A computing device includes an interface configured to interface and communicate with a dispersed storage network (DSN), a memory that stores operational instructions, and a processing module operably coupled to the interface and memory such that the processing module, when operable based on the operational instructions, is configured to perform various operations. The computing device determines data access rates corresponding respectively to storage units (SUs). In certain situations, the computing device selects at least a data access threshold number of SUs excluding a first slowest SU having the first slowest data access rate to service data access request(s) for set(s) of encoded data slices (EDSs) corresponding to a data object. The computing device facilitates servicing of the data access request(s) for the set(s) of EDSs by the at least a data access threshold number of SUs that excludes the first slowest SU having the first slowest data access rate.

Method and system of secured direct link set-up (DLS) for wireless networks. In accordance with aspects of the method, techniques are disclosed for setting up computationally secure direct links between stations in a wireless network in a manner that is computationally secure. A direct link comprising a new communication session is set up between first and second stations in a wireless local area network (WLAN) hosted by an access point (AP), the direct link comprising a new communication session. The AP generates a unique session key for the new communication session and transfers secured copies of the session key to each of the first and second stations in a manner under which only the first and second stations can obtain the session key. A security mechanism is then implemented on the unsecured direct link to secure the direct link between the first and second stations using a secure session key derived from the session key.

A system that incorporates the subject disclosure may perform, for example, providing an upload request to a mobile communication device to cause a secure device processor of the mobile communication device to perform a modification of data according to a data protection key to generate modified data and to perform an encryption of the modified data according to an upload transport key to generate encrypted modified data where the secure device processor is separate from and in communication with a secure element of the mobile communication device, and where the secure element receives master keys from a remote management server and stores the master keys to enable the upload transport key and the data protection key to be generated by the secure element without providing the master keys to the secure device processor. Other embodiments are disclosed.

Method and system for communicating between a managed device and a device manager comprising sending the managed device a message over a first communications channel. Initiating communication between the managed device and the device manager over a second communications channel in response to the message, wherein the first communications channel and the second communications channel are of different types.

Mobile device key management is disclosed. A master key is secured using a password-based key to generate a first encryption information. The password-based key is generated based at least in part on a password associated with a mobile device. The master key is also secured using an unlock key to generate a second encryption information. The unlock key is stored at a server, and in certain cases is not stored on the mobile device. The first encryption information and the second encryption information are stored on the mobile device. The mobile device is configured to extract the master key from the first encryption information using the password. In the event that the master key is not extracted using the password, the mobile device is configured to extract the master key from the second encryption information using the unlock key received from the server.

Providing an encrypted search index for performing searches on encrypted documents, the method comprising: (i) providing a set of documents, the documents comprising a plurality of unencrypted phrases; (ii) providing a master key; (iii) providing, based on the master key, for each phrase a set of encryption keys comprising one or more encryption keys; (iv) selecting, for each phrase, one encryption key of the set of encryption keys; (v) encrypting each phrase with the selected encryption key; and (vi) building an index based on the encrypted phrases, the index comprising information regarding which encrypted phrase is comprised within a certain document.

The present invention concerns a method for encrypted data synchronization, wherein the method comprises providing at least one data entity (100) comprising data content (110), accompanying metadata (120) including an entity key (140) usable for encrypting the data content (110), and synchronization metadata (130) usable for synchronizing the at least one data entity (100) between at least two first devices (400), wherein at least the entity key (140) of the accompanying metadata (120) and the synchronization metadata (130) are encrypted using a second key.

A hierarchical key generation and distribution mechanism for a computer system in which devices are organized into secure enclaves. The mechanism enables network access to be tailored to approximate minimum needed privileges for each device. At the lowest level of the hierarchy, keys are used to form security associations between devices. Keys at each level of the hierarchy are generated from keys at a higher level of the hierarchy and key derivation information. Key derivation information is readily ascertainable, either from identifiers for devices or from within messages, supporting hardware offload of cryptographic functions. Because keys may be generated based on the enclaves in which the hosts participating in a security association are located, the system includes a mechanism by which devices can discover the enclave in which they are located.

In embodiments of mesh network commissioning, a node device in a mesh network receives a commissioning dataset, and compares a timestamp in the received commissioning dataset with a stored timestamp in a commissioning dataset that is stored in the node. The node device can determine from the comparison that the stored timestamp is more recent than the received timestamp, and in response, transmit a message to a leader device of the mesh network, where the message includes the stored commissioning dataset. The leader device accepts the stored commissioning dataset as the most recent commissioning dataset for the mesh network, and propagates the stored commissioning dataset to the mesh network. Alternatively, the node device can determine that the received timestamp is more recent than the stored timestamp, and in response to the determination, update the stored commissioning dataset to match the received commissioning dataset.

A method in a User Equipment (UE) of an Evolved Packet System (EPS) establishes a security key (K_eNB) for protecting Radio Resource Control/User Plane (RRC/UP) traffic exchanged with a serving eNodeB. The method comprises sending a Non-Access Stratum (NAS) Service Request to a Mobility Management Entity (MME), the request indicating a NAS uplink sequence number (NAS_U_SEQ). The method further comprises receiving an indication of the NAS_U_SEQ of the NAS Service Request sent to the MME, back from the MME via the eNodeB. The method further comprises deriving the K_eNB from at least the received indication of the NAS_U_SEQ and from a stored Access Security Management Entity-key (K_ASME) shared with said MME.