A method for searchable encryption with a public key includes receiving an operation request from a user device associated with a user requesting that encryption of data associated with the user. The data includes a corpus of documents stored on a remote storage device. The method also includes receiving a public key associated with the user. The public key includes an asymmetric cryptographic public key. The method also includes generating a random data key. The data key includes a symmetric cryptographic key. The method also includes encrypting, using the data key, a search index for the corpus of documents based on keywords within the corpus of documents. The method also includes encrypting, using the public key, the data key and sending the encrypted data key to a user device associated with the user.

A technique for providing access to protected resources uses personal authentication tags (PATs) and enforces a requirement that a workstation sending an authentication request be trusted by a server that receives the request. Accordingly, the server allows an authentication request to proceed only when the request is received from a workstation having a trust relationship with the server. Otherwise, the server denies the authentication request. By restricting PAT-type authentication requests to trusted workstations, risks posed by malicious users are greatly reduced.

An authentication system handles authentication requests to apply introspection and policy enforcement. A policy server obtains a client security policy and an authenticator security policy. The policy server obtains an encrypted credential request with client metadata from a client and determines whether the client metadata satisfies the client security policy. The policy server provides the encrypted credential request to an authenticator device and obtains an encrypted credential response with authenticator metadata in response. The policy server determines whether the authenticator metadata satisfies the authenticator security policy. The policy server processes the encrypted credential response, without decrypting the encrypted credential request or the encrypted credential response, based on a determination of whether the client metadata satisfies the client security policy and the authenticator metadata satisfies the authenticator security policy.

A method including configuring, by an infrastructure device, a first device to determine a symmetric sharing encryption key based at least in part on a content access private key of a content access key pair associated with encrypted content and an assigned public key associated with a second device; configuring, by the infrastructure device, the first device to encrypt the content access private key of the content access key pair associated with the encrypted content utilizing the sharing encryption key; and configuring, by the infrastructure device, the first device to transmit the encrypted content access private key to enable the second device to access the encrypted content is disclosed. Various other aspects are contemplated.

Presented herein are techniques to implement end-to-end encryption. A method includes, encrypting content C with an encryption key EK to obtain encrypted content C′, generating a key encrypting key KEK based on a password, encrypting the encryption key EK with the key encrypting key KEK to obtain an encrypted encryption key EK′, storing the encrypted content C′ and the encrypted encryption key EK′ such that the encrypted content C′ and the encrypted encryption key EK′ are accessible to a content consumer via a link, sending the link and the password to the content consumer, and in response to a request, received via the link, for the encrypted content C′ and the encrypted encryption key EK′, sending the encrypted content C′ and the encrypted encryption key EK′ to the consumer based on the content consumer being on an access control list.

An apparatus for controlling a vehicle and a method thereof are provided. The apparatus includes a connectivity control unit (CCU) to internetwork with a server through a wireless network to provide a connected car service and an integrated body unit (IBU) to perform low power communication with another vehicle to control the CCU.

A computer-implemented method when executed by data processing hardware of a user device causes the data processing hardware to perform operations. Die operations include obtaining, from a message server, an encrypted message encrypted by a single-use data encryption key (DEK) and an encrypted DEK including the single-use DEK encrypted by a public key (PK). The operations also include transmitting, to a key access control list server (KACLS), a decryption request requesting the KACLS decrypt the encrypted DEK with a PRK associated with the PK. The decryption request includes the encrypted DEK. The KACLS is independent from the message server. The operations also include receiving, from the KACLS, the single-use DEK and decrypting, using the single-use DEK, the encrypted message.

A system for remote management of digital assets is disclosed which including a financial management server communicating with an external network, a management server communicating with the financial management server through a first communication channel, a key server communicating with the management server through a second communication channel, a first local encryption machine communicating with the key server through a third communication channel, at least a first remote encryption machine and a second remote encryption machine communicating with the first local encryption machine through a fourth communication channel. The private keys are stored in the different encryption machines and the signatures are also carried out in the different encryption machine, such that even if some encryption machines are hacked, the private key will not be disclosed.

A method for performing key exchange for a security operation in a storage device includes generating, by a trusted third party (TTP), a first certificate based on a first user ID and first public key and generating a second certificate based on a second user ID and second public key. While the storage device is accessed by the first user ID, a first verification is performed on the second certificate based on a third certificate. When the first verification is successfully completed, a ciphering key is derived based on a first private key and the second public key. While the storage device is accessed by the second user ID, a second verification is performed on the first certificate based on the third certificate. When the second verification is successfully completed, the ciphering key is derived based on a second private key and the first public key.

An electronic apparatus includes a communication interface, a memory; and a processor. The memory is configured to store a hypervisor. The processor is configured to obtain an authentication key for performing authentication of an external device. The processor is also configured to encrypt the authentication key based on a key pre-stored in the memory using the hypervisor and store the encrypted authentication key in the memory. Based on a request for information that is stored in the memory being received from the external device, the processor is configured to perform authentication of the external device using the hypervisor. Based on the authentication of the external device being completed, the processor is configured to control the communication interface to transmit the stored information to the external device.