A cryptography administration system facilitates secure, user-friendly and auditable cryptography. An administrator may create channels with associated cryptographic keys and algorithms for performing cryptographic operations such as encryption and decryption. The channel may be associated with licenses which may include permissions to perform cryptographic operations. The licenses may be shared with one or more users. A user may perform cryptographic operations using the channel according to the permissions and operations included in the licenses, to which the user has access, associated with the channel. The user does not need a technical understanding of the cryptographic system (e.g., keys and algorithms) to perform the cryptographic operations and does not need access to the keys to perform the operations. The cryptographic operations may be stored in an audit log that can be reviewed by user.

Various embodiments are generally directed to provide a semi-local authentication scheme. A server can transmit one or more encryption mechanisms to a user device, which in turn can transmit the encrypted mechanisms to one or more secondary devices associated with the user device, where the user device and the secondary devices share a local connection. The secondary devices can transmit the one or more encrypted mechanism utilizing one or more one or more decryption mechanisms supplied by the server, and then transmit the result of the decryption, e.g. decrypted codes, back to the user device, which in turn can then transmit a final decrypted code or codes to the server. Upon confirming receipt of the decryption from the user device, the server can authorize access (via the user device) to one or more devices, networks, applications, and/or components.

Multimedia content may be delivered to content consumer devices via a content-delivery network. Encrypted content and cryptography keys for decrypting the content may be distributed from a data center to various nodes of the content-delivery network, each node acting as a semi-independent content-delivery system. Each content-delivery system is capable of delivering received content to end-users and implementing a key-management scheme to facilitate secure content-delivery and usage tracking, even when the content-delivery system is disconnected from the data center. In other words, the disclosed systems and methods facilitate the operation of nodes which may operate in autonomous mode when disconnected from a larger content-delivery network, thus maintaining content-delivery capabilities despite having little if any connectivity to external networks.

A trusted branded email method and apparatus in one aspect detects branded electronic messages and performs validation before it is sent to a recipient. In another aspect, an electronic messages is branded by embedding branding assets and validation signatures. Algorithms that generate validation signatures are dynamically selected to further strengthen the security aspects. Branding assets are presented to a user using a distinct indicia that represents to the user that the branding assets are secure.

One embodiment described herein provides a system and method for distributing quantum keys between first and second applications running on first and second client devices, respectively. During operation, a first application running on the first client device can transmit a first key request to a first quantum-key-management (QKM) module managing a first set of quantum keys, and transmit a notification to the second application running on the second client device, the notification prompting the second application to transmit a second key request to a second QKM module managing a second set of quantum keys. The first application can receive, from the first QKM module, a first quantum key based on the first key request, in response to the first QKM module determining that the second application receives a second quantum key based on the second key request.

Implementations of the present disclosure include methods, systems, and computer-readable storage mediums for receiving a request for at least one software artifact stored within a software repository of one or more software repositories of an enterprise, the request being received from a continuous delivery (CD) pipeline associated with an on-premise landscape of a customer, and including a user identifier, and at least one uniform resource locator (URL) indicating a location of a respective software artifact within the software repositories, providing, the request to a repository proxy of the enterprise, the repository proxy including a transparent, terminating network proxy, providing, by the repository proxy, an audit log entry associated with the request, the audit log entry being recorded in an audit log, and transmitting, by the repository proxy, a response to the request, the response including the software artifact retrieved from the software repositories based on the at least one URL.

A keystroke encryption device (KED) exists between the keyboard and the host computing platform including a host PC. The KED examines keystrokes before they are transmitted to the host PC and asymmetrically encrypts the keystrokes when the KED is turned on. The KED allows the keystrokes to pass through as originally indicated by the user when the KED is turned off. The KED accepts a public key from a server, which decrypts the keystrokes using its own public and private key. The keys and an asymmetric encryption algorithm together provide the means by which each keystroke is encrypted before it enters the host PC.

A computer-implemented method for protecting sensitive data via data re-encryption is provided. Encrypted data is maintained. A data query is received from a user associated with a public key and a secret key. Results of the query are computed by identifying at least a portion of the encrypted data and by adding plaintext for the identified portion of the encrypted data as the results. A re-encryption key is generated for the results using the public key of the user and the results are re-encrypted using the re-encryption key. The re-encrypted results are then transmitted to the user.

A variety of mechanisms to perform End-to-End authentication between entities having diverse capabilities (E.g. processing, memory, etc.) and with no prior security associations are used. Security provisioning and configuration process is done such that appropriate security credentials, functions, scope and parameters may be provisioned to an Entity. Mechanisms to distribute the security credentials to other entities which could then use the credentials to perform an End-to-End authentication at the Service Layer or the Session Layer and using Direct or Delegated modes are developed.

An infrastructure delivery platform provides a proxy service as an enhancement to the TLS/SSL protocol to off-load to an external server the generation of a digital signature, the digital signature being generated using a private key that would otherwise have to be maintained on a terminating server. Using this service, instead of digitally signing (using the private key) locally, the terminating server proxies given public portions of ephemeral key exchange material to the external server and receives, in response, a signature validating the terminating server is authorized to continue with the key exchange. In this manner, a private key used to generate the digital signature (or, more generally, to facilitate the key exchange) does not need to be stored in association with the terminating server. Rather, that private key is stored only at the external server, and there is no requirement for the pre-master secret to travel (on the wire).