A system described herein provides for the secure maintaining and providing of information, such as public keys used in Public Key Infrastructure (“PKI”) techniques or other techniques, using a distributed ledger (e.g., “blockchain”) system. A first device may output a first request to a second device to establish a communication session between the first device and the second device, where the request includes a first value. The first device may receive a second request from the second device, including a second value, to establish the communication session between the first device and the second device. The first device may determine, based on a comparison of the first and second values, that the first device should initiate an establishment procedure of a blockchain associated with the communication session between the first device and the second device, and may accordingly output a blockchain establishment message to a set of devices.

Systems and methods are described for orchestrating a security object, including, for example, defining and storing a plurality of policies in a database coupled to a policy engine and receiving, by the policy engine, the security object and at least one object attribute associated with the security object. In addition, the policy engine determines the acceptability of the security object based, at least in part, on the at least one object attribute and at least one of the plurality of policies corresponding to the at least one object attribute. The security object to at least one communication device associated with the policy engine is distributed when the security object is determined to be acceptable. The at least one communication device establishes communication based, at least in part, on the security object.

In general, techniques are described for an encryption key namespace of a kernel, executed by a host computing device, the encryption key namespace having a configuration file that stores an association of a key identifier and a container identifier by which the host computing device can obtain a data encryption key to use for decrypting/encrypting data for the container identified by the container identifier. In this way, a user may associate a container (or container image) with a unique key identifier. By configuring this association in the encryption key namespace for the container, the container may be identified and automatically associated with a key identifier for the appropriate key for decrypting/encrypting data for the container. The host computing device may then obtain, from a key management service, the key using the key identifier.

Generally described, one or more aspects of the present application correspond to techniques for creating encrypted block store volumes of data from unencrypted object storage snapshots of the volumes. These encryption techniques use a special pool of servers for performing the encryption. These encryption servers are not accessible to users, and they perform encryption and pass encrypted volumes to other block store servers for user access. The encryption context for the volumes can be persisted on the encryption severs for as long as needed for encryption and not shared with the user-facing servers in order to prevent user access to encryption context.

A method and system for performing computational jobs securely on a shared computing resource. Data files for the computational job are encrypted on a secure system and the encrypted data files are stored in a data store on the shared computing resource. A key distribution server is established using a secure enclave on a front end of the shared computing resource. Cryptographic keys and application binaries are transferred to the enclave of the shared computing resource using a session key. The computational job is run using an application launcher on compute nodes of an untrusted execution environment of the shared computing resource, the application launcher obtaining the application binaries and the cryptographic keys from the key distribution server.

In some embodiments, a system is a reverse-proxying HTTP cache server that handles user session management and dynamically forwards requests to origin/backend servers based on the content being requested. It caches data from origin servers in order to reduce the stress placed on each origin server. It uses encrypted authorization tokens to handle session management and is able to modify origin data on-the-fly in order to inject per-client authorization information into the data stream. It can enforce maximum concurrent session limits, user bans, limit exemptions, and time-limited live content previews.

A method of separating identity IPs for identification of applications from the locator IPs for identifying the route is provided. A virtual service layer (VSL) protocol stack uses the IP addresses assigned by network administrators to the application endpoints to support the TCP/IP stack as the identity IP addresses that are not published to the underlay network for routing. On the other hand, the VSL stack uses the IP addresses assigned by the underlay network to the VSL enabled endpoints and VSL enabled routers as the locator IP addresses for routing packets. The VSL stack formats application flow packets with identity headers as identity packet and encapsulates identity packet with the locator header to route the packet. The separation of the identity and locator identifications are used to eliminate the network middleboxes and provide firewall, load balancing, connectivity, SD-WAN, and WAN-optimization, as a part of the communication protocol.

The present disclosure discloses a device binding method and device, used to resolve the issue of the prior art in which the operation of controlling a smart device in a certain position is cumbersome. The method of embodiments of the present disclosure comprises: a user terminal sending target address information to a server, the server encrypting the target address information, generating a verification password, and sending the verification password to the user terminal; the user terminal sending, by means of a transmission device, the verification password to a device to be bound; the device sending the received verification password and a device identifier of the device to the server; and if the verification password sent by the device is the same as the verification password generated by the server, the server binding the target address information corresponding to the received verification password to the device identifier.

This disclosure describes techniques for controlling group access to a collaboration technology. The techniques include generating a shared encryption key among authorized producers of content associated with a collaboration technology. The techniques include receiving, by the authorized producers and from authenticated consumers, requests to access the content. The requests may be received in a partitioned manner, such that individual producers are serving a particular subset of the authenticated consumers. In response to receiving the requests, the techniques include sending the shared encryption key from the individual producers to the corresponding subset of authenticated consumers. The techniques include using the shared encryption key to encrypt content by the authorized producers, which may then be decrypted by the authenticated consumers using the shared encryption key, achieving end-to-end encryption of event content.

A system and method for automatically distributing value received from the client for access to the media content is disclosed. The method comprises: defining a blockchain network, accepting a request for a media content transaction from the client, determining if the requested media content transaction complies with the value distribution agreement, and executing the requested media content transaction of the smart contract according to the determined compliance of the transaction with the value distribution agreement.