Generally discussed herein are devices, systems, and methods for secure cloud application provisioning. A method can include, while providing access to the cloud application, receiving data indicating a first universal resource locator (URL) entered in a search bar of a web browser associated with the cloud application has changed to a second URL, determining whether the second URL has a valid certificate, and in response to determining the second URL is associated with the cloud application and a valid certificate for the second URL exists, providing resources for the second URL and the valid certificate to the web browser or in response to determining the second URL is not associated with the application, re-directing the web browser away from the proxy server.

In some embodiments, systems, methods, and devices disclosed herein enable trusted sharing of private data and/or transactions via a distributed ledger, while maintaining data consistency properties. Some embodiments provide and utilize one or more independent and/or dependent channels. In particular, in some embodiments, one or more independent and/or dependent channels can exist on a single distributed ledger, wherein participants or nodes that are members of a particular channel can view and access the information in a given network transaction. To other participants or nodes not on the particular channel, however, only an encrypted or redacted version of the information can be viewable, thereby not disclosing the transaction information to such participants or nodes. In some embodiments, consistency properties may be preserved even in the presence of selective sharing of transaction information with proofs of validity.

Systems and methods for payment processing include receiving, by a payment terminal, a personal account number to complete a payment. The personal account number is encrypted by the payment terminal. The encrypted personal account number is sent from the payment terminal to a merchant server via a network. The encrypted personal account number is sent from the merchant server to a tokenization service provider server for tokenization and validation via a payment processor. The merchant server receives an indication of whether the transaction was successful and a token from the tokenization service provider server.

Some embodiments enable distributing data (e.g., recorded video, photographs, recorded audio, etc.) to a plurality of users in a manner which preserves the privacy of the respective users. Some embodiments leverage homomorphic encryption and proxy re-encryption techniques to manipulate the respective data so that selected portions of it are revealed according to an identity of the user currently accessing the respective data.

Techniques for transparently adding one or more security controls to a challenge-response-based protocol are provided. In one technique, a client device sends a request for a resource to a resource server. The client device receives a challenge as part of a challenge-response handshake and forwards, to a proxy server, the challenge as part of a cryptographic request that includes a key identifier and certain data. In response, the proxy server initiates one or more security controls and sends the key identifier and the certain data to a cryptographic device that generates output based on the certain data. The proxy server receives the output from the cryptographic device. The proxy server determines whether at least one of the security controls resulted in a success. The proxy server sends the output to the client device only in response to determining that at least one of the security controls resulted in a success.

Multimedia content may be delivered to content consumer devices via a content-delivery network. Encrypted content and cryptography keys for decrypting the content may be distributed from a data center to various nodes of the content-delivery network, each node acting as a semi-independent content-delivery system. Each content-delivery system is capable of delivering received content to end-users and implementing a key-management scheme to facilitate secure content-delivery and usage tracking, even when the content-delivery system is disconnected from the data center. In other words, the disclosed systems and methods facilitate the operation of nodes which may operate in “autonomous mode” when disconnected from a larger content-delivery network, thus maintaining content-delivery capabilities despite having little if any connectivity to external networks.

Implementations of the present specification provide a blockchain-based identity verification method and related hardware. The method includes: An agent client generates an identity verification request based on identity verification input information of a business platform, the identity verification input information indicating an identity verification parameter for identity verification and an identity verification platform that executes the identity verification. The agent client sends the identity verification request to the identity verification platform. The identity verification platform performs identity verification on the identity verification parameter to obtain a result of the identity verification. The identity verification platform submits a transaction including a verifiable credential of a result of the identity verification to a blockchain. The business platform searches a block of the blockchain for the transaction including the verifiable credential to determine a result of the identity verification corresponding to the identity verification request based on the verifiable credential.

Techniques are provided for secure message passing. A sender process has a clear (non-encrypted) text message to pass to a recipient process as an encrypted message. The sender generates a message encryption key (MEK) for encrypting the message and sends the MEK to a first intermediary process, which encrypts the MEK. The sender uses the MEK to encrypt the message and passes both the encrypted message and the encrypted MEK to a second intermediary process. The second intermediary verifies that the sender is authorized to send messages and retains the encrypted message and the encrypted MEK. The second intermediary passes the encrypted message and the encrypted MEK to the recipient, which requests decryption of the encrypted MEK from the first intermediary. The first intermediary then decrypts the MEK and returns it to the recipient. Finally, the recipient decrypts the message using the MEK.

Disclosed is a computer-implemented method for establishing a secure connection between two electronic computing devices which are located in a network environment, the two electronic computing devices being a first computing device offering the connection and a second computing device designated to accept the connection, the method comprising executing, by at least one processor of at least one computer, a connection-establishing application for exchanging an information packet between the first computing device and the second computing device comprising a secret usable for establishing the connection, and evaluating a response from the second computing device for establishing the secure connection.

Apparatus, methods and systems facilitating communications via a mobile internet-enabled connection interface are provided. One apparatus is configured to perform various operations, including performing a first type of security function associated with determining whether an information package is authorized to be received and downloaded to a device other than the apparatus, wherein the information package is associated with updating a functionality of the device; and performing a second type of security function associated with identifying an authorized user of the apparatus.