An infrastructure delivery platform provides a RSA proxy service as an enhancement to the TLS/SSL protocol to off-load, from an edge server to an external cryptographic server, the decryption of an encrypted pre-master secret. The technique provides forward secrecy in the event that the edge server is compromised, preferably through the use of a cryptographically strong hash function that is implemented separately at both the edge server and the cryptographic server. To provide the forward secrecy for this particular leg, the edge server selects an ephemeral value, and applies a cryptographic hash the value to compute a server random value, which is then transmitted back to the requesting client. That server random value is later re-generated at the cryptographic server to enable the cryptographic server to compute a master secret. The forward secrecy is enabled by ensuring that the ephemeral value does not travel on the wire.

Various examples are directed to secure memory arrangements and methods of using the same. A gateway device of the secure computing system may receiving a first message from an external system. The first message may comprise a first message payload data and first asymmetric access data. The gateway device may determine that the first asymmetric access data matches the first message payload data based at least in part on an external system public key. The gateway device may access a first system controller symmetric key associated with a first system controller in communication with the gateway device and generate a first symmetric access data based at least in part on the first system controller symmetric key and the first message payload data. The gateway device may send the first message payload data and the first symmetric access data to the first system controller.

Methods and apparatus for control of data and content protection mechanisms across a network using a download delivery paradigm. In one embodiment, conditional access (CA), digital rights management (DRM), and trusted domain (TD) security policies are delivered, configured and enforced with respect to consumer premises equipment (CPE) within a cable television network. A trusted domain is established within the user's premises within which content access, distribution, and reproduction can be controlled remotely by the network operator. The content may be distributed to secure or non-secure output domains consistent with the security policies enforced by secure CA, DRM, and TD clients running within the trusted domain. Legacy and retail CPE models are also supported. A network security architecture comprising an authentication proxy (AP), provisioning system (MPS), and conditional access system (CAS) is also disclosed, which can interface with a trusted authority (TA) for cryptographic element management and CPE/user device authentication.

Various approaches are disclosed for protecting vehicle buses from cyber-attacks. Disclosed approaches provide for an embedded system having a hypervisor that provides a virtualized environment supporting any number of guest OSes. The virtualized environment may include a security engine on an internal communication channel between the guest OS and an external vehicle bus of a vehicle to analyze network traffic to protect the guest OS from other guest OSes or other network components, and to protect those network components from the guest OS. Each guest OS may have its own security engine customized for the guest OS to account for what is typical or expected traffic for the guest OS (e.g., using machine learning, anomaly detection, etc.). Also disclosed are approaches for corrupting a message being transmitted on a vehicle bus to prevent devices from acting on the message.

This disclosure relates to systems and methods for managing protected electronic content using proxy reencryption techniques. Rights management architectures are described that may, among other things, provide end-to-end protection of content keys from their point of origination at a content creator and/or content service to end user devices. Proxy reencryption techniques consistent with aspects of the disclosed embodiments may enable transformation of a ciphertext under one public key to a ciphertext containing the same plaintext under another public key. Consistent with embodiments disclosed herein, proxy reencryption processes may be implemented using indistinguishability obfuscation and puncturable public-key encryption schemes, functional encryption, and/or white box obfuscation techniques.

Systems and techniques for a System-on-a-Chip (SoC) security plugin are described herein. A component message may be received at an interconnect endpoint from an SoC component. The interconnect endpoint may pass the component message to a security component via a security interlink. The security component may secure the component message, using a cryptographic engine, to create a secured message. The secured message is delivered back to the interconnect endpoint via the security interlink and transmitted across the interconnect by the interconnect endpoint.

A system comprising: at least one hardware processor; and a non-transitory computer-readable storage medium having stored thereon program instructions, the program instructions executable by the at least one hardware processor to: receive, by a routing hub in a computer network, from an origin node, a communication intended to a destination node, wherein said communication is encrypted with a one-time pad (OTP) associated with said origin node, apply, by said routing hub, to said communication, a customized OTP configured to simultaneously (i) encrypt said communication with said OTP associated with said destination node, and (ii) decrypt said communication with said OTP associated with said origin node, and deliver said communication to said destination node for decrypting said communication with said OTP associated with said destination node.

Systems and methods are disclosed for a distributed trading system. The preferred invention offer solutions to problems that arise with High-Frequency Trading and the future of stock market regulation. The use of a distributed object brokered interface to facilitate transactions not only makes the trading faster but also more secure.

Methods and systems for token-based off-chain interaction authorization are disclosed. A hub computer can maintain a network of off-chain (or layer two) channels between itself, cryptocurrency issuer computers, and cryptocurrency custodian computers. These off-chain channels correspond to one or more underlying blockchains. The hub computer can receive an access token, a resource provider identifier, and an interaction value. The hub computer can use the access token to identify a cryptocurrency issuer computer associated with the mobile device, and use the resource provider identifier to identify the cryptocurrency custodian computer associated with the access device. The hub computer can update the state of the off-chain channels corresponding to these two computers based on the interaction value, then transmit an authorization response message.

According to an example aspect of the invention, there is provided an apparatus comprising at least one processing core and at least one memory including computer program code, the at least one memory and the computer program code being configured to, with the at least one processing core, cause the apparatus at least to receive, from a first user, a ciphertext, a first hash value and a first ciphered encryption key, receive, from a second user, a second hash value, responsive to a determination the first hash value is the same as the second hash value, obtain a re-encryption key, and apply the re-encryption key to the first ciphered encryption key to obtain a re-encrypted encryption key, the re-encrypted encryption key being decryptable with a secret key of the second user.