Systems and methods for efficient and secure management of encrypted “snapshots” for a remote provider substrate extension (“PSE”) of a cloud provider network substrate are provided. The PSE may request and obtain a snapshot from the cloud provider network substrate, restore a volume from the snapshot, make changes to data in the restored volume, and/or initiate the creation and storage of a new snapshot that includes incremental updates to the original snapshot to reflect the changes made to data in the volume. An encrypted snapshot stored within the cloud provider network substrate may be decrypted using a cloud provider key designed for internal use only, and then re-encrypted using a PSE-specific key before providing the snapshot to the PSE, thereby avoiding the sharing of the cloud provider internal use only key outside the cloud provider network substrate.

A configurable transmitter is provided for a vehicle for transmitting signals to a device remote from the vehicle. The configurable transmitter includes an RF transmitter that receives an RF signal during a training mode to learn characteristics of the received RF signal, and to transmit an RF signal to the remote device in an operating mode where the transmitted RF signal includes the learned characteristics of the received RF signal; a local memory device for storing channel data representing the learned characteristics and for storing a unique identification code and a cloud encryption key; an interface that communicates with an Internet server; and a controller coupled to the local memory device and the interface, the controller retrieves the channel data from the local memory device, encrypts the channel data using the cloud encryption key and transfers the encrypted channel data for remote storage in the Internet server through the interface.

Aspects of the disclosure relate to a data integrity system for transmission of data. A computing platform may detect transmission of data to a second enterprise computing device, and may intercept the data content in transmission. Then, the computing platform may convert the data content to an electronic file in a standardized textual format. Then, the computing platform may add an alert message to a message queue indicating that the electronic file is available for processing. Subsequently, the computing platform may cause one or more content processors to process the electronic file to identify a portion of the data content for review prior to transmission, and output a notification message to the message queue providing information related to the identified portion. Then, the computing platform may modify the data content, generate a link to the modified data content, and provide the generated link to the second enterprise computing device.

Methods and network equipment in a core network for intercepting protected communication between core network (CN) network functions (NFs). A method performed by network equipment in a core network may include establishing a first connection with a first NF for which the network equipment serves as a proxy and establishing, on behalf of the first NF, a second connection that is towards a second NF and that is secure. The method may also include selectively forwarding communication between the first and second NFs over the first and second connections, including transmitting and/or receiving the communication on behalf of the first NF over the second connection. The method may further include intercepting the communication that the network equipment selectively forwards between the first and second NFs.

In method of protecting signaling messages in a hop-by-hop network communication link between a source node and a destination node, a source node public digital signature verification key and a respective source node private digital signature key associated with said public digital signature verification key are provided to the source node. The source node public digital signature verification key associated with the source node private digital signature key is also provided to the destination node. The source node builds a message including a sequence of Information Elements, and calculates, for each Information Element, an Information Element hash value. The source node also calculates a sequence hash value of a concatenation of the calculated Information Element hash values, and generates a source node digital signature by digitally signing the calculated sequence hash value. An intermediate node receives and forwards the signaling message to the destination node.

The technology disclosed relates to non-intrusively enforcing security during federated single sign-on (SSO) authentication without modifying a trust relationship between a service provider (SP) and an identity provider (IDP). In particular, it relates to an assertion proxy receiving a verified assertion from an IDP obtained from an assertion that is generated when a user logs into a service provider (SP) and is verified in dependence upon the IDP's public key. It also relates to evaluating the verified assertion against one or more security policies. It further relates to forwarding the verified assertion evaluated to the SP and causing establishment of a single sign-on (SSO) authenticated session without modifying the assertion.

Methods and systems are provided for supporting efficient and secure “Machine-to-Machine” (M2M) communications using a module, a server, and an application. A module can communicate with the server by accessing the Internet, and the module can include a sensor and/or an actuator. The module, server, and application can utilize public key infrastructure (PKI) such as public keys and private keys. The module can internally derive pairs of private/public keys using cryptographic algorithms and a first set of parameters. A server can authenticate the submission of derived public keys and an associated module identity. The server can use a first server private key and a second set of parameters to (i) send module data to the application and (ii) receive module instructions from the application. The server can use a second server private key and the first set of parameters to communicate with the module.

An inter-node privacy communication method, including a network node processing a data packet according to the role of the network node in a communication path of privacy communication; if the node is a communication source node, acquiring, according to node identities in an identity quadruple, a key for encryption, and encrypting and sending the data packet; if the node is the first switch device or the last switch device, and an end-to-end privacy communication policy is valid, directly forwarding the data packet, and if the policy is invalid, acquiring a key for decryption, and receiving and decrypting the data packet, and acquiring, a key for encryption, and encrypting and sending the data packet; if the node is a middle switch device directly forwarding the data packet; and if the node is a communication destination node, acquiring a key for decryption, and receiving and decrypting the data packet.

A non-transitory computer-readable medium storing instructions which when executed by a computer of a first client device cause the computer to perform a method of communicating via a chat session is provided. The method includes receiving, a request from a first user to begin the chat session with a second user. When the requested chat session is designated as a secret chat, first user data encrypted using a first key for encrypting data to be decrypted by a second client device associated with the second user is transmitted to the second client device. When the requested chat session is not designated as the secret chat, the first user data encrypted using a second key for encrypting data to be decrypted by the server is transmitted to the server for forwarding to the second client device.

A communication session may be broken up into many smaller packet bundles over many tunnels and over different routes in order to obfuscate the entire data stream. Apparatuses may dynamically build hop-by-hop tunnels in a backbone telecommunications network, segment data into packet bundles at the customer edge, or break up data traffic of a communication session along multiple routing or switching paths in order to obfuscate the data traffic of the communication session.