The present disclosure involves systems, software, and computer implemented methods for user-controlled access control for user information. One example method includes sending an authentication request to authenticate as a requesting entity to a first decentralized resource directory of a providing entity. An authentication challenge is received, via the connection, from the providing entity, and in response to the authentication request, to store an authentication challenge value for an authentication challenge key in a second decentralized resource directory of the requesting entity. The authentication challenge value for the authentication challenge key is stored in the second decentralized resource directory. An authentication challenge response is sent to the providing entity requesting the providing entity to verify the authentication challenge. An indication is received from the providing entity indicating that the requesting entity is authenticated to the first decentralized resource directory as the requesting entity.

Methods, system, and non-transitory processor-readable storage medium for distributed and multi-level server authentication are provided herein. An example method includes receiving, by a plurality of second servers, a plurality of authentication secret slices, where a first server transmits each of the plurality of authentication secret slices to a respective second server of the plurality of second servers, receiving, by the first server, an authentication confirmation from each of the plurality of second servers and confirming, by the first server to a client, that an authentication request has succeeded.

Provided is a system, comprising: a computing device, comprising: computational storage or computational memory, the computational storage or computational memory having a processor; a downstream data processor that is different from the processor of the computational storage or computational memory; and a bus connecting the processor to the computational storage or computational memory, wherein the computing device comprises a tangible, non-transitory, machine readable medium storing instructions that, when executed, effectuate operations comprising: receiving an input from a remote device conveyed to the computing device; determining, based on the input, how to configure a transformation of data stored in the computational storage or computational memory; and applying, with the processor, the configured transformation to the data stored in the computational storage or computational memory; and outputting the transformed data to the downstream data processor.

A method, apparatus and system for secure forensic investigation of a target machine by a client machine over a communications network. In one aspect the method comprises establishing secure communication with a server over a communications network, establishing secure communication with the target machine over the communications network, wherein establishing secure communication with the target machine includes establishing secure communication between the server and the target machine, installing a servelet on the target machine, transmitting a secure command to the servelet over the communications network, executing the secure command in the servelet, transmitting data, by the target machine, in response to a servelet instruction, and receiving the data from the target machine over the communication network.

One disclosed example method includes obtaining a meeting cryptographic key; transmitting, from a client device to a video conference provider, a request to initiate an encrypted video conference, the encrypted video conference including a plurality of participants; distributing the meeting cryptographic key to each participant of the plurality of participants; obtaining a public cryptographic key of a key pair, the key pair including the public cryptographic key and a private cryptographic key; encrypting the meeting cryptographic key using the public cryptographic key; transmitting, from the client device to the video conference provider, a request to record the video conference; encrypting audio and video from a microphone and image sensor of the client device using the meeting cryptographic key; transmitting the encrypted audio and video to the video conference provider; and providing the encrypted meeting cryptographic key to the video conference provider.

A system and a method are for securing a protected host. A secure channel server receives a plurality of first packets transmitted over a first network, and analyzes the plurality of first packets to obtain an analysis information. The plurality of first packets include a plurality of encrypted second packets encrypted by a terminal data processing apparatus with a certificate issued by the secure channel server. The plurality of encrypted second packets relate to an application process executed by the terminal data processing apparatus and judged as a secure process. The plurality of first packets are selectively decrypted with the certificate according to the analysis information into a plurality of decrypted first packets. The secure channel server redirects, according to a selected redirection rule, the decrypted first packets or the first packets selectively via a second network to the protected host.

A system is provided for exchanging symmetric cryptographic keys using computer network port knocking. The system may receive, from a networked computing device, a first series of packets on a first series of ports which may signify a request to open a secure network connection. Once the secure network connection has been opened, the system may receive a second series of packets on a second series of ports which may be used as seed values to generate a symmetric cryptographic key. Finally, the system may then receive a third series of packets on a third series of ports which may signify the end of the second series of packets (e.g., the seed values). In this way, the system may exchange symmetric key values with the networked computing device which may then be used to open secure communication channels between the system and the computing device.

A control method of a vehicle by a first controller and a second controller, the control method includes: generating, by the first controller, an Ea(B) in which a second symmetric key is encrypted based on a first symmetric key, and assigning a first random number to the Ea(B); receiving, by the second controller, the Ea(B) and the first random number, generating a fourth symmetric key in which the Ea(B) is decrypted based on a third symmetric key, and generating an Eb(N(MASTER)) in which the first random number is encrypted based on the fourth symmetric key; receiving, by the first controller, the Eb(N(MASTER)), and decrypting the Eb(N(MASTER)) to generate a second random number; and updating the second symmetric key based on a comparison between the first random number and the second random number.

Systems and methods for using a kernel module to provide computer security are provided herein. In some embodiments, a method for providing computer security may include launching a kernel module at the kernel-level of a computing device, redirecting, using the kernel module, communications traffic away from a browser executing on the computing device, decoding, using the kernel module, the received traffic to create decoded traffic, analyzing the decoded traffic, using the kernel module, for content having particular characteristics and create analyzed traffic, encoding, using the kernel module, at least a portion of the analyzed traffic to create encrypted traffic, and directing the encrypted traffic to the browser.

The present disclosure is directed to preventing computer data from being usurped and exploited by individuals or organizations with nefarious intent. Methods and systems consistent with the present disclosure may store keys and keying data for each of a plurality of connections in separate memory locations. These memory locations may store data that maps a virtual address to a physical memory address associated with storing information relating to a secure connection. These separate memory locations may have a unique instance for each individual communication connection session, for example each transport layer security (TLS) connection may be assigned memory via logical addresses that are mapped to one or more physical memory addresses on a per-core basis. Such architectures decouple actual physical addresses that are used in conventional architectures that assign a single large continuous physical memory partition that may be accessed via commands that access physical memory addresses directly.