Presented here is a system that manages secured file system, and an authority to the secured file system, by granting access only to a user who is authorized to access the file system. The user within the system is identified using a unique key unique to each user. The user's authority is recorded in a linear sequence distributed among multiple devices each of which independently verifies the validity of each block in the linear sequence. The validity of the linear sequence is guaranteed by preventing certain operations from being performed on the linear sequence, such as branching of the linear sequence, deletion, and modification of the blocks within the linear sequence. Prior to adding a new block to the linear sequence, the validity of the block is independently computed by each of the devices.

An example playback device is configured to (i) detect a triggering event that causes the playback device to transmit a first message indicating the playback device is available for setup, (ii) establish an initial communication path with a computing device, (iii) process one or more second messages received from the computing device via the initial communication path collectively containing network configuration parameters for a secure wireless network defined by one or more network devices, where the initial communication path with the computing device does not traverse any of the one or more network devices, and where the network configuration parameters include an identifier of, and security information for, the secure wireless network, (iv) use the network configuration parameters to connect to the secure wireless network, and (v) transition from communicating with the computing device via the initial communication path to communicating with the computing device via the secure wireless network.

Customers of a software platform, such as a unified communications as a service platform, are enabled to control their own encryption keys used to encrypt and decrypt data from various communication services in the software platform. A key broker server is employed to map encryption and decryption requests from servers in the platform to key management servers of customers based on user identifiers. Examples of data encrypted may includes conference recordings, webinar recordings, phone call recordings, voicemails, emails, and calendar tokens.

A system for generating and applying a secure token in a resource distribution network is provided. For example, a headend system generates a global token based on a time duration specified for multiple meters that are in communication with the headend system through at least a mesh network in a normal condition. The global token is associated with the time duration and is applicable to the multiple meters. The headend system causes the global token to be broadcast via a broadcast network. After receiving the global token, the meter verifies the global token and determines the time duration associated with the global token. The meter further connects premises associated with the meter to a resource distribution network for at least the time duration associated with the global token.

System and method for establishing secure conference calls. In one example system, a central conference call server establishes point-to-point connections with accessory devices comprising a secure element and connected to corresponding participant devices. The conference call server includes an interface to a plurality of secure elements configured to perform scrambling and unscrambling of media signals communicated to and from the accessory devices. In another example, one of the participant devices operates as the central conference call server. In other examples, participant devices communicate on a conference call via point-to-point connections between all accessory devices connected to the participant devices. The accessory devices include secure elements for decryption and encryption of media signals communicated between the accessory devices.

Management of a group of connected objects in a communications network including at least one local network. The connected objects, known as client objects, have at least one functional attribute. The method includes: obtaining an identifier of the group and an encryption key of the group); assigning the group at least one connected object according to at least one functional attribute of the connected object; obtaining an encryption key of the object; encrypting the encryption key of the group using the encryption key of the object; transmitting the identifier of the group, and the encrypted encryption key of the group to the at least one connected object.

A communication security apparatus includes a communicator that receives a packet from a first device and transmits the received packet to a second device, a memory that retains address authentication information containing pairs of a physical address and a logical address of one or more devices, and a controller. After a learning period of receiving and transmitting packets, the controller determines whether a pair of a physical address and a logical address of the first device and the second device match any one of the pairs of the physical address and the logical address of the one or more devices in the packet, and discards the packet when the pair of the physical address and the logical address of the first device and the second device do not match any one of the pairs of the physical address and the logical address of the one or more devices.

A revocable lightweight group authentication method and system for an edge controller is described here. When the edge controller needs to be registered, an edge server generates a private key of the edge controller and sends the private key to the edge controller, and meanwhile adds the edge controller to a group list of the edge server; the edge server updates a certificate of the edge controller, adds the certificate to a certificate list of the edge server and sends the certificate to the edge controller so that the edge controller updates the private key according to the updated certificate; and then the edge controller generates a signature according to the updated private key, and sends the signature to the edge server so that the edge server authenticates the edge controller after determining that the signature meets preset requirements.

A novel architecture for a data sharing system (DSS) is disclosed and seeks to ensure the privacy and security of users' personal information. In this type of network, a user's personally identifiable information is stored and transmitted in an encrypted form, with few exceptions. The only key with which that encrypted data can be decrypted, and thus viewed, remains in the sole possession of the user and the user's friends/contacts within the system. This arrangement ensures that a user's personally identifiable information cannot be examined by anyone other than the user or his friends/contacts. This arrangement also makes it more difficult for the web site or service hosting the DSS to exploit its users' personally identifiable information. Such a system facilitates the encryption, storage, exchange and decryption of personal, confidential and/or proprietary data.

A key management protocol (such as KMIP) is extended to provide an extended credential type that enables an initiating (first) client device to create a credential dynamically and that can then be selectively shared with and used by other (second) client devices. Using a dynamically-created credential of this type, the other (second) devices are able to fetch the same key configured by the initiating (first) device. In this manner, multiple devices are able to create and share one or more keys among themselves dynamically, and on as-needed basis without requiring a human administrator to create a credential for a device group in advance of its usage.