Systems, methods, and non-transitory computer-readable storage media for a non-replayable communication system are disclosed. A first device associated with a first user may have a public identity key and a corresponding private identity. The first device may register the first user with an authenticator by posting the public identity key to the authenticator. The first device may perform a key exchange with a second device associated with a second user, whereby the public identity key and a public session key are transmitted to the second device. During a communication session, the second device may transmit to the first device messages encrypted with the public identity key and/or the public session key. The first device can decrypt the messages with the private identity key and the private session key. The session keys may expire during or upon completion of the communication session.

Security techniques are provided for cooperative file distribution. An encryption key or a nonce (or both) are generated for a package containing one or more files that are to be sent in a cooperative file distribution system. Random access encryption techniques can be employed to encrypt a package containing one or more files to be sent in a cooperative file distribution system. One or more storage proxies are allocated to a package to be transmitted in a cooperative file distribution system, based on load. Access to trackers in the cooperative file distribution system is controlled using security tokens. Content can automatically expire using a defined expiration period when the content is uploaded into the system. Variable announce intervals allow the tracker to control how often the tracker will receive a message, such as an announcement or a heartbeat message, from peers in the system.

A third party system generates a public-private key pair, the public key of the key pair being an encryption key, and the private key of the key pair being a decryption key. The third party system publishes the encryption key as a DNS record of a third party system. The third party system receives a request to sign a message on behalf of a domain owner, the message to be sent to a recipient, and accesses an encrypted delegated private key published by the domain owner via a DNS record of the domain owner, the encrypted delegated private key encrypted using the encryption key. The third party system decrypts the encrypted delegated private key using the decryption key, and generates a signature for the message using the delegated private key. The third party system sends the signature and the message to the recipient.

Secret application and maintenance policy data is generated for different classes of data. The class of data to be protected is determined and the secret application and maintenance policy data for the determined class of the data to be protected is identified and obtained. Required secrets data representing one or more secrets to be applied to the data to be protected is obtained and then automatically scheduled for application to the data to be protected in accordance with the secret application and maintenance policy data for the determined class of the data to be protected. Maintenance of the one or more secrets is also automatically scheduled in accordance with the secret application and maintenance policy data for the determined class of the data to be protected.

Described herein are systems, devices, and methods for content delivery on the Internet. In certain non-limiting embodiments, a caching model is provided that can support caching for indefinite time periods, potentially with infinite or relatively long time-to-live values, yet provide prompt updates when the underlying origin content changes. Origin-generated tokens can drive the process of caching, and can be used as handles for later invalidating origin responses within caching proxy servers delivering the content. Tokens can also be used to control object caching behavior at a server, and in particular to control how an object is indexed in cache and who it may be served to. Tokens may indicate, for example, that responses to certain requested URL paths are public, or may be used to map user-id in a client request to a group for purposes of locating valid cache entries in response to subsequent client requests.

A security network system may include a security gateway operable to establish a client session between the security gateway and a client device. The security gateway is operable to receive client session information from the client session. The client session information includes an identification of a server with which the client device needs to exchange data. The security network system may also include a Hardware Security Module (HSM) in communication with the security gateway. The HSM is operable to establish, in concert with the security gateway, a secure session between the security gateway and the server based on the client session data, a public key, a secret key, and context attributed to the secure session.

The subject matter discloses a computerized system for securing information, comprising a client application installed on a computerized device, said client application stores a first share of the information, a server communicating with the client application, said server stores a second share of the information, an MPC module installed on the client application and on the server, wherein a request to use the information activates the MPC module, such that computation performed by the MPC module enables use of the information while only a share of the information resides on the server or on the computerized device, wherein the server verifies the identity of the computerized device in response to a request to use the information

A cooperation management apparatus includes: a key storage unit that stores a first decryption key corresponding to a first encryption key commonly used by plural information processing systems including first and second information processing systems, and plural second encryption keys corresponding to second decryption keys individually used by the information processing systems; an acquisition unit that acquires, from the first information processing system, a first file encrypted using the first encryption key and addressed to the second information processing system; a decryption unit that decrypts the first file into a second file using the first decryption key; an encryption unit that encrypts the second file using the second encryption key corresponding to the second decryption key used in the second information processing system; and an output unit that outputs a third file obtained by encrypting the second file to the second information processing system.

An architecture and a method are disclosed for providing secure, scalable, and dynamic user configuration in the distributed network for the cloud computing to provide authentication and authorization for the plurality of the users to use the SaaS service. The system includes a hierarchical tree structure that configures the cloud-computing model by using the certificate less identity-based cryptography to establish the hierarchical relationship between the participating entities. The hierarchical model provides a hierarchical certificateless aggregate signature (HCL-AS) for authentication and non-repudiation for SaaS in cloud computing. The HCL-AS generates a collaborative aggregate signature at a parent level of each child node (users) without the loss of identity of the users in the resulting signature and sends an aggregated signature to the third-party software provider. The HCL-AS significantly reduces the computation and communication cost during the user verification and authentication.

Described herein are systems, devices, and methods for content delivery on the Internet. In certain non-limiting embodiments, a caching model is provided that can support caching for indefinite time periods, potentially with infinite or relatively long time-to-live values, yet provide prompt updates when the underlying origin content changes. In one approach, an origin server can annotate its responses to content requests with tokens, e.g., placing them in an appended HTTP header or otherwise. The tokens can drive the process of caching, and can be used as handles for later invalidating the responses within caching proxy servers delivering the content. Tokens may be used to represent a variety of kinds of dependencies expressed in the response, including without limitation data, data ranges, or logic that was a basis for the construction of the response.