An access client may transmit an access request to a server, and the access request may be an example of a decryption request or an encryption request. The access request may include access information and file information for a file to be accessed. The server may validate the access information and generate an access package that includes a set of access keys and executable code. The access keys may be transmitted to the access client. The access client may execute the executable code and decrypt or encrypt the file. The file may include one or more data packs that include file access policies, ownership information, and file access logs.

The present disclosure provides a method and system for generating digital content for a computing device which will function on the computing device only after successful validation. The system installs one or more checks in the digital content that restrict the execution of the digital content to a specific device for which the digital content is generated. The checks pertain to at least one or more parameters of a device including without limitation, a device ID, a device model, or any device specific feature. In addition, the system generates a protected version of the digital content with the one or more installed checks to be transmitted to a client.

System, method and apparatus for securely distributing content via an encrypted file wherein a Publisher Key (PK) associated with an authorized publisher enables presentation of the content by the authorized user via a Limited Capability Viewer (LCV), the LCV lacking the capability to forward, print, copy or otherwise disseminate the content to be presented unless available advanced permissions are granted to the authorized user.

Observable characteristics of an encrypted data transmission can be analyzed and used to make inferences about the content of the data transmission. This information leakage is reduced by obscuring the observable characteristics of the data transmission. An obscuring engine is installed into the networking stack of a computer system that performs data transmission operations. The obscuring engine performs a variety of obscuring operations to obscure characteristics of the data transmission. The obscuring operations can include altering the size, packet ordering, packet partitioning, packet timing, and structure of the data transmission.

A machine-implemented method of encoding/decoding data is described. The encoding method comprises steps of receiving a message of a given size, the message being represented by a series of units of data, configuring multiple encoding elements (50) in an arrangement having a given frame size, and encoding the message by passing each unit of data through the arrangement so that each unit is processed by at least one of the encoding elements. The frame size of the arrangement is the maximum number of units of data that can pass through the arrangement without any unit of data passing through the arrangement and being processed in the same way as another unit of data. The configuring of the arrangement defines how each unit of data is processed by the encoding elements and creates an arrangement corresponding to a frame size that is dependent upon the number of units of data in the series, for example so that the frame size of the arrangement is guaranteed to be greater than the number of units of data in the series.

A communication system includes a management device, a reception device, and a transmission device. The reception device and the transmission device are configured to hold first information included in a received first communication message each time the reception device and the transmission device receive the first communication message. The transmission device is configured to manage second information of a management code, and generate a first authenticator from communication data and a management code formed by combining the held first information with the managed second information. The reception device is configured to receive a second communication message transmitted by the transmission device, and authenticate the received second communication message based on a comparison between the first authenticator included in the received second communication message and a regenerated authenticator regenerated based on the received second communication message.

An execution environment has a deployed virtual machine image. The virtual machine image provides a service that is identified by a role. The execution environment generates a measurement of the virtual machine image and provides it to a key service to request role keys that enable operation of the virtual machine image in the execution environment. The key service determines whether the virtual machine image is mapped to the role and, if so, returns the role keys to the requesting execution environment.

A content delivery platform is provided that includes generating a first content package of content that is encrypted with a unique symmetric key, and a second content package including a link encrypted with the key to the first content package. The first content package is stored in a repository, and a request including the key is transmitted to a first computing device associated with a mail exchange for an encryption key file. An encryption key file is generated using the unique symmetric key and together with a authorizing token is received. A third content package is generated that is encrypted using the encryption key file and includes the encrypted link. The third content package is transmitted to a distributor gateway and the encrypted link is accessible in response to the consumer decrypting the third content package. The link is available to provide to access to the content for the consumer.

Techniques are disclosed for provisioning Internet of Things (IoT) devices in accordance with a state machine model. More particularly, collections of IoT devices may be organized into enclaves, groups or shoals that operate as autonomous or semi-autonomous groups of devices functioning as a collective having a common objective or mission. IoT devices participating in a shoal may be provisioned with shoal-specific context information as part of their device-specific provisioning activity. By way of example, a shoal context object can include a current state variable and a target next state variable. The shoal's target next state variable establishes a goal (e.g., for provisioning activity) without dictating how the individual shoal members (IoT device) are to achieve that goal. This mechanism may be used to drive a shoal's separate devices through their individual provisioning state machines until the shoal itself is made operational.

A content delivery platform is provided that includes generating a first content package of content that is encrypted with a unique symmetric key, and a second content package including a link encrypted with the key to the first content package. The first content package is stored in a repository, and a request including the key is transmitted to a first computing device associated with a mail exchange for an encryption key file. An encryption key file is generated using the unique symmetric key and together with a authorizing token is received. A third content package is generated that is encrypted using the encryption key file and includes the encrypted link. The third content package is transmitted to a distributor gateway and the encrypted link is accessible in response to the consumer decrypting the third content package. The link is available to provide to access to the content for the consumer.