A computerized system for encryption and transmission of digital information comprising: a set of non-transitory computer readable instructions that, when executed by a processor, preform the steps of: receiving a data set from an instance of a sender browser running on a sender computer device, verifying that a recipient is a subscriber and if the recipient is a subscriber, generating a sender key, encrypting a portion of the data set with the sender key, generating a key pair having a first key and a second key, encrypting the sender key with the first key, encrypting the second key with a master key, and, generating a hyperlink to the portion of the data set that is encrypted.

In order for supporting separate ciphering at an MeNB (20) and an SeNB (30), the MeNB (20) derives separate first and second keys (KUPenc-M, KUPenc-S) from a third key (KeNB). The first key (KUPenc-M) is used for confidentially protecting first traffic transmitted over U-Plane between the MeNB (20) and a UE (10). The first key (KUPenc-M) may be the same as current KUPenc or a new key. The second key (KUPenc-S) is used for confidentially protecting second traffic transmitted over the U-Plane between the UE (10) and the SeNB (30). The MeNB (20) sends the second key (KUPenc-S) to the SeNB (30). The UE (10) negotiates with the MeNB (20), and derives the second key (KUPenc-S) based on a result of the negotiation.

The present disclosure relates to methods and apparatus for flexible, security context management during AMF changes. One aspect of the disclosure is a mechanism for achieving backward security during AMF changes in idle mode. Instead of passing the current NAS key to the target AMF, the source AMF derives a new NAS key, provides the new NAS key to the target AMF, along with a key change indication indicating that the NAS key has changed. The target AMF sends the key change indication to the user equipment.

Embodiments described herein provide cryptographic techniques to enable a recipient of a signed message containing encrypted data to verify that the signer of the message and the encryptor of the encrypted data are the same party, or at the least, have joint possession of a common set of secret cryptographic material. These techniques can be used to harden an online payment system against interception and resigning of encrypted payment information.

A distributed computing system is used to form a login network to perform an action for a user, using private data. The login network executes the verification using blockchain computing architecture, which is decentralized. The private data is stored on the blockchain in an obfuscated form. In order to compute the private data from the obfuscated form, multiple distributed private key shares are required to generate multiple decryption shares, which are combined to compute a One Time Pad (OTP). In turn, the OTP is used to obtain the private data from the obfuscated form.

Embodiments provide a mobile communications device that includes a processor configured to communicate with a transceiver and a memory. The transceiver is configured to exchange control signals with a network node. The memory contains instructions that when executed by the processor configure the processor to operate the transceiver to exchange the control signals. The instructions further configure the processor to pass a first proper subset of the control signals to a remote device without operating according to the control signals, and to operate according to control signals in a second proper subset of the control signals. The processor is thereby configured to operate on behalf of a remote communication device to support communication between the remote communication device and the network node.

Enabling access to encrypted information by providing a master key and a public key to a partial content owner, generating a ciphertext of content according to a complete content data, at least one content data partition and the public key, wherein the content data partition comprises a portion of the complete content data, providing the ciphertext of the content data and the public key to a validator, receiving a validation result from the validator, and acting upon the validation result.

The present disclosure is directed to methods that provide a secure communication protocol by utilizing one step process of authenticating and encrypting data without having to exchange symmetric keys or needing to renew or re-issue digital identities fundamental to asymmetric encryption methodology.

A system supporting a networked database service includes a controller configured to receive one or more data request and authenticate the one or more data request. A gateway (GW) in communication with the controller, is configured to receive at least one of the one or more data request from the controller, perform data classification on data received in the request, and generate a cryptographic key based on the data classification, a hardware-protected key of the GW, and a second (encryption) key. The cryptographic key is for accessing a database. The controller and the GW are operated by different parties.

The technology disclosed herein provides network bound encryption that enables a node management device to orchestrate workloads with encrypted data without sharing the decryption key. An example method may include: obtaining an asymmetric key pair comprising a public asymmetric key and a private asymmetric key; establishing a symmetric key using a key establishment service, wherein the symmetric key is established in view of the private asymmetric key of a first computing device and a public asymmetric key of the key establishment service; transmitting sensitive data encrypted using the symmetric key to a persistent storage device accessible to a second computing device; initiating a creation of an execution environment on the second computing device; and providing, by the first computing device, the public asymmetric key and the location data to the second computing device, wherein the location data corresponds to the key establishment service.