Abstract: Provided are a system and a method for controlling transaction data access. A system for controlling transaction data access comprising: a transaction management module configured to determine a plurality of security levels for transaction data; a data encryption module configured to perform multiple level encrypting the transaction data according to the plurality of security levels; and a data storage module configured to store the encrypted data as a block, and provide the block to a peer-to-peer (P2P) network.

Abstract: A system includes a communication module that receives a request to post content to an event gallery associated with an event. The request in turn includes geo-location data for a device sending the content, and identification data identifying the device or a user of the device. The system further has an event gallery module to perform a first authorization operation that includes determining that the geo-location data corresponds to a geo-location fence associated with an event. The event gallery module also performs a second authorization operation that includes using the identification data to verify an attribute of the user. Finally, based on the first and second authorization operations, the event gallery module may selectively authorize the device to post the content to the event gallery.

Abstract: An information processing system capable of processing the encrypted data efficiently is provided. The information processing system of the present invention includes: a key management unit configured to manage a system key; a storage unit configured to store an encryption data encrypted by the system key; and a processing execution unit configured to temporarily construct a virtual execution environment protected from a standard execution environment and decrypt the encryption data in the virtual execution environment based on the system key acquired from the key management unit.

Abstract: A variety of techniques for concealing the content of a communication between a client device, such as a cell phone or laptop, and a network or cloud of media nodes are disclosed. Among the techniques are routing data packets in the communication to different gateway nodes in the cloud, sending the packets over different physical media, such as an Ethernet cable or WiFi channel, and disguising the packets by giving them different source addressees. Also disclosed are a technique for muting certain participants in a conference call and a highly secure method of storing data files.

Abstract: An encrypted search query may be received from a requesting client system at a secure enclave of a processing device. The encrypted search query may be decrypted to form a decrypted search query. One or more index entries of a metadata index that correspond to the decrypted search query may be identified, such that each identified index entry is associated with a content reference that identifies a content item located outside the secure enclave. The index entries that correspond to the decrypted search query may include one or more index entries having one or more associated index metadata items that correspond to the decrypted search query. One or more secure search results may be generated, such that each secure search result corresponds to one of the index entries and comprises the content reference associated with the corresponding index entry. The secure search results may be sent to the requesting client system.

Abstract: In one embodiment, a computer implemented method comprises receiving and storing in relational database tables in a secure data processing environment comprising one or more first virtual machine instances coupled to one or more first data stores, master data comprising records having first de-identified token values associated with health data and second data comprising records having second de-identified token values associated with historical media delivery data; in the secure data processing environment, executing one or more database table join operations to merge the master data and the second data to produce a joined table having records comprising third de-identified token values associated with the health data and the second data; receiving, using one or more virtual computing instances of a service provider environment, one or more filter specifications that define a target audience and a forecast request, and in real time in response to the forecast request: based on the one or more filter specific

Abstract: In some embodiments, securing device commands includes a first electronic device receiving a command authorization request message from a second electronic device, including a device command to be performed by the second electronic device, a command argument, and a first message authentication code (MAC) generated by applying a hash function to the device command, the command argument and a first counter value. The first electronic device generates a second MAC by applying the hash function to the device command, the command argument and a second counter value synchronized with the first counter value. The first electronic device compares the first MAC and the second MAC to authenticate the device command and transmit a command approval message or a command denial message. The command approval message causes the second electronic device to perform the device command and the command denial message causes the second electronic device to reject the device command.

Abstract: This document describes a module and method for authenticating data transfer between a storage device and a host device. The module is configured to allow encrypted data to be exchanged between the storage device and the host device once the module has verified that the storage device has been correctly paired with an authorized host device whereby the verification step does not require a password to be manually entered or an additional external device to be attached.

Abstract: Entity models are used to evaluate potential risk of entities, either individually or in groups, in order to evaluate suspiciousness within an enterprise network. These individual or aggregated risk assessments can be used to adjust the security policy for compute instances within the enterprise network. A security policy may specify security settings such as network speed, filtering levels, network isolation, levels of privilege, and the like.

Abstract: Apparatuses, systems, methods, and software are disclosed for authorization delegation. In a participant device a derivative key is generated in dependence on a received key. An authenticity check value for a delegation information block is generated in dependence on the delegation information block and the received key. The derivative key is derived in dependence on the delegation information block and the received key. An extended certificate chain is created comprising a received certificate chain appended with a local certificate, which comprises the delegation information block and the authenticity check value.

Abstract: A system includes a communication module that receives a request to post content to an event gallery associated with an event. The request in turn includes geo-location data for a device sending the content, and identification data identifying the device or a user of the device. The system further has an event gallery module to perform a first authorization operation that includes determining that the geo-location data corresponds to a geo-location fence associated with an event. The event gallery module also performs a second authorization operation that includes using the identification data to verify an attribute of the user. Finally, based on the first and second authorization operations, the event gallery module may selectively authorize the device to post the content to the event gallery.

Abstract: A security solution having a system, a method, or a computer program for protecting contents in a target storage device that is arranged to be removable from a storage system having a unique combination of a system complex key (SCK) and a system identification (SID). The solution includes receiving a request to remove the target storage device from the storage system, where the storage system may have a plurality of storage devices each containing the identical combination of system complex key (SCK) and system identification (SID), and receiving a system complex key password (SCKP). The solution includes comparing the system complex key password (SCKP) to the system complex key (SCK) in the storage system, determining whether the system complex key password (SCKP) matches the system complex key (SCK) in the storage system, and suspending all read or write operations to the target storage device when the system complex key password (SCKP) matches the system complex key (SCK) in the storage system.

Abstract: A storage system and method for command execution ordering by security key are provided. In one example, the storage system has a non-volatile memory, a volatile memory storing a plurality of keys, and a controller with a cache storing a subset of the plurality of keys. The storage system gives priority to a command whose key is stored in the cache in the controller over commands whose keys are stored only in the volatile memory. This avoids transferring a key from the volatile memory to the cache in the controller, thereby improving efficiency of the storage system.

Abstract: Systems and methods for securely verifying integrity of application responses are disclosed. One example method includes receiving, from a client, an application encrypted in accordance with a fully homomorphic encryption (FHE) algorithm, generating, with a trained machine learning model associated with the FHE algorithm, a plurality of first application labels, each first application label indicating a true or false response associated with the application, inverting a randomly selected portion of the plurality of first application labels, generating a first randomly sorted list including the plurality of first application labels, transmitting the first randomly sorted list to the client, receiving a first decrypted list from the client, performing a validation of at least the first decrypted list, the validation based at least in part on the plurality of first application labels, and in response to the validation being successful, providing the client with a response to the application.

Abstract: A method and system operate to secure and efficiently manage data. The method includes performing steps such as generating independent keys corresponding to multiple portions of segmented data and utilizing the independent keys to encrypt the multiple portions of segmented data. The method additionally includes generating a master key, encrypting the independent keys with the master key, and storing each portion of the segmented data adjacent to the corresponding independent key in a data and key storage device. The method additionally includes segmenting the master key, thereby creating multiple master key segments and storing the multiple master key segments in disparate locations separate from the data.

Abstract: A method in a virtual private network (VPN) environment, the method including determining, by a VPN server, an encrypted authentication packet based at least in part on utilizing an encryption key and a nonce to encrypt one or more fields of an initial authentication packet; transmitting, by the VPN server to an authentication server, the encrypted authentication packet to enable VPN authentication of a device requesting VPN services from the VPN server; determining, by the authentication server, a response regarding the VPN authentication based at least in part on decrypting the one or more fields utilizing a decryption key and the nonce; and transmitting, by the authentication server to the VPN server, the response regarding the VPN authentication. Various other aspects are contemplated.

Abstract: Provided is an authentication device capable of generating a master key suited to a UE in a 5GS. The authentication device (10) includes a communication unit (11) configured to, in registration processing of user equipment (UE), acquire UE key derivation function (KDF) capabilities indicating a pseudo random function supported by the UE, a selection unit (12) configured to select a pseudo random function used for generation of a master key related to the UE by use of the UE KDF capabilities, and a key generation unit (13) configured to generate a master key related to the UE by use of the selected pseudo random function.

Abstract: In one aspect, a system component includes a printed circuit (PC) board on which plural conductive ink segments are disposed. The system component also includes a sealed housing that houses the PC board. The plural conductive ink segments define a bit pattern to establish a key.

Abstract: The system described herein provides for storing the databases and encryption keys for decrypting the data in the databases into two separate partitions. In an embodiment, the first partition includes the databases while the second partition includes a configuration database and a payload database. The payload database stores a data encryption key for decrypting the data stored in the databases. The payload database is encrypted and may be decrypted using a body encryption key. The body encryption key itself is encrypted twice. In the first instance a key encryption key is generated and in the second instance a second access key is generated. The key encryption key or the second access key may be used to decrypt the body encryption key. The second access key is stored in a secure location, to be retrieved in situations when the key encryption key is inaccessible.

Abstract: A method may include transferring data from a host to an encryption offload engine through an interconnect fabric, encrypting the data from the host at the encryption offload engine, and transferring the encrypted data from the encryption offload engine to a storage device through a peer-to-peer connection in the interconnect fabric. The method may further include transferring the encrypted data from the storage device to the encryption offload engine through a peer-to-peer connection in the interconnect fabric, decrypting the encrypted data from the storage device at the encryption offload engine, and transferring the decrypted data to the host through the interconnect fabric. The method may further include transferring the encrypted data from the storage device to the host, and verifying the encryption of the encrypted data at the host.