Method and management server for revoking group server identifiers of compromised group servers. One method includes determining, with a management server, an identity-based cryptographic signing key based on a group server identifier. The method also includes distributing, via the management server, the identity-based cryptographic signing key to a group server. The method further includes receiving, at the management server, a security status indicating that the security of the group server is compromised. The method also includes, responsive to receiving the security status, distributing, via the management server, a revocation of the group server identifier to a plurality of communication devices.

Presented here is a system that manages secured file system, and an authority to the secured file system, by granting access only to a user who is authorized to access the file system. The user within the system is identified using a unique key unique to each user. The user's authority is recorded in a linear sequence distributed among multiple devices each of which independently verifies the validity of each block in the linear sequence. The validity of the linear sequence is guaranteed by preventing certain operations from being performed on the linear sequence, such as branching of the linear sequence, deletion, and modification of the blocks within the linear sequence. Prior to adding a new block to the linear sequence, the validity of the block is independently computed by each of the devices.

Techniques are disclosed for securing traffic flowing across multi-tenant virtualized infrastructures using group key-based encryption. In one embodiment, an encryption module of a virtual machine (VM) host intercepts layer 2 (L2) frames sent via a virtual NIC (vNIC). The encryption module determines whether the vNIC is connected to a “secure wire,” and invokes an API exposed by a key management module to encrypt the frames using a group key associated with the secure wire, if any. Encryption may be performed for all frames from the vNIC, or according to a policy. In one embodiment, the encryption module may be located at a layer farthest from the vNIC, and encryption may be transparent to both the VM and a virtual switch. Unauthorized network entities which lack the group key cannot decipher the data of encrypted frames, even if they gain access to such frames.

Traffic broadcast to a VLAN is restricted. To do so, a plurality of stations are associated with a BSSID (basic service set identifier). A first VLAN is configured by sending a first group key to each station from the plurality of stations that is a member of the first VLAN, wherein each VLAN is associated with a unique group key. One or more frames addressed to the first VLAN are received. The one or more frames are encrypted with the first group key to prevent stations without the first group key from being able to decrypt the one or more frames. The one or more encrypted VLAN frames are broadcast to the plurality of stations associated with the BSSID.

A disclosed vehicle communication system provides for sharing of live streaming images from the lead vehicle of the roadway forward of a vehicle platoon with all vehicles of the platoon. Sharing of forward looking images with other vehicles within the platoon provides information and a view that is similar to individual operation. The system further includes features for controlling what vehicles can receive the shared video images including encrypting the images to limit viewing to only those vehicles associated with the vehicle platoon

A system for auditing authorized key files associated with secure shell (SSH) servers is disclosed. In an example, the system may include a purpose-built SSH audit server. The SSH audit server may be configured to receive an authorized key file and a list of users. The SSH audit sever may generate and provide unique registration codes for each of the users in the list. The SSH audit server may associate particular users with particular public keys as each of the users accesses the SSH audit server using a public key and inputs a registration code.

A computer-implemented method for dynamically disabling an end-to-end encryption session within an online meeting session is provided. The method comprises engaging in an online meeting session in which an end-to-end encryption session is enabled. The method further comprises sending, to a key orchestration server, a first encrypted message in which the contents of the first encrypted message are instructions to disable the end-to-end encryption session. The method further comprises receiving, from the key orchestration server, a second encrypted message that indicates that a participant has initiated disabling of the end-to-end encryption session. In response to receiving the second encrypted message disabling the end-to-end encryption session while maintaining the online meeting session.

The present invention relates to a method, for a provider entity belonging to a provider group, to authenticate its belonging to an attribute provider group to a verification entity in a non-traceable manner without necessitating to share secret or large constants compromising privacy. Both entities comprise at least one attribute group arborescence, this attribute group arborescence being shared by the provider entity and the verification entity when the provider entity has the attribute. According to the invention, when a verification is triggered, the verification entity calculates a certificate from the attribute group arborescence, said certificate being calculated from the authentication tokens of the groups along the arborescence from the attribute verification group's token to the consumer group's token.

Disclosed is a key negotiation method including that a network entity generates an MTC communication key between an MTC device or an MTC application and a network by utilizing a key distribution algorithm for MTC communication according to a root key for the MTC communication maintained by the network entity. The network entity generates an MTC group key by utilizing a key distribution algorithm for MTC group communication according to the root key. The network entity issues the generated MTC communication key and the generated MTC group key to the MTC device or the MTC application via a secure method so as to allow the MTC device or the MTC application to securely store the MTC communication key and the MTC group key. Also disclosed are a network entity, a key negotiation system and a computer storage medium.

An authentication apparatus includes: a combination information generator that generates first combination information indicating a combination of physical characteristics of at least two of first elements included in a first semiconductor device; a group identification information generator that generates first group identification information based on the combination of the physical characteristics of the at least two of the first elements, the first group identification information being for identifying the first semiconductor device as belonging to a same group as another semiconductor device manufactured in a same process; a transmitter that transmits the first combination information to an authentication partner; a receiver that receives second group identification information that the authentication partner generates in accordance with the first combination information; and an information verifier that compares the first group identification information with the second group identification information.