Methods, systems, and apparatus, including computer programs encoded on computer storage media, for generating signed addresses. One of the methods includes receiving, by a component from a device, a plurality of first requests, each first request for a physical address and including a virtual address, determining, by the component, a first physical address using the virtual address, generating a first signature for the first physical address, and providing, to the device, a response that includes the first signature, receiving, from the device, a plurality of second requests, each second request for access to a second physical address and including a second signature, determining, by the component for each of the plurality of second requests, whether the second physical address is valid using the second signature, and for each second request for which the second physical address is determined to be valid, servicing the corresponding second request.

A system includes circuitry for rewriting blockchains in a non-tamper-evident or tamper-evident operation using a key secret held in portions by multiple individually untrusted parties. The blockchains may include a series of blocks secured by integrity codes that may prevent non-tamper-evident rewrites by non-trusted parties that are not in possession of the key secret or individually-untrusted parties in possession of only a portion of the key secret. In some cases, multiple individually-untrusted parties may combine their portions into the key secret. As a group, the multiple individually-untrusted parties may perform non-tamper-evident operation with respect to at least one integrity code within the blockchain.

A form of the invention is applicable for use in conjunction with a security credential management system that produces and manages pseudonym digital certificates issued to vehicles and used by vehicles to establish trust in vehicle-to-vehicle communications, the security credential management system including a pseudonym certificate authority processor entity which issues pseudonym digital certificates to vehicles, a registration authority processor entity that validates, processes and forwards requests for pseudonym digital certificates to the pseudonym certificate authority processor entity, and a misbehavior authority processor entity that receives misbehavior reports from reporter vehicles that include information about the reporter vehicles and suspect misbehaving vehicles and is responsible for producing a list of revoked credentials; the pseudonym certificate processor entity and registration authority processor entity participating in producing linkage values to be contained within the issued pseudonym digital certificates, the linkage values being derived ultimately, using a one-way function, from linkage seeds thereby enabling, in predetermined circumstances, at least some of the certificates containing linkage values derived from a given linkage seed to be revoked. A method is set forth for improving operation of the security credential management system, including the following steps: in conjunction with deriving the linkage values from the linkage seeds, additionally producing encrypted linkage maps that relate, in encrypted form, linkage values with linkage seeds from which they are derived; determining particular linkage values deemed to be of interest based at least in part on information derived from misbehavior reports; and determining linkage seeds associated with the particular linkage values utilizing decryptions of the encrypted linkage maps.

A distributed identity server cluster maintains a first communication channel between an endpoint device in a first geographic region and a first server. The first server receives a request from the endpoint device to communicate with an application containing a digital key for accessing the endpoint device and stored at an authentication device located in a second geographic region. The server cluster transmits a notification to the application with instructions for the authentication device to connect to the server cluster. The server cluster opens a second communication channel between the authentication device and a second server in communication with the first server. The server cluster transmits data between the endpoint device and the authentication device across the first communication channel and the second communication channel.

A method and system of creating and managing encryption keys that facilitates sharing of encrypted content. The system may include an information management system with a key management server and a computing device having an encryption service module. The encryption service module detects operations at the computing device and encrypts a document with an encryption key created using user information and a secret.

According to some example embodiments, a method for providing security to a storage device includes receiving, by the storage device, a public key via a network; sending, by the storage device, the received public key and a proposed configuration corresponding to the storage device to a security manager that resides in a control plane of the network; determining, by the security manager, whether the public key received from the storage device matches a private key available to the security manager; downloading, by the security manager, the proposed configuration to the storage device; determining, by the security manager, if the proposed configuration is successfully downloaded to the storage device; operating the storage device according to the downloaded configuration; and granting, by the security manager, a request to lease the storage device operating in the downloaded configuration for a time interval.

The present invention relates management of security of a computing environment. The method may include; monitoring and learning, through a master computer, a data traffic of the each of the coupled connecting node to alter a security design to speed up the communications; analysing, through the master computer, the data traffic to categorize the each of the coupled connecting node into a first category of node, which is accessed by a human and a second category of node, which is accessed by a bot; utilizing, at the master computer, one or more secured hidden servers for determining a first data communication route to speed up data traffic for the human and a second data communication route to prevent data traffic above a pre-set limit, for the bot.

A first server receives a set of cryptographic parameters from a second server. The set of cryptographic parameters is received from the second server as part of a secure session establishment between a client device and the second server. The first server accesses a private key that is not stored on the second server. The first server signs the set of cryptographic parameters using the private key. The first server transmits the signed set of cryptographic parameters to the second server. The first server receives, from the second server, a request to generate a premaster secret using a value generated by the second server that is included in the request and generates the premaster secret. The first server transmits the premaster secret to the second server for use in the secure session establishment between the client device and the second server.

Systems and methods for providing access to media content by connecting, to a public device, a private device that has an installed application associated with the media content. A media guidance application may receive a communication from a private device, running a private interface application, requesting to access content using the public device. In response, the media guidance application may retrieve, at the public device, a public interface application associated with the private interface application, from a content provider of the content. The private interface application may be configured to control a graphical user interface of the public interface application. Accordingly, the user may be able to access content via the public device when the private device is within a predetermined proximity to the public device.

A method may include determining, by a first network device, a type of control channel to open across a transport in a software-defined network (SDN). The method may also include establishing the control channel with a control device via a control plane that is separate from a data plane. The method may further include advertising first security association parameters to the control device via the control channel. The method may include receiving, from the control device via the control channel, second security association parameters associated with a second network device. The method may also include establishing a data plane connection with the second network device using the second security association parameters.