Examples of scheduled and on-demand volume encryption suspension are described. In some examples, volume encryption is to be suspended for a client device. A suspension limit is identified for a volume encryption suspension for the client device. A suspend encryption command is generated to include instructions for the client device to apply the volume encryption suspension according to the suspension limit. The suspend encryption command is transmitted to the client device for execution.

A method comprising receiving, by a one-time pad (OTP) hub, from a first user of a computer network, a communication encrypted with an OTP associated with said first user, wherein said communication is intended for a second user; encrypting, by said hub, said communication with an OTP associated with said second user; decrypting, by said hub, said communication with an OTP associated with said first user; and delivering said communication to said second user.

The present inventions, in one aspect, are directed to systems and circuitry for and/or methods of establishing communication having one or more pairing facilitator-intermediary devices (for example, a network connected server) to enable or facilitate pairing and/or registering at least two devices (e.g., (i) a portable biometric monitoring device and (ii) a smartphone, laptop and/or tablet) to, for example, recognize, interact and/or enable interoperability between such devices. The pairing facilitator-intermediary device may responsively communicates information to one or more of the devices (to be paired or registered) which, in response, enable or facilitate such devices to pair or register. The present inventions may be advantageous where one or both of the devices to be paired or registered is/are not configured (e.g., include a user interface or certain communication circuitry that is configured or includes functionality) to pair devices without use of a facilitator-intermediary device.

Systems, methods, and computer-readable media are provided for performing secure frame encryption as a service. For instance, a network device can receive a first request for encrypting a first media stream associated with a first endpoint. In response to the first request, the network device can obtain a first encryption key for encrypting the first media stream associated with the first endpoint. The network device can receive, from the first endpoint, a first plurality of media frames corresponding to the first media stream and encrypt each of the first plurality of media frames using the first encryption key to yield a first plurality of encrypted media frames. The network device can packetize the first plurality of encrypted media frames into a first plurality of data packets for transmission to a second endpoint.

A method generates, in a higher security domain (SD), public and secret keys using a first homomorphic encryption scheme (HES), passes the public key to a first shared security zone (SSZ) between the higher SD and a lower SD and through the first SSZ to a second entity in the lower SD, passes a plain text query from the higher SD to the first SSZ, encrypts the plain text query using a second HES, passes the encrypted plain text query to the second entity, performs an oblivious query to generate an encrypted result, and passes that from the lower SD to a second SSZ located between the higher and lower SDs, passes the secret key from the higher SD to the second SSZ, and decrypts the encrypted result using the secret key to generate a plain text result, and passes the plain text result to the higher SD.

Methods and systems are provided for protecting DNS traffic locally on an electronic device (e.g., a smart phone) by capturing DNS traffic from network traffic transmitted from the device and ensuring the DNS traffic is routed to a trusted DNS server via a prescribed transmission protocol.

Embodiments of the present disclosure provide a method, an electronic device, and a program product implemented at an edge switch for data encryption. For example, the present disclosure provides a data encryption method implemented at an edge switch. The method may include receiving encryption and decryption information for an encryption operation or a decryption operation from a source device. In addition, the method may include encrypting a data packet received from the source device based on encryption information in the encryption and decryption information to generate an encrypted data packet. The method may further include sending the encrypted data packet to a target device indicated by the data packet. The embodiments of the present disclosure can reduce the computing loads of Internet of Things (IoT) devices, clouds, and servers while ensuring encryption performance, and can also reduce the time delay caused by encryption and decryption operations.

A method comprising receiving, by a one-time pad (OTP) hub, from a first user of a computer network, a communication encrypted with an OTP associated with said first user, wherein said communication is intended for a second user; encrypting, by said hub, said communication with an OTP associated with said second user; decrypting, by said hub, said communication with an OTP associated with said first user; and delivering said communication to said second user.

Described embodiments provide systems and methods for establishing an end-to-end cryptographic context. A service node may be located intermediary between a client and server which provides a service to the client. At least one network device may be located intermediary between the service node and the server. The service node may obtain information for validating the service. The service node may establish an end-to-end cryptographic context between the service node and server through the network device(s). A first network device of the network device(s) may share a cryptographic context with the service node, which existed prior to establishment of the end-to-end cryptographic context. The service node may transmit a message to the network device encrypted using the first cryptographic context. The encrypted message may inform the first network device to pass through traffic that is encrypted using the end-to-end cryptographic context.

An illustrative embodiment disclosed herein is an apparatus including a processor with programmed instructions to receive, from a user device and via a network, encrypted credentials for logging on a user associated with the user device to a virtual machine. The processor is coupled to the virtual machine via a hypervisor. The processor has programmed instructions to decrypt the credentials, send, to an operating system of the virtual machine, the decrypted credentials, and cause the operating system to log the user on to the virtual machine.