmission including encrypted information as limited to digital information. The Commissioner vacated both of the subject FWDs and remanded for the Board to address its claim constructions in light of the Federal Circuits decision in the related patent IPR.
After remand, the Board set a briefing schedule for the parties to argue the applicability of the grounds identified above in view of the claim construction set forth by the U.S. Court of Appeals for the Federal Circuit. Apple argued that the term that the Federal Circuit construed as to the related patent is different from the claim terms recited in the subject IPRs and the FWDs at issue. Apple also argued that the Federal Circuit explicitly did not limit the basic concepts of encryption and decryption to digital-only operations, and thus altering the construction to be digital-only would be flatly inconsistent with the Federal Circuits holding and reasoning. Apple further argued that certain claims (and the art cited against them) already recite all-digital requirements, that other claims do not recite the disputed term and should not be affected, and that all but one of the challenged claims are unpatentable even under PMCs alternative constructions. PMC argued that Apple had agreed then that even under the Federal Circuits construction [at least] claim 3 of the subject patent would survive, and more broadly argued that Apple misread the Federal Circuits decision and that the Court did not reject the Boards construction of decrypt or re-construe that term (emphasis in original).
The Board saw its task as quite clear: To issue new final written decisions that address the Federal Circuits claim construction in the appeal of the [related patent] IPR/FWD. The Board gave weight to the fact that the subject patent and the related patent are both continuation applications of the same patent, and thus share the same specification. Deeming that it would be myopic to construe only the identical claim term to those resolved by the Federal Circuits decision, the Board considered that even the Courts decision referenced that the claim language itself did not preclude PMCs interpretation nor compel the Boards interpretation and that, based on multiple characteristics, the two constructions were equally plausible in view of the claim language.
However, just as in the other case where the Federal Circuit considered the prosecution history of the related patent and determined that certain statements did not reach the level of disavowal to inform the claim construction (e.g., the applicant repeatedly and consistently voiced its position that encryption and decryption require a digital process in the context of the patent and never abandoned that position), and with deference to the Granting Orders note that [t]he Boards claim construction analysis for the terms encrypted and decrypted in the cases is substantially similar to the Boards related analysis of the term encrypted digital information transmission including encrypted information at issue in the Federal Circuit case, the Board on remand reconstrued the claim terms. With acknowledgment of both parties arguments and citations to the specification and prosecution history, the Board construed the claim terms decryption, encryption and related terms to be applicable to digital signals, exclusive of scrambling and descrambling, unless the context of the claim makes clear that the decryption and/or encryption process is performed on an analog or a mixed analog and digital signal.
Applying this construction, and after reviewing anew the record developed during trial and considering the Federal Circuits construction, the Board on remand found that Apple had sufficiently met its burden of persuasion such that considering all eight grounds, all but one (claim 3) of the challenged claims of the 635 patent are unpatentable. The Board denied PMCs contingent motions to amend in each case.
Continued here:
It Can Take Three Appeals to Make a Claim Construction Go Rightor Three Bites by Apple - Lexology
Explained in 5 points: WhatsApp chats are end-to-end encrypted, what it means? – India Today
Of late, WhatsApp has been talking a lot about privacy. In fact, the messaging platform recently introduced a range of privacy features like hiding online status, leaving group chat without notifying anyone and a lot more. These features will reach every user very soon, the company has already confirmed. Another privacy feature that WhatsApp has been highlighting since the last several years is "end-to-end encryption".
If you use WhatsApp on a regular basis to connect with your friends and family, you must definitely have come across the term "end-to-end encryption". Now, the question is, what does WhatsApp mean by chats are end-to-end encrypted? and how does this impact users? Let's understand this in 5 simple points.
--The meta-owned messaging platform, WhatsApp, says that all chats exchanged on the platform are protected or "encrypted". In simple words, as per WhatsApp, chats sent or received on the platform are only visible to the sender or receiver of the message and no one else. Not even WhatsApp or its parent company Meta.
--As per WhatsApp, under the end-to-end encryption policy -- all messages, photos, videos, voice messages, documents, status updates and calls exchanged on the platform are secured and can't be accessed by bad actors. End-to-end encryption ensures chats are secured between the sender and receiver of the message and no one, including WhatsApp can access the conversation at any given point.
--WhatsApp says that an end-to-end encryption feature ensures all messages are secured with a lock, and only the recipient and the sender have the special key needed to unlock and read them. This simply means that all your chats with all your contacts are unreadible to everyone other than the sender and receiver of the messages.
--The good thing is, WhatsApp has auto-enabled the end-to-end encryption option for all accounts and no one will need to turn on any special settings to secure their messages. There's also no way to disable the option.
--Recently, there have been a lot many controversies around WhatsApp's end-to-end encryption feature and the Indian government's current IT rules that state, if required, social media platforms such as WhatsApp must have provisions for identification of the first originator of the information. Now, this goes against WhatsApps policies of end-to-end encrypting all messages happening on the platform. When the IT rules were introduced, Meta also challenged the government stating that the guidelines go against the platforms key policies. WhatsApp hasn't yet highlighted how it plans to manage situations when the government asks for details of users and access to personal chats in some instances.
So, if you use WhatsApp to connect with your family and friends, your chats are encrypted and no one can access them. If you fear that someone can login to your mobile phone and read your chats, WhatsApp has a solution for that as well. It allows users to password protect the app and all the chats and media files shared on the platform.
--- ENDS ---
Originally posted here:
Explained in 5 points: WhatsApp chats are end-to-end encrypted, what it means? - India Today
Empress EMS Announces Data Breach Leaking the Sensitive Information of 318,558 People – JD Supra
On September 9, 2022, Empress EMS reported a data breach with the U.S. Department of Health and Human Services Office for Civil Rights after the company was the victim of what appears to have been a ransomware attack. According to Empress EMS, the breach resulted in the names, Social Security numbers, dates of service and insurance information of 318,558 patients being compromised. Recently, Empress EMS sent out data breach letters to all affected parties, informing them of the incident and what they can do to protect themselves from identity theft and other frauds.
News of the Empress EMS comes from the companys official filing with the U.S. Department of Health and Human Services Office for Civil Rights as well as a notice posted on the companys website. According to these sources, on July 14, 2022, Empress EMS detected a network security incident, apparently when some or all of the companys computer system was encrypted. In response, the company reported the incident to law enforcement, secured its systems, and began working with third-party data security experts to conduct an investigation.
The companys investigation confirmed that an unauthorized party first gained access to the Empress EMS system on May 26, 2022 and subsequently copied files from the network on July 13, 2022.
Upon discovering that sensitive consumer data was accessible to an unauthorized party, Empress EMS then reviewed the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, the date you received service from Empress EMS, your Social Security number, and your insurance information.
On September 9, 2022, Empress EMS sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident. According to the U.S. Department of Health and Human Services Office for Civil Rights, these letters were sent out to 318,558 people. Empress EMS is offering all people impacted by the breach with free credit monitoring and is recommending they review their healthcare statements for accuracy and contact their provider if they see services they did not receive.
Founded in 1985, Empress EMS is an ambulance services company based in Yonkers, New York. The company provides 911 emergency medical response transportation to Yonkers and neighboring communities. Additionally, Empress EMS has emergency and non-emergency response contracts throughout Westchester County with districts, hospitals, correctional institutions and private care facilities. Empress EMS employs more than 204 people and generates approximately $17 million in annual revenue.
The Empress EMS filing with the U.S. Department of Health and Human Services Office for Civil Rights did not get into too much detail about the nature of the breach. However, the company provided some additional information in a letter posted on the Empress EMS website. There, the company noted that the data breach was caused by a network incident resulting in the encryption of some of our systems.
Encryption is a process that encodes files, making them inaccessible to anyone without the encryption key (which is usually a password). People encrypt files every day to protect sensitive data from unauthorized access. However, cybercriminals also use encryption when carrying out certain types of cyberattacksusually ransomware attacks.
A ransomware attack is a type of cyberattack that occurs when a hacker or other bad actor installs malware on a companys computer network. Hackers frequently do this by sending a phishing email to an employee in hopes of getting them to click on a malicious link. Once the employee clicks on the link, it downloads the malware onto their computer. The malware then encrypts the files on the computer and may infect other parts of the network. The hackers then send management a message, demanding it pays a ransom if it wants access to its network. Once the company pays the ransom, the hackers decrypt their computer, which ends the attackat least from the companys perspective.
However, more recently hackers have started to threaten to publish any stolen data if a company refuses to pay the ransom. Once on the dark web, cybercriminals can bid on the data, which they can then use to commit identity theft and other frauds. Of course, while companies that are targeted in a ransomware attack are victims in some sense, the real victims of these attacks are the consumers whose information ends up in the hands of those looking to commit fraud.
So, while Empress EMS did not mention the words ransomware attack in its communications, because we know it involved the encryption of the companys system, there is a good chance that this was caused by a ransomware attack.
Companies not only have the resources to pay an occasional ransom, but they also have the ability (and responsibility) to implement strong data security systems designed to prevent these attacks in the first place. Victims of a data breach who would like to learn how to reduce the risk of identity theft or learn about their options to hold the company that leaked their information accountable should contact a data breach lawyer as soon as possible.
If you are one of the more than 318,000 people who were affected by the Empress EMS data breach, it is imperative that you understand what is at stake and how you can mitigate these risks. If you or a loved one received services from Empress EMS and have not yet received a letter, you can review a copy of the letter here.
Continued here:
Empress EMS Announces Data Breach Leaking the Sensitive Information of 318,558 People - JD Supra
keep all your files in a secure cloud with end-to-end encryption – Gearrice
One of the great concerns that any type of user may have when uploading their documents to the Internet is the security of the servers where they are stored. Currently there are many options such as Google Drive or iCloud Drive, but none guarantee maximum security. To do this, the company of the well-known email service that set out to put an end to Gmail, Proton Mail, has officially launched the Proton Drive service with cloud encryption.
As reported by Proton, digital documents contain a lot of confidential information, whether of banking or tax interest. That is why local storage can be used to avoid this risk, sacrificing the convenience of having the files on any device. In this way, the proposed solution is to use Proton Drive which will offer you the possibility to store them securely with end-to-end encryption.
In this case, Proton Drive has an end-to-end encryption system that provides total security. All these have a cryptographic signature on all files and folders to prevent them from being tampered with in an unauthorized manner. Also, the key to be able to decrypt these files is only going to be yours, since not even Proton is going to be able to decrypt them.
the headquarters of the servers are located in Geneva (Switzerland). Although it seems silly, it is really important as the documents are protected by Swiss privacy laws, which are really strict when it comes to dissemination. In this case, they try to resemble the data vault that a Swiss bank has and which is difficult to access, even if there is a court order.
You will be able to access all these features through different ways: application on Android and iOS, as well as in the web version. In this way, it makes it accessible for anyone to freely upload documents from any device and also access them. And all this with the maximum security possible.
Keep in mind that with Proton Drive you have a free base storage of 1 GB. These will allow you to upload mainly important PDF files that have a reduced size, but that may be insufficient. That is why you can use one of the other two plans that are available:
Source | Proton
Read the original here:
keep all your files in a secure cloud with end-to-end encryption - Gearrice
Kingston Unveils Secure USB Drive With Built-In Encryption, IronKey Keypad 200 – guru3d.com
The IronKey Keypad 200 is built with robust protection and flexibility of use in mindoffering XTS-AES 256-bit hardware-based encryption in a feature-rich and OS-independent alphanumeric keypad. KP200 incorporates a built-in rechargeable battery, so users can unlock the drive using the keypad for easy-to-use PIN access, without using software. Once unlocked, users can access their data by plugging the drive into any device that supports USB Type-A Flash storage, making it a plug-and-play device across IT ecosystems.
KP200 is FIPS-140-3 Level 3 (Pending) certified for military-grade security, and the drive's circuitry is coated with tamper-evident, tough epoxy to prevent access to its internal components without damaging them. For another level of protection, the keypad is coated with a protective polymer layer to prevent the analysis of fingerprints on the keys.
KP200 supports a multi-PIN option, allowing the use of separate Admin or User PINs. KP200 locks the User PIN after ten failed login attempts, but if both PINs are enabled the Admin can be used to restore a User PIN and access to the drive. If the Admin PIN itself is incorrectly entered ten times in a row, the built-in Brute Force attack protection will crypto-erase the drive, permanently destroying the data and resetting the device. Additionally, KP200 can safeguard against malware from untrusted systems with two different Read-Only modes, empowering Admin to write-protect the drive during a specific session or globally across all User sessions.
"The Kingston IronKey KP200 is the first drive to successfully pass certification lab testing for the latest FIPS 140-3 Level 3 military-grade security level from NIST," said Richard Kanadjian, encrypted unit manager at Kingston. "With no need for software and ease of use of the keypad, KP200 is the best solution for those looking for flexibility while maintaining the highest-level security for storing sensitive data on the go."
KP200 adds security enhancements for FIPS 140-3 Level 3:
The Kingston IronKey Keypad 200 has available storage capacities ranging from 8 GB to 128 GB and is backed by a limited three-year warranty, with free technical support, and the legendary Kingston reliability.
Kingston IronKey Keypad 200 Features and Specifications:
More here:
Kingston Unveils Secure USB Drive With Built-In Encryption, IronKey Keypad 200 - guru3d.com
Cloud Encryption Gateways Market Innovative Strategy by 2030 – Fighting Hawks Magazine
Latest research study from JCMR including most recent Q1-2021Global Cloud Encryption Gateways Market by Manufacturers, Regions, Type and Application, Forecast to 2021-2029. The Cloud Encryption Gateways Research report presents a complete assessment of the market and contains Future trend, Current Growth Factors, attentive opinions, facts, historical data, and statistically supported and industry validated market data. The Cloud Encryption Gateways study is segmented by products type & Applications. The research study provides estimates for and Cloud Encryption Gateways Market Forecast till 2029
Get Quick Free Sample Copy of Cloud Encryption Gateways Report @:jcmarketresearch.com/report-details/1419657/sample
Key Companies/players: Oracle, IBM, Microsoft, Salesforce, Vormetric, Google, Ciphercloud, Perspecsys, Netscape, Skyhigh Networks
Cloud Encryption Gateways Report Application & Types as follwed:
Market segment by Type, the product can be split into Public Cloud Private Cloud Hybrid CloudMarket segment by Application, split into IT and Telecom BFSI Healthcare Government Education Retail Media and Entertainment Other
The research covers the current & Future market size of the Global Cloud Encryption Gateways market & its growth rates based on 8 year history data. It also covers various types of Cloud Encryption Gateways segmentation such as by geography [China, Japan, Korea, Taiwan, Southeast Asia, India & Australia].The Cloud Encryption Gateways market competition is constantly growing higher with the rise in technological innovation and M&A activities in the Cloud Encryption Gateways industry. Moreover, many local and regional vendors are offering specific application products for varied end-users.On the basis of attributes such as company overview, recent developments, strategies adopted by the Cloud Encryption Gateways market leaders to ensure growth, sustainability, financial overview and recent developments.
Get the crucial Qualitative + Quantitative Cloud Encryption Gateways Report @jcmarketresearch.com/report-details/1419657/Cloud-Encryption-Gateways
Stay up-to-date with global Cloud Encryption Gateways market research offered by JCMR. Check how Cloud Encryption Gateways key trends and emerging drivers are shaping Cloud Encryption Gateways industry growth.global Cloud Encryption Gateways market insights reports covers market characteristics, size and growth, segmentation, regional breakdowns, competitive landscape, shares, trend and strategies for Cloud Encryption Gateways market. The Cloud Encryption Gateways market characteristics section of the report defines and explain the Cloud Encryption Gateways market. The Cloud Encryption Gateways market size section gives the revenues, covering both the historic growth of the Cloud Encryption Gateways market and forecasting the future.
In the Global Cloud Encryption Gateways Industry Market Analysis & Forecast 2021-2029, the revenue is valued at USD XX million in 2021 and is expected to reach USD XX million by the end of 2029, growing at a CAGR of XX% between 2021and 2029. The production is estimated at XX million in 2021 and is forecasted to reach XX million by the end of 2029, growing at a CAGR of XX% between 2021 and 2029.
Get Discount on Cloud Encryption Gateways Report @ jcmarketresearch.com/report-details/1419657/discount
QueriesResolved in Cloud Encryption Gateways report Global Cloud Encryption Gateways Market, 2021by Manufacturers, Regions, Type and Application, Forecast to 2029
What will the Cloud Encryption Gateways market size in 2029 & what will the growth rate?
What are the key Cloud Encryption Gateways market trends?
What is driving Global Cloud Encryption Gateways Market?
What are the challenges to Cloud Encryption Gateways market growth?
Who are the key vendors in Global Cloud Encryption Gateways Market space?
What are the key Cloud Encryption Gateways market trends impacting the growth of the Global Cloud Encryption Gateways Market?
What are the key outcomes of the five forces analysis of the Global Cloud Encryption Gateways Market?
What are the Cloud Encryption Gateways market opportunities and threats faced by the vendors in the Global Cloud Encryption Gateways market? Get in-depth details about factors influencing the Cloud Encryption Gateways market shares of the Americas, APAC, and EMEA?
There are 15 Chapters to display the Global Cloud Encryption Gateways market.
Chapter 1, to describe Definition, Specifications and Classification of Cloud Encryption Gateways, Applications and Market Segments by Regions;
Chapter 2, to analyze the Cloud Encryption Gateways Manufacturing Cost Structure, Raw Material and Suppliers, Manufacturing Process, Industry Chain Structure;
Chapter 3, to display the Cloud Encryption Gateways Technical Data and Manufacturing Plants Analysis of , Capacity and Commercial Production Date, Manufacturing Plants Distribution, Export & Import, R&D Status and Technology Source, Raw Materials Sources Analysis;
Chapter 4, to show the Overall Cloud Encryption Gateways Market Analysis, Capacity Analysis (Company Segment), Sales Analysis (Company Segment), Sales Price Analysis (Company Segment);
Chapter 5 and 6, to show the Regional Cloud Encryption Gateways Market Analysis that includes North America, China, Europe, Southeast Asia, Japan & India, Cloud Encryption Gateways Market Analysis by [Type];
Chapter 7 and 8, to analyze the Cloud Encryption Gateways Market Analysis by [Application] Major Manufacturers Analysis of Cloud Encryption Gateways;
Chapter 9, Cloud Encryption Gateways Market Trend Analysis, Regional Cloud Encryption Gateways Market Trend, Cloud Encryption Gateways Market Trend by Product Types, Cloud Encryption Gateways Market Trend by Applications;
Chapter 10, Cloud Encryption Gateways Regional Marketing Type Analysis, International Trade Type Analysis, Supply Chain Analysis;
Chapter 11, Cloud Encryption Gateways to analyze the Consumers Analysis of;
Chapter 12, to describe Cloud Encryption Gateways Research Findings and Conclusion, Appendix, methodology and data source;
Chapter 13, 14 and 15, to describe Cloud Encryption Gateways sales channel, distributors, traders, dealers, Research Findings and Conclusion, appendix and data source.
Buy this Cloud Encryption Gateways research report @ jcmarketresearch.com/checkout/1419657
Reasons for Buying Cloud Encryption Gateways Report
This Cloud Encryption Gateways report provides pin-point analysis for changing competitive dynamics
Cloud Encryption Gateways provides a forward looking perspective on different factors driving or restraining market growth
Cloud Encryption Gateways provides a 8-year forecast assessed on the basis of how the market is predicted to grow
Cloud Encryption Gateways helps in understanding the key product segments and their future
Cloud Encryption Gateways provides pin point analysis of changing competition dynamics and keeps you ahead of competitors
Cloud Encryption Gatewayshelps in making informed business decisions by having complete insights of market and by making in-depth analysis of market segments
Thanks for reading Cloud Encryption Gateways article; you can also get individual chapter wise section or region wise report version like North America, Europe or Asia.
Find more research reports on Cloud Encryption Gateways Industry. By JC Market Research.
About Author:
JCMR global research and market intelligence consulting organization is uniquely positioned to not only identify growth opportunities but to also empower and inspire you to create visionary growth strategies for futures, enabled by our extraordinary depth and breadth of thought leadership, research, tools, events and experience that assist you for making goals into a reality. Our understanding of the interplay between industry convergence, Mega Trends, technologies and market trends provides our clients with new business models and expansion opportunities. We are focused on identifying the Accurate Forecast in every industry we cover so our clients can reap the benefits of being early market entrants and can accomplish their Goals & Objectives.
Contact Us:https://jcmarketresearch.com/Contact-Details
JC Market Research
Mark Baxter (Head of Business Development)
Phone: +1 (925) 478-7203
Email: sales@jcmarketresearch.com
Read the original:
Cloud Encryption Gateways Market Innovative Strategy by 2030 - Fighting Hawks Magazine
Taking Law Firms to the Next Level With Cloud-Based SaaS – Spiceworks News and Insights
Despite the legal industrys reluctance to fully embrace tech, the legaltech market has grown swiftly. According to Zion Market Research, it was valued at approximately $3,245 million in 2018 and is expected to grow tenfold by 2026. And once more companies in the field realize the value of tech-enabled benefits, others will jump on the bandwagon, too.
But how do you leap cabinets full of folders and clunky Excel sheets? The industrys resistance to innovation has been hampering growth, with disengaged teams with no proper training for handling modern software.
The best way to navigate doubts about going digital and cloud-based is by dispelling myths, showcasing advantages, and sharing the steps needed for a seamless and effective transition. This way, legal firms can confidently launch into the practices future, ready to take on all advantages of using cloud computing software.
Just like in any industry that handles sensitive information, data security is a primary concern for any legal company. In reality, the feeling seems similar to keeping cash under a mattress rather than in the bank over safety matters; even though cyber risks do exist, there is always an effective solution to prevent them. Every software is eventually targeted for cyber threats. Companies and software developers are in charge of implementing their cybersecurity architecture and deciding how many safety barriers they will execute according to their products needs.
Legal software companies usually get certified by implementing policies that assure law firms that their on-cloud activity is protected. Some of these certifications are ISO/IEC 27001 and ISO/IEC 27017. Antivirus, anti-spyware, and hardware firewalls are additional steps a firm can take to safeguard its operations. However, rest assured that with security-certified software, the SaaS providers IT team will vouch for the datas safety.
The security put in place by SaaS operating on the cloud also entails end-to-end encryption, data at rest encryption (when stored on servers), and in transit encryption (while traveling from the client to the providers server). Additionally, some SaaS operate on the cloud through web services, such as Amazon Web Services, which provide them with a platform to run on. These cloud computing services also have security systems; therefore, a law firms data is secured in several different layers.
One of the biggest reasons lawyers stay on the fence about switching to legaltech is cost and ROI hesitation. Often, practices prefer to stick to their old guns to avoid extra costs using cloud-based software; however, knowing how the software will help cut and control expenses is the trick. Though the market slowed down after the pandemic, companies that use this service still reported yearly revenue growth of 32% in 2021.
The most straightforward answer to the cost vs. benefit dilemma is that practice management automation tools used in legal software leverage artificial intelligence (AI). AI enables firms to work more efficiently, avoid missing billed hours, and reduce time spent on repetitive tasks. Using automation allows companies to negotiate accurate prices, showing the time each task takes. Thus, the software expenses will return as better time-tracking, better billing, and more time spent on billable activities.
AI is not just about keeping track of hours and calculating invoices. Another task it supports is document assembly, where tailored documents are generated by filling in basic information, making it an efficient process with little space for human error. And there are also benefits for clients. Automation boosts the client experience as some legal software offers customer relationship management (CRM) with self-service capabilities. This way, clients only need to answer a few questions to complete an entire document.
Moreover, AI takes an extra step to save time and costs with the technology-assisted review (TAR). This subset leverages machine learning (ML) to run complex tasks, and developing these processes requires the help of someone who inputs and regulates the information fed to it. For example, e-Discovery uses ML to find keywords in several documents, rank them by relevancy to the case, and delete duplicates, saving hours and even days of work. It also handles tasks like extracting data from text, identifying mistakes, missing definitions, and legal traps.
TARs heavily rely on predictive coding in ML and AI. Despite being in its early stages, predictive coding also helps filter documents according to tone, context, and concept in just minutes, sparing lawyers time scrutinizing endless files. However, this feature needs extensive tuning to work effectively, making it financially viable for only a few in Big Law. As technology advances, it will become more affordable for smaller law firms to leverage some of these options.
As a preliminary overview, there are several SaaS solutions to choose from with different features and pricing levels. Firms can leverage pricing according to their needs, thanks to legal software providers scalability and price range, making it accessible for practices of all sizes. Likewise, providers must also be clear about the charges and payment options based on the requested services. After weighing these factors, legal firms should make the right call depending on suitable providers and the size of the firms they assist. The switch should be relatively easy when selecting the most convenient option.
Most providers offer a free trial, so the client can test the product to ensure it meets their requirements even before making a decision. Starting with a SaaS solution should take a couple of hours to a few days but no more than that.
A key point of cloud-based SaaS is that they do not require additional server hardware or an in-house IT team, as the SaaS provides these tools on the cloud, saving companies more expenses. These IT teams are not just there to deliver a suitable product for companies but also to assist them with the transition. The process can be rocky, so legal firms should lean on the providers to help every step of the way. Otherwise, the product cannot function properly, and departments that rely heavily on it will be left unsatisfied.
The advantages of SaaS for legal companies are plentiful, and it is up to law firms to examine all of their options and go for the right fit. Legaltech continues to expand and evolve, and with it, new tools will take legal practice to the next level, making the job easier for lawyers in all fields.
Why do you think cloud-based SaaS is the future of legaltech? Let us know your thoughts on LinkedIn, Twitter, or Facebook. We would love to hear from you!
Link:
Taking Law Firms to the Next Level With Cloud-Based SaaS - Spiceworks News and Insights
Comprehensive Analysis on Email Encryption Software Market based on types and application – NewsOrigins
Added A New Report On Email Encryption Software Market That Provides A Comprehensive Review Of This Industry With Respect To The Driving Forces Influencing The Market Size. Comprising The Current And Future Trends Defining The Dynamics Of This Industry Vertical, This Report Also Incorporates The Regional Landscape Of Email Encryption Software Market In Tandem With Its Competitive Terrain.
Theresearch reporton the Email Encryption Software market includes crucial information on recent events that will havean impact on the industry dynamics between 2022 and 2026, thereby assisting stakeholders and investors in making informed decisions. Additionally, it offers a thorough examination of the major market divisions, looks at the problems that rival firms confront, and place particular emphasis on the regional context.
In essence, the study presents a thorough analysis of the regional and competitive environments, along with relevant driving forces. Lastly, the impact of COVID-19 outbreak on this marketplaceisextensively documented.
Request Sample Copy of this Report @ https://www.newsorigins.com/request-sample/61564
Important pointers from COVID-19 impact analysis:
Regional analysis overview
Other crucial aspects in the Email Encryption Software market report:
FAQs
Key insights this study will provide:
Request Customization for This Report @ https://www.newsorigins.com/request-for-customization/61564
See the article here:
Comprehensive Analysis on Email Encryption Software Market based on types and application - NewsOrigins