Methods in a cloud object store facilitate strong data encryption, customer-management of object (encryption) keys, reductions in latency, globally-distributed object storage, and handling of streamed uploads. A method for encrypting objects stored in a cloud includes encrypting each object with a unique encryption (object) key. The plaintext object keys are generated in advance of uploads. The plaintext object keys can be stored in an object database in the cloud. Alternatively, the plaintext object keys can be provided to a customer's HSM, encrypted, and returned to the cloud, such that encrypted object keys, encrypted by the customer, are stored in the cloud. The cloud can alternatively encrypt the customer's object keys with a master key for the customer, which is then encrypted by the customer's HSM before being stored in the cloud. Proxies are also deployed for efficiently communicating with customer security modules.

A mechanism for building decentralized computer applications that execute on a distributed computing system. The present technology works within a web browser, client application, or other software and provides access to decentralized computer applications through the browser. The present technology is non-custodial, wherein a public-private key pair, which represents user identity, is created on a client machine and then directly encrypted by a third-party platform without relying on one centralized computing system.

The present innovative solution solves the problem of managing secure documents so that they can be verified, and protected from tampering and illegal printing. A legal document is converted to a secure document by embedding into the legal document one or more security codes that have been encrypted with a standard of proprietary cryptographic algorithm. The security codes are supplemented by a QR code associated with the archive location of each page of the secure document, and stored at a server or database. The security codes stored in the document and can be printed together with the document, as a form of watermark, using UV-sensitive ink or toner at a security printer. The security codes are encrypted and can be printed on varying locations in the secure document pages, which are defined in a geolocation template, separately transmitted in encrypted format.

Technologies for securing a virtualization network function (VNF) image includes a security server to generate a wrapping cryptographic key to wrap a private key of the VNF image and replace the private key with the wrapped private key to secure the private key. During operation, the VNF image may be authenticated by a network function virtualization (NFV) server as needed. Additionally, the signature of the VNF image may be updated each time the VNF image is shutdown to ensure the continued authenticity of the VNF image.

A system for credential authentication includes and interface and a processor. The interface is configured to receive a request for authorization to access from an application. The processor is configured to determine a set of credentials that can enable authorization to access; generate a proof request challenge; receive a proof response; determine that the proof response is valid based at least in part on information stored in a distributed ledger; generate a token; and provide the token.

The disclosed embodiments relate generally to complex data stream control and entitlement. Specifically, the disclosed embodiments provide systems and methods for ensuring that only authenticated/verified participants receive data streams. A third party, e.g., a party other than the data provider or the data recipient, who is nevertheless associated with both the data provider and the data recipient, may be involved in controlling whether data streams from the data provider can reach the data recipient. Thus, a third party may logically sit between the data provider and the data recipient, and may decide whether the data recipient should receive data streams. The disclosed embodiments implement data generation, flow, control and permissioning between multiple entities via digital assets accessed and manipulated on a shared data structure.

A method including determining, by a first device, a sharing encryption key based at least in part on an access private key associated with encrypted content and an assigned public key associated with a second device; encrypting the access private key associated with the encrypted content utilizing the sharing encryption key; and transmitting the encrypted access private key to enable the second device to access the encrypted content. Various other aspects are contemplated.

A method including determining, by a device, an assigned key pair including an assigned public key and an assigned private key; determining, by the device for a group associated with a folder, a group access key pair including a group access public key and a group access private key; encrypting, by the device, the group access private key by utilizing the assigned public key; and accessing, by the device, the folder based at least in part on decrypting the group access private key. Various other aspects are contemplated.

A method including determining, by a first device, a sharing encryption key based at least in part on an access private key associated with encrypted content and an assigned public key associated with a second device; encrypting the access private key associated with the encrypted content utilizing the sharing encryption key; and transmitting the encrypted access private key to enable the second device to access the encrypted content. Various other aspects are contemplated.

A method including determining, by a first device, an assigned key pair including an assigned public key and an assigned private key; determining, by the first device for a folder associated with encrypted content, a folder access public key and a folder access private key; determining, by the first device for a group, a group access public key and a group access private key; encrypting, by the first device, the folder access private key by utilizing the assigned public key; encrypting, by the first device, the folder access private key by utilizing the group access public key; and accessing, by a second device, the folder based on decrypting the folder access private key by utilizing the group access private key or based on decrypting the folder access private key by utilizing the assigned private key, the first device being different than the second device. Other aspects are contemplated.