An architecture and a method are disclosed for providing secure, scalable, and dynamic user configuration in the distributed network for the cloud computing to provide authentication and authorization for the plurality of the users to use the SaaS service. The system includes a hierarchical tree structure that configures the cloud-computing model by using the certificate less identity-based cryptography to establish the hierarchical relationship between the participating entities. The hierarchical model provides a hierarchical certificateless aggregate signature (HCL-AS) for authentication and non-repudiation for SaaS in cloud computing. The HCL-AS generates a collaborative aggregate signature at a parent level of each child node (users) without the loss of identity of the users in the resulting signature and sends an aggregated signature to the third-party software provider. The HCL-AS significantly reduces the computation and communication cost during the user verification and authentication.

Methods for secure communication transmission is provided. Methods include shredding a secure communication into a first plurality of communication segments using a first fine-grain shredding algorithm. Methods include creating a first recombination key suitable for recombining data subjected to the first shredding algorithm. Methods include transmitting each of the first plurality of communication segments and the first recombination key to an intermediary device. Methods include shredding the first plurality of communication segments using a second fine-grain shredding algorithm. Methods include creating a second recombination key suitable for recombining data subjected to the second shredding algorithm. Methods include transmitting the second plurality of communication segments and the first and second recombination key to a target device. Methods include recombining the second plurality of communication segments into the first plurality of communication segments using the first key. Methods include recombining the first plurality of communication segments using the second key.

This disclosure relates to systems and methods for managing protected electronic content using proxy reencryption techniques. Rights management architectures are described that may, among other things, provide end-to-end protection of content keys from their point of origination at a content creator and/or content service to end user devices. Proxy reencryption techniques consistent with aspects of the disclosed embodiments may enable transformation of a ciphertext under one public key to a ciphertext containing the same plaintext under another public key. Consistent with embodiments disclosed herein, proxy reencryption processes may be implemented using indistinguishability obfuscation and puncturable public-key encryption schemes, functional encryption, and/or white box obfuscation techniques.

A machine has a processor and a memory connected to the processor. The memory stores instructions executed by the processor to execute a messaging application to coordinate exchanges of messages over a network. A secure channel is maintained separate from the messaging application. The secure channel processes cryptographic blocks delivered to and received from the message application.

Provided is a process of operating a zero-knowledge encrypted database, the process including: obtaining a request for data in a database stored by an untrusted computing system, wherein the database is stored in a graph that includes a plurality of connected nodes, each of the nodes including: an identifier, accessible to the untrusted computing system, that distinguishes the respective node from other nodes in the graph; and an encrypted collection of data stored in encrypted form, wherein: the untrusted computing system does not have access to an encryption key to decrypt the collections of data, the encrypted collections of data in at least some of the plurality of nodes each include a plurality of keys indicating subsets of records in the database accessible via other nodes in the graph and corresponding pointers to identifiers of the other nodes.

The disclosure details the implementation of au apparatus, method, and system comprising a portable device configured to communicate with a terminal and a network server, and execute stored program code in response to user interaction with an interactive user interface. The portable device contains stored program code configured to render an interactive use interface on a terminal output component to enable the user the control processing activity on the portable device and access data and programs from the portable device and a network server.

Disclosed are hybrid authentication systems and methods that enable users to seamlessly sign-on between cloud-based services and on-premises systems. A cloud-based authentication service receives login credentials from a user and delegates authentication to an on-premises authentication service proxy. The login credentials can be passed by the cloud-based authentication service to the on-premises authentication service proxy, for instance, as an access token in an authentication header. The access token can be a JavaScript Object Notation (JSON) Web Token (JWT) token that is digitally signed using JSON Web Signature. Some embodiments utilize a tunnel connection through which the cloud-based authentication service communicates with the on-premises authentication service proxy. Some embodiments leverage an on-premises identity management system for user management and authentication. In this way, there is no need for a cloud-based system to separately maintain and manage a user identity management system and/or having to sync with an on-premises identity management system.

An encoding of a cryptographic key is obtained in a form of an encrypted key. Request is provided to a service provider including a fulfillment involving performing a cryptographic operation on data. Upon fulfillment of the request, a response is then received which indicates the fulfillment of the request.

A method including at each of a number of client devices receiving a data item, receiving a public key from a second computing system, encrypting the data item using the public key to produce a singly encrypted data item, engaging in an oblivious pseudorandom function protocol with a first computing system using the singly encrypted data item to produce a seed, generating an encrypted secret share using a threshold secret sharing function under which the encrypted secret share cannot be decrypted until a threshold number of encrypted secret shares associated with the same singly encrypted data item are received, and transmitting the encrypted secret share to the first computing system and at the first computing system receiving a number of encrypted secret shares from the number of client devices, processing the number of encrypted secret shares to produce processed data, and transmitting the processed data to a second computing system.

In certain embodiments, one aspect provides a method of securely distributing multi-tier multimedia contents on the Internet, using Non-Fungible Token (NFT) Blockchain and comprising the steps of: signal processing data splitting phase, converting an original multimedia file into multiple data portions; access control encryption phase, converting each of the multiple data portions into an encrypted data portion and uploading the encrypted data portion to a storage cloud; access control storage phase, storing the encrypted data portion on the storage cloud; access control decryption phase, downloading the encrypted data portion from the storage cloud and reconstructing each of the encrypted data portions into each of said multiple data portions; and signal processing data merging phase, reconstructing appropriate multimedia data content depending on a user's tier level.