A method for execution by one or more modules of one or more processors of a storage network includes receiving a data object for storage, segmenting the data object into a plurality of data segments and determining a level of security and a level of performance for the plurality of data segments. The method continues by determining whether one or more data segments of the plurality of data segments is to be transformed using an all-or-nothing transformation and in response to a determination to transform one or more data segments of the plurality of data segments, transforming a data segment of the plurality of data segments to produce a transformed data segment. The method continues by dispersed error encoding the transformed data segment to produce a set of encoded data slices and transmitting the set of encoded data slices to a set of storage units of the storage network.

Techniques for re-establishing secure application sessions using an abbreviated authentication process are disclosed. A plurality of servers each use a deterministic process to independently generate a symmetric key. A client initiates an application session with one of the servers using a full authentication process. Before the connection is terminated, the server generates a session ticket, including security parameters negotiated during the full authentication process, and encrypts the session ticket with the symmetric key. Another server receives the session ticket and decrypts the session ticket using the symmetric key to initiate an abbreviated authentication process that is less costly than the full authentication process. The client and the server establish a secure communication channel based on successful completion of the abbreviated authentication process.

A method includes receiving, at an access point, an access request from a first device after an expiration of a first passcode. The access request is encrypted based on the first passcode. The method includes making a determination by the access point before an expiration of a usage time of a first passcode usage list that an identifier of the first device is included in the first passcode usage list. The method also includes, in response to making the determination, generating, at the access point, data representing a second passcode by encrypting the second passcode using the first passcode; and sending the data representing the second passcode from the access point to the first device.

The disclosure describes methods and arrangements for caching encrypted content. Embodiments of the described inventions make use of a middle box to serve encrypted content rather than requiring a server to answer each request for content with a separate and distinct response, thereby allowing a network to operate effectively and efficiently even when serving encrypted content that looks different each time it is requested.

Methods and apparatuses are described herein for improved communications between a service and end devices via a gateway. A token may be in a signed encrypted state when sent to untrusted devices and may be signed, but not encrypted, when used by trusted devices. Untrusted devices may receive the encrypted token and may use it to access services. An untrusted device may send the received encrypted token to the gateway, which may then send the token to its issuer so that the token issuer may decrypt the data payload. The token may then be sent back to the gateway, which may then read the decrypted data and verify whether the untrusted device is permitted to access the requested service. The gateway may then send, within the trusted domain, the request and token to the service provider so that the untrusted device can obtain access to the requested service.

A method is provided. A session is established with a server by a user, which included generating a symmetric session key, encrypting the symmetric session key with the server's public key to generate an encrypted session key, and transmitting the encrypted session key to the server. A user's physical characteristics are measured, and the user's physical characteristics are formatted into a transmission message. The transmission message is encrypted to generate an encrypted transmission message with the symmetric session key. The encrypted transmission message is transmitted to the server. A receive message is received from the server. The receive message is decrypted with the symmetric session key into a decrypted message, and the decrypted message is formatted into ordered bat data. The ordered bat data is then displayed.

According to one embodiment, a method comprises executing an untrusted host virtual machine monitor (VMM) to manage execution of at least one guest virtual machine (VM). The VMM receives an encrypted key domain key, an encrypted guest code image, and an encrypted guest control structure. The VM also issues a create command. In response, a processor creates a first key domain comprising a region of memory to be encrypted by a key domain key. The encrypted key domain key is decrypted to produce the key domain key, which is inaccessible to the VMM. The VMM issues a launch command. In response, a first guest VM is launched within the first key domain. In response to a second launch command, a second guest VM is launched within the first key domain. The second guest VM provides an agent to act on behalf of the VMM. Other embodiments are described and claimed.

Systems, methods, and computer-readable media are disclosed for systems and methods for using secure enclaves for decryption in unsecured locations. Example methods may include receiving, by a webserver, an encrypted session key from a device, where the encrypted session key is encrypted using a public key associated with the webserver, sending the encrypted session key to a key server for decryption, where the key server is configured to decrypt the encrypted session key in a secure enclave, determining, by the key server, a decrypted session key using a private key, where private key data for a number of private keys is stored at the secure enclave, receiving a decrypted session key from the key server, where the decrypted session key is the encrypted session key in decrypted form, and establishing a secure session with the device using the decrypted session key.

Systems and methods are disclosed for providing secure remote software updates to a cyber-physical systems (CPS) device. The method may include receiving, at a first server, data used to update software of at least one CPS device, converting the data into a first format, establishing a secure connection between the first server and a second serve, transmitting the data in the first format from the first server to the second server, identifying each CPS device that is authorized to receive a software update, encrypting a software update package to ensure that the software update is decrypted by each CPS device that is authorized to receive the software update and is not decrypted by an CPS device that is not authorized to receive the software update, and transmitting the encrypted software update package to each CPS device.

In one or more embodiments, an information handling system (IHS) may receive a public encryption key from another IHS; and decrypt with a public encryption key the one or more encrypted symmetric encryption keys, encrypted via a private encryption key, to obtain one or more symmetric encryption keys respectively associated with one or more memory address ranges. The IHS may physically receive a memory device, which includes at least one volatile memory medium and at least one non-volatile memory medium, that was utilized by the other IHS to store information in an encrypted fashion. The IHS may further decrypt with a first encryption key of the one or more symmetric encryption keys associated with a first address range of the one or more address ranges, by the information handling system, first encrypted data stored by the at least one non-volatile memory medium to obtain first data.