Techniques for rapid video on demand (VOD) media content breach response are described. In some embodiments, during content preparation, a server generates an encrypted media content item by generating a first encrypted portion using a first key derived from a first seed that is of a first type and generating a second encrypted portion using a second key derived from a second seed that is of a second type. In some embodiments, the server classifies the first portion in a first category (e.g., a prioritized category) and the second portion in a second category (e.g., a non-prioritized category). During a breach response, the server repairs the encrypted media content item by re-encrypting portions in the first category, e.g., re-encrypting the first encrypted portion using a replacement key derived from a replacement seed that is of the first type, and updating encryption metadata.

Provided is a method for operating an authentication server for authenticating a user who is communicating with an enterprise via a network. The method include receiving, via the network, a first authenticator including first information from a low energy wireless device received via a user device wirelessly, and storing the first authenticator. When the authentication service later receives, from the enterprise, a request to authenticate the user, the authentication server transmits an authentication request to the user device via the network requesting that the user read information from the low energy wireless device using the user device. The information received from the low energy wireless device in response to the authentication request is then used authenticate the user by comparing the information received from the low energy wireless device due to the authentication request with the stored first authenticator.

A system on a chip (SoC) includes a security processor configured to determine that a first channel ID describing a {source, destination} tuple for a crypto packet matches a second channel ID describing a corresponding {source, destination} tuple for a preceding crypto packet received immediately prior to the crypto packet. The SoC also includes a decryption engine configured to, responsive to the determination that the first channel ID matches the second channel ID: obtain a set of round keys applied to perform an add round key computational stage of a previous decryption datapath used to decrypt a preceding cipher text block obtained from the preceding crypto packet, and to reuse the set of round keys to perform a corresponding add round key computational stage of a current decryption datapath used to decrypt a cipher text block obtained from the crypto packet.

A computer-implemented method according to one embodiment includes compressing an uncompressed instance of data to create a compressed instance of data; encrypting the compressed instance of data utilizing wide-block encryption in response to determining that a size of the compressed instance of data is less than a predetermined threshold; and adding a zero pad to the encrypted compressed instance of data to create a ciphertext string.

A computer-implemented method according to one aspect includes creating an initialization vector, utilizing an instance of plaintext and a secret key; encrypting the instance of plaintext, utilizing the initialization vector, the secret key, and the instance of plaintext; combining the initialization vector and the encrypted instance of plaintext to create a ciphertext string; and sending the ciphertext string to a storage device performing deduplication.

One feature pertains to a method for secure wireless communication at an apparatus of a network. The method includes receiving a user equipment identifier identifying a user equipment and a cryptographic key from a wireless wide area network node, and using the cryptographic key as a pairwise master key (PMK). A PMK identifier (PKMID) is generated based on the PMK and the two are stored at the network. A PMK security association is initialized by associating the PMK with at least the PMKID and an access point identifier identifying an access point of the apparatus. An association request is received that includes a PMKID from the user equipment, and it's determined that the PMKID received from the user equipment matches the PMKID stored. A key exchange is initiated with the user equipment based on the PMK to establish a wireless local area network security association with the user equipment.

A parent cryptographic key associated with a blockchain object is obtained. A number of parties (N) to share control over the blockchain object is obtained. N child cryptographic keys are generated based on the parent cryptographic key by applying a predetermined algorithm to the parent cryptographic key, wherein N is an integer greater than or equal to 2, and wherein the N child cryptographic keys are collectively configured to enable reconstruction of the parent cryptographic key.

An example operation may include one or more of sending, by a user node, a document request comprising a document identifier (ID) to a document processor node connected over a blockchain, receiving, by the user node, a one-time pass-code from the document processor node based on the document ID, linking to the document using the one-time pass-code, and retrieving the document from a document owner node.

For a host that executes one or more guest virtual machines (GVMs), some embodiments provide a novel encryption method for encrypting the data messages sent by the GVMs. The method initially receives a data message to send for a GVM executing on the host. The method then determines whether it should encrypt the data message based on a set of one or more encryption rules. When the process determines that it should encrypt the received data message, it encrypts the data message and forwards the encrypted data message to its destination; otherwise, the method just forwards the received data message unencrypted to its destination. In some embodiments, the host encrypts differently the data messages for different GVMs that execute on the host. When two different GVMs are part of two different logical overlay networks that are implemented on common network fabric, the method in some embodiments encrypts the data messages exchanged between the GVMs of one logical network differently than the data messages exchanged between the GVMs of another logical network. In some embodiments, the method can also encrypt different types of data messages from the same GVM differently. Also, in some embodiments, the method can dynamically enforce encryption rules in response to dynamically detected events, such as malware infections.

An evolving encryptor system for generating at least one customized user-defined encryption block, the evolving encryptor system comprising an encryptor requirements agent that receives a plurality of encryption block design parameters and then generates a current set of encryption block design requirements based on the received plurality of encryption block design parameters, an encryptor algorithm engine that provides a plurality of different encryption module design templates based on the current set of encryption block design requirements, and an evolving encryptor processor that generates a current plurality of encryption block templates based on the plurality of different encryption module design templates and evaluates a cryptographic fitness of each of the current plurality of encryption block templates and assigns a cryptographic fitness measure to each of the current plurality of encryption block templates, and determines whether a current iteration count is below an iteration threshold value and, if the current iteration count is below the iteration threshold value, conducts a next iteration by generating a next plurality of encryption block templates until both said determined conditions are met, in which case the next plurality of encryption block templates is saved into an encryption block template database as a plurality of elite encryption block templates.