Abstract: According to one embodiment, a control system includes a first electronic device and a second electronic device connectable to the first electronic device via an audio cable. The first electronic device generates first sound data encoded with status information indicative of a state of the first electronic device, and transmits the first sound data to the second electronic device via the audio cable. The second electronic device receives the first sound data from the first electronic device via the audio cable, acquires the status information by decoding the first sound data, and displays the status information on a screen of the second electronic device.

Abstract: Protecting local key generation using a remote key management service, including: transforming a local secret to generate a transformed local secret; transmitting the transformed local secret to a key management service; and decrypting, based on an encryption key received from the key management service, a data encryption key for encrypting or decrypting local data.

Abstract: Methods and systems for token transfer are described herein. A remote computing device may receive, from a mobile computing device, a public key of a public-private key pair. The public key may be associated with a first application of the mobile computing device. The first application may be configured to send credentials to a second application of the mobile computing device. The second application may be isolated from other applications executable on the mobile computing device. The remote computing device may receive, from the first application, a token. The token may have been previously issued to the first application and may have been encrypted, using the public key, by the first application. The remote computing device may send, to the second application, the token to enable the second application to authenticate with a plurality of services that interact with the second application.

Abstract: Disclosed are some implementations of systems, apparatus, methods and computer program products for securing memory dumps. In response to a trigger condition, a server generates a symmetric key corresponding to an instance of a memory dump. The server encrypts memory contents of the server using the symmetric key. In addition, the server encrypts the symmetric key using a key-encrypting key (kek), which can include a public key Both the encrypted memory contents and the encrypted symmetric key are stored for the instance of the memory dump. Responsive to a request for information pertaining to the instance of the memory dump, the encrypted memory contents and the encrypted symmetric key are retrieved from storage, the encrypted symmetric key is decrypted using a private key, and the symmetric key is used to decrypt the encrypted memory contents.

Abstract: Embodiments disclosed herein allow multiple providers to answer for DNS while having DNSSEC enabled for the same zone. To do so, the system shares DNSKEY records between autonomous DNS vendors. Sharing DNSKEY records allows customers to use multiple DNS providers with DNSSEC enabled without sharing private keys amongst providers.

Abstract: Exemplary implementations may: at one of the user devices, generate a master key; at one of the user devices, generate a basic key; at one of the user devices, generate a basic recovery key; at one of the user devices, perform a Shamir-type operation for obtaining n parts where m or more parts are necessary to recover (or compute a copy of) the master key; at one of the user devices, encrypt, using the basic key, the basic portion of a database for the user, the database being remote from the user devices; and at one of the user devices, encrypt, using the basic recovery key, the master key for storage into the recovery portion of the database, the database being remote from the user devices and the basic portion of the database being uncompromised by recovery of the basic recovery key.

Abstract: Systems, methods, and devices for generating a secure join of database data are disclosed. A method includes hashing datapoints of a consumer account and creating a secure view of the hashed datapoints of the consumer account. The method further includes processing, using a secure user defined function (UDF), the hashed datapoints of the consumer account and datapoints of a provider account to generate a secure join key, wherein the hashed data points of the consumer account are provided to the secure UDF using the secure view.

Abstract: Described herein are techniques that provide privacy protection for a user by preventing user device tracking via device fingerprints. A communication may be received from a user device that includes metadata having information related to the user device. An intended recipient of the communication may be identified. Based on one or more of the user device or the recipient, a determination may be made as to what data within the metadata should be scrambled or selectively replaced. The data may then be overwritten with alternative data that may be selected at random, and the communication is forwarded to the recipient.

Abstract: Systems and methods of restricting storage of data received in content requests include a data processing system obtaining a public encryption key for a resource provider. The data processing system can receive a content request from an information resource of the resource provider running on a client device. The request can include one or more key values corresponding to one or more data keys. The data processing system can identify a data key using an encryption policy specific to the resource provider, and encrypt the key value using the public encryption key. The data processing system can store the key value in encrypted form. The data processing system can generate, using the key value in encrypted form, a data report, and provide access to the data report.

Abstract: An example method facilitates enabling Key Encryption Key (KEK) rotation for a running multi-tenant system without requiring system downtime or interruption. The example method facilitates decrypting a set of one or more DEKs using a preexisting KEK; using a new KEK to re-encode the DEKs using the new KEK, all while simultaneously enabling servicing of tenant requests. This is enabled in part, by strategic caching of tenant DEKs in a secure local memory, wherein the cached tenant DEKs are maintained in the clear and are readily accessible to running processes that are using the DEKs to decrypt and access tenant data, irrespective of the state of a background process used to implement the KEK rotation to the new KEK.

Abstract: A mobile secure agent on a wireless device executes one or more authenticated data collection profiles provisioned by a private profile producer. Each data package can only be transmitted to a collector certificated by the same private profile producer. Update profiles are signed and provisioned through a tunnel initiated from the mobile secure agent. A Certificate Authority provides libraries, anchors, and certificates in a key management message module to each mobile secure agent which enables revocation and replacement of certificates. Data stored in this way on a wireless device may only be transmitted in encrypted form to an authenticated destination.

Abstract: An example operation may include one or more of sending, by a user node, a document request comprising a document identifier (ID) to a document processor node connected over a blockchain, receiving, by the user node, a one-time pass-code from the document processor node based on the document ID, linking to the document using the one-time pass-code, and retrieving the document from a document owner node.

Abstract: One feature pertains to a method for secure wireless communication at an apparatus of a network. The method includes receiving a user equipment identifier identifying a user equipment and a cryptographic key from a wireless wide area network node, and using the cryptographic key as a pairwise master key (PMK). A PMK identifier (PKMID) is generated based on the PMK and the two are stored at the network. A PMK security association is initialized by associating the PMK with at least the PMKID and an access point identifier identifying an access point of the apparatus. An association request is received that includes a PMKID from the user equipment, and it's determined that the PMKID received from the user equipment matches the PMKID stored. A key exchange is initiated with the user equipment based on the PMK to establish a wireless local area network security association with the user equipment.

Abstract: Systems and methods for augmented reality authentication of a user are described, including authenticating a user by presenting the user with augmented reality authentication challenges, evaluating the user's response, and using the response to authenticate the user.

Abstract: A system for defending a network against one or more cyber-threats. The system can include a network bus that includes a first node and a second node, such that network traffic flows from the first node to the second node. The system can include an intrusion defense unit connected to the network bus, such that network traffic between the first node and the second node passes through the intrusion defense unit, wherein when a potential cyber-threat is detected in the network traffic, the intrusion defense unit is configured to engage an associated switch to filter the network traffic until the cyber-threat is neutralized.

Abstract: A plurality of virtual machines instances are instantiated and configured to use a subset of sensitive data to generate reports such that the reports can be visually inspected by authorized personnel or entities for potential abnormalities. After completion of the inspection, the virtual machine instances are then deleted such that the sensitive data that were used to generate the reports become inaccessible.

Abstract: A key broker monitors network traffic metadata and determines which decryption keys are required at one or more packet brokers in order to decrypt relevant traffic required by various network monitoring devices. The key broker retrieves the required keys from a secure keystore distributes them, as needed, to the network packet brokers, and dynamically updates the decryption keys stored in the network packet brokers in response to changes in network traffic.

Abstract: Implementations disclose methods and systems for facilitating an automated user login into a first application hosted by a first-screen device. A method includes detecting, by a second-screen device, a message transmitted by the first-screen device over a network; determining, based on the message, that the first application hosted by the first-screen device is requesting user authentication for the automated user login; presenting, via a second application hosted by the second-screen device, a prompt for user input indicating user acceptance of the automated user login; receiving the user input indicating the user acceptance of the automated user login; and responsive to the user input, transmitting an authentication code from the message to the server device to perform the user authentication for the automated user login into the first application.

Abstract: A system and method for insuring privacy, access control, and authentication for electronic user data submitted to social media platforms, email systems, web sites, and other electronics and software based communication and storage systems is provided. Control over user data is provided such that the user can determine which other users may have access to the data, and only such permitted users will be able to access the data. All other parties, including the operators of the system platform in use, will not be able to view the submitted data. Authentication is provided such that the viewer of the data is ensured that the author of the data is in fact the author indicated in the data, and that the data has not been modified since it was submitted. Data privacy, access control, and authentication is provided in a seamless and convenient manner for both the author and recipients of the data.

Abstract: A self encryption drive (SED) receives a media encryption key (MEK) from a key management server. The MEK is stored only in volatile memory of the SED. Data is encrypted for storage in a non-volatile storage media of the SED based on the MEK. Further, the MEK is erased in the volatile memory to crypto-erase the SED by deleting all instances of the MEK stored by the SED.