Systems and methods for managing group encryption are described. In certain methods, a content asset may be encrypted with an asset key. An account key may be determined. Using the account key, an encrypted content asset package may be generated. The asset key may make up at least a portion of the encrypted content asset package. The encrypted content asset package is decryptable with the account key. The encrypted content asset package and an identifier associated with the account key may be transmitted, for example to a playback device.

Described embodiments provide systems and methods for selectively encrypting and decrypting portions of a network flow by intermediary devices. A first device may identify a protocol used by a network flow traversing the first device via one or more packets of the protocol. The first device may determine that a level of encryption for the network flow meets a predetermined threshold. The first device may receive networks packets to be communicated between a sender and a receiver. The packets may include a first portion that is encrypted and a second portion that has clear text information. The first device may encrypt the second portion of the one or more packets. The first device may forward the network packets with the first portion and the encrypted second portion via a tunnel to a second device for decryption of the encrypted second portion for forwarding to the receiver.

A blockchain-based user privacy data providing method and apparatus is provided. The method includes receiving a data consumption request from a data consumer, where the data consumption request requests user privacy data of a target user, the user privacy data includes personal data that is pre-encrypted and uploaded to a trusted execution environment (TEE), and the TEE is constructed in a blockchain node; performing predetermined verification on the data consumption request in the TEE based on request body data corresponding to the data consumption request using a smart contract deployed in the blockchain to obtain a corresponding predetermined verification result; if the predetermined verification result satisfies a verification success condition, obtaining target privacy data for the data consumption request, and sending the encrypted target privacy data to the data consumer, where the target privacy data is obtained in the TEE based on the user privacy data stored in the blockchain.

Systems and methods for automatically disseminating a private key are presented. A first message requesting a key proxy instance is received from a first user device. The first message comprises a first symmetric key. A key proxy server is directed to allocate a key proxy instance for communication with the first user device based on a device public key that corresponds to the first user device. A unique URL corresponding to the key proxy instance is received from the key proxy server. A second message comprising the unique URL is sent to the first user device. The second message is encrypted using the first symmetric key and signed using a server private key. A third message comprising the URL of the key proxy instance is received from the first user device and forwarded to a second user device.

Techniques discussed herein relate to providing composable edge devices. In some embodiments, a user request specifying a set of services to be executed at a cloud-computing edge device may be received by a computing device operated by a cloud computing provider. A manifest may be generated in accordance with the user request. The manifest may specify a configuration for the cloud-computing edge device. Another request can be received specifying the same or a different set of services to be executed at another edge device. Another manifest which specifies the configuration for that edge device may be generated and subsequently used to provision the request set of services on that device. In this manner, manifests can be used to compose the platform to be utilized at any given edge device.

A method for processing data of an analytical instrument for analyzing biological samples is presented. The method comprises receiving instrument data from the analytical instrument at a data processing module communicatively connected with the analytical instrument, generating metadata from the received instrument data at the data processing module, applying a first encryption to the instrument data at the data processing module, applying a second encryption to the generated metadata at the data processing module, and transmitting the encrypted metadata and encrypted instrument data to a remote server. The remote server and the data processing module are communicatively connected. The method also comprises removing the second encryption from the metadata at the remote server and forwarding the instrument data encrypted by the first encryption from the remote server to a management system of the analytical instrument.

A cryptography system for the protection of data in transit using a post-quantum encryption key management system that eliminates the need for PKI or other asymmetric key management systems used in today's solutions, while allowing encryption of data in transit with no hands-on management including configuration of routers, switches, etc. The present system includes a multi-factor post-quantum key management mechanism that strengthens existing symmetric encryption systems and industry standard key generators on existing hardware through the post-quantum age.

A computer-implemented method includes receiving, by a transcoder, second encrypted data. The second encrypted data is data that has been encrypted in a first key to create first encrypted data that is then encrypted in a second key to create the second encrypted data. The method includes receiving the second key and decrypting the second encrypted data using the second key to obtain the first encrypted data. The method includes encrypting the first encrypted data using a third key to create third encrypted data, and sending the third encrypted data to a destination node. A computer-implemented method includes receiving, by a transcoder, a second encrypted key. The second encrypted key is a key that has been encrypted in a first key to create a first encrypted key that is then encrypted in a second key to create the second encrypted key.

Methods, systems, and apparatus, including medium-encoded computer program products, for secure storage and retrieval of information, such as private keys, useable to control access to a blockchain, include, in at least one aspect, a method including: identifying for an action an associated private-keys group out of different private-keys groups, each having an associated cryptographic group key; decrypting, at a first computer, a first level of encryption of a private key associated with the action using the associated cryptographic group key; decrypting, at a second computer distinct from the first computer, a second level of encryption of the private key associated with the action using a hardware-based cryptographic key used by the second computer; using, at the second computer, the private key associated with the action in a process of digitally signing data to authorize the action; and sending the digitally signed data to a third computer to effect the action.

The invention relates to a communication network having at least one network element (NE), via which data associated with the communication are conducted. The method comprises the following steps: securing, by means of a first cryptographic security function, the data (D) that are transferred from at least one first communication device (PLC1) to at least one second communication device (PLC2), providing a second cryptographic security function, which secures, between a communication device and a network element, messages that are conducted from the first communication device to the at least second communication device via the at least one network element and that contain the data, providing a checking function by means of the at least one network element, which checking function checks the authenticity and/or integrity of the messages on the basis of the second security function, continuing (6) or stopping (5) the communication in accordance with the result of the check (4) by the checking function, wherein, if the communication is continued, the data remain secured by means of the first security function until the data are received by the at least second communication device.