Techniques for securely migrating servers from customer networks into service provider systems are described. A backup proxy can be deployed in a customer's network and associated with one or more servers in the customer's network and with a server migration service of a service provider system. A customer can identify a server in the customer's network to migrate and the server migration service coordinates the migration with the backup proxy. The backup proxy can be instructed to obtain replication data for the server, obtain an encryption key associated with the customer from a key management service (KMS), encrypt the replication data, and upload the encrypted replication data to the service provider system. The service provider system can obtain the same encryption key used to encrypt the replication data from the KMS and decrypt the uploaded encrypted replication data to generate migrated server resources at the service provider system.

A device may determine that a network function of a network is to use a secure communication protocol. The network function may be configured to facilitate communication via the network. The device may identify a component of a resource configuration that is to instantiate the network function. The device may instantiate, using the component, a proxy for the network function. The device may configure the proxy to obtain a certificate that is associated with the secure communication protocol. The device may cause the proxy to use the certificate to communicate with another proxy that is associated with the network function to perform an operation associated with the network function.

Various examples are provided related to software and hardware architectures that enable lightweight encryption and anonymous routing in a network-on-chip (NoC) based system-on-chip (SoC). In one example, among others, method for lightweight encryption and anonymous routing includes identifying, by a source node in a network-on-chip (NoC) based system-on-chip (SoC) architecture, a routing path from the source node to a destination node in the NoC-based SoC architecture, where the routing path comprises the source node, a plurality of intermediate nodes in the NoC-based SoC architecture, and the destination node; generating, by the source node, a plurality of tuples, a number of tuples in the plurality of tuples being based on a threshold; and distributing, by the source node, the plurality of tuples to the plurality of intermediate nodes and the destination node.

A method and apparatus provide centralized encryption key management for sharing data across diverse entities. In particular, the present invention relates to a universal and regulatory compliant system and method for sharing personal data records across diverse entities while maintaining unique identifiers at each entity for protecting the identity of any particular person. The present invention enables multiple organizations to be able to share their respective disparate data in a manner in which the disparate personal data records can be aggregated and manipulated by a single entity without putting the personal data records at risk.

A device may monitor traffic associated with a user equipment (UE) on multiple interfaces of a network. The device may determine an identity associated with the UE or the traffic on the multiple interfaces by correlating identifiers associated with the UE or the traffic across the multiple interfaces. The identity may uniquely identify a subscriber associated with the UE or the traffic. The device may determine a set of elements to be used to decipher the traffic after determining the identity associated with the UE or the traffic. The device may decipher the traffic utilizing the set of elements after determining the set of elements.

A proxy system is installed on a computing device that is in the network path between the device and the Internet. The proxy system, residing on the computing device, decrypts and inspects all traffic going in and out of the computing device.

A key sharing system that generates a shared key that is used to perform encrypted communication between a first device and a second device according to an authenticated key sharing protocol, at least one device of the first device and the second device including: calculation means for calculating a shared value .sub.j of shared values .sub.i (i=1, . . . , n) that are used to generate the shared key, the shared value .sub.j being calculated through pairing computation, using a private key D.sub.A,1 as an input; entrusting means for entrusting an information processing apparatus that is connected to the device via a network, with calculation of a shared value .sub.k (kj) of the shared values .sub.i (i=1, . . . , n), the shared value .sub.k being calculated through pairing computation, using a private key D.sub.A,2 as an input; and key generation means for generating the shared key, using the shared value .sub.j calculated by the calculation means and the shared value .sub.k calculated by the information processing apparatus.

A system for performing a service by using biometric information is disclosed. A system according to the present disclosure comprises an electronic device, a first server and a second server, and a control method of the system comprises the steps of: allowing the electronic device to acquire first biometric information; allowing the electronic device to acquire first encrypted data, in which the first biometric information is encrypted, by using the acquired first biometric information and a first encryption key, and to transmit same to the first server, allowing the first server to acquire second encrypted data, in which the first encrypted data is encrypted, by using the first encrypted data received from the electronic device and a second encrypted key, and first user identification information corresponding to the first biometric information, and to transmit same to the second server; allowing the second server to match the second encrypted data and the first user identification information corresponding to the biometric information, which are received from the first server, and to store same; allowing the second server to acquire authentication information on the basis of the matched second encrypted data and first user identification information, and to transmit same to the first server, and allowing the first server to register the authentication information on the biometric information.

A semiconductor memory device includes a memory core including a plurality of memory cells, an on-chip processor and a memory security controller. The on-chip processor performs on-chip data processing. The memory security controller decrypts encrypted data provided from the memory core or from a memory controller and to provide the decrypted data to the on-chip processor and encrypts result data from the on-chip processor to provide result-encrypted data to the memory core or the memory controller. Data processing efficiency may be enhanced without degradation of data security by decrypting the encrypted data in the semiconductor memory device to perform the on-chip data processing.

A set of hardware security modules (HSMs) in a database system may implement a key management system with a database storing encryption keys or other secrets. The set of HSMs may identify a first key encryption key (KEK) and a second KEK stored in the set of HSMs. The set of HSMs may retrieve, from the database, a set of encryption keys encrypted by the first KEK and decrypt each encryption key of the set of encryption keys using the first KEK. The set of HSMs may re-encrypt each encryption key of the set of encryption keys with the second KEK and transmit, to the database, the set of encrypted encryption keys encrypted by the second KEK for storage. Then, the set of HSMs may delete the first KEK from the set of HSMs.