Abstract: An object interface for quick access to object(s) of a communication platform is described. Server(s) of the communication platform can receive, in association with a user interface of the communication platform, a request to associate an object with an object interface associated with a virtual space of the communication platform. The server(s) can cause one or more objects to be presented via the user interface and can receive a selection of a particular object from the one or more objects. The server(s) can cause, in response to the selection, a user interface element representative of the particular object to be associated with the object interface, wherein the user interface element is associated with an actuation mechanism that, when actuated, causes the particular object to be presented via the user interface. Notifications associated with the particular object can be indicated by annotation(s) to the user interface.

Abstract: Provided are a method and an apparatus for enhancing the security of a quantum key distribution network. The quantum key distribution network includes a first node, a second node, and at least one relay node, by means of which the first node and the second node implement a first stage of quantum key distribution; the first node and the second node share a first key pool, which includes at least one key; and the method is executed on either the first node or the second node. The method includes: acquiring a first key obtained after the first stage of quantum key distribution; determining the seed key from the first key pool; generating a first random string by applying, based on the seed key, a first algorithm predetermined with a correspondent node, the first random string having a length equal to that of the first key; and acquiring a second key by performing a preset first bit operation on the first key and the first random string.

Abstract: An electronic device and method for client-side encryption for virtual meetings is provided. The electronic device acquires one or more encryption keys for a virtual meeting session with one or more participant devices, where the electronic device includes a meeting client to join or host the virtual meeting session and to communicate with meeting clients of the one or more participant devices. The electronic device determines, in a duration of the virtual meeting session, first content to be transferred to the one or more participant devices, via the meeting client of the electronic device. The electronic device encrypts the determined first content by use of the one or more encryption keys and transfers the encrypted first content to a meeting server. The meeting server transfers the encrypted first content to the one or more participant devices.

Abstract: A display method, an apparatus, and a storage medium are provided. The method includes: rendering, by a first container, a to-be-displayed page to generate to-be-displayed image data, and encrypting the image data; and writing, by the first container, encrypted image data into a buffer corresponding to the first container, and sending instruction information to a second container of a terminal, where the instruction information is used to instruct the second container to securely display the encrypted image data. Because the containers are isolated from each other, the malware in the first container cannot access the image data displayed in the second container, and the second container securely displays the encrypted image data. In this way, security of displaying the image data can be improved while ensuring that an image display function is not restricted.

Abstract: A software Redundant Array of Independent Disk (RAID)/management trusted storage-device-based communication system includes a chassis housing a software Redundant Array of Independent Disk (RAID) subsystem, a storage device that is coupled to the software RAID subsystem and that includes a storage device memory subsystem, and a management subsystem that is coupled to the storage device. The management subsystem authenticates the storage device to establish management subsystem/storage device trust between the management subsystem and the storage device and, in response, uses the storage device to establish management subsystem/software RAID subsystem trust between the management subsystem and the software RAID subsystem. In response to establishing the management subsystem/storage device trust and the management subsystem/software RAID subsystem trust, the management subsystem transmits communications with the software RAID subsystem via the storage device memory subsystem in the storage device.

Abstract: In an embodiment, a user terminal includes a communication module (CM) configured to generate an initial network entry request; an antenna assembly configured to find, in response to the initial network entry request, a satellite based on a search of a sky. The search of the sky includes sequentially changing a beam pointing direction of the antenna assembly. The satellite is assigned to downlink to a geographic cell associated with the user terminal. The user terminal includes a media access control (MAC) layer component configured to generate an uplink radio frame including a random access channel (RACH) request associated with the initial network entry request at a particular portion of the uplink radio frame for the satellite.

Abstract: Securely acquiring and managing electronic-based signatures by a content management system. A content management system exposes content objects to a plurality of collaborators. Executable modules of the content management system implement an Internet-based interface that is configured to acquire electronic-based signatures from a user device. A particular user device is configured to access particular content objects over the Internet-based interface and to acquire an electronic-based signature corresponding to one or more of the particular content objects. When one or more conditions are detected that would at least potentially influence how the acquisition of the electronic-based signature is carried out, then one or more remediation actions are invoked. Various security-specific remediation actions address corresponding security vulnerabilities. Various document-specific remediation actions are determined based on the document conditions that had been detected.

Abstract: The present disclosure relates to bootstrapping an encrypted single node VSAN cluster. One method includes receiving a request to create an encrypted VSAN cluster from a single host in a software-defined datacenter, deploying a virtual server on a VSAN datastore of the software-defined datacenter, registering a native key provider (NKP) in the virtual server, creating an empty VSAN cluster encrypted by the NKP, adding the single host to the encrypted empty cluster to create a one-host encrypted cluster, registering a KMIP KMS in the virtual server, switching encryption of the one-host encrypted cluster from the NKP to the KMIP KMS, and adding another host to the one-host encrypted cluster to create the encrypted cluster.

Abstract: In an example embodiment, a system includes a first controller configured to generate a network key and transform the network key and a second controller configured to obtain the transformed network key and form a network with the first controller, each of the first controller and the second controller being configured to generate a same symmetric key using the network key and values from the other of the first controller and second controller.

Abstract: The invention relates to an improved transmission protocol for uplink data packet transmission in a communication system. A receiver of a user equipment receives a Fast Retransmission Indicator, referred to as FRI. The FRI indicates whether or not a base station requests a retransmission of a previously transmitted data packet. A transmitter of the user equipment retransmits the data packet using the same redundancy version as already used for the previous transmission of the data packet.

Abstract: Embodiments allow a network device whose hardware limits an Association Number (AN) to only {0, 1}, to be part of Media Access Control security (MACsec). Upon detecting a network device as being AN-limited, that device's priority value is assigned a maximum value, thereby ensuring election of the AN-limited device as the key server. The {0, 1} AN of the key server is used to generate a Secure Association Key (SAK) used for MACsec. Upon subsequent rekeying, the AN-limited key server automatically cycles to a next AN (either 0 or 1) to generate a new SAK, where that next AN is also recognized by other network devices. In this manner, the AN-limited network device can participate in the MACsec without encountering ANs (e.g., {2, 3}) that it does not recognize.

Abstract: Systems and methods are provided for maintaining data privacy in a communication system. The method includes: providing a proxy network which creates a plurality of ingress processing elements and a plurality of egress processing elements, wherein the ingress processing elements and the egress processing elements each include at least a private processing unit and a private memory area; receiving a request at a selected ingress processing element from a first server; routing the request from the selected ingress processing element to a selected egress processing element; forwarding the request from the selected egress processing element to a second server; and erasing both the selected ingress processing element and the selected egress processing element.

Abstract: In certain embodiments, a web services system receives a request to provision a device, such as a telephone, as an authentication device. The web services system initiates display of an image communicating a key to allow the telephone to capture the image and to send key information associated with the key. The web services system receives the key and determines that the key information is valid. In response to the determination, the web services system sends a seed to the telephone to provision the telephone to be an authentication device. The telephone can use the seed to generate one-time passcodes to access a service of the web services system.

Abstract: A method and system for identifying entangled photons includes generating a plurality of sets of four entangled photons, wherein a first pair of photons in each of the plurality of sets of four entangled photons are time correlated indicating that a second pair of photons in a same one of each of the plurality of sets of four entangled photons are time correlated. A coincidence time of a first pair of photons of each of the plurality of sets of four entangled photons is determined and coincidence times are recorded as a first quantum data set. A coincidence time of a second pair of photons of each of the plurality of sets of four entangled photons determined and coincidence times is recorded as a second quantum data set such that the first quantum data set and the second quantum data set comprise at least some correlated coincidence times.

Abstract: In an embodiment, a system is provided in which the private key is managed in hardware and is not visible to software. The system may provide hardware support for public key generation, digital signature generation, encryption/decryption, and large random prime number generation without revealing the private key to software. The private key may thus be more secure than software-based versions. In an embodiment, the private key and the hardware that has access to the private key may be integrated onto the same semiconductor substrate as an integrated circuit (e.g. a system on a chip (SOC)). The private key may not be available outside of the integrated circuit, and thus a nefarious third party faces high hurdles in attempting to obtain the private key.

Abstract: Methods, systems, and computer program products for gathering electronic signatures to be applied to collaboration system content objects (e.g., contracts, letters, insurance claims, riders, etc.). A collaboration system monitors changes made to the collaboration system content objects during electronic signature processing. A module of the content management system is configured to associate one or more instances of e-signing metadata to one or more of the stored content objects of the content management system. The e-signing metadata indicates whether or not a particular portion of the one or more of the stored content objects has been e-signed by a designated e-signatory. A collaborator who is not one of the designated e-signatories makes a change to one or more of the stored content objects (e.g., contracts, letters, insurance claims, riders, etc.). The change is remediated on-the-fly and the e-signing process continues without having to restart the e-signing process from the beginning.

Abstract: Protecting an encryption key for data stored in a storage system that includes a plurality of storage devices, including: reading, from at least a majority of the storage devices, a portion of an apartment key; reconstructing the apartment key using the portions of the apartment key read by the majority of the storage devices; unlocking the main portion of each of the storage devices utilizing the apartment key; reading, from the main portion of one of the storage devices, a portion of a third-party resource access key; requesting, from the third-party resource utilizing the third-party resource access key, an encryption key; receiving, from the third-party resource, the encryption key; and decrypting the data stored on the storage devices utilizing the encryption key.

Abstract: A method for performing data encryption and application-agnostic querying of encrypted data includes identifying, via a processor, selected data for encryption. Encryption is applied to the selected data, to produce encrypted data. A query is received at the processor, the query originating from a software application. The query is translated into a modified query compatible with the encrypted data. The processor causes execution of the modified query, to produce query results. The query results include a subset of the encrypted data. The query results are sent to the software application without decrypting the subset of the encrypted data.

Abstract: A provisioning control apparatus coupled to a provisioning equipment server electrically connectable with electronic components each including a security enclave and a non-volatile memory. The provisioning control apparatus includes a processor configured to encrypt the security sensitive provisioning data using a secure vault encryption key for obtaining encrypted security sensitive provisioning data. The provisioning control apparatus has a communication interface configured to securely provide the secure vault encryption key to the provisioning equipment server for storing the secure vault encryption key in the security enclave of the electronic component.

Abstract: A first node and a second node are configured in a storage system, wherein the first node and the second node are communicatively coupled to a key server. One or more nodes of a set comprising the first node and the second node initiate a process to generate an encryption key to be shared between the first node and the second node in the storage system. A request for the encryption key is transmitted to the key server, from the one or more nodes of the set comprising the first node and the second node, in response to securing a common lock that is available.

Abstract: Methods, systems, and devices for wireless communications are described. In some examples, a wireless device may modify a cyclic redundancy check (CRC) generation and attachment operation based on a secret key to support enhanced security. In some examples, a first device may identify a set of data to transmit to a second device and prior to transmitting the set of data, the first device and the second device may obtain a set of key bits for data protection. The first device may generate a bit vector based on a subset of the set of key bits and a cyclic redundancy check polynomial. The transmitting device may then generate an encoded codeword based on the bit vector and transmit the encoded codeword to the second wireless device. The second device may decode the encoded codeword and obtain the set of data based on the set of key bits.

Abstract: The present disclosure, in some embodiments, relates to a data protection method comprising: determining a file comprising content data on a computing system; generating index information for the file; transmitting the index information to a cloud system; executing a corruption operation on the file comprising: dividing the content data of the file into a plurality of data chunks; executing a first encryption operation based on an encryption protocol, on the first data chunk; executing a second encryption operation based on the encryption protocol, on the second data chunk; generating or assigning a first name for the first data and a second name for the second data chunk; and generating a key associated with an order of the first data chunk and the second data chunk.

Abstract: Systems, apparatuses, methods, and computer program products are disclosed for hardware security module communication management. An example method includes deriving, by a first HSM, a first cryptographic key based on an initial key and a first set of seed bits. The method also includes receiving a message comprising a second cryptographic key from a key exchange management device, wherein the second cryptographic key is associated with a second HSM. The method also includes deriving, a third cryptographic key based on the first cryptographic key and the second cryptographic key, wherein deriving the third cryptographic key establishes secure communication between the first HSM and the second HSM based on the second HSM having also derived the third cryptographic key. The method also includes performing, a first cryptographic data protection action using the third cryptographic key.

Abstract: An example method for a first host, being an owner of an object stored in a virtual storage area network (vSAN) cluster, to perform encryption and decryption operations during a rekey in the vSAN cluster is disclosed. The method includes obtaining a first encryption key and a first key identifier (ID) of the first encryption key; transmitting the first key ID and an active key index to a second host; using the first encryption key to perform encryption and decryption operations; and in response to a determination of receiving a key change notification from a master node of the vSAN cluster, terminating a connection with the second host.

Abstract: In some embodiments, the present invention provides for a computer system which includes at least the following components: a plurality of computing devices associated with a plurality of users associated with a plurality of users; where each computing device of the plurality of computing devices is configured to: electronically receive software which, when being executed, cause such computing device to display a plurality of instances of a specifically programmed graphical user interface (GUI); where each instance of the GUI is configured to display a real-time updatable meeting information representative of a direct electronic proximity-based communication between at least two computing devices associated with at least two users who desire to meet at a particular location to engage in a transaction of at least one good, at least one service, or both, whose marketable value lasts for a period of 30 seconds to 60 minutes.

Abstract: A database stores a document as a plurality of encrypted records, where each record is indicative of an incremental change to the state of the document, and encrypted using a document key. The document key is stored with encryption decryptable using a group key, and the group key is stored with encryption decryptable using a first access key. In response to a request to rotate from the first access key to a second access key, the database decrypts the group key using the first access key, a stores a group key re-encrypted with the second access key.

Abstract: A system and method for inspecting encrypted disks for a cybersecurity object using a custom key are disclosed. The method includes detecting an encrypted disk in a cloud computing environment, the cloud computing environment including a security policy service; authorizing a key policy on the security policy service for a custom key of an inspector account, wherein the key policy is a policy authorized to decrypt the encrypted disk; generating a second encrypted disk based on the encrypted disk; inspecting the second encrypted disk for a cybersecurity object with the custom key; and releasing a resource allocated to the second encrypted disk in response to completing the inspection.

Abstract: A camera is provided that stores an encryption key locally and transmits the encryption key using near field communication (NFC) when the encryption key is requested by the user. In one embodiment, the camera includes a lens for recording video and an encryption engine for encrypting the video. The camera further includes a security chip for storing an encryption key locally in the camera. Additionally, the camera includes a near field communication (NFC) module that provides a bridge between the security chip of the camera and the device at which the user is viewing the images recorded by the lens. The NFC module includes memory for temporarily storing the encryption key and an NFC transceiver for sending the encryption key from the memory of the NFC module to the device at which the user is viewing the images recorded by the lens of the camera.

Abstract: Disclosed is a system and a method for information distribution. The system comprises: a server for generating a group key and its corresponding key deriving parameter, wherein the server encrypts sensitive contents by using the group key to obtain encrypted information; and terminals configured to receive the encrypted information through an open channel, extract the group key, then decrypt the encrypted information by using the group key to obtain the original content. In the group forming process, each terminal encrypts its private identifier using the public key and submits the ciphertext to the server. In information distribution process, the server transmits the ciphertext of sensitive contents and the key deriving parameter to the terminals via open channel Because private information available only to respective group members is required for calculating the group key, this mechanism ensures that the sensitive content can be transmitted securely on the open channel.

Abstract: Methods, apparatuses, and computer-readable medium for directional security are provided. An example method may include receiving, from a wireless device, a configuration for a set of shared keys. The example method may further include receiving, from a second UE, at least one message or signal including a location of the second UE, the received at least one message or signal being associated with an angle of arrival. The example method may further include configuring a key from the set of shared keys based on at least one of the received configuration, the location of the second UE, the AoA of the received at least one message or signal, or a location of the first UE. The example method may further include generating one or more ranging signals based on the configured key, the one or more ranging signals being directionally secure based on the location of the second UE.

Abstract: A method for improving data transmission security at a user equipment comprises receiving, from a source network node, a connection release message including instructions for computing a hash value for data to be included in a connection request message; computing the hash value based on the instructions included in the connection release message; calculating a token based on the hash value, and sending, to a target network node, the connection request message including the token. The method may further forward the data from the target network node directly to a gateway after the token has been verified. The method may reduce a signaling overhead by having a fixed-size hash value for data. Furthermore, the method may improve a transmission security by including the token in an RRC message, in which the token is calculated based on the hash value representing the data.

Abstract: A system includes processor(s) and memory(s). When encryption key(s) need to be generated to encrypt a key, processor(s): generate encryption key(s); encrypt key using encryption key(s) to generate encrypted key; split encrypted key and encryption key(s) into set(s) of key components, wherein subset of key components can be used to reconstruct encrypted key and encryption key(s); and erase key from memory(s). When encryption key(s) need to be used, processor(s): receive set(s) of key components from subset(s) of users that can be used to reconstruct encrypted key and encryption key(s) used to decrypt key from encrypted key; when set(s) of key components is received from subset(s) of users that can be used to reconstruct encrypted key and encrypted key(s), reconstruct encrypted key and encryption key(s); and when the encrypted key and the encryption key(s) have both been reconstructed, decrypt encrypted key into key using encryption key(s).

Abstract: A device may determine that a first link of the device is active. The device may determine whether a Media Access Control Security (MACsec) session is established on the first link. The device may selectively enable or disable a second link of the device based on determining whether the MACsec session is established on the first link.

Abstract: A computer-implemented method for improving the security of a data record distribution process using a blockchain having a group of input nodes and a group of output nodes, each group having a private-public key pair, but wherein the nodes only have a key share of their respective private key and no node has a full private key. Using threshold signature scheme, secret share joining, and stealth addresses, data records from the input nodes are pooled at a stealth address determined through collaborative action of the input nodes, requiring cooperative determination of their public key, a shared secret, and the stealth address. The public key is copied into the transaction. The output nodes locate the transaction and extract the public key, collaboratively verify its authenticity, and collaboratively determine the shared secret. Having done so, the output nodes may, collectively, sign a second transaction for distributing data records from the stealth address to the output addresses.

Abstract: A method including determining, by a first device for a folder, a folder access key pair including a folder access public key and a folder access private key; determining, by the first device, a sharing encryption key based on the folder access private key and an assigned public key associated with a second device; and encrypting, by the first device, the folder access private key based on utilizing the sharing encryption key; determining, by a second device, a sharing decryption key based on the folder access public key and an assigned private key associated with the second device; decrypting, by the second device, the folder access private key based on utilizing the sharing decryption key; and accessing, by the second device, the folder based on utilizing the folder access private key. Various other aspects are contemplated.

Abstract: Systems and methods for providing a rewards payment form linked directly to a rewards account are described. The system can determine, based on a comparison of a location of a mobile device with a merchant location of a merchant, that the mobile device is at the merchant location. The system can determine that the merchant participates in a rewards promotion and can receive a transaction request associated with a rewards account and a cryptogram. The system can authenticate the transaction request by decrypting the cryptogram and can activate the rewards promotion based on the determination that the mobile device is at the merchant location and the determination that the merchant participates in the rewards promotion.

Abstract: A device, method, and computer readable storage medium generate a biometric public key for an individual based on both the individual's biometric data and a secret, in a manner that verifiably characterizes both while tending to prevent recovery of either by anyone other than the individual. The biometric public key may be later used to authenticate a subject purporting to be the individual, using a computing facility that need not rely on a hardware root of trust. Such biometric public keys may be distributed without compromising the individual's biometric data, and may be used to provide authentication in addition to, or in lieu of, passwords or cryptographic tokens. Various use cases are disclosed, including: enrollment, authentication, establishing and using a secure communications channel, and cryptographically signing a message.

Abstract: An embedded processing system includes processing circuitry, a memory system, and a reprogramming control. The reprogramming control is configured to receive a transaction indicator and user credentials from a reprogramming system, the transaction indicator identifying a type of configuration item to program in the memory system. The reprogramming control is further configured to access user authentication data to authenticate authority of a user to program the memory system based on the transaction indicator and user credentials and receive an encrypted configuration item. The reprogramming control is further configured to decrypt and authenticate the encrypted configuration item as a decrypted and authenticated configuration item responsive to authenticating the authority of the user, and store the decrypted and authenticated configuration item in the memory system.

Abstract: A security accelerator device stores a first credential that is uniquely associated with the individual security accelerator device and represents a root of trust to a trusted entity. The device establishes a cryptographic trust relationship with a client entity that is based on the root of trust, the cryptographic trust relationship being represented by a second credential. The device receives and store a secret credential of the client entity, which is received via communication secured by the second credential. Further, the device executes a cryptographic computation using the secret client credential on behalf of the client entity to produce a computation result.

Abstract: In a method for decrypting persistent user cryptographic keys in a distributed cryptographically secured peer-to-peer filesystem, a primary input value is received from a first user on a first peer device. A symmetric user encryption key UK1 is generated for the first user from the primary input value on the first peer device. An encrypted private key ePrK1 is requested and received from a non-volatile memory of a data persistence server using the first peer device. The encrypted private key ePrK1 is decrypted using the symmetric user encryption key UK1 using a symmetric decryption algorithm on the first peer device, producing a private key PrK1=ESUK1?1(ePrK1). The private key PrK1 is used to reconstruct a distributed file.

Abstract: Embodiments are provided for centralized control of execution of a quantum program. In some embodiments, a system can include a processor that executes computer-executable components stored in memory. The computer-executable components include a synchronization component that causes multiple controller devices remotely located relative to the system to be synchronized with one another and the system. The computer-executable components also include an ingestion component that accesses measurement data resulting from one or more measurements at respective qubit devices. The computer-executable components further include a composition component that generates, using the measurement data, one or more control messages for respective second controller devices of the multiple controller devices.

Abstract: A method for causing sending and receiving of an encrypted file between a sending user terminal and a receiving user terminal connected via a network to be performed in a secret state via a management server is provided. The sending user terminal encrypts an original file and then fragments the original file into a plurality of divided files, creates a plurality of combined files formed by combining a plurality of the divided files, and distributes and saves the combined files to which restoration information for opening the combines files has been added in a plurality of online storages. The receiving user terminal can open the combined files obtained from the online storages by using the restoration information received from the management server to extract the divided files included in the combined files, and can restore the original file from the divided files.

Abstract: A method including transmitting, by an infrastructure device to a distributor device, an invitation link to enable the distributor device to distribute network services; activating, by the distributor device, the invitation link; transmitting, by the infrastructure device to the distributor device, seed information based on verifying that the invitation link was activated by the distributor device; determining, by the distributor device, a distributor key pair including a distributor public key and a distributor private key based on utilizing the seed information; transmitting, by the distributor device to the infrastructure device, an action request related to an action to be performed regarding the network services, a portion of the action request being signed based on utilizing the distributor private key; and validating, by the infrastructure device, the action request based on utilizing the distributor public key to enable performance of the action regarding the network services is disclosed.

Abstract: An intelligent electronic device (IED) includes memory and a processor operatively coupled to the memory. The processor is configured to establish, over a communication network of a power system, a connection association (CA) with a receiving device using a MACsec Key Agreement (MKA). The processor is configured to automatically send device management information via the MKA process.

Abstract: Systems and methods for end to end encryption are provided. In example embodiments, a computer accesses an image including a geometric shape. The computer determines that the accessed image includes a candidate shape inside the geometric shape. The computer determines, using the candidate shape, an orientation of the geometric shape. The computer determines a public key of a communication partner device by decoding, based on the determined orientation, data encoded within the geometric shape. The computer receives a message. The computer verifies, based on the public key of the communication partner device, whether the message is from the communication partner device. The computer provides an output including the message and an indication of the communication partner device if the message is verified to be from the communication partner device. The computer provides an output indicating an error if the message is not verified to be from the communication partner device.

Abstract: The present disclosure provides a method for encryption programming, including: selecting an encrypted programming file that matches the programmer from a target folder; loading the selected encrypted programming file; if a current number of times for programming of the programmer is greater than or equal to a maximum number of times for programming, destroying the selected encrypted programming file and ending programming; otherwise, decrypting the selected encrypted programming file; if the current number of times for programming of the programmer is less than an initial number of times for programming, replacing the current number of times for programming of the programmer with the initial number of times for programming, otherwise, re-encrypting the decrypted encrypted programming file and programing the re-encrypted programming file into a target chip. A programmer is further provided.

Abstract: An asymmetric cryptographic method for securing access to a private key generated and stored in a device is provided. The method includes generating an application password relating to a predetermined level of entropy; generating, within a trusted execution environment relating to a key manager, a user private key secured by using the application password; receiving, from a user via an input device, user entropy relating to a unique identifier for the user; deriving, using a password derivation function, a symmetric key based on the user entropy; encrypting, using an encryption system, the application password by using the symmetric key; and storing, in a memory, a device payload component relating to the application password and the symmetric key in a password management system.

Abstract: A computer-implemented method includes: identifying, by a computing device, private portions and non-private portions of content displayed on a user device; generating, by the computing device, instructions to modify the display of the content on the user device to mask the private portions of the content, group the private portions of the content together, and group and the non-private portions of the content together; and outputting, by the computing device, the instructions to cause the user device to modify the display of the content on the user device such that the masked private portions of the content are grouped together and the non-private portions of the content are grouped together, wherein the non-private portions are exposed and visible.

Abstract: Systems and methods are for content security may comprise transmitting a request for authorization to access secured content. A content key for the secured content may be received and stored to a restricted region of a memory. A device security module may have access to the restricted region and may decrypt, based on satisfaction of a use condition and using the content key, the secured content. An encryption key associated with a secure media system authorized to access the secured content may be received. The device security module may encrypt, using the encryption key, the secured content and route the secured content to the secure media system.

Abstract: Disclosed herein is a method performed by an apparatus. In the method, a payload information item is obtained that is to be communicated to at least one recipient. An encrypted payload information item is obtained by encrypting said payload information item such that it is decryptable by use of a first decryption key and a second decryption key. Further, a message containing said encrypted payload information item is sent or triggered to be sent to said recipient.