Abstract: The present disclosure relates to systems, methods, and computer-readable media for performing out-of-band discovery of service definitions to enable a central computing device to interact with one or more peripheral devices. For example, systems disclosed herein include retrieving a hash value for a peripheral device representative of a set of service attributes associated with the peripheral device. Based on the hash value, the systems disclosed herein can identify a service database entry including service definitions that enable the central computing device to interact with the peripheral devices. Using the service definitions, the central computing device can interact with any peripheral device that shares the same set of service attributes as the peripheral device.

Abstract: Disclosed embodiments relate to implementing, as a microservice at a client, a searchable-encryption service. Operations may include executing the microservice at the client to perform operations including: encrypting data based on a cryptographic key accessible to the client; sending the encrypted data to a network storage resource; identifying, at the microservice, a search query in plaintext; encrypting the search query according to the cryptographic key; sending the encrypted search query to the network storage resource; and receiving a response to the encrypted search query from the network storage resource.

Abstract: A storage system includes a host device and a storage device. The host device generates a file, and generates a unique file identifier (UFID) for each file, wherein the UFID is based on an identifier of the generated file and at least one logical address corresponding to the generated file. The storage device generates a key for encrypting or decrypting write data corresponding to the generated file based on the UFID and a random number, and encrypts the write data by using the key.

Abstract: A device in a wireless device security system may include at least one processor configured to determine a location of the device with respect to a security area. The at least one processor may be further configured to provide an alert output when the determined location of the device is proximate to a boundary of the security area. The at least one processor may be further configured to prevent the device from responding to at least some user input when the determined location of the device is outside of the security area. The at least one processor may be further configured to provide a disturbance output when the determined location of the device is outside of the security area.

Abstract: A system is provided for publishing a disparate per-client live media output stream based on dynamic insertion of targeted non-programming content and customized programming content. A first manifest request, including one or more parameters, is received from a first client device. Based on one or more parameters and associated indexed metadata, a first additional content that includes customized first programming content and targeted first non-programming content for first client device are determined. A first programming schedule is generated for first client device based on selected one or more live input streams and/or one or more pre-encoded media assets, indexed metadata, and first additional content. A first disparate live media output stream manifest for first client device is published based on insertion of selected one or more live input stream manifests and/or one or more pre-encoded media asset manifests, indexed metadata, and first additional content in accordance with first programming schedule.

Abstract: Systems, methods, and circuitries are disclosed for a per-process memory encryption system. At least one translation lookaside buffer (TLB) is configured to encode key identifiers for keys in one or more bits of either the virtual memory address or the physical address. The process state memory configured to store a first process key table for a first process that maps key identifiers to unique keys and a second process key table that maps the key identifiers to different unique keys. The active process key table memory configured to store an active key table. In response to a request for data corresponding to a virtual memory address, the at least one TLB is configured to provide a key identifier for the data to the active process key table to cause the active process key table to return the unique key mapped to the key identifier.

Abstract: According to an embodiment, an information processing device operates while switching between a secure mode and a non-secure mode. The information processing device includes processing circuitry. The processing circuitry is configured to function as a switching unit. The switching unit switches a mode from the secure mode to the non-secure mode at the time when the information processing device is operating in the secure mode.

Abstract: Examples herein disclose a processor-based computing system. The system comprises at least one processor, a non-volatile memory comprising a basic input output system (BIOS), wherein the BIOS creates a data structure and sets up at least one verification software component executed by the processor, a controller communicatively linked to the at least one verification software component, and a memory comprising a system management memory coupled to the at least one processor and code which is executable by the processor-based system to cause the processor to validate the BIOS during a runtime of the processor-based system using the at least one verification software component and the controller.

Abstract: A method, device, and computer program product for fingerprint based status detection in a distributed processing system is provided. The method comprises: generating and sending, at a root node, an initial fingerprint based on the output message ID to be sent; at a middle node, generating and sending an updated fingerprint based on a received input message ID, an output message ID to be sent and a received fingerprint; sending, at the leaf node, a final updated fingerprint to a tracking task point; and obtaining, at the tracking task point, status information based on the final updated fingerprint. As the method does not generate traffic at each node but only generates tracking traffic at leaf nodes, the approach according to the present disclosure reduces tracking overhead significantly while guaranteeing the reliability of data processing.

Abstract: The present disclosure pertains to systems and methods for establishing trust relationships between a software defined network (SDN) controller and a SDN communication device. In one embodiment, a SDN controller may comprise a communications interface configured to communicate with a plurality of SDN network devices. A commissioning subsystem configured to detect a new device associated with the SDN. In response to a new device, a user interface subsystem may be configured to receive a user approval to commission the new device. A trust subsystem configured to establish a first SDN controller trusted credential and to transmit a first device trusted credential based on the first SDN controller credential to the new device. Programming instructions to the new device authenticated using the first SDN controller trusted credential by a SDN programming subsystem.

Abstract: A transactional block storage system is provided which is capable of supporting a single-phase commit for data writes specifying a protected storage unit. The storage system includes a data storage map that logically links the protected data storage unit to two or more block storage units associated with a layer of the protected data storage unit. The storage system also includes an address abstraction layer which translates write requests to the block storage units and resolves whether those write requests are atomically committed to the storage system in a single phase transaction. The address abstraction layer is further configured to detected when a block storage unit becomes unavailable during a transaction and create a cleaning kit for that block in order to prevent data loss. Additionally, the address abstraction layer facilitates moving, copying, and merging of block storage units without global locking in the storage system.

Abstract: Utilities (e.g., systems, methods, etc.) that make use of a secure input/output (I/O) channel between system firmware (e.g., BIOS) and the SP to allow the BIOS to securely send data (e.g., error data) for secure consumption by the SP while preventing or limiting other sources from sending falsified data or the like the SP. The secure I/O channel includes interface hardware (e.g., Field-programmable gate array (FPGA)) that is configured to be unlocked by the BIOS using a security key received from a key generator over a separate security channel. After such data is securely sent to the interface hardware, the BIOS may then pass error interrupt(s) to the OS for performing of any necessary recovery actions. At any appropriate time, the SP may read or consume error data from the memory register of the interface hardware and perform any appropriate diagnoses and/or handling of the error data.

Abstract: A Data Storage Device (DSD) or a server is set to an unlocked state to allow access to a memory of the DSD or to a DSD of the server. Communication is established with an access station using a wireless communication interface, and an access code is received from the access station via the wireless communication interface. If the received access code is determined to be valid, the DSD or server is set to the unlocked state. According to another aspect, communication is established with a DSD or a server using a wireless communication interface, and an access code is generated and sent to the DSD or the server for setting the DSD or the server to the unlocked state.

Abstract: System and method for executing cryptographically secure transactions in a network comprising a public ledger, comprising associating a first proposed transaction with a public keys smart contract and associating at least a second transaction including private data and public data in said network with a cryptographically secure transaction.

Abstract: An automatic pairing method and a server are provided. The automatic pairing method is performed by the server for automatically pairing a first device with a second device. The automatic pairing method includes following steps. A user account associated with the first device is stored. An association request for associating the second device with the user account is received. A first security configuration parameter of the first device is transmitted to the second device. A second security configuration parameter of the second device is transmitted to the first device.

Abstract: A computing device includes an interface configured to interface and communicate with a dispersed storage network (DSN), a memory that stores operational instructions, and a processing module operably coupled to the interface and memory such that the processing module, when operable within the computing device based on the operational instructions, is configured to perform various operations. For example, the computing device generates a prioritized request that includes at least one of a task for execution or a priority level based on information stored within a storage unit (SU) of a plurality of storage units (SUs) implemented within the DSN. Note that the information corresponds to a data object that is related to a set of encoded data slices (EDSs) that are distributedly stored within the DSN. The computing device then transmits the prioritized request to the SU and receives, from the SU, a response to the prioritized request.

Abstract: Methods and systems for managing and/or processing a blockchain to maintain data security for confidential and/or personal data are provided. According to certain aspects, the disclosed data security techniques may enable access sharing functionality utilizing the blockchain. For example, access sharing may be utilized to share policy information. The policy information may be associated with a smart contract. Accordingly, the policy information may be encrypted using a public key for the smart contract and compiled into a block of the blockchain. In response to a request to provide access to the information to a particular node, the private key for the smart contract may be encrypted using the public key for the particular node and compiled into a block of the blockchain.

Abstract: A system for transmitting audio and/or video data is described that comprises a functional unit configured to process the audio and/or video data and an error detection unit configured to detect an error in audio and/or video data processing. The system is configured to generate and transmit an access token configured to grant access at least to the functional unit when an error is detected. Further, a method for granting secured access is described.

Abstract: A system and method are disclosed for rendering published documents tamper evident. Embodiments render classes of documents tamper evident with cryptographic level security or detect tampering events, where such security was previously unavailable, for example, in documents printed using common printers without special paper or ink. Embodiments enable proving the date of document content without the need for expensive third party archival, including documents held, since their creation, entirely in secrecy or in untrustworthy environments, such as on easily-altered, publicly-accessible internet sites. Embodiments can use a document's prior registration date in a blockchain to establish a no-later than date-of-existence for that document. Embodiments can extend the useful life of integrity verification algorithms, such as hash functions, even when applied to binary executable files.

Abstract: The invention relates generally to improved secure data storage that utilizes zoned data storage and control and/or integration of discrete data for masking the stored data. The data may be divided and stored in different zoned databases and assigned different access rights in order to separate data that is part of a larger combination of data into smaller data portions, which makes it difficult for unauthorized use of such data. Additionally, or alternatively, data that is stored within a database may be combined with other discrete data (e.g., unrelated real data) in order to mask the data being stored. As such, the masked data is more secure and less storage spaces is required due to the utilization of real data for masking. When an unauthorized requestor of the stored data is identified deterrence actions may be taken to reduce the unauthorized user's ability to access the desired data.

Abstract: Embodiments of the present invention provide a system for converting ubiquitous language instructions to robotic process automation executable action steps and executing the action steps. A managing system receives an encrypted user input from a computing device of the user, where the user input comprises instructions entered in ubiquitous language (e.g., common vernacular, or other non-complex programming language). The user input is decrypted and an action keyword is identified from the ubiquitous language instructions. The action keyword for each instruction is compared to a conversion database to determine a set of execution steps associated with each action keyword. These execution steps are in a format that enables a robotic process automation system to perform the execution steps. The set of execution steps is then transmitted to the robotic process automation system that automatically performs the set of execution steps through a workstation or other operating station of the user.

Abstract: A computer-implemented method for information protection comprises: determining one or more data inputs and one or more data outputs for a transaction, wherein the data inputs are associated with input data types respectively, and the data outputs are associated with output data types respectively; encrypting the input data types and the output data types; committing each of the encrypted input data types and the encrypted output data types with a commitment scheme to obtain corresponding commitment values; obtaining at least a parameter R based at least on the commitment values; and submitting the transaction to one or more nodes in a blockchain network with disclosure of the parameter R and without disclosure of the input data types and output data types for the nodes to verify consistency between the input data types and the output data types.

Abstract: Example embodiments of the present invention relate and a method and an apparatus for managing a short hash handle. The method including receiving an I/O including a first identifier for a data block and examining the first identifier in comparison with a second identifier. The data block identified in the I/O then may be managed according to the first identifier and the second identifier.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for rollback resistant security are disclosed. In one aspect, a method, during a boot process of a computing device, includes the actions of obtaining a secret key derived from device-specific information for the computing device. The method further includes verifying that a signature for a software module is valid. The method further includes obtaining information indicating a current version of the software module. The method further includes using the secret key to generate a first encryption key corresponding to the current version of the software module and a second encryption key corresponding to a prior version of the software module. The method further includes preventing future access to the secret key until the computing device is rebooted. The method further includes providing the software module access to the first encryption key and the second encryption key.

Abstract: For an encryption management module of a host that executes one or more data compute nodes (DCNs), some embodiments of the invention provide a method of providing key management and encryption services. The method initially receives an encryption key ticket at an encryption management module to be used to retrieve an encryption key identified by the ticket from a key manager. When the encryption key has been retrieved, the method uses the encryption key to encrypt a message sent by a data compute node executing on the host requiring encryption according to an encryption rule. The encryption key ticket, in some embodiments, is generated for an encryption management module to implement the principle of least privilege. The ticket acts as a security token in retrieving encryption keys from a key manager. Ticket distribution and encryption rule distribution are independent of each other in some embodiments.

Abstract: A system for performing coincident boot of computing devices having non-volatile memory and secure and non-secure partitions on the same System on Chip (SoC) or on a similarly capable computing device with secure division and separation of sensitive memory resources, secure protection of intellectual property during boot and post-boot, and support for secure interoperations between secure and non-secure states. The system packages components of the boot loader into a single signed and encrypted package. That package is loaded into the non-secure memory where it is verified before being extracted to the secure partition.

Abstract: According to one embodiment, an information processing apparatus includes a first memory, a signal generation unit, an integrity check unit, and an access-right update unit. Firmware is stored in the first memory. The signal generation unit is configured to generate a signal when there is access violating access right, to the first memory. The integrity check unit is configured to perform, when the access violating access right is a verification request with respect to a predetermined verification target region, integrity check with respect to the verification target region in response to the signal. The access-right update unit is configured to update access right corresponding to the verification target region, to which the integrity check has been performed.

Abstract: The system may include a method comprising requesting, by a computer, a receiver identifier associated with a receiver; receiving, by the computer, the receiver identifier in association with content; constructing, by the computer, a URL link comprising access to DICOM viewer code, DICOM data for the selected images, a sender identifier and the receiver identifier; generating, by the computer, a notification to the receiver, wherein the notification includes the URL link; and transmitting, by the computer, the notification to a receiver based on the receiver identifier.

Abstract: The present application generally relates to systems, devices, and methods to conduct the secure exchange of encrypted data using a three-element-core mechanism consisting of the key masters, the registries and the cloud lockboxes with application programming interfaces providing interaction with a wide variety of user-facing software applications. Together the mechanism provides full lifecycle encryption enabling cross-platform sharing of encrypted data within and between organizations, individuals, applications and devices. Further the mechanism generates chains of encrypted blocks to provide a distributed indelible ledger and support external validation. Triangulation among users, applications and the mechanism deliver both enterprise and business ecosystem cyber security features. Crowdsourcing of anomaly detection extends to users and to subjects of the data. Robust identity masking offers the benefits of anonymization while retaining accountability and enabling two-way communications.

Abstract: A data handling system includes a block-based storage device. An encryption key structure block includes key structure locations that may store encryption key structures. A key structure may take on at least three states: an erased state, an active state, and a zeroized state. The key structure includes error control data fields that are configured to contain error control data that independently protect data of the key structure in the active and the zeroized state. Key structures may be stored to key structure locations within a first encryption key block until each key structure location has stored a key structure in the active or zeroized state. Subsequently, the key structures in the active state may be copied and stored in key structure locations within a second encryption key block.

Abstract: An encryption device (500) includes an encryption unit (504), a detection element generation unit (505), and a transmission unit (506). The encryption unit (504) encrypts a plain text by using one of a pair of keys to generate an encrypted text into which the plain text has been encrypted and which can be subjected to homomorphic computation. The detection element generation unit (505) generates a detection element E used to detect a change in the encrypted text by using the one key and the encrypted text. The transmission unit (506) transmits the encrypted text and the detection element.

Abstract: A method is provided for securely providing data for use in a consumer electronics device having a processor performing instructions defined in a software image. The method includes receiving the data encrypted according to a global key, further encrypting the data according to a device-unique hardware key, storing the further encrypted data in a secure memory of the consumer electronics device, providing the global key to a whitebox encoder for encoding according to a base key to generate a whitebox encoded global key, and transmitting the software image to the consumer electronics device for storage in an operating memory of the consumer electronics device, the software image having a whitebox decoder utility corresponding to the whitebox encoder and the whitebox encoded global key.

Abstract: Embodiments verify a digital asset by a first owner of the digital asset in response to a first transaction with a creator of the digital asset, the first owner having a corresponding first owner private key and a first owner public key. Embodiments receive a first digital record that corresponds to the digital asset. The first digital record includes an initial portion including initial parameters and a creator public key of the creator, and an appended initial digital signature computed using the initial parameters, the creator public key, and a creator private key of the creator. The first portion includes first parameters. Embodiments extract from the first digital record the creator public key, extracts from the first digital record the first digital signature and extracts from the first digital record the initial portion, the initial digital signature, and the first portion.

Abstract: A method, electronic device, and computer readable storage medium, for secure context-aware management of passwords stored in a password manager application in an electronic device. The password manager application prompts for entry of a password at a first user interface to unlock display of sensitive information in a second user interface. A first portion of the sensitive information is displayed in a prioritized list in the unlocked second user interface, with the second portion of the sensitive information remaining user inaccessible, only while the password manager application is in a certain password access context based on contextual information in the electronic device. The contextual information can be any combination of a current geolocation of the device, a current time, an identification of an access point in a vicinity of the device, and other contextual information.

Abstract: Methods and systems for securely deleting electronic files and other data stored within a data storage system are described. Each file or separately deletable portion of data stored within the data storage system may be encrypted using a distinct data encryption key. When the file is selected for deletion, both the file and the corresponding data encryption key may be deleted. The data encryption key used for encrypting the file may be encrypted using a key encryption key. If the file and the corresponding data encryption key are both stored using an SSD, then the key encryption key may be stored using a HDD. The ability to physically delete or directly overwrite the key encryption key stored within the HDD may ensure that the file and the data encryption key stored using the SSD are no longer cryptographically recoverable.

Abstract: A method comprises dividing a data segment of a data object into a plurality of data chunks. The method continues with all-or-nothing (AONT) encoding each data chunk of the plurality of data chunks to produce a plurality of sets of AONT encoded data pieces. Note a set of AONT encoded data pieces includes T number of AONT encoded data pieces. The method continues by splitting and rearranging the plurality of sets of AONT encoded data pieces to produce the T number of sets of AONT encoded data pieces. The method continues by dispersed storage error encoding the T number of sets of AONT encoded data pieces to produce a set of encoded data slices, which include the T number+an R number of encoded data slices.

Abstract: A method and system for securely replicating encrypted deduplicated storages. Specifically, the method and system disclosed herein entail the replication and migration of encrypted data between storage systems that support deduplication. More specifically, a first encrypted data, which may have been encrypted using a first public cryptographic key and consolidated on a source storage system, may be translated into an interim (yet still encrypted) state using a first split private cryptographic key. Thereafter, using a compound conversion key, the interim state data may be further translated into a second encrypted data, which may be characterized as being encrypted by a second public cryptographic key. Therefore, substantively, the method and system disclosed herein may be directed to the translation of encrypted data from one encryption scheme to another while in-flight from a source storage system to a target storage system.

Abstract: Isolating resources between sub-entities. A method includes receiving data from a particular connected device. A memory storing a hierarchical graph that defines a topology for an entity is accessed. Branches or leaves in the graph include a node that represents a connected device, such as a sensor, controller, or computing system. Each connected device is configured to provide data or receive control signals. Each of the branches or leaves can be indicated as belonging to a particular sub-entity. A particular branch from the hierarchical graph having the particular connected device is identified using the graph. A sub-entity to which the particular branch belongs is identified. The method identifies that the particular sub-entity should be isolated from other sub entities. The data from the particular connected device is provided to a set of resources specifically allocated for the particular sub-entity.

Abstract: The present invention involves with a method of hybrid searchable encryption, involving using at least one first computing device that has a first processor configured to perform steps of: using a first symmetric key to encrypt data so as to obtain a data first ciphertext, using a second symmetric key to encrypt a keyword related to the data so as to obtain a searchable keyword first ciphertext that is related to the data first ciphertext, and saving the data first ciphertext and the keyword first ciphertext in a first memory of a first computing device; and using the first symmetric key to encrypt the keyword so as to generate a keyword second ciphertext, using a first public key to encrypt the keyword so as to obtain a searchable third keyword ciphertext related to the keyword second ciphertext, and sending the keyword second ciphertext and the searchable third keyword ciphertext to a second computing device; wherein the second computing device has a second processor that is configured to perform steps of:

Abstract: A data model is defined to describe objects. Attributes from the data model are associated with providing authorization right for executing actions on object instances of the objects. A hierarchy of object groups is declared. Objects group collections are defined on top of the hierarchy. A vocabulary including definitions of attributes of objects and including definitions of assignments of objects to object groups is created. The vocabulary is related to determining authorization rights for executing actions based on attributes and hierarchy organization of objects. A capability to determine authorization to perform an action by a user on a set of objects is defined based on the vocabulary. When a request for performing an action by a user on object instances is received, a filtering expression based on the capability is generated to be included in a where clause of a query.

Abstract: The present disclosure relates to a system and method for forensic access control of an electronic device. More specifically, the present disclosure relates to a system and a method for handling encryption and decryption of access keys of an electronic device.

Abstract: In this searchable encryption processing system in which a registered client and a management server are connected via a network, the registered client is provided with a registered client processing unit that generates, on the basis of the difference between a first secret key for encrypting plaintext data and a second secret key for newly encrypting the plaintext data, a difference key mask for updating, by using the second secret key, confidential data encrypted by the first secret key.

Abstract: A counter integrity tree for memory security includes at least one split-counter node specifying at least two counters each defined as a combination of a major count value shared between the at least two counters and a respective minor count value specified separately for each of the at least two counters. This increases the number of child nodes which can be provided per parent node of the tree, and hence reduces the number of tree levels that have to be traversed in a tree covering a given size of memory region. The minor counter size can be varied dynamically by allocating nodes in a mirror counter integrity tree for accommodating larger minor counters which do not fit in the corresponding node of the main counter integrity tree.

Abstract: A method for performing cryptography operations on data blocks within a volume of data is disclosed. The method involves generating a volume master key, generating a user key, generating a volume initialization vector, generating an intermediate key, generating a user volume key, and performing cryptography operations on data blocks within an individual volume of data using the volume master key, the user key, the volume initialization vector, the intermediate key, and the user volume key.

Abstract: Embodiments include a storage device, comprising: a communication interface; data storage media; key storage media; and control logic configured to: receive a first key associated with a second key through the communication interface; store the first key in the key storage media; and restrict access through the communication interface to data stored in the data storage media using at least one of the first key and the second key.

Abstract: An automated process blocking system may be configured to automatically block one or more processes based on received user consent data. For example, a particular data subject may provide consent for an entity to process particular data associated with the data subject for one or more particular purposes. The system may be configured to: (1) determine that one or more entity systems are processing one or more pieces of personal data associated with a data subject; (2) identify at least one process for which the one or more pieces of personal data are being processed; (3) determine, using a consent receipt management system, whether the data subject has provided consent for the processing of the one or more pieces of personal data for the at least one process; and (4) in response to determining that the data subject has not provided valid consent, automatically blocking the processing.

Abstract: This disclosure includes techniques for using multiple cryptographic certificates for a secure connection. One embodiment is a method including: receiving by a client N public encryption keys over a network from a server, wherein N is an integer greater than 1; generating N session keys in response to receiving the N public encryption keys; encrypting each of the N session keys with a respective one of the N public encryption keys; subsequent to encrypting each of the N session keys, sending the N session keys encrypted over the network to the server; encrypting, with a first one of the N session keys, a first portion of a payload associated with a first message; encrypting, with a second one of the N session keys, a second portion of the payload associated with the first message; and sending the first message, comprising the payload encrypted, to the server from the client.

Abstract: An apparatus includes a central processing unit and a parallel processing unit. The parallel processing unit includes an array of software-configurable general purpose processors, a globally-shared memory, and a shared memory. Each of the software-configurable general purpose processors in the array of software-configurable general purpose processors has access to the globally-shared memory to execute one or more portions of at least one of (i) a decoding program, (ii) an encoding program, and (iii) an encoding and decoding program. The shared memory is accessible by the central processing unit to program the shared memory with a map array describing a position of block data in one or more associated arrays.

Abstract: The invention relates to a method for transmitting data implemented between a terminal and an integrated circuit, said terminal and said integrated circuit communicating by means of an interface for transmitting and receiving data. According to the invention, said method comprises at least one iteration of the following steps, implemented by the terminal, generating (10) a command intended for said integrated circuit, said command comprising a command header; encrypting (20) said command (CX), delivering an encrypted command (CC); creating (20) a second command (CY), said command comprising a command header and data, said data being constituted at least partly by said encrypted commands (CC); transmitting (40) said second command (CY) to said integrated circuit.

Abstract: The present invention is enclosed in the field of digital information storage, specifically digital information storage with complies with high security and privacy requirements. It is an object of the present invention a method for secure storage of at least one element of digital information (201), comprising i) ciphering with at least one ciphering key (202) said at least one element of digital information (201) into a ciphered element of digital information (203) and ii) transmitting said ciphered element of digital information (203) and said at least one ciphering key (202) to a domain (2) (204) from a plurality of domains (2) (204) for subsequent storage, wherein said ciphered element of digital information (203) and said at least one ciphering key (202) are transmitted to different domains (2) (204). Such method may be implemented by a system comprising client devices and a front-end server.