Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for protecting user privacy in the playback of user sessions are described. In one aspect, a method includes accessing, for a user session with one or more user interfaces, event data that includes interface data specifying a structure of the user interface(s), and, for each of one or more user interface elements for which content was presented by the user interface(s) during the user session, an encrypted content element including the content of the user interface element encrypted using a public key corresponding to a rule enabling recording of the content of the user interface element and data identifying the rule. Playback of the user session is generated including, for each of the interface element(s), decrypting the encrypted content element for the user interface element and presenting the decrypted content during the playback of the user session.

Data may be protected using a combination of symmetric and asymmetric cryptography. A symmetric key may be generated and the data may be encrypted with the symmetric key. The symmetric key and a only a portion of the symmetrically encrypted data may then be encrypted with an asymmetric public key. The entire set of encrypted data, including the asymmetrically encrypted symmetric key, the doubly encrypted portion of data, and the remainder of the symmetrically encrypted data may then be sent to a remote device using insecure communications.

An apparatus, computer program, and method are provided for securely broadcasting a message to a plurality of recipient devices. In operation, a message is identified, and the message is encrypted utilizing a first key. A message authentication code (MAC) is generated utilizing a second key that is mathematically coupled to the first key (that is utilized to encrypt the message). The encrypted message is caused to be broadcasted to a plurality of recipient devices, utilizing the MAC.

Lawful intercept is supported by providing a network communications device target identifiers in encrypted form. Received encrypted target identifiers are stored in a non-volatile storage device. Before communications interception occurs, one or more encrypted target identifiers are loaded into active memory which is secure and not accessible by a network device operating system administrator. A decryption request is sent to a security device and the result loaded into the secure active memory. Plain text target identifier(s) returned by the security device are loaded directly into the active memory without being stored in the operating system administrator accessible storage device. In the case of a reset resulting in the contents of the active memory being lost, the active memory is repopulated by sending decryption requests using the stored encrypted target identifiers to indicate to the security device the target identifiers which need to be decrypted and reloaded into active memory.

Disclosed herein is a method and system for utilizing a digital data capture device in conjunction with a Bluetooth (BT) enabled mobile device for publishing data and multimedia content on one or more websites automatically or with minimal user intervention. A client application is provided on the BT enabled mobile device. In the absence of inbuilt BT capability, a BT communication device is provided on the digital data capture device. The BT communication device is paired with the BT enabled mobile device to establish a connection. The client application detects capture of data and multimedia content on the digital data capture device and initiates transfer of the captured data, multimedia content, and associated files. The digital data capture device transfers the captured data, multimedia content, and the associated files to the client application. The client application automatically publishes the transferred data and multimedia content on one or more websites.

A method for facilitating secure communication between a user device and a network device. Encrypted data from a user device is received at the network device. The encrypted data is encrypted based on first physiological data captured by a first sensor of the user device. The first physiological data is representative of a physiological characteristic of a user of the user device. A second sensor of the network device captures second physiological data representative of the physiological characteristic of the user. A common key for encrypting further data transferred between the user device and the network device is determined, based on the encrypted data and the second physiological data. Further aspects relate to other methods for facilitating secure communication between a user and network device, a network, and a method of operating a network.

Systems and methods for connecting a private device to a public device based on various connection parameters. For example, a media guidance application may receive a communication requesting to use the public device from a private device that is implementing a private interface application (e.g., Netflix™ a streaming media application). In response, the media guidance application may generate an authorization key that is unique to the private device and comprises connection parameters. The media guidance application may transmit the authorization key to the private interface application to initiate a session between the public device and the private device. Whenever a command is received from the private device, the media guidance application may verify the authorization key and determine whether the connection parameters are satisfied. In response to verifying the authorization key and the connection parameters, the public device may execute the received command.

A cloud-based system for securely storing data, the system having a processor which obtains a source data file; splits it into at least three fragments; and uses an encryption key associated with the fragments to encrypt the fragments and distributes the encrypted fragments among at least three cloud storage providers, creates a pointer file containing information for retrieving the encrypted fragments. When a system user requests access to the data, the system uses the information stored in the pointer file to retrieve the stored encrypted fragments from the plurality of clouds; decrypts the fragments and reconstructs the data, and provides data access to the system user.

An apparatus is disclosed for storing a private key on an IoT device for encrypted communication with an external user device and includes a proximity-based communication interface, encryption circuitry and IoT functional circuitry. The encryption circuitry includes a memory having a dedicated memory location allocated for storage of encryption keys utilized in the encrypting/decrypting operations, an encryption engine for performing the encryption/decryption operation with at least one of the stored encryption keys in association with the operation of the IoT functional circuitry, an input/output interface for interfacing with the proximity-based communication interface to allow information to be exchanged with a user device in a dedicated private key transfer operation, an internal system interface for interfacing with the IoT functional circuitry for transfer of information therebetween, memory control circuitry for controlling storage of a received private key from the input/output interface for storage in the dedicated memory location in the memory, in a Write-only memory storage operation relative to the private key received from the input/output interface over the proximity-based communication interface, the memory control circuitry inhibiting any Read operation of the dedicated memory location in the memory through the input/output interface. The IoT functional circuitry includes a controller for controlling the operation of the input/output interface and the memory control circuitry in a private key transfer operation to interface with the external user device to control the encryption circuitry for transfer of a private key from the user device through the proximity-based communication interface for storage in the dedicated memory location in the memory, the controller interfacing with the encryption circuitry via the internal system interface, and operational circuitry for interfacing with the user device over a peer to peer communication link and encrypting/decrypting information therebetween with the encryption engine in the encryption circuitry.

Example methods and systems disclosed herein facilitate the introduction and use of client-specified object encryption within a computing environment using remote third-party storage systems, where data objects stored on the remote third-party storage systems were previously either stored in unencrypted form or encrypted with a single key tied to an account that owns the data. In some embodiments, the encryption is introduced into the system in gradual stages, so as to minimize or entirely eliminate data availability downtime. In some embodiments, the introduction of client-specified object encryption involves registration of a user function on the third-party storage system, where the user function handles object decryption in response to requests of content consumers for data objects stored by the third-party storage system.