Examples of the present disclosure describe systems and methods for performing cryptographic operations in an isolated collection. In an example, a user may have an associated user resource within the isolated collection, which may be associated with a cryptographic key. Other users may access the user's key from a known location to manually or automatically perform one or more cryptographic operations. In another example, a key may be generated when initiating a group conversation. The key may be encrypted for and provided to each participant using each participant's public key. Each participant may then use the cryptographic key during the conversation. A new participant may receive authorization to join the conversation from an existing participant, wherein the encrypted key of the existing participant may be decrypted and re-encrypted using the new participant's public key. The new participant may then use the re-encrypted key to participate in the conversation.

In a secure end-to-end transmission of data between a first device and a second device via a message broker, the following are performed: a sharing of an entropy pool between the first device and the second device via the message broker, by means of signalling messages, any payload of which is encrypted asymmetrically and which comprise a message signature; and a transmission of subsequent messages between the first device and the second device via the message broker, each said subsequent message comprising a header and a payload, the header comprising an identifier of an authentication key obtained from the shared entropy pool and an identifier of a symmetrical encryption key obtained from the shared entropy pool, the payload being encrypted symmetrically by means of the symmetrical encryption key, and the whole formed by the header and the payload being authenticated by means of a message authentication code obtained by means of the authentication key and inserted in the header. Thus, the subsequent messages benefit from the non-repudiation afforded by the way in which the entropy pool was previously shared.

Systems, methods, and apparatus, including computer programs encoded on computer storage media, for facilitating communication in an industrial control network. A system includes an industrial control network, one or more controller devices, one or more emulators, and an encryption relay processor. Each controller device can be operable to control one or more operational devices connected to the industrial control network. Each emulator can be configured to communicate with a respective controller device, and each emulator can be configured to reference a respective profile that includes information about security capabilities of the respective controller device. The encryption relay processor can be operable to facilitate communication to and from each emulator over the industrial control network. The encryption relay processor can execute a cryptographic function for a communication between the emulator and a node on the industrial control network when the respective controller device is incapable of performing the cryptographic function.

A system and method for encrypting portions of data for storage in a remote network have been provided. The system comprises a memory with instructions executable by a processor to receive data for forwarding to a server device, wherein the received data comprises an indication of one or more portions of the received data to be encrypted; identify a portion comprising the one or more portions of the received data based at least in part on the indication; encrypt the identified portion of the data; generate a payload that comprises the encrypted portion and one or more unencrypted portions of the received data; and transmit, to the server device, the payload.

A method and an apparatus for performing verification using a shared key are disclosed. The method includes: receiving, by a first network element, a registration request message from a second network element, where the registration request message includes a user identifier, first network identifier information, and second network identifier information, the second network identifier information is obtained by processing the first network identifier information by using a shared key, and the shared key is a key used between the first network element and the second network element; verifying, by the first network element, the registration request message by using the shared key; and sending, by the first network element, a registration response message to the second network element. When receiving a registration request from a visited network, a home network verifies the registration request message by using a shared key, to avoid a spoofing attack from the visited network.

A key acquisition unit (411) acquires a decryption key sk.sub.i in a pair of a conversion source and a public key pk.sub.j in a pair of a conversion target, out of a plurality of pairs of a decryption key and a public key. A conversion key generation unit (412) encrypts the decryption key sk.sub.i acquired by the key acquisition unit (411) with the public key pk.sub.j, so as to generate a conversion key rk.sub.i.fwdarw.j for converting a ciphertext encrypted with a public key pk.sub.i in the pair of the conversion source into a converted ciphertext that can be decrypted with a decryption key sk.sub.j in the pair of the conversion target. An output unit (413) outputs the conversion key rk.sub.i.fwdarw.j generated by the conversion key generation unit (412).

A system and method of wireless display, including a transmitter processing a first encrypted content into a second encrypted content without decoding, and transferring the second encrypted content over a wireless display connection to a receiver.

A server system implements an encryption service, in connection with a proxy service that enables a client computer to utilize the third-party network service.

The present application provides example website login methods and apparatuses. One example method includes identifying a website jump trigger indication to jump from a first website to a second website. A first token is then obtained from a cookie store of the web browser, the first token associated with a website identifier of the second website and a device fingerprint indicating a running environment at a time when the password-free proxy login was previously set. In response to determining that a current running environment corresponds to the device fingerprint, a second token corresponding to the first token is obtained, wherein the second token comprises an access token indicating that the second website grants password-free login permissions. A password-free login request is sent to the second website including the second token. In response to the second website verifying the second token, the second website is logged into without a password.

A point-to-point Virtual Private Network (VPN) tunnel is established for facilitating fully cloaked transmission of a data packet from a source endpoint device to a destination endpoint device. The data packet includes a payload portion, an inner header, and an outer header. An end-to-end key, a next-hop-destination key and a plurality of next-hop keys are calculated. The end-to-end key is used at the source endpoint device and the destination endpoint device respectively to encrypt and decrypt the payload portion. The next-hop keys are used to encrypt the inner header during the hop-to-hop communication from one intermediary node to another, along the incrementally constructed path connecting the source endpoint device with the destination endpoint device. The encryption of the payload portion is maintained throughout the hop-to-hop communication regardless of the number of intermediary nodes traversed by the data packet en route to the destination endpoint device.