A first computing system establishes a cryptographically protected communication session with a second computing system by proposing a hybrid cryptographic scheme. In response to the proposed hybrid cryptographic scheme, a second computing system transmits cryptographic materials to the first computing system, and the first computing system transmits cryptographic materials to the second computing system. Using the cryptographic materials, two or more cryptographic keys are derived. One cryptographic key is used to perform an inner cryptographic operation on one or more data items, and another cryptographic key is used to perform an outer cryptographic operation on the one or more data items that have been cryptographically protected by the inner cryptographic operation.

A computer-implemented method is described to monitor and control enterprise information stored on a cloud computing service (CCS). The method includes using a cross-application monitor to detect a cloud computing service (CCS) application programming interface (API) in use and a function or an activity being performed via the CCS API. The method also includes determining the function or the activity being performed via the CCS API by parsing a data stream based on the CCS API and identifying content being transmitted to the CCS. The method further includes applying a content inspection rule to find strings and interrelated strings in the content that are subject to content control and triggering a security action responsive to finding the strings and interrelated strings subject to content control in the parsed stream.

An example client device includes a processor configured construct a key to be used to encrypt or decrypt data of a communication session between the client device and a server device, partition the key into a plurality of key partitions, send data representative of the key and a location of the client device to the server device, send data representative of each of the plurality of key partitions to a respective key verification server device of a plurality of key verification server devices, and after receiving an indication from the server device that the key has been verified using data representative of the key, the location of the client device, and the plurality of key partitions, encrypt or decrypt data exchanged with the server device using the key.

It is disclosed a method and a constrained resource device (502, 70, 90) for establishing a secret first key between a client device (506) and the constrained resource device. The invention also relates to a method and an authorization server (504, 60, 80) for enabling establishing a secret first key between a client device (506) and the constrained resource device. Based on a secret second key shared (508) between the constrained RD and the AS, the secret first key shared between the constrained resource device and the client device can be established. Devices having constrained resources cannot use protocols with which additional messages are required to share a secure identity. Embodiments of the present invention have the advantage that a secret identity can be established within an authentication protocol and that no additional messages are required to establish the secret identity.

This invention is directed to a computerized system for encryption and transmission of digital information comprising: an encryption server in communications with a sender computer device and a recipient computer device; and, a set of encryption server computer readable instructions included on the encryption server that, when executed by a processor, preform the steps of: receiving an original information set from the sender computer device, generating a sender symmetrical key, encrypting a portion of the original information set with the sender symmetrical key, generating an asymmetric key pair having a public and private key pair, encrypting the sender symmetrical key with the public key of the asymmetrical key pair, encrypting the private key of the asymmetrical key pair with a master key, generating a hyperlink to the encrypted portion of the original information set, transmitting the hyperlink to the recipient computer device.

A distributed storage network includes a method of receiving data and a corresponding task, selecting one or more storage units for the task based on a capability level associated with each of the storage units, identifying a plurality of data groups of the data, determining a chunk size based on the plurality of data groups, determining processing parameters of the data based on the chunk size, generating a set of chunksets from the plurality of data groups in accordance with the chunk size and processing parameters and encoding the set of chunksets in accordance with the processing parameters to produce slice groupings. The method further includes determining task partitioning based on the storage units and the processing parameters, partitioning the task based on the task partitioning to produce partial tasks and sending the slice groupings and corresponding partial tasks to the storage units.

The various examples are directed to establishing a secure session between a device and a server. The device and the server may establish a session key. The session key may be used for encrypting data. After authenticating the session key, the server may transmit secure session data to the device, and the device may store the secure session data. The server may transmit information for deriving, based on secure session data, the session key to a different server. The device may transmit the secure session data to the server, or to the different server, to re-establish the secure session. The different server may derive, using the information and based on the secure session data, the session key. The different server may re-establish, using the session key, the secure session.

A computing device has a processor and a first memory, e.g., a fuse-based memory, storing a first cryptographic key. The processor is configured to receive information related to a second cryptographic key from a cryptographic key provisioning system. The processor derives the second cryptographic key from the information related to a second cryptographic key. The first cryptographic key has fewer bits than the second cryptographic key. The processor is also configured to encrypt the second cryptographic key using the first cryptographic key, and store the encrypted second cryptographic key in a second memory, e.g., a flash memory.

A method of securely accessing a modem is disclosed that uses an authentication token with a hash of a secure shell server (SSH) public key. The method includes receiving an encrypted authentication token from the modem, the authentication token having one of a hash of the SSH public key and the SSH public key and being encrypted according to another public key, transmitting the encrypted authentication token to a central server, receiving a decrypted authentication token from the central server, the decrypted authentication token comprising the hash of the SSH server public key, configuring modem interfaces at least in part using the authentication token, the modem interfaces including an interface with an SSH server, and communicating with the modem according to the hash of the SSH server public key.

A method is provided for remotely and securely accessing a modem is provided that uses an encrypted authentication token with a modem password. The method includes receiving an encrypted authentication token from the modem, the authentication token having a modem password stored in secure memory and being encrypted according to a public key, transmitting the encrypted authentication token to an authentication server. receiving a decrypted authentication token from the authentication server, the decrypted authentication token comprising the modem password, generating an authentication key and a privacy key from the modem password, configuring modem interfaces at least in part using the authentication token, the modem interfaces including a network management protocol interface and communicating with the modem using the network management protocol interface according to at least one of the generated authentication key and the privacy key.