A method for accessing content of encrypted data item(s) by a terminal device operating in a digital environment, according to which before the data item is being accessed by the terminal device, it is modified after being intercepted if found to be encrypted. The wrapper of the data item is modified or replaced by embedding a URL with a unique identifier and a message into the wrapper of the data item. If a supported terminal device attempts to accesses the modified data item, the client application natively consumes the data from the modified data item and ignores its wrapper. If not, the message and the URL are displayed on the terminal device and the user browses the URL. Then after authentication, a web server locates the modified data item using the unique identifier, retrieves and decrypts the modified item and converts the decrypted modified data item to a format that can be consumed by the browser. Then, if the user has permission, he can view the data item by rendering it to the browser in his terminal device.

A security engine may be selected from a plurality of security engines to apply one or more security mechanisms to a section of source code of an application. In some cases, the section of source code may be identified by one or more security mechanism identifiers included in the source code. The security engine may generate machine-readable code that corresponds to the section of source code for which the one or more security mechanisms are to be applied. The machine-readable code may be executed on a plurality of computing devices. In one implementation, applying the security mechanisms to the section of source code may include producing zero-knowledge proofs of knowledge for the section of source code.

The present disclosure generally relates to an interface system and method of interfacing to generate data compatible with an external system in an oil and gas asset supply chain, and in particular to an interface and interface method for generating secure and verifiable data to prevent tampering, injection of unwanted data resulting from an unauthorized access along a supply chain. An interface generates and transforms data in an oil and gas supply chain for compatibility with external systems. Collected data is captured by an industrial control system sensor or data collector, and transferred to a secure intermediary hardware platform to interface with a software component. The collected data is then modified using a business rules engine to create enhanced data and events created from the enhanced data.

Delegating authorizations sufficient to access services is contemplate. The authorization may be delegated in the form of a token or other transmissible construct relied upon to authenticate access to services, such as but not necessarily limited to conferring a user identity established via authenticated device for the purposes of enabling an unauthenticated or unsecured device to access a service associated with the user identity.

Methods, apparatus, systems and articles of manufacture are disclosed to verify encrypted handshakes. An example apparatus includes a message copier to clone a client introductory message, the client introductory message is included in a first handshake for network communication between a client and a server, a connection establisher to initiate a second handshake between the apparatus and the server based on the cloned client introductory message, and a decrypter to, in response to the second handshake, decrypt a certificate sent by the server.

Techniques for utilizing a trusted platform module of a host device are described. According to various embodiments, a client device that does not include a trusted platform module (TPM) may leverage a TPM of a host device to provide trust services to the client device.

A gateway device between a first and second communication network outside the gateway device handles communication between a first device in the first network and a second device in the second network. When the gateway receives a communication request from the first device, directed to the second device, for performing a first cryptographic data communication protocol, the gateway determines whether the first cryptographic data communication protocol is registered as unsafe in the gateway device, and/or registered as safe, in particular whether it is safe against key reconstruction by a quantum computer. When the first cryptographic data communication protocol is not registered as unsafe in the gateway device, and/or registered as safe, the gateway device forwards messages exchanged as part of execution of the first cryptographic data communication protocol between the first and second device. When the gateway determines that the first cryptographic data communication protocol is registered as unsafe in the gateway device, and/or not registered as safe, the gateway device executes the first cryptographic data communication protocol between the first device and the gateway device, and executes a second cryptographic data communication protocol, which is not recorded as unsafe in the gateway device, and/or registered as safe, between the gateway and the second device, whereby the first and second cryptographic data communication protocol are executed sequentially to communicate data between the first and second device via the gateway device.

This disclosure relates to systems and methods for managing protected electronic content using proxy reencryption techniques. Rights management architectures are described that may, among other things, provide end-to-end protection of content keys from their point of origination at a content creator and/or content service to end user devices. Proxy reencryption techniques consistent with aspects of the disclosed embodiments may enable transformation of a ciphertext under one public key to a ciphertext containing the same plaintext under another public key. Consistent with embodiments disclosed herein, proxy reencryption processes may be implemented using indistinguishability obfuscation and puncturable public-key encryption schemes, functional encryption, and/or white box obfuscation techniques.

In accordance with an example aspect, there is provided an apparatus, the apparatus being a security edge proxy configured to implement application layer security for data exchanged between two core networks, the apparatus being configured at least to: process a protocol message received in the apparatus to generate an inter-network message based on the received protocol message, the inter-network message comprising a first part and a second part, transmit the inter-network message toward a second security edge proxy, wherein the first part is integrity protected but not encrypted and comprises first content elements of the received protocol message, wherein the second part is integrity protected and encrypted and comprises second content elements of the received protocol message as well as corresponding path elements indicating locations in the protocol message where the second content elements are located within the protocol message.

A code protection method may include storing, using a processor of a computer, a package file that includes files for an application on a storage device of the computer; transforming, at the processor, a protection target method and/or function selected from a file that includes an execution code among the files, or converting or deleting a library file among the files; regenerating the package file by adding, to the package file, a first protection module file for restoring the transformed protection target method and/or function or a second protection module file for restoring the library file; and providing the regenerated package file over a network.