A method includes receiving, by a server computer, a thin client identifier from a thin client on a communication device. The server computer can then retrieve an encrypted first cryptographic key based on the thin client identifier. The encrypted first cryptographic key is a first cryptographic key that is encrypted with a second cryptographic key. The server computer can initiate the sending of the encrypted first cryptographic key to the thin client. The server computer then receives an encrypted secret from the thin client, the encrypted secret being a secret encrypted with the first cryptographic key.

A method of exchanging data between devices is provided. The method includes a first device detecting a user's intention to transmit data, generating first identification information for the data by using biometric data obtained from the user, and transmitting the data and the first identification information to a personalized cloud storage, and a second device detecting the user's intention to receive the data, generating second identification information by using the biometric data obtained from the user, requesting the personalized cloud storage for the data by using the second identification information, and receiving and storing the data from the personalized cloud storage.

A policy-based security system for establishing a secure session from client devices to a web server includes a policy component with policies, a client device with a local application to select a cloud service, and a mid-link server. A set of policies from the policies is determined. An encryption link specified for the set of policies and the cloud service is determined. A set of session protocols is selected to establish the secure session between the client device and the web server based on the set of policies. It is determined whether the client device satisfies security standards of one or more session protocols from the set and based on the determination, either a direct link is selected to establish the secure session using a session protocol from the set or a secure tunnel between the client device and the mid-link server and a corresponding tunnel protocol is selected.

Techniques are disclosed relating to resuming a communication session. In some embodiments, a first computing device stores a session resumption token that includes metadata usable to resume a communication session. The first computing device provides a request to resume the communication session with a second computing device and receives, from the second computing device, an output of a verifiable random function (VRF) associated with the request. In response to the request, the first computing device performs a verification of the output and determines, based on the verification, whether to provide the session resumption token to the second computing device.

A method, apparatus and computer program product are provided for encrypting and decrypting data using multiple authority keys including receiving, from a first computing device, a data decrypt request to decrypt encrypted data, the data decrypt request comprising a user key, determining that the user key is associated with a key hierarchy that comprises a server key, decrypting the server key using the user key, decrypting the encrypted data using the decrypted server key and permitting access to the decrypted data by the first computing device.

Presented here is a system that manages secured file system, and an authority to the secured file system, by granting access only to a user who is authorized to access the file system. The user within the system is identified using a unique key unique to each user. The user's authority is recorded in a linear sequence distributed among multiple devices each of which independently verifies the validity of each block in the linear sequence. The validity of the linear sequence is guaranteed by preventing certain operations from being performed on the linear sequence, such as branching of the linear sequence, deletion, and modification of the blocks within the linear sequence. Prior to adding a new block to the linear sequence, the validity of the block is independently computed by each of the devices.

A system and a method are disclosed for securing sensitive data for transaction requests using tokenization and encryption. A secure transfer system secures sensitive information of transaction requests. The secure transfer system may receive a transaction request file and generate a modified transaction request file by tokenizing values in the received file. For each transaction request in the file, the system may store a representation of the untokenized values in a datastore in conjunction with an identifier of the transaction request. This identifier may be generated from the tokenized values. The secure transfer system may use the identifier to query the datastore for the representation of the untokenized values. The system may decrypt encrypted values in the representation to generate a transaction request file of detokenized values, which may be provided to an automated clearing house to fulfill the transaction requests.

A communication system and a communication method for reporting a compromised state in one-way transmission are provided. The communication method includes: receiving a packet by a first port; coupling an error checking circuit to the first port, wherein the error checking circuit checks a header of the packet; coupling a first unidirectional coupler to the first port and the error checking circuit, and coupling a second unidirectional coupler to the first port and the error checking circuit; in response to an error being in the header, disabling the first unidirectional coupler and the data inspection circuit and enabling the second unidirectional coupler by the error checking circuit; receiving the packet from the communication device by a receiving server; and in response to determining the received packet is incomplete by the receiving server, outputting the compromised state by the receiving server.

This disclosure describes a process for securely instantiating a virtual machine on a server cluster. The virtual machine just after instantiation has access to persistent storage that includes an encrypted region and lacks access to an encryption key configured to provide access to data stored within the encrypted region. The virtual machine receives a communication from a management server associated with the server cluster that includes the encryption key configured to provide access to the data stored within the encrypted region. After the virtual machine receives the encryption key, the server cluster runs services that depend upon the data stored within the encrypted region to operate after receiving the communication from the management server.

The embodiments of the present invention are directed to various implementations of a system and/or method for protecting the confidential information that may exist within the contents of electronic communication, such an email or attachment to the e-mail. A system administrator of a secured application according to the embodiments of the present invention can configure various criteria, or combinations of criteria, for triggering the application of one or more e-mail protection functions (EPFs) to be applied to the communication before it is sent; the EPFs may include the encryption of the e-mail or attachment, storing of the e-mail or attachment on a secured server, or otherwise restrict access to the communication by unauthorized recipients.