Data may be stored by receiving the data to be stored, determining whether the data is regulated in a jurisdiction, and, responsive to the determination, selecting between a regulated storage scheme, requiring that the data be stored and/or processed in the jurisdiction in accordance with one or more laws pertaining to the jurisdiction, and an unregulated storage scheme, in which the data is not required to be stored in the jurisdiction and/or is not required to be stored in accordance with the one or more laws. Further, the regulated storage scheme may be followed by initiating storage of the data in the jurisdiction in accordance with the one or more laws.

A vehicle control apparatus and a control method thereof are provided. A vehicle control apparatus includes a processor including a host core and a hardware security module (HSM) core. The processor generates a first private key and a first public key, receives a second public key from a diagnostic device, generates a shared key based on the first private key and the second public key, receives a security data transmission request from the diagnostic device, and encodes data based on the shared key and transmits the encoded data to the diagnostic device.

The present disclosure relates to a system and method for controlling data interception in a communication network. One or more requests from a user for accessing one or more microservices are received through an Application Programming Interface (API). Information associated with one or more requests is the detected and requests are classified as secured microservice request and non-secured microservice request. The information is detected through predefined rules. Authentication token is then issued for secured microservice based on the detecting. The authentication token stores information detected by the detector in a geo storage system. The one or more requests are then routed according to the authentication token towards one or more corresponding microservices of the one or more microservices.

Embodiments of the invention are directed to a method. The method may include transmitting, by a first device, an encrypted first biometric template generated from a first biometric sample of a user of the first device to a second device, wherein the second device inputs the encrypted first biometric template and a second biometric template generated from a second biometric sample of the user into a function to generate an encoded output. The first device may receive the encoded output from the second device, and may decode the encoded output to recover the encrypted first biometric template and the second biometric template of the user. Upon determining a match result between first and second biometric templates, the first device may transmit unique data to the second device.

A communication system according to an embodiment includes one or more hardware processors. The one or more hardware processors: transmit, to an external communication system, a cryptographic random number obtained by encrypting a random number; receive verification information for verifying the external communication system, the verification information being generated by the external communication system with the cryptographic random number and attribute information of the external communication system; and perform, by using a cryptographic key based on the random number, communication with the external communication system having been verified with the verification information.

The present techniques generally describe a computer implemented method for establishing a secure communication session between a client device and a first server, the method performed by the client device comprising: obtaining, from a second server, credential data comprising a session identifier and cryptographic key data; performing a connection handshake with the first server to establish the secure communication session; creating a security state record defining one or more parameters used to establish the secure communication session, and associating the session identifier with the security state record; performing a first resumption handshake with the first server using the session identifier to re-establish the secure communication session.

Disclosed is a method for the secure storage, in a network, of a container image in a container registry, including sending a container image, this container image corresponding to an initial state of a client machine environment which can subsequently be used to execute this container, from a client machine of the network to a container registry of a server machine of the network remote from the client machine. The method also includes encrypting this container image, carried out in the random access memory of the client machine before sending to the server machine, so that the container image is already encrypted when received by the container registry for storage therein, and in that the encryption key of this container image is usable in the random access memory of the client machine, inaccessible in the mass storage of the client machine, and inaccessible on the server machine.

A cloud data encryption and security system includes a central computing authority and a network of computing devices. At least some of the computing devices are pod computing devices physically hosted by an operator. The pod computing devices include a central processing unit and a computer readable storage media in data communication with the central processing unit. Data is encrypted in the computer readable storage media so that the owner can access the data but the operator cannot access the data.

Embodiments of the present disclosure can provide devices, methods, and computer-readable medium for secure frame management. The techniques disclosed herein provide an intelligent method for detecting triggering items in one or more frames of streaming video from an Internet Protocol camera. Upon detection, the camera transmits one or more frames of the video over a network to a computing device. Upon detecting a triggering item in a frame of the video stream, the computing device can begin a streaming session with a server and stream the one or more frames of video and accompanying metadata to the server. The frames, metadata, and associated keys can all be encrypted prior to streaming to the server. For each subsequent segment of video frames that includes the triggering item, the server can append the frames of that segment to the video clip in an encrypted container. Once the triggering item is no longer detected, the streaming session can be closed.

Aspects of the invention include receiving a request from a responder channel on a responder node to initiate a secure communication with an initiator channel on an initiator node. The request includes an identifier of a shared key, and a nonce and security parameter index generated by the initiator node for the secure communication. The receiving is at a local key manager (LKM) executing on the responder node. A security association is created at the LKM between the initiator node and the responder node. The shared key is obtained based at least in part on the identifier of the shared key. Based on obtaining the shared key, a message requesting initialization of the secure communication between the responder channel and the initiator channel is built. The message includes an initiator nonce and an initiator security parameter index generated by the LKM for the secure communication.