A method of communication, within a processing system of a gas turbine engine, between a first electronic component and a second electronic component, comprising: generating by the first electronic component, a request, comprising a digital certificate, intern comprising a first host public key and a first client public key, signed with a first host private key, to initiate a trusted communication session with a second electronic component; encrypting at the first electronic component, at least a portion of the request with a first client private key; transmitting the request to the second electronic component; the first host private key and the first host public key defining a first asymmetric keypair and the first client private key and the first client public key defining a second asymmetric keypair.

Securing at rest data on a cloud hosted server includes, for each cloud hosted instance of a computer program, creating a key encrypted key (KEK) using a unique customer master key (CMK) corresponding to the instance, but only an encrypted form of the KEK is persisted in a database for the corresponding instance whereas the unencrypted KEK is retained in memory of the encryption process only. Thereafter, in response to a request to persist data by a corresponding instance of the computer program, a data key (DK) is randomly generated and encrypted with the KEK in memory for the corresponding instance. The data itself also is encrypted with the DK and an envelope with the encrypted DK and the encrypted data returned to the requestor, thus ensuring that the data and the encryption keys are never moved or persisted in an un-encrypted form.

Disclosed herein are systems and techniques for using a content delivery network to perform various functions within a digital advertising ecosystem, in ways that yield technological benefits such as improved security, efficiency, and speed (for example, reduction in publisher load times). As one specific example, a content delivery network can be used for the creation of electronic tokens for user identity protection between demand side platforms, supply side platforms, content creators (for example, advertisers), and publishers.

Providing smart contracts including secrets encrypted with oracle-provided encryption keys using thresholding cryptosystems is disclosed. In one example, a contract creator encrypts sensitive data necessary for executing a smart contract into ciphertext with multiple symmetric cryptographic keys using a threshold cryptosystem, such that a subset of at least size R of the symmetric cryptographic keys are required to decrypt the ciphertext. The symmetric cryptographic keys are encrypted into wrappers using a public cryptographic key of a contract executor. Envelopes are generated using public cryptographic keys of corresponding contract oracles, where the envelopes include the wrappers encrypted using the public cryptographic keys, and policies that specify condition(s) precedent and are authenticated using the public cryptographic keys. The smart contract, including the envelopes, the ciphertext, and R, is then deployed to the contract executor. In this manner, the sensitive data is protected from unauthorized access within the smart contract.

A method for a data owner to enforce attribute-based and discretionary access control over a cloud-based data store by specifying an access policy, creating a plurality of users with attributes that satisfy the access policy, and revoking one or more of the plurality of users by embedding their respective identities as revoked into a ciphertext, whereby only those of the plurality of users whose attributes satisfy the access policy and that are not revoked can decrypt the ciphertext.

A communication system for digital key pairing of a vehicle includes a network transceiver configured for communication via one or more networks with at least one secure server, and a controller. The controller is configured to pre-provision the vehicle with pairing password verifiers for digital key programming to support digital key programming when the vehicle is offline with the at least one secure server, and/or provide end-to-end secure communication between the controller and the at least one secure server by generating and utilizing (i) at least one timestamp, (ii) at least one unique vehicle ID, and (iii) at least one random number in messages communicated between the controller and the at least one secure server.

A method of providing a distributed messaging system to aggregate particular types of messages regarding a client from customers of said client and for generating response and informational messages to the customers is provided. The method is performed in a distributed system comprising one or more processors executing computer instructions and one or more non-transitory computer readable media with computer executable instructions stored thereon executed by the one or more processors to provide the method. The method comprises the steps of: receiving and securely storing client account credentials of the client for a group of client determined user accounts comprising predetermined ones of social media and email accounts of the client; utilizing the client account credentials to access the user accounts; capturing all customer messages received at the user accounts; filtering all the captured messages for predetermined keywords; aggregating the filtered customer messages in a database; and determining severity, trust and validity of the filtered customer messages.

A networked device communication system can configure network devices (e.g., a primary and secondary database) to send and receive sequences of messages, such as replicated data, using one or more keypairs and wrapping keys. The sequences of messages can include an initial set of messages that are encrypted by a wrapping key, and further include another set of messages that are encrypted by a replaced staggered key. The sequence of messages can be configured to be decrypted without exporting keys of hardware security modules.

Systems and methods are provided involving a user authentication system. The authentication system may involve a mobile device, computing device and/or server and may grant access to digital systems, applications, and content. The authentication system may also involve a mobile device, interface device, secure system and/or server and may grant access to digital systems, applications including document execution applications and content, computing systems and devices and physical locations using only the user's mobile device and/or a computing device. The authentication system may also be used for establishing symmetric encryption between two devices or may be used to identify and authenticate a customer. The mobile device may run a mobile application that performs the authentication functionality using biometric data, which may be obtained on the mobile device and which may be stored on one or more devices of the authentication system.

A system includes an intelligent electronic device (IED) and a proxy device communicatively coupled to the TED via a Media Access Control (MACsec) communication link. The proxy device is configured to perform operations that include receiving permissions data, receiving a request to perform an action associated with the TED, determining whether the action is authorized based on the permissions data, and transmitting data to the TED via the MACsec communication link in response to determining that the action is authorized.