A responder device receives, from an initiator device, a request to initiate a cryptographic tunnel between the initiator device and the responder device. The responder device does not include a static private key to be used in an asymmetric cryptography algorithm when establishing the tunnel. The responder device transmits a request to a key server that has access to the static private key and receives a response that is based on at least a result of at least one cryptographic operation using the static private key. The responder device receives from the key server, or generates, a transport key(s) for the responder device to use for sending and receiving data on the cryptographic tunnel. The responder device transmits a response to the initiator device that includes information for the initiator device to generate a transport key(s) that it is to use for sending and receiving data on the cryptographic tunnel.

A trusted branded email method and apparatus in one aspect detects branded electronic messages and performs validation before it is sent to a recipient. In another aspect, an electronic messages is branded by embedding branding assets and validation signatures. Algorithms that generate validation signatures are dynamically selected to further strengthen the security aspects. Branding assets are presented to a user using a distinct indicia that represents to the user that the branding assets are secure.

Systems and techniques for a System-on-a-Chip (SoC) security plugin are described herein. A component message may be received at an interconnect endpoint from an SoC component. The interconnect endpoint may pass the component message to a security component via a security interlink. The security component may secure the component message, using a cryptographic engine, to create a secured message. The secured message is delivered back to the interconnect endpoint via the security interlink and transmitted across the interconnect by the interconnect endpoint.

Exemplary embodiments relate to techniques for anonymizing information in an end-to-end (E2E) encrypted environment; the information may include, for example, statistical data about unique page/message views, view counts, view time, what users selected on the message or page, etc. Exemplary embodiments may prevent an E2E system server from being able to identify which user is associated with which record. Various examples are described, including an embodiment in which an originating client generates the data, encrypts it, and sends it to a random contact. The contact decrypts the data, re-encyrpts it, and sends it to another random contact. The procedure continues for a set amount of time or for a set number of hops. Other embodiments relate to wrapping the data in various layers of encryption and sending the data to clients in a chain. The encrypted layers prevent clients along the chain from being able to view the anonymized data.

Various arrangements relate to a method performed by a processor of a computing system. An example method includes hashing a first salted value to generate a first hashed salted value. The first salted value includes a first salt value and a value. A first tuple is generated. The first tuple includes the first hashed salted value and a first token. The first token is associated with the value. A first BAT message is generated. The first BAT message includes the first salt value. The first BAT message is associated with the first tuple. A second salted value is hashed to generate a second hashed salted value. The second salted value includes a second salt value and a value. A second tuple is generated. The second tuple includes the second hashed salted value and a second token. The second token is associated with the value. A second BAT message is generated.

A proxy system is installed on a computing device that is in the network path between the device and the Internet. The proxy system, residing on the computing device, decrypts and inspects all traffic going in and out of the computing device.

One embodiment provides a method for pre-authorizing public key infrastructure communication between entities, the method comprising: utilizing at least one processor to execute computer code that performs the steps of: determining if pre-authorization is required from a remote device to establish a communication channel between a first entity and a second entity; establishing a shared secret value between the first entity and the remote device; receiving, at the second entity, from the remote device, proof of pre-authorization, thereby pre-authorizing communication between the first and second entity, wherein the pre-authorization is based on the shared secret value; and storing the proof of pre-authorization for any subsequent communication with the first entity. Other aspects are described and claimed.

A system and method for certificate validation. The method includes acquiring revocation information associated with one or more revoked certificates from a plurality of certificate authorities, signing the revocation information, and storing the signed revocation information. Further, the method includes receiving a request from a client to connect to a web server. In response to the request, certificate information from the web server is received. The method further includes comparing the certificate information with stored revocation information and terminating a connection between the web server and the client when the certificate information matches a revoked certificate information included in the stored revocation information.

A method including at each of a number of client devices receiving a data item, receiving a public key from a second computing system, encrypting the data item using the public key to produce a singly encrypted data item, engaging in an oblivious pseudorandom function protocol with a first computing system using the singly encrypted data item to produce a seed, generating an encrypted secret share using a threshold secret sharing function under which the encrypted secret share cannot be decrypted until a threshold number of encrypted secret shares associated with the same singly encrypted data item are received, and transmitting the encrypted secret share to the first computing system and at the first computing system receiving a number of encrypted secret shares from the number of client devices, processing the number of encrypted secret shares to produce processed data, and transmitting the processed data to a second computing system.

A method, system, and computer program product generate, with a payment network, a first value (a) and a second value (ga), the second value (ga) generated based on the first value (a) and a generator value (g); generate, with the payment network, a plurality of random merchant numbers (mi) for a respective plurality of merchant banks; determine, with the payment network, a merchant product (M) based on a product of the plurality of random merchant numbers (mi); generate, with the payment network, a public key (pki) based on the second value (ga), the merchant product (M), and the random merchant number (mi) and a random key (rki) based on the merchant product (M) and the random merchant number (mi) for each respective merchant bank; and communicate, with the payment network, the public key (pki) and the random key (rki) to at least one respective merchant bank.