Abstract: Techniques for seamless certificate replacement for endpoints in hyperconverged infrastructure are disclosed. In one example, a certificate replacement request for an endpoint may be received. Upon receiving the certificate replacement request, a new certificate may be placed in the endpoint such that the endpoint includes an old certificate and the new certificate. Further, dependent endpoints having communication with the endpoint using the old certificate may be discovered and monitored. Furthermore, the new certificate of the endpoint may be placed in the discovered dependent endpoints and existing communication between the endpoint and each of the discovered dependent endpoints using the old certificate may be maintained. Upon completion of the existing communication, next communication between the endpoint and each of the discovered dependent endpoints may be enabled using the new certificate. Then, the old certificate may be decommissioned from the endpoint and the discovered dependent endpoints.

Abstract: An application security authentication method, including: step 202, acquiring an application file to be downloaded and extracting signature information from the application file; step 204, acquiring public key information contained in a multilevel key hierarchy, and acquiring public key information of the currently highest priority according to a priority order of the public key information; step 206, authenticating the signature information with the acquired public key information of the currently highest priority; and step 208, allowing the application file to be downloaded if an authentication of the signature information is passed.

Abstract: The disclosed computer-implemented method for crowd-storing encryption keys may include (i) sending, from a client computing device and to a server, a recovery request, (ii) creating a first public-private key pair, (iii) receiving a plurality of encrypted shares of an encryption key from the server in response to the recovery request, where the encrypted shares are encrypted with a first public key of the first public-private key pair, and (iv) performing a security action including (A) decrypting the plurality of encrypted shares of the encryption key with a first private key of the first public-private key pair and (B) recovering the encryption key from the decrypted plurality of shares of the encryption key. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method of controlling access to data on a first electronic device, the method comprising steps of establishing a shared encryption key with a first software application instance running on a second electronic device, receiving a ‘begin session’ command sent by the first software application instance and responsive to the ‘begin session’ command, creating a storage location in a data store of the electronic device, obtaining a data encryption key, receiving data, encrypting the data using the data encryption key and storing the encrypted data in the storage location, receiving an ‘end session’ command sent by the first software application instance and responsive to the ‘end session’ command, discarding the shared encryption key, and deleting the encrypted data from the storage location.

Abstract: A value comparison server holds a first secret key and a plurality of tags corresponding to values, each of the plurality of tags is a ciphertext obtained by encrypting each of the values with an additive-homomorphic encryption scheme by using secret keys including the first secret key and a first parameter, a plaintext space has remainder operation with a natural number as modulo in the encryption scheme, and the value comparison server generates a value used for comparing two values corresponding to two tags included in the plurality of tags from the first secret key and the two tags by using the additive homomorphism; and determines which of the two values is greater or equal, on the basis of whether a discrete logarithm of the generated value to the first parameter can be calculated within a value of a predetermined range.

Abstract: Encrypting and sharing one or more data objects stored or to be stored in a personal storage that is associated with a DID. First an encryption/decryption key is generated using a passphrase and an identifier of the personal storage that stores or is to store a data object in the personal storage. The data object stored or to be stored in the personal storage is then encrypted by the generated encryption/decryption key. The encrypted data object is then stored in the personal storage. The encrypted data object may then be accessed by a DID management module that is configured to manage the DID or be shared to another entity that is not associated with the DID.

Abstract: A server accesses a user identifier associated with a first user device and a reference image as a first image set, to be displayed. The server sends to a second user device an image, as a second image set, to be displayed, and a user request to select an image within the first image set. The second user device displays the second image set and the user request. The user of the first user device selects at least one displayed first image, the selected first image matching an image visually selected within the displayed second image set, according to a rule known to the user and the server. The first user device sends to the server the first user device identifier accompanied with data relating to the selected first image. If the data relating to the selected first image matches the data relating to the first reference image the server authenticates the user.

Abstract: In one embodiment, a discrepancy detection application automatically detects and addresses unauthorized activities associated with one or more authorization keys based on a request log and a provider log. The request log specifies activities that a client initiated, where the activities are associated with the authorization keys. The provider log specifies activities that a cloud provider performed, where the activities are associated with the authorization keys. In operation, the discrepancy detection application determines that one or more unauthorized activities have occurred based on comparing the request log to the provider log. The discrepancy detection application then performs an action that addresses the unauthorized activities.

Abstract: There is provided a data sharing technique in which it is possible to update data stored in a server before to such data that is decryptable on the communication terminal side using an updated session key without the data being decrypted on the server side, and a deleted user cannot decrypt the decryptable data. There are included: a generation identifier generation step of a data sharing server generating a generation identifier showing a generation of a group; a session key encryption step of a communication terminal to perform encrypted session key update using the generation identifier received from the data sharing server and a public parameter and a session key recorded in a recording part to generate an encrypted session key, which is a session key encrypted; and an encrypted session key management step of the data sharing server recording the encrypted session key received from the communication terminal to perform encrypted session key update as a currently valid encrypted session key.

Abstract: Techniques are provided for delayed processing for arm policy determination for content management system messaging, including, during a delayed processing window, receiving reward data for arm actions taken, where the arm actions were chosen based on a previous version of an arm choice policy, and the previous version of the arm choice policy was determined based on a previous set of reward data for a previous set of arm actions taken. When the delayed processing window has closed, a new arm choice policy is determined based at least in part on the action-reward data, and the previous set of reward data and/or the previous arm choice policy. After a request to choose an arm choice is received, a particular arm action to take is determined based on the new arm choice policy. This chosen arm is provided in response to the request.

Abstract: According to one embodiment, an integrated electronic circuit has a switching network configured to receive binary control states, one or more secret-carrying gates, wherein each secret-carrying gate represents Boolean secrets and is configured to receive binary input states and to output one or more Boolean secrets according to a state sequence of the binary input states, and one or more flip-flops configured to store binary output states output by the switching network and to supply binary input states to the one or more secret-carrying gates based on the stored binary output states. The switching network generates the binary output states by combining the binary control states and Boolean secrets output by the one or more secret-carrying gates. The integrated electronic circuit outputs Boolean secrets from the one or more secret-carrying gates and/or the binary output states from the switching network to another integrated electronic circuit.

Abstract: The present invention relates to an aircraft information system and a method for providing passenger information, such as flight information or entertainment information, to the passengers in an aircraft by making use of communication between at least one passenger device and the aircraft information system, the aircraft information system comprising: —storage means for storing information thereon, —one or more processing units for performing information processing, —energy providing means for providing energy to the aircraft information system, —data communication means, such as wireless communication means, for communication with the at least one passenger device, —wherein the aircraft information system is configured as autonomous unit for autonomous functioning, such as independently of further systems in the aircraft, and wherein the aircraft information system comprises: —receiving means for receiving source information relating to the aircraft for forming on the basis of the source information respecti

Abstract: Embodiments of a system, methods, and other techniques and configurations for automation of computing system maintenance activities such as reboots, software installations, re-configuration, or other actions are generally described herein. In an example, an automation tool set is designed to integrate with an organization Configuration Management Database (CMDB) and other orchestration or information technology (IT) management tools to perform such maintenance actions. The automation tool set may enable and manage various forms of a workflow for maintenance actions, including a workflow designed to validate all necessary pre- and post-reboot checks, perform logging, event tracking, exception handling, notifications, incidents creation, trend analysis, customized reporting dashboards, and system adaptation. In further examples, the automation tool set may expose user interfaces, reports, and other management interfaces for control and monitoring of the workflows.

Abstract: A request to perform an operation with a cryptographic item may be received. A request for approval to perform the requested operation with the cryptographic item may be transmitted to a set of entities based on a policy associated with the cryptographic item. Indications of approval to perform the requested operation may be received from corresponding entities of the set of entities. A determination as to whether a number of the received indications of approval to perform the requested operation with the cryptographic item satisfies a threshold number may be made. In response to determining that the number of the received indications of approval from the corresponding entities of the set of entities satisfies the threshold number, the requested operation may be performed with the cryptographic item.

Abstract: In some aspects, control circuitry receives, at a content provider server that is associated with a first subscription service, a first authentication key from a content aggregator server that is associated with a second subscription service, prior to the user subscribing to the first subscription service. The control circuitry generates and stores, at the content provider server, the first user account after comparing the first authentication key to acceptable authentication. In response to storing the first user account, the control circuitry receives a request from the content aggregator server to subscribe the user to the first subscription service, wherein the request includes a second authentication key.

Abstract: Extending the “SpaceFlip” cipher defined in the continued application (Ser. No. 16/855,517) to increase the lifespan of the shared secret key, and avoid the need for key replacement; applicable to Internet of Things devices where re-access is prohibitive, adding convenience to normal secure communication; extending the use of the SpaceFlip quantum safe cryptography. Applying key equivocation cryptography where several keys are interchangeable.

Abstract: A device can receive a first communication from a user device. The first communication can includes a request for content. The device can generate a record of content. The record of content includes a reference associated with the content and one or more encryption credentials associated with the content. The device can encrypt the record of content, to form an encrypted record of content, based on receiving the first communication. The device can provide the encrypted record of content to the user device based on receiving the first communication. The device can receive a second communication from the user device based on providing the encrypted record of content. The device can provide the content to the user device based on receiving the second communication.

Abstract: A data communication encrypted system including a first module coupled to a first network member and a second module coupled to a second network member. The first module and the second module are in communication with each other thereby allowing communication between the first network member and the second network member. The first module and the second module each operating with a key hopping encryption/decryption method that changes key sets at irregular intervals of time as determined by the modules.

Abstract: A system and method for a secure key exchange between two trains operating within a track network may include generating a first or second public key based on a secret random number, generating a shared secret key based on the first or second public key, authenticating one or more key exchange communications by a remote server based on a digital signature established with an on-board key associated with the first train, authenticating a communication by a remote server based on the digital signature of the second train signed with an on-board key associated with the second train, and establishing secure train-to-train communication between the two trains by generating a shared secret key based on a public key received from the other train, the secure key exchange protecting the two trains from a man-in-the-middle attack.

Abstract: A semiconductor device for provisioning secure information of a demander includes a device key storage configured to store a device key provisioned by a supplier of the semiconductor device, a master key generator configured to generate, based on the device key and demander data provisioned by the demander, a master key of the demander by using a first operation shared with the supplier and a second operation shared with the demander, and a cryptographic engine configured to perform a cryptographic operation based on the master key.

Abstract: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information in the form of parameters that are used to specialize keys. Keys and/or information derived from keys held by multiple authorities may be used to generate other keys such that signatures requiring such keys and/or information can be verified without access to the keys. Keys may also be derived to form a hierarchy of keys that are distributed such that a key holder's ability to decrypt data depends on the key's position in the hierarchy relative to the position of a key used to encrypt the data. Key hierarchies may also be used to distribute key sets to content processing devices to enable the devices to decrypt content such that sources or potential sources of unauthorized content are identifiable from the decrypted content.

Abstract: An information handling system includes a first node configured to generate a random alphanumeric string, to receive a cipher text and a key from an enterprise key management server, and to decrypt the cipher text using the key and an algorithm to generate a first decrypted value. The first node compares the random alphanumeric string with the first decrypted value to verify the key that is received at the first node. A second node receives the cipher text, the key, and the algorithm from the first node in response to the first decrypted value matching the random alphanumeric string. The second node decrypts the cipher text using the key and the algorithm to generate a second decrypted value, and the first node compares the second decrypted value with the random alphanumeric string to verify the key that is received at the second node.

Abstract: A set of users who may authenticate is predefined and is associated, each, with a reference secret share. A first subset of users who has, each, to authenticate is predefined. The device defines a second subset of the users who has, each, to authenticate while further satisfying, each, to be physically proximate to the device and an authentication condition(s). The second user subset is comprised within the first user subset comprised within the user set. The device verifies whether each user of the second user subset satisfies to be physically proximate to the device and the authentication condition(s), if yes, requests, to each user device, the secret share and receives, from each user device relating to at least the first user subset, the secret share. The device reconstructs a secret with each received secret share, verifies whether the reconstructed matches the reference and, if yes, authenticates the user set.

Abstract: Implementations describe providing secure encryption key management in trust domains. In one implementation, a processing device includes a key ownership table (KOT) that is protected against software access. The processing device further includes a processing core to execute a trust domain resource manager (TDRM) to create a trust domain (TD) and a randomly-generated encryption key corresponding to the TD, the randomly-generated encryption key identified by a guest key identifier (GKID) and protected against software access from at least one of the TDRM or other TDs, the TDRM is to reference the KOT to obtain at least one unassigned host key identifier (HKID) utilized to encrypt a TD memory, the TDRM is to assign the HKID to the TD by marking the HKID in the KOT as assigned, and configure the randomly-generated encryption key on the processing device by associating the randomly-generated encryption key with the HKID.

Abstract: An embodiment involves receiving a request to write data to a memory unit. The memory unit is divided into one or more logical blocks, each subdivided into groups of sub-blocks encrypted in accordance with a stream cipher. The memory unit maintains a transaction journal that marks each sub-block as dirty or clean. The memory unit stores keycount values for each of the logical blocks. The embodiment also involves: determining that the request seeks to write a portion of the data to a particular sub-block marked as dirty in the transaction journal, decrypting the particular logical block in accordance with the stream cipher, writing the portion of the data to the particular sub-block, incrementing the keycount value of the particular logical block, encrypting the particular logical block using the stream cipher, a key, and the keycount value, and writing the particular logical block to the memory unit.

Abstract: Techniques are provided for communication-efficient device delegation. One method comprises, in response to a request for a new signing key of a given device, determining a number of new signing key requests received for the user of the given device; determining a new public verification key of the given device for an identity-based signature scheme by traversing a cryptographic hash chain backwards from a position of an initial selected value of the cryptographic hash chain; computing a new signing key based on public parameters and secret parameters of a backup component and the initial selected value; and providing the new public verification key and the new signing key to the given device. The given device authenticates to an authentication service using an identity-based signature computed using the new signing key. The request for the new signing key is submitted, for example, when the given device is lost, damaged, unavailable or stolen.

Abstract: An encryption device generates a ciphertext ct including an encryption element C in which a plaintext ? is set, an encryption element Cx in which an attribute x is set, and an encryption element F that is not to be decrypted with a decryption key skf corresponding to a policy f satisfied by the attribute x and in which the plaintext ? is set. A homomorphic computation device converts the ciphertext ct into a ciphertext ct˜ by converting, with the encryption element F, the encryption element C included in the ciphertext ct into an encryption element C˜ that can be decrypted with the decryption key skF corresponding to a policy set F acquired by a policy acquisition unit. The homomorphic computation device performs homomorphic computation g on the ciphertext ct˜ to generate a ciphertext ct*.

Abstract: The present disclosure involves systems, software, and computer implemented methods for a communication-efficient secret shuffle protocol for encrypted data based on homomorphic encryption. A service provider and multiple clients participate in a secret shuffle protocol of randomly shuffling encrypted client-specific secret input values. The protocol includes generation and exchange of random numbers, random permutations and different blinding values. A last protocol step includes using homomorphism, for each client, to perform computations on intermediate encrypted data to homomorphically remove a first blinding value and a second blinding value, to generate a client-specific rerandomized encrypted secret input value. As a result, the client-specific rerandomized encrypted secret input values are generated in an order that is unmapped to an order of receipt, at the service provider, of the encrypted secret input values.

Abstract: The described embodiments set forth techniques for managing inactive (disabled) electronic subscriber identity modules (eSIMs) on secure elements, e.g., Universal Integrated Circuit Cards (UICCs) and/or embedded UICCs (eUICCs), of a wireless device, including retrieving information from an inactive eSIM, obtaining authentication tokens from an inactive eSIM, authenticating the inactive eSIM with a network-based Mobile Network Operator (MNO) server, retrieving status information for a subscription account associated with the inactive eSIM, and/or performing an account management operation on the inactive eSIM.

Abstract: A computerized method supporting SSL-based or TLS-based communications with multiple cryptographically protected transmissions is described. Responsive to a first transmission including a first content encrypted with a public key of an intended recipient and a first digital signature for use in detect tampering to the first content, a second transmission is received. The second transmission includes a combined result including the first content and a second content, which is encrypted with a public key of the sender. Recovery of the first content verifies to the sender that the second transmission originated from the intended recipient. Thereafter, a third transmission is sent. The third transmission has data including at least the second content, being the remaining data after extraction of the first content from the combined result, which is encrypted with the public key of the intended recipient and a third digital signature for use in verifying non-tampering of the data.

Abstract: A method for processing data in a blockchain. It aims at securely storing data issued from devices and going through a service platform by ensuring integrity and authenticity of the data. To this end, a list of device identifiers may by associated with respective decryption means in a blockchain platform. Upon reception of a message comprising encrypted data and comprising a device identifier, the blockchain platform decrypts the first encrypted data using the decryption means that are associated with the device identifier. The decrypted data is then hashed and stored in the blockchain.

Abstract: The described cipher system includes a bits of some randomness (BOSR) reservoir; a first multiplexer circuit that receives a BOSR key, a functional key, and a first control signal for selection between the BOSR key and the functional key; a second multiplexer circuit that receives a BOSR state, a functional state, and a second control signal for selection between the BOSR state and the functional state; a block cipher logic circuit that receives the outputs from the first and second multiplexer circuits and a functional input. The block cipher outputs bits into either the BOSR reservoir or as a functional output according to a third control signal. The cipher system includes a control logic block that outputs the first control signal, second control signal, and third control signal and controls whether a clock cycle of the block cipher logic circuit is used for a BOSR operation or a functional operation.

Abstract: There is provided a new IWF SMC procedure for establishing security association between an MTC UE (10) and an MTC-IWF (20). The MTC-IWF (20) sends to the UE (10) at least an algorithm identifier which instructs the UE (10) to select one of algorithms for deriving a root key (K_iwf). The UE (10) derives the root key (K_iwf) in accordance with the selected algorithm, and derives at least a subkey for checking the integrity of messages transferred between the UE (10) and the MTC-IWF (20) by using the derived root key (K_iwf). The UE (10) protects uplink messages transmitted to the MTC-IWF (20) with the derived subkey. The MTC-IWF (20) protects downlink messages transmitted to the UE (10) with the same subkey derived at a core network.

Abstract: Disclosed is a system for delegating access of sensitive information by a user device to a requestor device through a central server. A receiving module receives a first token Identification (ID) generated by the user device in an offline mode and a request, comprising a second token ID, from the requestor device. A validation module validates the request by comparing the first token ID and the second token ID. An identification module identifies a subset of the sensitive information based on a profile of the requestor, when the first token ID is matched with the second token ID. A watermarking module watermarks the subset of the sensitive information with a set of variables to generate watermarked sensitive information. Upon generating the watermarked sensitive information, the access delegation module delegates the access of the watermarked sensitive information to the requestor device.

Abstract: Technologies for key management of internet-of-things (IoT) devices include an IoT device, an authority center server, and a group management server. The IoT device is configured to authenticate with an authority center server via an offline communication channel, receive a group member private key as a function of the authentication with the authority center server, and authenticate with a group management server via a secure online communication channel using the group member private key. The IoT device is further configured to receive a group shared key as a function of the authentication with the group management server, encrypt secret data with the group shared key, and transmit the encrypted secret data to the group management server. Other embodiments are described herein.

Abstract: An operation apparatus and method for processing a homomorphic encrypted message are disclosed. The method includes producing an approximate polynomial corresponding to an operation function to be applied to a homomorphic encrypted message and approximately operating the homomorphic encrypted message using the approximate polynomial. Thus, an encrypted message may be efficiently processed.

Abstract: The method provided in the embodiments of this application includes: obtaining, by a server, a first key (Ksm) shared with a gateway; receiving, by the server, an encrypted first random factor (Rand-M-Encry), a first data digest (Data-Hash), and encrypted first data (Data-Encry) that are sent by a terminal; decrypting, by the server, the Rand-M-Encry by using the Ksm, to obtain a second random factor (Rand-M?); performing, by the server, an operation on the Rand-M? and Kpsa-xi by using a second preset algorithm, to generate a third key (K?sx); decrypting, by the server, the Data-Encry by using the K?sx, to obtain second data (Data?); performing, by the server, an operation on the K?sx and the Data? based on a first preset algorithm to obtain a second data digest (Data-Hash?); and if the Data-Hash? is the same as the Data-Hash, determining, by the server, that authentication of the terminal succeeds.

Abstract: A technique includes accessing data that represents a plurality of values that are associated with a plurality of ranges. The technique includes determining a pseudonym value for a given value, where the given value is associated with a given range and determining the pseudonym includes encrypting the given value to provide the pseudonym value; controlling the encryption to cause the pseudonym value to be within the given range; and tweaking the encryption based on an attribute that is associated with the given value.

Abstract: A method of provisioning key information and a device using the method are provided. The method of provisioning key information according to one embodiment of the present disclosure includes generating key information for encryption and decryption from seed information using a key information generation algorithm and deleting code that corresponds to the key information generation algorithm from the device based on the generation of the key information.

Abstract: System, method, and computer program product for authenticating a message among a groups of computing devices communicating over an unsecured channel, based on an out-of-band (OOB) authenticated channel which may be used to send a short message to all receivers.

Abstract: Techniques are disclosed relating to preemption indicators in the context of multiplexing different services on wireless physical layer frames. In some embodiments, a preemption indication is transmitted to indicate resources used by a preempting transmission. The preemption indication may be used when preemption is enabled, e.g., as indicated by an RRC message. The preemption indication may be common to multiple UEs. The resources used by the preempting transmission may overlap with other transmissions. In various embodiments, the disclosed techniques may facilitate signal preemption, e.g., by a low-latency, high-reliability data service.

Abstract: A computer-implemented method according to one embodiment includes identifying a first request from a user to access a container, determining whether the user has a first authorization to access the container, allowing the user to access the container, in response to determining that the user has the first authorization to access the container, identifying a second request from the user to access content within the container, where the content is encrypted, retrieving a key label associated with the container, determining whether the user has a second authorization to access the key label, retrieving a data encryption key, utilizing the key label, in response to determining that the user has the second authorization to access the key label, and allowing the user to access the content that is encrypted by performing one or more decryption actions, utilizing the data encryption key.

Abstract: Methods, and systems for secure storage and retrieval of information, such as private keys, useable to control access to a blockchain, include: receiving a request to take an action with respect to a vault of multiple different vaults in a cryptoasset custodial system, and each of the multiple different vaults has an associated policy map that defines vault control rules; authenticating, by a hardware security module, a policy map for the vault on which the action is requested based on a cryptographic key controlled by the hardware security module; checking the action against the policy map for the vault when the policy map for the vault is authenticated based on the cryptographic key controlled by the hardware security module; and effecting the action when the action is confirmed to be in accordance with the policy map for the vault.

Abstract: Representative embodiments of secure authentication to a resource in accordance with a predefined, electronically stored quorum-based authentication policy include causing electronic interaction among multiple devices that constitute a quorum in accordance with the policy, computationally determining whether the interaction satisfies the policy, and if so, electronically according access to the resource to one or more individuals associated with the interacting device(s).

Abstract: There are provided a method and system for assessing latency of ciphering end point of secure communication channel. The method comprises: generating a test traffic comprising a series of original data packets, wherein, for each original data packet, size of a given packet is uniquely indicative of the packet's place in a sequence of data packets in the series and enables unique correspondence with a size of the given packet upon its encryption; successively transmitting the original packets to the ciphering end point, whilst associating with respective departure time stamps; receiving encrypted packets from the ciphering end point and associating them with respective arrival time stamps; using a size of a given encrypted packet with a timestamp TSa to identify a size of a matching original packet, its place in the sequence of original packets and, thereby, its departure timestamp TSd, thus giving rise to a plurality of timestamp pairs (TSd; TSa).

Abstract: A cryptographic module has an input/output port to receive a first temporary key. A processor receives the first temporary key from the input/output port. A secure authentication key memory is connected to the processor. A temporary key generator is connected to the processor to produce a second temporary key for routing to the input/output port. A cryptographic salt generator is connected to the processor to produce cryptographic salt. A cryptographic key generator is connected to the processor to process key parts derived from the first temporary key, the second temporary key and the cryptographic salt to produce cryptographic keys.

Abstract: A decryption integrated circuit (IC) includes an interface configured to receive an encrypted block of data and a decryption datapath. The decryption datapath has a plurality of computational stages arranged in a pipeline configured to decrypt the encrypted block of data to form a decrypted block of data. A non-linear computational stage included in the pipeline of the decryption datapath includes multiple asymmetric logical paths and multiple bypassable latches. A first signal traverses a first logical path and a second signal traverses a second logical path having a greater number of logical units than the first logical path. Each bypassable latch is positioned in a respective logical path of the multiple asymmetric logical paths. The decryption IC further includes a controller configured to assign an individual random bit sequence to each bypassable latch to randomly activate or randomly disable each bypassable latch of the multiple bypassable latches.

Abstract: A multi-modal encrypted messaging platform to provide HIPAA compliant messaging and interfaces to provide access to electronic data records. The proposed invention discloses example embodiments that comprise a server-system, a client device in communication with the server-system, and an auxiliary device coupled to the client device.

Abstract: Certain embodiments described herein are generally directed to allocating security parameter index (“SPI”) values to a plurality of endpoints in a network. The SPI values may be derived using an SPI derivation formula and a plurality of parameters. In some embodiments, the SPI values may be derived by an endpoint and in other embodiments by a server. Using the SPI derivation formula and the plurality of parameters enables endpoints and servers to instantaneously derive SPI values without the need for servers to store them.

Abstract: A data communication system for a local network. The system includes a network node and a plurality of network devices associated therewith. The network node provides a network node service to clients or bots executing on the plurality of network devices. Individual clients or bots are communicably and only programmatically coupled around the network node service in a programmatic star configuration to create the local network. The network node service validates and authenticates local services provided by the clients or bots within the local network. Data is communicated between clients or bots within the local network in real time or near real time, by relaying the data through the network node service. Information content of the data is encrypted prior to communicating the data, by employing a key store associated with a user of the source client or bot.