A digital rights management system is provided that includes a receiving device for receiving an encryption key request from a client device, a first database for storing a set of supported security capabilities corresponding to client device, a second database for storing a set of required security capabilities corresponding to at least one of the encryption key and content associated with the encryption key, a content management system for establishing rules to determine the set of required security capabilities corresponding to content, and a processing device. The processing device may be configured to identify the set of supported security capabilities corresponding to the client device and identify the set of required security capabilities corresponding to the content associated with the encryption key. The content management system may be configured to configure the set of supported security capabilities and configure the set of required security capabilities.

This disclosure describes systems and methods for protecting commercial off-the-shelf software program code from piracy. A software program may include multiple image files having code and data. A platform may modify the executable file such that the data may be placed at a location in memory that is an arbitrary distance from the code. The platform may encrypt the code and provide it to a computing device comprising a hardware enclave. The computing device may load the encrypted code into the hardware enclave but load the data into memory outside the hardware enclave. The computing device may request a decryption key from an authentication server using a hash of the hardware enclave signed by a processor. The authentication server may provide the decryption key if it verifies the signature and the hash. The computing device may decrypt the code and mark the hardware enclave as non-readable.

Methods and systems for sharing a network link of a file in network storage for collaboration among multiple computing devices using end-to-end encryption may involve generating a link key associated with the file stored remotely in the network storage, being accessible by a first device, and to be accessible by a second device, encrypting a session key associated with the file to generate an encrypted session key using the link key, the file being encrypted with the session key and, generating a salt associated with the file, generating a verifier associated with the file using the link key, sending a message to a server computer with an identifier associated with the file, the salt, the verifier, and the encrypted session key, creating a first link to the file with a name associated with the first device, the identifier, and the link key, and transmitting the first link to second device.

A first playback device is configured to: operate as part of a synchrony group that comprises the first playback device and a second playback device; obtain a first version of audio content that is encoded according to a first encoding format; determine that the first version of the audio content is unsuitable for playback by the second playback device; based on the determination, (i) decode the first version of the audio content and (ii) re-encode a second version of the audio content according to a second encoding format; transmit the second version of the audio content to the second playback device for playback; cause the second playback device to play back the second version of the audio content; and play back the first version of the audio content in synchrony with the playback of the second version of the audio content by the second playback device.

Examples of secure recovery key management are described. In some examples, a management service receives a removable drive recovery key, a recovery key identifier, and a removable drive identifier from a management agent executed on a client device. The management service stores the information, reads the removable drive recovery key from the removable drive recovery key escrow, and transmits this to the management agent as a verification of accurate storage of the removable drive recovery key within the removable drive recovery key escrow.

An apparatus to facilitate security of a shared memory resource is disclosed. The apparatus includes a memory device to store memory data, wherein the memory device comprises a plurality of private memory pages associated with one or more trusted domains and a cryptographic engine to encrypt and decrypt the memory data, including a key encryption table having a key identifier associated with each trusted domain to access a private memory page, wherein a first key identifier is generated to perform direct memory access (DMA) transfers for each of a plurality of input/output (I/O) devices.

A memory device management system includes a first key acquisition unit that acquires a first key, a second key generation unit that generates a second key in accordance with a configuration of a memory device that is a management target, an equality determination unit that determines an equality between a value of the first key and a value of the second key, and a data erasure processing unit that erases data stored in the memory device in a case of a determination that the value of the first key and the value of the second key are different.

A storage device generates and stores a key stream and a value stream by extracting from data a plurality of keys and a plurality of values respectively corresponding to the plurality of keys. The storage device includes a controller and a non-volatile memory. The controller receives from a host information about an invalid key included in the key stream together with a compaction command, and performs a compaction operation on the key stream in response to the compaction command. The non-volatile memory stores the key stream and the value stream. The controller merges the key stream with another key stream based on the information about the invalid key in the compaction operation.

An apparatus comprises at least one processing device configured to select a snapshot lineage comprising one or more snapshots of a storage volume comprising data stored on one or more storage devices of a storage system, the snapshot lineage comprising at least one cloud snapshot lineage, the at least one cloud snapshot lineage comprising at least a subset of the one or more snapshots of the storage volume that have been copied to cloud storage of at least one cloud external to the storage system. The at least one processing device is also configured to generate configuration data for accessing the at least one cloud snapshot lineage. The at least one processing device is further configured to transfer the configuration data to at least one additional processing device to enable the at least one additional processing device to access the at least one cloud snapshot lineage.

A method for provisioning an electronic device includes providing a semiconductor wafer on which multiple integrated circuit (IC) chips have been fabricated. Each chip includes a secure memory and programmable logic, which is configured to store at least two keys in the secure memory and to compute digital signatures over data using the at least two keys. A respective first key is provisioned into the secure memory of each of the chips via electrical probes applied to contact pads on the semiconductor wafer. After dicing of the wafer, a respective second key is provisioned into the secure memory of each of the chips via contact pins of the chips. A respective provisioning report is received from each of the chips with a digital signature computed by the logic using both of the respective first and second keys. The provisioning is verified based on the digital signature.