The present disclosure relates to processing operations configured to efficiently enable a client and a server to establish secure communication upon initial connection between the client and the server. Upon initial connection to with the server, the client provides an encrypted token which serves as both proof of authentication/identity and provides, in the encrypted token, an encryption key that the server can utilize to initiate secure communication with the client. The server is able to trust the encrypted token and the encryption key because the encrypted token is signed and encrypted by an authentication service that has a trusted relationship with the server and because the authentication service has pre-shared decryption and signature verification keys with the server. The server utilizes the encrypted key to secure communications with the client without requiring additional processing to lookup client identity or any further intervention from the authentication service.

Technologies for securing a virtualization network function (VNF) image includes a security server to generate a wrapping cryptographic key to wrap a private key of the VNF image and replace the private key with the wrapped private key to secure the private key. During operation, the VNF image may be authenticated by a network function virtualization (NFV) server as needed. Additionally, the signature of the VNF image may be updated each time the VNF image is shutdown to ensure the continued authenticity of the VNF image.

A computer-implemented method according to one embodiment includes receiving at an encryption daemon a key request from a storage device; implementing, by the encryption daemon, a secure communications channel between the encryption daemon and an encryption key server; sending the key request from the encryption daemon to the encryption key server, utilizing the secure communications channel; receiving, from the encryption key server at the encryption daemon, an encrypted response, utilizing the secure communications channel; decrypting, by the encryption daemon, the encrypted response to obtain the requested key, and sending the requested key from the encryption daemon to the storage device.

A cryptography system for the protection of data in transit using a post-quantum encryption key management system that eliminates the need for PKI or other asymmetric key management systems used in today's solutions, while allowing encryption of data in transit with no hands-on management including configuration of routers, switches, etc. The present system includes a multi-factor post-quantum key management mechanism that strengthens existing symmetric encryption systems and industry standard key generators on existing hardware through the post-quantum age.

A method and computer architecture for securely sharing information with an arbitrary set of users in end-to-end fashion. A secure data sharing system includes clients and servers. Client programs running on specific client computers encrypt plaintext data and cryptographically bind the decryption of the encryption key to policy information that contains rules about a permitted decryption operation access. Other clients decrypt the encrypted data shared by the original client by proving to the server their identity and in return receiving cryptographic material.

A method and an apparatus for controlling a data access right are disclosed. The method includes: receiving, by a first proxy node, a first request message from a request node, where the first request message includes an identity of the request node and an identifier of to-be-accessed data; determining a first encrypted ciphertext on a blockchain based on the identifier; determining, based on the identity, whether the request node has a right to read the first encrypted ciphertext; and if yes, initiating a right verification request for the request node to at least one second proxy node, and determining, based on a feedback result of the at least one second proxy node, provisioning of the first encrypted ciphertext. A proxy node is added to the blockchain network, so that a data source can freely grant or revoke the right of the request node without modifying a ciphertext, ensuring information security.

An HIE system and a method for improving treatment of a chronic disease of a patient are described. The method comprises providing a user device for allowing a patient to connect to a health care network implemented over blockchain and to manage access of patient data stored over the blockchain. The method further comprises providing a physician network device for allowing a physician to connect to the health care network. A request may be received from the physician for accessing the patient data and a first parameter related to the patient. The first parameter may be correlated with patients' data to identify correlated data points relevant for the patient. The correlated data points may be sent to the physician, for being used towards the treatment of the chronic disease.

A computing resource service provider may operate a secure proxy fleet within a content delivery network. The secure proxy fleet may protect sensitive data communicated between a client device and a backend service over one or more networks, for example, over the content delivery network to a computing resource service provider environment. The secure proxy fleet may protect sensitive data by encrypting the sensitive data before it is forwarded to a destination.

A method for activating a first terminal from a second terminal, the first terminal and the second terminal being connected via a communication network. The method includes associating the first terminal with the second terminal, detecting an action on an input peripheral device associated with the second terminal, and transmitting a notification to the first terminal, the notification having at least one command suitable for authorizing unlocking of the first terminal.

A set of cryptographic keys are synchronized across a set of HSMs that are configured in an HSM cluster. The set of cryptographic keys is maintained in a synchronized state by HSM cluster clients running on client computer systems with corresponding client applications. If the HSM cluster becomes unsynchronized, an HSM cluster client attempts to lock the HSM cluster and reestablish synchronization of the cryptographic keys across the HSM cluster. HSMs within the HSM cluster are able to establish an encrypted communication channel to other HSMs without revealing the contents of their communications to their respective host computer systems. Individual HSMs in the HSM cluster may include features that assist the HSM cluster client in determining whether each HSM is up-to-date, identifying particular keys that are not up-to-date, and copying keys from one HSM to another HSM within the HSM cluster.