According to one embodiment, a system establishes a secure connection between a host system and a data processing (DP) accelerator over a bus, the secure connection including one or more data channels. The system transmits a first instruction from the host system to the DP accelerator over a command channel, the first instruction requesting the DP accelerator to perform a data preparation operation. The system receives a first request to read a first data from a first memory location of the host system from the DP accelerator over one data channel. In response to the request, the system transmits the first data to the DP accelerator over the data channel, where the first data is utilized for a computation or a configuration operation. The system transmits a second instruction from the host system to the DP accelerator over the command channel to perform the computation or the configuration operation.

A producer communicates over a network with a user application in an infrastructure-as-a-service (IaaS) and an IaaS node. The producer encrypts content with first encryption using a first key and second encryption using a second key, to produce twice encrypted content. The producer encrypts the second key with attribute-based encryption and symmetric encryption using an IaaS key, to produce a twice encrypted second key. The producer provides to the user application the twice encrypted content, the twice encrypted second key, and key information configured to remove the first encryption from the twice encrypted content. The producer provides to the IaaS node the IaaS key to enable the IaaS node to remove the symmetric encryption from the twice encrypted second key, such that the user application and the IaaS node are constrained to exchange with each other key-related information and intermediate decryption results in order to recover the content.

The present disclosure relates to processing operations configured to efficiently enable a client and a server to establish secure communication upon initial connection between the client and the server. Upon initial connection to with the server, the client provides an encrypted token which serves as both proof of authentication/identity and provides, in the encrypted token, an encryption key that the server can utilize to initiate secure communication with the client. The server is able to trust the encrypted token and the encryption key because the encrypted token is signed and encrypted by an authentication service that has a trusted relationship with the server and because the authentication service has pre-shared decryption and signature verification keys with the server. The server utilizes the encrypted key to secure communications with the client without requiring additional processing to lookup client identity or any further intervention from the authentication service.

Memory devices, systems including memory devices, and methods of operating memory devices are described, in which security measures may be implemented to control access to a fuse array (or other secure features) of the memory devices based on a secure access key. In some cases, a customer may define and store a user-defined access key in the fuse array. In other cases, a manufacturer of the memory device may define a manufacturer-defined access key (e.g., an access key based on fuse identification (FID), a secret access key), where a host device coupled with the memory device may obtain the manufacturer-defined access key according to certain protocols. The memory device may compare an access key included in a command directed to the memory device with either the user-defined access key or the manufacturer-defined access key to determine whether to permit or prohibit execution of the command based on the comparison.

Embodiments of the present invention provide systems and techniques for changing cryptographic keys in high-frequency transaction environments to mitigate service disruptions or loss of transactions associated with key maintenance. In various embodiments, a server device can employ a working key encrypted with a first master key to decrypt messages being communicated from a client device, whereby each message is encrypted with a first cryptogram that was generated based on the working key encrypted with the first master key. While the working key encrypted with the first master key is being employed, the server device can generate a notification including a second cryptogram generated based on the working key encrypted with a second master key for transmission to the client device. The transmitted notification can cause the client device to encrypt the messages being communicated with the second cryptogram. The server device can concurrently employ the working key encrypted with one of the first and second master keys to decrypt messages received from the client device, whether encrypted with the first cryptogram or the second cryptogram.

A method for wrapped keys with access control predicates includes obtaining a cryptographic key for content. The method also includes encrypting the content using the cryptographic key and generating an encryption request. The encryption request requests that a third party cryptography service encrypts an encapsulation of the cryptographic key and an access control condition governing access to the content. The method also includes communicating the encryption request to the third party cryptography service. The encryption request includes the cryptographic key.

A system having a motorcycle and a transportable radio device. The motorcycle has a frame with a steering head bearing seat and a drive unit, and a switch unit and a control device. The control device has wireless communication with the radio device for controlling operating modes of the motorcycle, depending on an authentication information transmitted from the radio device to the control device. The control device is configured for wireless transmission to the radio device of a blocking information which shifts the radio device into a sleep mode, in which mode communication of the radio device to the control device ceases. The control device also is configured for wireless transmission of a first and/or second piece of time interval information relating to the length of a first and/or second time interval to the radio device, at the end of which the radio device is shifted into the sleep mode.

Data protection in a storage system that includes a plurality of Non-Volatile Memory Express (‘NVMe’) Solid State Drives (‘SSDs’), including: retrieving, from a plurality of NVMe SSDs (‘Non-Volatile Memory Express Solid State Drives’) of a storage system, one or more unencrypted shares of a master secret; reconstructing the master secret using the shares of the master secret; decrypting one or more encrypted device keys using the master secret; and using the decrypted device keys to perform a plurality of accesses to one or more of the NVMe SSDs.

A device comprises a receive device which is designed to receive a data packet from a communication partner. The device comprises a data processing device which is configured to process the data packet in order to obtain a secret (e.g. predetermined) value. The device further comprises a transmit device which is designed to transmit a transmit message comprising information based on the secret value to the communication partner. The device further comprises an authentication device which is designed to receive a challenge message and to use the secret value to create a response message. The transmit device is designed to create the transmit message in such a way that it comprises the response message.

A method for searchable encryption with a public key includes receiving an operation request front a user device associated with a user requesting that encryption of data associated with the user. The data includes a corpus of documents stored on a remote storage device. The method also includes receiving a public key associated with the user. The public key includes an asymmetric cryptographic public key. The method also includes generating a random data key. The data key includes a symmetric cryptographic key. The method also includes encrypting, using the data key, a search index for the corpus of documents based on keywords within the corpus of documents. The method also includes encrypting, using the public key, the data key and sending the encrypted data key to a user device associated with the user.