Systems, methods, and devices enable a receiver device to determine completeness of low level signaling (LLS) tables received via broadcast transmissions. In various embodiments, broadcast service signaling may include determining whether a received LLS table is a directory table identifying each of a complete set of LLS tables, parsing the directory table, determining whether the directory table is confirmed based at least in part on a digital signature in the directory table, determining whether a complete set of LLS tables is received based at least in part on the identification of each of the complete set of LLS tables in the directory table, and determining available services based at least in part on the complete set of LLS tables before an expiration a repetition time period after receiving the directory table.

Techniques are described for providing low-overhead cryptographic memory isolation to mitigate attack vulnerabilities in a multi-user virtualized computing environment. Memory read and memory write operations for target data, each operation initiated via an instruction associated with a particular virtual machine (VM), include the generation and/or validation of a message authentication code that is based at least on a VM-specific cryptographic key and a physical memory address of the target data. Such operations may further include transmitting the generated message authentication code via a plurality of ancillary bits incorporated within a data line that includes the target data. In the event of a validation failure, one or more error codes may be generated and provided to distinct trust domain architecture entities based on an operating mode of the associated virtual machine.

Provided is a method for sending digital data over a number of channels wherein a sender performs the following steps: encoding source data having a first number of source symbols, the encoding being such that an error correction code is generated from the source data, the error correction code comprising a second number of repair symbols higher than the first number as well as identifiers where each identifier is assigned to a corresponding repair symbol, the error correction code adding redundancy to the source data; encrypting each repair symbol by an encryption process which is based on a shared secret between the sender and a receiver, where the encryption process for a respective repair symbol depends on the identifier assigned to the respective repair symbol; feeding pairs of the encrypted repair symbols and the assigned identifiers to the number of channels which are connected to the receiver.

Embodiments include a method for secure data storage including constructing an encryption key from a plurality of key elements, the constructing including distributing the plurality of key elements to a plurality of key maintenance entities, each of the plurality of key maintenance entities employing a plurality of independent safe guards for their respective key elements of the plurality of key elements; and requiring access to the plurality of key elements to construct the encryption key. The method includes receiving a subset of the plurality of key elements via a twice-encrypted communications channel; and regenerating the encryption key at the client node; and after encrypting data, deleting the subset of the plurality of key elements received over the twice-encrypted communications channel, retaining any of the plurality of key elements previously stored at the client node.

Systems, methods, and apparatuses for protecting a secret on a device with limited memory, while still providing tamper resistance, are described. To achieve security, an encoding computer can apply a memory-hard function MHF to a secret S and determine a result Y, then determine a proof π for the result Y. Then, the encoding computer can send a codeword C comprising the secret S and the proof π to a decoding computer. The decoding computer can retrieve the codeword C from persistent memory and parse the secret S and the proof π. The decoding device can use transient memory decode the codeword C by verifying the proof π was generated with the secret S and the result Y. When the correctness of the result Y is verified, the decoding device can apply a cryptographic function to input data using the secret S then reset the transient memory.

A method for execution by a dispersed storage and task (DST) client module includes issuing a read threshold number of read slice requests are issued to storage units of the set of storage units. One or more encoded slices of a selected read threshold number of encoded slices are received. When a next encoded data slice of a decode threshold number of encoded data slices is received within a response timeframe, outputting of the next encoded data slice is initiated. When the next encoded data slice is not received within the response timeframe, receiving of another decode threshold number of encoded slices of the set of encoded slices is facilitated. The other decode threshold number of encoded slices are decoded to produce recovered encoded data slices, where the recovered encoded data slices includes at least a recovered next encoded data.

Outputting of the recovered next encoded data slice is initiated.

Techniques for secure public exposure of digital data include extracting first digital data comprising one or more batches, each batch comprising a plurality of no more than a number T of packets, each packet containing a plurality of a number n of bits. A random binary matrix CK consisting of T rows and n columns is generated. For a first batch, a first random n-bit temporary key is generated and positions of the nT elements of matrix CK are randomized to produce matrix CK(RP). For a packet in the first batch, a first packet vector key is generated based on non-overlapping pairs of bit positions for both the temporary key and for a first packet-corresponding row of matrix CK(RP). An encrypted packet is generated for the packet based on the packet and the first packet vector key. The encrypted packet is exposed publicly.

One or more examples relate, generally, to systems, methods and devices for performing authenticated encryption that provides assurance of the authenticity of data through the encryption and decryption processes.

A set-top box (STB), digital video recorder (DVR), video player or other host device receives and interacts with a transcode module to provide enhanced transcoding capabilities that may be useful in placeshifting or other applications. The transcode module includes a host interface that couples to and communicates with the host device. The transcode module also includes a processor that receives an encrypted media stream from the host device via the bus interface, decrypts the encrypted media stream, transcodes the encrypted media stream to a different format, re-encrypts the transcoded stream, and provides the re-encrypted media stream to the host device via the host interface. The transcoded media content may be placeshifted to a remote player, stored at the host, or used for any other purpose.

Systems and methods may be provided for masking data on public networks, such as social networking sites. At a publishing node, the system may monitor data input fields in a webpage, and intercept and encode content, such as text, images, and video input at the data input fields, prior to the content being posted online on a public service provider's website. A privacy agent may process input field content to try to detect encoding markers in the input field content, which define portions of the content that are to be encoded. A third party key server may be used to store decoding keys. A URI reference to the decoding key may be used to access the decoding key by a node attempting to view the decoded version of the input field content.