A media playback system for presenting to a user a composition of a plurality of media streams. It has a media selection component configured to receive a scenario dataset, to receive user input for selecting viewing times defining segments of media and composition selections, and to output a list of segments of media from the scenario dataset that are authorized to be viewed by the user. The system has a playback control component configured to retrieve from media storage at least the segments of media from the output list of segments, to decode the segments of media, and to compile composition instructions. The system has a media playback component configured to receive the rendered media and the composition instructions.

A cable distribution system that includes a head end connected to a plurality of customer devices through a transmission network that includes a remote fiber node that converts digital data to analog data suitable for the plurality of customer devices, where the head end includes a processor. A packetized elementary stream of a video is provided from the head end to customer devices through the transmission network, wherein the packetized elementary stream includes a plurality of groups comprising pairs of packetized elementary stream headers and packetized elementary stream payloads. A first one of the plurality of groups corresponding to a non-predicted coded picture of the video of the packetized elementary stream is determined. The first one of the plurality of groups is encrypted while not encrypting all of the plurality of groups of the video. A signal is provided from a conditional access system to a selected one of the plurality of customers that is suitable to be used to decrypt the first one of the plurality of groups.

A network attached storage device coupled to a local network and including a network interface configured to receive digital content from a remote content provider outside the local network. The network attached storage device includes storage having a first region accessible by a user of the local network and a secure region. The network attached storage device includes a processor coupled to the storage, the processor configured to control access to the secure region of the storage based on instructions received from a remote content provider.

A method performed by a processing system includes identifying a first node in a metadata tree of a patient that corresponds to an encrypted electronic health record in an encrypted data store and preventing a portion of the first node from being decrypted with a node key of a first healthcare participant in response to a second node of the metadata tree including key rotation information that indicates that the node key has been revoked by a second healthcare participant.

A system and method are provided for a detector device for use with a first video conference device, a second video conference device, and WAN. The video conference devices are configured to: establish a video conference over a secure communication channel over the WAN; to encode user video/audio data; to encrypt the encoded data; to provide the encrypted data to the other video conference device; to receive encrypted data; to decrypt the encrypted data; decode the encoded data; instruct the display to display video data based on the decoded video data; and instruct the speaker to play audio data based on the decoded audio data. The first video conference device is additionally configured to: receive detector data from the detector device; to encode detector data; to encrypt the encoded data; and to provide the encrypted data to the other video conference device.

Aspects of the disclosure relate to resource allocation and rebating during in-flight data masking and on-demand encryption of big data on a network. Computer machine(s), cluster managers, nodes, and/or multilevel platforms can request, receive, and/or authenticate requests for a big data dataset, containing sensitive and non-sensitive data. Profiles can be auto provisioned, and access rights can be assigned. Server configuration and data connection properties can be defined. Secure connection(s) to the data store can be established. The big data dataset can be uncompressed based on a codec and uncompressed data blocks can be distributed for processing. Sensitive information can be redacted into a sanitized dataset based on one or more data obfuscation types. The encrypted data can be transmitted, in response to the request, to a source, a target, and/or another computer machine and can be decrypted back into the sanitized dataset.

A method at a wireless terminal (UE) may include providing a first NAS connection with a network node (AMF) through a first access node (AN_1), wherein a first NAS CID is associated with the first NAS connection. While providing the first NAS connection, a second NAS CID may be allocated for a second NAS connection with the network node (AMF) through a second access node (AN_2). A registration request message may be transmitted to the network node (AMF) to request the second NAS connection, wherein transmitting the registration request message includes performing integrity protection for the registration request message using the second NAS CID. A security mode command message may be received from the network node (AMF), wherein the security mode command message corresponds to the registration request message. Responsive to receiving the security mode command message, a security mode complete message may be transmitted to the network node (AMF) through the second access node (AN_2).

To propose a technique for solving a key delivery problem. Both of a client and a server have a function of generating the same solution at the same date and time based on the same initial solution. The client sends identification information for identifying the client to the server (S1002). The client and the server generate the same solution with time synchronization based on the initial solution (S1003 and S2002). The client and the server perform encrypted communication using the same key as a common key (S1004 and S2003).

According to an example aspect of the present invention, there is provided a method, comprising receiving from a source entity a workflow description for network based media processing (200), determining encryption requirements on the basis of an encryption descriptor in the workflow description, the encryption descriptor comprising information indicative of one or more encryption methods and at least one prioritized encryption method (210), and selecting, on the basis of the encryption descriptor, an encryption method for protecting data for at least one task of a media processing workflow generated on the basis of the workflow description (220).

Techniques are disclosed for securing traffic flowing across multi-tenant virtualized infrastructures using group key-based encryption. In one embodiment, an encryption module of a virtual machine (VM) host intercepts layer 2 (L2) frames sent via a virtual NIC (vNIC). The encryption module determines whether the vNIC is connected to a “secure wire,” and invokes an API exposed by a key management module to encrypt the frames using a group key associated with the secure wire, if any. Encryption may be performed for all frames from the vNIC, or according to a policy. In one embodiment, the encryption module may be located at a layer farthest from the vNIC, and encryption may be transparent to both the VM and a virtual switch. Unauthorized network entities which lack the group key cannot decipher the data of encrypted frames, even if they gain access to such frames.