The techniques herein are directed generally to a zero-knowledge data management network. Users are able to share verifiable proof of data and/or identity information, and businesses are able to request, consume, and act on the dataall without a data storage server or those businesses ever seeing or having access to the raw sensitive information (where server-stored data is viewable only by the intended recipients, which may even be selected after storage). In one embodiment, source data is encrypted with a source encryption key (e.g., source public key), with a rekeying key being an encrypting combination of a source decryption key (e.g., source private key) and a recipient's public key. Without being able to decrypt the data, the storage server can use the rekeying key to re-encrypt the source data with the recipient's public key, to then be decrypted only by the corresponding recipient using its private key, accordingly.

The techniques herein are directed generally to a zero-knowledge data management network. Users are able to share verifiable proof of data and/or identity information, and businesses are able to request, consume, and act on the dataall without a data storage server or those businesses ever seeing or having access to the raw sensitive information (where server-stored data is viewable only by the intended recipients, which may even be selected after storage). In one embodiment, source data is encrypted with a source encryption key (e.g., source public key), with a rekeying key being an encrypting combination of a source decryption key (e.g., source private key) and a recipient's public key. Without being able to decrypt the data, the storage server can use the rekeying key to re-encrypt the source data with the recipient's public key, to then be decrypted only by the corresponding recipient using its private key, accordingly.

The techniques herein are directed generally to a zero-knowledge data management network. Users are able to share verifiable proof of data and/or identity information, and businesses are able to request, consume, and act on the dataall without a data storage server or those businesses ever seeing or having access to the raw sensitive information (where server-stored data is viewable only by the intended recipients, which may even be selected after storage). In one embodiment, source data is encrypted with a source encryption key (e.g., source public key), with a rekeying key being an encrypting combination of a source decryption key (e.g., source private key) and a recipient's public key. Without being able to decrypt the data, the storage server can use the rekeying key to re-encrypt the source data with the recipient's public key, to then be decrypted only by the corresponding recipient using its private key, accordingly.

In general, in one aspect, an installation file digitally signed with a first package signature is received. It is determined whether the received installation file includes a migration signature that covers the first package signature and that matches a second signature associated with an installed software application, to confirm that the received installation file includes a valid update related to the installed software application. The installed software application is updated from the received installation file when the migration signature is included.

A system and method for client authentication wherein a client computing system is authenticated by at least performing, at an authentication system different than a target computing system, a set of validation operations on authorization information addressed to a destination port of the target computing system, and, as a result of the client computing system being authenticated by the set of validation operations, switching to a mode wherein a port of the target computing system is opened and data from the client computing system is communicated to the port of the target computing system.

Methods and systems for network communication are disclosed. Proxy information may be received. The proxy information may facilitate a gateway device communicating as a proxy for a user device.

Various methods and systems are provided for autonomous secrets management for a temporary shared access signature (SAS) service. Input for a temporary access request for an account resource, is received from a client. The temporary access request is validated, based on communicating a validation request to the secrets management service (SMS) that can be utilized to store, renew and distribute secrets in a distributed computing environment. Validating the temporary access request is based on determining a storage account location path for SAS keys that provide temporary access to account resources. An access policy associated with the temporary access request is accessed. An SAS key request, associated with temporary access request, is communicated to the SMS. The SAS key request includes at least a portion of the access policy. An SAS key is received from the SMS. The SAS key, for access to the account resource, is communicated to the client.

Methods and systems for network communication are disclosed. Proxy information may be received. The proxy information may facilitate a gateway device communicating as a proxy for a user device.

A peripheral device, for use with a host, comprises one or more compute elements a security module and at least one encryption unit. The security module is configured to form a trusted execution environment on the peripheral device for processing sensitive data using sensitive code. The sensitive data and sensitive code are provided by a trusted computing entity which is in communication with the host computing device. The at least one encryption unit is configured to encrypt and decrypt data transferred between the trusted execution environment and the trusted computing entity via the host computing device. The security module is configured to compute and send an attestation to the trusted computing entity to attest that the sensitive code is in the trusted execution environment.

A node enables sharing data connectivity between a consumer device and a broker device, and receives from a first packet routing node a request for a consumer authorization certificate. The request includes a subscriber identity. Based on the subscriber identity authorizing the subscriber for sharing data connectivity; a consumer authorization certificate is generated using a private encryption key associated with the node. The consumer authorization certificate includes the subscriber identity of the subscriber. The consumer authorization certificate is returned to the first packet routing node. A request for a data connectivity service for the subscriber is received from a second packet routing node. The request includes a consumer agreement certificate and a broker identity. The consumer agreement certificate is signed using a private key associated with the subscriber and includes the subscriber identity. The consumer agreement certificate is valued. A confirmation message is sent to the second packet routing node.