A system and method for securing communication across an in-vehicle bus, includes establishing a connection between a gateway in a vehicle and the in-vehicle bus; generating a session key at the gateway within the vehicle; transmitting a public key certificate and ephemeral key to the gateway and an electronic control unit of the vehicle; generating a shared secret at the gateway and the electronic control unit, respectively; encrypting the session key with the shared secret at the gateway; receiving the encrypted session key through the in-vehicle bus at the electronic control unit; and decrypting the encrypted session key based on the shared secret generated at the electronic control unit.

In one aspect, a system for managing data processes in a network of computing resources is configured to: receive, from an instructor device, a parent request for execution of at least one parent data process executable by a plurality of computing resources at least one computing resource; generate at least one child request for execution of at least one corresponding child data process for routing to at least one corresponding destination device, each of the at least one child data process for executing at least a portion of the at least one parent data process, and each of the at least one child request including a respective destination key derived from at least one instructor key; and route each of the at least one child request to the at least one corresponding destination device. The at least one child request can be obtained by a supervisor server via the routing.

A method for generating cryptograms in a webservice environment includes: receiving, in a first environment of a computing system, a credential request transmitted by an external computing device using a secure communication protocol, the credential request including a transaction identifier and account identifier; transmitting, by the first environment, a data request to a second environment of the computing system, the data request including the account identifier; receiving, by the first environment, an account profile and session key from the second environment; transmitting, by the first environment, a cryptogram request to a third environment of the computing system, the cryptogram request including the account profile and session key; receiving, by the first environment, a cryptogram from the third environment generated using the account profile and session key; and transmitting, by the first environment, the cryptogram and transaction identifier to the external computing device via the secure communication protocol.

A communication device of handling communication with a network including a cellular network and a wireless local area network (WLAN) comprises instructions of receiving a radio resource control (RRC) message configuring cellular-WLAN aggregation (CWA) to the communication device from a base station (BS) of the cellular network; deriving a first pairwise master key (PMK) according to the RRC message; deriving a first encryption key for encrypting first data transmitted to the WLAN or decrypting second data received from the WLAN from the first PMK; releasing the CWA during connecting to the WLAN; performing an extensible authentication protocol (EAP) authentication and key agreement (AKA) procedure with the WLAN to derive a second PMK, when releasing the CWA; and deriving a second encryption key for encrypting third data transmitted to the WLAN or decrypting fourth data received from the WLAN from the second PMK.

Systems and methods are disclosed for implementing an educational mode on a portable computing device, such as a tablet computer, that is a single-user system, used serially by multiple users. Each user can have a separate user storage that may be encrypted. The computing device boots as a system user to a login screen. A first student user enters user credentials into the login screen. The computing device can reboot the user-space processes, while leaving the kernel running, rebooting the computing device as the first student user. When the first student user logs out, data to be synchronized to, e.g., the cloud, can be synchronized for the first student user while a second student user is logged into the device.

Some embodiments provide a method for establishing a secured session with backward security between a first device and a second device. In some embodiments, the method establishes a communication session between the first and second devices using shared keys stored at the first and second devices. The method exchanges encrypted data between the first and second devices as a part of the communication session. The method, upon completion of the communication session, modifies the shared key at the first device in a predictable way. The shared key is modified at the second device in the same predictable way. The method then stores the modified shared key at the first device. The modified shared key cannot be used to decrypt any portion of the encrypted data of the current and previous communication sessions.

An example communications apparatus includes a plurality of communicatively-interconnected communication domains and an electronic switch, integrated as part of a first domain of the plurality of communicatively-interconnected communications domains. The electronic switch effects secure communications of data over the one or more channels specific to the first domain, by using a first circuit and a second circuit. The first circuit is used to obtain and process sampled channel properties associated with the one or more channels specific to the first domain. The second circuit is used to generate, in response to the first circuit, a domain-specific code that is generated pseudo-randomly using the processed sampled channel properties, the domain-specific code being used for coding data conveyed over the one or more channels specific to the first domain.

Anonymizing systems and methods comprising a native configurations database including a set of configurations, a key management database including a plurality of private keys, a processor in communication with the native configurations database and the key management database, and a memory coupled to the processor. The set of configurations includes one or more ranges, wherein each range includes a contiguous sequence comprised of IP addresses, port numbers, or IP addresses and port numbers. The processor is configured to retrieve the set of configurations from the native configurations database, wherein the set of configurations includes a plurality of objects; retrieve a private key from the key management database; assign a unique cryptographically secure identity to each object; and anonymize the plurality of objects based on the cryptographically secure identities and the private key.

A computing device includes a secure storage hardware to store a secret value and processing hardware comprising at least one of a cache or a memory. During a secure boot process the processing hardware loads untrusted data into at least one of the cache or the memory of the processing hardware, the untrusted data comprising an encrypted data segment and a validator, retrieves the secret value from the secure storage hardware, derives an initial key based at least in part on an identifier associated with the encrypted data segment and the secret value, verifies, using the validator, whether the encrypted data segment has been modified, and decrypts the encrypted data segment using a first decryption key derived from the initial key to produce a decrypted data segment responsive to verifying that the encrypted data segment has not been modified.

An object is to provide a key generation method capable of maintaining a high security level in each of sliced networks when network slicing is applied to a core network. A key generation method according to this disclosure specifies network slice identification information indicating a network slice system that provides a service to be used by a communication terminal (50) among a plurality of network slice systems included in a core network (10) and, using the network slice identification information, generates a service key to be used for security processing in the network slice system indicated by the network slice identification information.