An electronic apparatus includes a communication interface, a memory; and a processor. The memory is configured to store a hypervisor. The processor is configured to obtain an authentication key for performing authentication of an external device. The processor is also configured to encrypt the authentication key based on a key pre-stored in the memory using the hypervisor and store the encrypted authentication key in the memory. Based on a request for information that is stored in the memory being received from the external device, the processor is configured to perform authentication of the external device using the hypervisor. Based on the authentication of the external device being completed, the processor is configured to control the communication interface to transmit the stored information to the external device.

Generally described, one or more aspects of the present application correspond to techniques for creating encrypted block store volumes of data from unencrypted object storage snapshots of the volumes. These encryption techniques use a special pool of servers for performing the encryption. These encryption servers are not accessible to users, and they perform encryption and pass encrypted volumes to other block store servers for user access. The encryption context for the volumes can be persisted on the encryption severs for as long as needed for encryption and not shared with the user-facing servers in order to prevent user access to encryption context.

A method and system for performing computational jobs securely on a shared computing resource. Data files for the computational job are encrypted on a secure system and the encrypted data files are stored in a data store on the shared computing resource. A key distribution server is established using a secure enclave on a front end of the shared computing resource. Cryptographic keys and application binaries are transferred to the enclave of the shared computing resource using a session key. The computational job is run using an application launcher on compute nodes of an untrusted execution environment of the shared computing resource, the application launcher obtaining the application binaries and the cryptographic keys from the key distribution server.

In some embodiments, a system is a reverse-proxying HTTP cache server that handles user session management and dynamically forwards requests to origin/backend servers based on the content being requested. It caches data from origin servers in order to reduce the stress placed on each origin server. It uses encrypted authorization tokens to handle session management and is able to modify origin data on-the-fly in order to inject per-client authorization information into the data stream. It can enforce maximum concurrent session limits, user bans, limit exemptions, and time-limited live content previews.

A trust relationship may be established between a host system and a storage system. An asymmetric key pair including a private key unique to a host system and a public key may be generated. During provisioning of the host system to the storage system, the host system may send the public key to the storage system. The storage system may be configured to record the public key for the host system, for example, in a masking table that defines I/O connectivity for logical storage units between a host system and the storage system. The public key may be used later to validate the host system to the storage system. The private key may be stored on the host system and be unreadable, or may be encrypted with an unreadable encryption key stored on the host system.

Methods and systems for sharing a network link of a file in network storage for collaboration among multiple computing devices using end-to-end encryption may involve generating a link key associated with the file stored remotely in the network storage, being accessible by a first device, and to be accessible by a second device, encrypting a session key associated with the file to generate an encrypted session key using the link key, the file being encrypted with the session key and, generating a salt associated with the file, generating a verifier associated with the file using the link key, sending a message to a server computer with an identifier associated with the file, the salt, the verifier, and the encrypted session key, creating a first link to the file with a name associated with the first device, the identifier, and the link key, and transmitting the first link to second device.

Systems and methods are described for implementing load-dependent encryption mechanism selection in an elastic computing system. The elastic computing system can include a set of host devices configured to implement block storage volumes on behalf of users. Users may desire that such volumes be encrypted prior to storing data. It may be generally preferable for encryption to occur on the same host devices that host the volume, to reduce latency and bandwidth usage needed to encrypt the data. However, encryption of data can utilize significant computational resources, which may not be available on host devices that also have sufficient storage resources to host the volume. The present disclosure describes systems and methods that can account for computational resource availability on host devices, selecting “in-place” encryption only when available resources exist on host devices, and otherwise implementing remote encryption of volume data.

The application provides a data encryption and decryption method, device, storage medium, and encrypted file, and relates to the technical field of data processing. The method for data encryption includes: obtaining a first key, and performing an obfuscation operation on the first key and data to be encrypted to obtain obfuscation operation result data; obtaining a second key, and obtaining a first signature of the obfuscation operation result data according to the second key; obtaining a third key, and encrypting the first key, the data to be encrypted and the first signature using the third key to obtain a target ciphertext; obtaining a fourth key, and obtaining a second signature of the target ciphertext according to the fourth key; generating an encrypted file including the target ciphertext and the second signature. With the technical solutions of the application, security of data protection can be improved.

A system and method for secure web browsing, through a combination of remote execution and local rendering of web pages. The process begins when a local computational device, controlled by a user, requests a web page for display. In the art known process, the request of the local computational device would be sent directly to a web host server, which would then provide all of the components of the web page. These components would then be sent to the local computational device, for rendering and also for execution locally. In the inventive process, the request of the local computational device is sent to a server gateway, which then sends the request to the web host server. The components of the web page are received by the server gateway. The server gateway then executes any scripts as needed, during the session that the user interacts with the web page through local computational device. The server gateway sends components of the received web page, optionally after any scripts have executed to provide additional data, to the local computational device. This process prevents any scripts or other executables from executing on the local computational device. The local computational device then renders the received components to create the web page for display on a web browser at the local computational device.

Systems and methods for securing objects in a computing environment. Objects are encrypted using keys that are also encrypted after encrypting the objects. In order to access the objects, a master key that is unknown to the service storing the objects and/or managing the keys is used to decrypt the keys so that the objects can be decrypted with the decrypted key. Thus, a key is needed to access the key needed to access the object. The master key is typically maintained separately from all of the encrypted objects and corresponding encrypted keys.