A computer-implemented method according to one embodiment includes compressing an uncompressed instance of data to create a compressed instance of data; encrypting the compressed instance of data in response to determining that a size of the compressed instance of data is less than a predetermined threshold; creating a message authentication code (MAC) for the encrypted compressed instance of data; and adding a variable-length zero pad and the MAC to the encrypted compressed instance of data to create a formatted string.

Embodiments described herein provide a compressed container format that enables the container to be decrypted and decompressed in a streaming manner. One embodiment provides a container format for encrypted archives in which data is compressed and encrypted in a segmented manner. A segment of the archive can be decompressed, decrypted, and checked for integrity before the entire archive is received. Metadata for the encrypted archive is also encrypted to secure details of data stored within the archive.

This disclosure relates to systems and methods for performing cryptographic operations in connection with the management of electronic content using multiple license services. In some circumstances, a content service may not wish to share unencrypted content keys with a single license service for a variety of security reasons. Embodiments of the disclosed systems and methods may use multi-party cryptographic methods in connection with the management of protected content keys and/or associated licenses and/or the distribution of content keys and/or licenses to authorized users and/or devices. In various embodiments, a content service may split a content key into a plurality of key shares and may transmit the key shares to a plurality of different license services. The license services may coordinate operations to generate a protected content key without revealing unencrypted content key to any of the participating license services.

A processor includes an execution unit for executing a message padding instruction including an operand field indicating a register buffering a message block segment of a message block to be padded and a mode field indicating which hash functions is to be applied to the message block. The execution unit includes a padding circuit configured to receive a message block segment from a register indicated by the operand field, where the message block spans multiple registers in a register file. Based on which hash function is indicated by the mode field, the padding circuit selects a byte location in the message block segment at which to insert at least one padding byte and inserts the at least one padding byte at the byte location within the message block segment. The message block segment as padded by the at least one padding byte is written back to the register file.

A computer-implemented method of encrypting a data object of variable size utilizing an inner encryption algorithm can take a variable size input and of outputting, as its output, an encrypted version of the variable size input. The method comprises compressing or encoding the data object in its totality to obtain a compressed or encoded version of the data object in a format compatible with the inner encryption algorithm, encrypting, by the inner encryption algorithm, the compressed or encoded version of the data object to obtain an encrypted version of the data object, and decompressing or decoding the encrypted version of the data object to obtain a decompressed or decoded version of the encrypted version of the data object, which constitutes a format-preserved encrypted version of the data object.

A device may receive a request for a contract associated with a project. The request may include a blockchain identifier for an organization associated with the project and a set of project requirements for the project. The device may generate the contract using information included in the request. The contract may include one or more conditions that are associated with the set of project requirements. The device may create one or more blocks in a blockchain using the one or more conditions of the contract and the blockchain identifier. The device may receive multimedia data associated with completion of a phase of the project. The device may verify whether the phase of the project is complete using metadata associated with the multimedia data. The device may perform one or more actions based on verifying whether the phase of the project is complete.

Techniques of decrypting encrypted content involve performing, during each cycle of a CBC mode of decrypting blocks of ciphertext included in the streaming media, an obfuscation operation prior to generating a plaintext block from the ciphertext block of that cycle. For example, when a ciphertext block from a current CBC cycle is input into a decryption key function, the user device performs an XOR operation on the output of the decryption key function and an obfuscation pad to produce an obfuscated decryption key function output. The user device then performs a XOR operation on the obfuscated decryption key function output and a ciphertext block from a previous CBC cycle to produce an obfuscated plaintext block that cannot be read by a user device. The user device may recover the actual plaintext block by performing a XOR operation on the plaintext block and the obfuscation pad.

Systems and methods are disclosed for securely communicating sensitive such as an identifier. A user device may receive a first message comprising a terminal type indicator. For certain values of the terminal type indicator, the user device may be configured to transmit a request message comprising a first identifier and an encrypted identifier. For other values of the terminal type indicator, the user device may be configured to generating an obfuscated identifier based at least in part on a first portion of a second identifier and a second portion of the encrypted identifier. The user device may then transmit a request message that includes the obfuscated identifier and the encrypted identifier.

A method is provided for transmitting encrypted packets from a first node to a second node of a communication network. The first node pads each plaintext packet with a respective padding content. The padded plaintext packets are then encrypted and transmitted to the second node. For each plaintext packet, the first node randomly selects the padding size in a range comprised between a minimum padding size and a maximum padding size. If the size of a plaintext packet is lower than a predefined minimum packet size, the minimum padding size is set equal to the difference between predefined minimum packet size and the plaintext packet size.

Managing policies for a chain of administrative domains, from end-to-end, includes receiving, at a network device associated with an administrative domain that is part of a chain of administrative domains provisioning an Internet-based application or an Internet-based service to a network, a root block for a blockchain. The root block is generated by a network device in the network and includes a request for a specific network parameter over a specific time period. The network device associated with the administrative domain appends a first block to the blockchain including the root block to accept the request and configures the administrative domain in accordance with the specific network parameter when an end-to-end path in the chain of administrative domains accepts the request. The network device associated with the administrative domain also generates blockchain transactions that append network status updates to the blockchain during the specific time period.