A method for recognizing and/or identifying a user (9) with a chip (C) in an electronic identity object storing a digital identity (24), the method comprising steps of: —establishing a wireless or electrical connection between the electronic identity object (C) and a verification terminal (T); —verifying, in the electronic identity object, if the verification terminal is authorized to communicate with the electronic identity object (C), and in response of a positive verification sharing a secret (K): using the shared secret (K) for establishing an encrypted symmetric data link (5) between the electronic identity object and the verification terminal (T); transmitting, through the encrypted data link (5), said digital identity (24) stored in the electronic identity object to the verification terminal (T); and verifying in the verification terminal (T) the authenticity of said digital identity (24).

Systems, methods, software and apparatus enable end-to-end encryption of group communications by implementing a pairwise encryption process between a pair of end user devices that are members of a communication group. One end user device in the pairwise encryption process shares a group key with the paired end user device by encrypting the group key using a message key established using the pairwise encryption process. The group key is shared among group members using the pairwise process. When a transmitting member of the group communicates with members, the transmitting member generates a stream key, encrypts stream data using the stream key, encrypts the stream key with the group key, then transmits the encrypted stream key and encrypted stream data to group members. The group key can be updated through the pairwise encryption process. A new stream key can be generated for each transmission of streaming data such as voice communications.

A method for sharing read access to a document stored on memory hardware. The method includes receiving a shared read access command from a sharor sharing read access to a sharee for a document stored on memory hardware in communication with the data processing hardware, and receiving a shared read access request from the sharee. The shared read access command includes an encrypted value and a first cryptographic share value based on a write key, a read key, a document identifier, and a sharee identifier. The method also includes multiplying the first and second cryptographic share values to determine a cryptographic read access value. The cryptographic read access value authorizes read access to the sharee for the document. The method also includes storing a read access token for the sharee including the cryptographic read access value and the encrypted value in a user read set of the memory hardware.

Disclosed herein are various systems, apparatuses, software, and methods relating to data diode-TCP proxy with a User Datagram Protocol (UDP) across a wide area network (WAN) providing a WAN data diode using a uni-directional semantics protocol, providing a set of data diode proxies in either end of a point-to-point WAN link, providing a symmetric key encryption semantics to extend the WAN data diode securely across a WAN that is specified, wherein the symmetric key encryption semantics are implemented through the set of data diode proxies on either end of the point-to-point WAN link, employing a unidirectional protocol in communication transmitted using the WAN and, with data diode proxies, terminating one or more data channels on either end of the point-to-point WAN link or transporting a requisite information across the WAN over the uni-directional protocol.

Systems and methods herein secure computer memory from potential hacks. In one embodiment, a system includes a computer memory, and a memory protection module communicatively coupled to the computer memory. The memory protection module is operable to assign a counter value to a write Input/Output (I/O) request, to encrypt data of the write I/O request based on the counter value, and to write the encrypted data to a location of the computer memory. The counter value comprises a version number of the write I/O request and, for example, the location of the computer memory to where the data of the write I/O request is being written in the computer memory. The memory protection module is further operable to compute the version number based on memory access patterns of an application writing to the computer memory.

Techniques for remote disaggregated infrastructure processing units (IPUs) are described. An apparatus described herein includes an interconnect controller to receive a transaction layer packet (TLP) from a host compute node; identify a sender and a destination from the TLP; and provide, to a content addressable memory (CAM), a key determined from the sender and the destination. The apparatus as described herein can further include core circuitry communicably coupled to the interconnect controller, the core circuitry to determine an output of the CAM based on the key, the output comprising a network address of an infrastructure processing unit (IPU) assigned to the host compute node, wherein the IPU is disaggregated from the host compute node over a network; and send the TLP to the IPU using a transport protocol.

A method including determining, by a first device, a sharing encryption key based at least in part on an access private key associated with encrypted content and an assigned public key associated with a second device; encrypting the access private key associated with the encrypted content utilizing the sharing encryption key; and transmitting the encrypted access private key to enable the second device to access the encrypted content. Various other aspects are contemplated.

Techniques are provided herein for secure display device communications. In one example, a video communications device provides, to a display device over a first connection, communication information that enables the display device to contact a server over a second connection. The video communications device further provides, to the display device over the first connection, a command configured to initiate an interaction with the server. The server obtains, from the display device over the second connection, a message initiating the interaction in response to the command based on the communication information.

A method including determining, by a first device having an established virtual private network (VPN) connection with a VPN server and an established meshnet connection with a second device in a mesh network, that a destination associated with a transmission packet to be transmitted by the device is the second device in the mesh network; and transmitting, by the first device, the transmission packet utilizing the meshnet connection based at least in part on determining that the destination is the second device in the mesh network. Various other aspects are contemplated.

A method including determining, by a first device, a sharing encryption key based at least in part on an access private key associated with encrypted content and an assigned public key associated with a second device; encrypting the access private key associated with the encrypted content utilizing the sharing encryption key; and transmitting the encrypted access private key to enable the second device to access the encrypted content. Various other aspects are contemplated.