Apparatus and methods of operation of the apparatus that create a virtual machine and enable an Agent within the virtual machine to another Agent via a digital communications network and establish a communication channel for logical communications via the digital communications network. Communications transmitted and received according to the present invention proceed directly from a PeN agent to a second Agent without any storage or recordation of the transaction on an intermediate server. In some embodiments, the digital communications according to the present invention remain essentially imperceptible to network operators.

The present disclosure relates to a data retention method which ensures security of classified information in design. The data retention method comprises steps as follows: a data plug of a dedicated storage module is inserted into a data socket of an encryption module and a locking element of a lock fastener module is fixed at a locking hole on the dedicated storage module; the encryption module and the dedicated storage module are electrically connected to each other through the data socket; an external component of the encryption module is electrically connected to an external device such that classified information (saved or to be saved) is encrypted or decrypted between the external device and a storage element of the dedicated storage module by an encryption component of the encryption module during data exchanges.

A method for securing user data that is stored to a tape cartridge having a medium auxiliary memory (MAM) is described. When user data is sent to a tape library from a client, the tape library sends a request to a cloud based key management service for a data key to encrypt the user data and an encrypted data key that corresponds to the data key. The data key is used to encrypt the user data which is then stored to the tape cartridge and the encrypted data key is stored to the MAM. Upon decrypting the encrypted user data, the encrypted data key is extracted from the MAM and sent to the cloud based key management service where it is used to produce the data key from the cloud based key management service which is then sent to the tape library. When the tape library is in possession of the data key, the encrypted data in the tape cartridge can then be decrypted and sent to a requester of the user data.

A coordinator device comprising communication circuitry configured to connect the coordinator device to a first remote device and to receive remote device description data for the first remote device from the first remote device. The coordinator device comprises processing circuitry configured to enable execution of firmware for the first remote device outside of the first remote device.

Methods and systems of monitoring and managing a facility including a plurality of end point devices. One system includes an end point device including an electronic processor, the electronic processor powered by an energy source local to the end point device. The electronic processor is configured to receive data from at least one electro-mechanical element of a fixture associated with the facility, the data related to an operation of the fixture. The electronic processor is also configured to convert the data pursuant to a networking protocol. The electronic processor is also configured to enable, over a network associated with the networking protocol, transmission of the converted data for virtual processing.

A peripheral device, for use with a host, comprises one or more compute elements a security module and at least one encryption unit. The security module is configured to form a trusted execution environment on the peripheral device for processing sensitive data using sensitive code. The sensitive data and sensitive code are provided by a trusted computing entity which is in communication with the host computing device. The at least one encryption unit is configured to encrypt and decrypt data transferred between the trusted execution environment and the trusted computing entity via the host computing device. The security module is configured to compute and send an attestation to the trusted computing entity to attest that the sensitive code is in the trusted execution environment.

A method for providing network access to a plurality of user entities through an access point, said access point comprising a LAN interface and a broadband network interface, the method comprising the following steps at a gateway device: establishing a second secure communication link with said access point; receiving an IP address allocation request from one of said plurality of user entities via said second secure communication link; accessing a AAA server to verify whether a successful authentication of said one of said plurality of user entities on the basis of data related to a mobile subscription associated with said one of said plurality of user entities has already taken place; and upon successful verification, completing an IP address allocation scheme with said one of said plurality of user entities and enabling relaying of data between said one of said plurality of user entities and a PDN; wherein said gateway device is adapted to aggregate a plurality of instances of second secure communication links from different access points towards said PDN.

Systems, methods, computer readable media and articles of manufacture consistent with innovations herein are directed to computer virtualization, computer security and/or memory access. According to some illustrative implementations, innovations herein may utilize and/or involve a separation kernel hypervisor which may include the use of a guest operating system virtual machine protection domain, a virtualization assistance layer, and/or a detection mechanism (which may be proximate in temporal and/or spatial locality to malicious code, but isolated from it), inter alia, for detection and/or notification of, and action by a monitoring guest upon access by a monitored guest to predetermined physical memory locations.

A cloud-based package-exchange-service for package delivery to, and pick-up from, a target vehicle includes a GPS-based proximity module. The GPS-based proximity module receives current GPS coordinates of a package delivery vehicle and of the target vehicle. The GPS-based proximity module stores both GPS coordinates. The GPS-based proximity module monitors a distance between the package delivery vehicle and the target vehicle of the customer. The cloud-based system also has a delivery module in the first server associated with a second database. The delivery module includes one or more lists of local delivery services that include registered individuals to be assigned for package exchange operations. The lists of local delivery services also include package delivery restrictions and conditions including package size, hours of operation, distance to operate, and delivery prices.

Embodiments of the invention introduce efficient methods for securely generating a cryptogram by a user device, and validating the cryptogram by a server computer. A secure communication can be conducted whereby a user device provides a cryptogram without requiring the user device to persistently store an encryption key or other sensitive data used to generate the cryptogram. The user device and server computer can mutually authenticate and establish a shared secret. Using the shared secret, the server computer can derive a session key and transmit key derivation parameters encrypted using the session key to the user device. The user device can derive the session key using the shared secret, decrypt the encrypted key derivation parameters, and store the key derivation parameters. Key derivation parameters and the shared secret can be used to generate a single use cryptogram key, which can be used to generate a cryptogram for conducting secure communications.