A method for execution by a storage network begins by receiving data for storage by the storage network and continues by determining data preparation tasks for the data. The method continues by indexing the data in accordance with the data preparation tasks to generate a data index and processing the data in accordance with the data index to produce indexed data. The method then continues by determining distribution criteria for the data based on the data index and distributing the data and the data index to a set of distributed storage units in accordance with the distribution criteria, Finally, the method establishes criteria for analyzing found data of the data in the storage network.

A server establishes a secure session with a client device where a private key used in the handshake is stored in a different server. An encrypted connection is established between the first server and the second server. A message is received from the client device that initiates a procedure to establish the secure session between the client device and the first server. As part of this procedure, the first server transmits over the encrypted connection a request to the second server to use the private key. The first server receives, over the encrypted connection, a response to the request that includes a result of the use of the private key. The first server uses the result during the procedure to establish the secure session.

In some implementations, a network device may establish a secure connection between the network device and another network device based on a first set of keys generated by the network device, wherein the first set of keys are generated based on a first connectivity association key (CAK) and the secure connection is established based on a media access control security (MACsec) protocol. The network device may transmit a message to the other network device, wherein the message includes an indication of a second CAK. The network device may communicate data via the secure connection based on a second set of keys, wherein the second set of keys are generated based on the second CAK.

Techniques to facilitate verification of in-situ network telemetry data of data packet of data traffic of packet-switched networks are described herein. A technique described herein includes a network node obtaining a data packet of data traffic of a packet-switched network. The data packet includes an in-situ network telemetry block. The network node obtains telemetry data and cryptographic key. The cryptographic key confidentially identifies the network node. The node encrypts at least a portion of the telemetry data based on the cryptographic key to produce signed telemetry data and updates telemetry-data entry of the in-situ network telemetry block. The telemetry data and signed telemetry data is inserted into the telemetry-data entry. The node forwards the data packet with the updated telemetry-data entry to another network node of the packet-switched network.

A method for secret sharing utilizing multiple features of an input includes: receiving a registration input; obtaining features from the registration input; generating a secret key and a plurality of shared keys according to a shared secret scheme; associating each of the plurality of shared keys with a respective feature of the registration input; generating a plurality of additional features associated with additional keys having a similar format as a shared key associated with a respective feature; storing the plurality of shared keys associated with respective features together with the plurality of additional keys associated with additional features; and encrypting an element to be protected by the secret key using the secret key.

Method and system of secured direct link set-up (DLS) for wireless networks. In accordance with aspects of the method, techniques are disclosed for setting up computationally secure direct links between stations in a wireless network in a manner that is computationally secure. A direct link comprising a new communication session is set up between first and second stations in a wireless local area network (WLAN) hosted by an access point (AP), the direct link comprising a new communication session. The AP generates a unique session key for the new communication session and transfers secured copies of the session key to each of the first and second stations in a manner under which only the first and second stations can obtain the session key. A security mechanism is then implemented on the unsecured direct link to secure the direct link between the first and second stations using a secure session key derived from the session key.

A method and apparatus for configuring a Long Term Evolution (LTE)-controlled Wireless Local Area Network (WLAN) interface for a wireless transmit/receive unit (WTRU) are described. A method includes receiving LTE Radio Resource Configuration (RRC) signaling that provides parameters for the WTRU to configure the LTE-controlled WLAN interface. The LTE RRC signaling includes a set of WLAN access points (APs), an indication that the WTRU is permitted to autonomously initiate association with a WLAN within the set, a type of one or more bearers to use for the LTE-controlled WLAN interface, WLAN-related security information, and a configuration for the WTRU to report a status of an association with a WLAN AP. The WTRU selects a WLAN AP to associate to from the list and initiates association to the selected WLAN AP using at least the WLAN-related security information.

The techniques herein provide for enhanced overlay network-based transport of traffic, such as IPsec traffic, e.g., to and from customer branch office locations, facilitated through the use of the Internet-based overlay routing infrastructure. This disclosure describes a method of providing integrity protection for traffic on the overlay network.

In one embodiment, a client device includes an interface, a memory to store at least one part of a blockchain, and a processor to generate a client message indicating use of blockchain mode to establish a secure connection between the client device and a server, send the client message to the server on the interface, receive, from the server on the interface, a server message indicating use of the blockchain mode, and securely communicate with the server, on the interface, using at least one cryptographic key generated from information including cryptographic key generation information stored in the blockchain. Related apparatus and methods are also described.

Provided is a communication apparatus (121) that securely manages passwords for utilizing a server apparatus. A generator (203) generates a random table having the same number of rows and the same number of columns as a password table associated with a server name specified in an authentication request received by a receiver (202). An acceptor (205) accepts a key from a user to whom the random table is presented by a presenter (204). An identification unit (206) identifies, from the key and the random table, the user's of selection order of elements in the table. An acquirer (207) selects and arranges elements in the password table in the identified selection order, thereby acquiring a password. An output unit (208) displays the acquired password on a display or transmits the acquired password to the server apparatus, thereby allowing the user to utilize the server apparatus.