A communication terminal which is capable of reducing load of a server apparatus by reutilizing a message key to be used for encrypting a message is provided. The communication terminal includes a session key storage part which stores a session key which is shared with another communication terminal and which is not shared with the server apparatus, a message key generating part which generates a message key, a message key storage part which stores the message key to be reutilized in association with a message key identifier, a message encrypting part which generates a message encrypted text based on a common key cryptosystem using the message and the message key, a message key encrypting part which generates a message key encrypted text based on a common key cryptosystem which can perform re-encryption using the session key and the message key, and an encrypted text transmitting part which transmits a group identifier which is an identifier of a group to which an own terminal belongs, the message key encrypted text or the message key identifier, and the message encrypted text to the server apparatus.

Techniques for sharing secrets over one or more computer networks using proxies are provided. In one technique, a proxy server receives, from a client device, over a computer network, a request for a secret. In response to receive the request, the proxy server causes a tunnel to be created with a resource server that is separate from the client device, retrieves the secret from a secrets repository, and causes the secret to be transmitted through the tunnel to the resource server.

A secure data exchange system permits device to exchange secure message keys and securely transmit messages between devices. The devices may initially exchange temporary message keys that are used to encrypt permanent message keys. In addition, devices may have pairing managed that authenticates devices. Devices may be associated with an address ledger that maintains address information and is accessible with a public ledger key, which may provide different access to address information to different paired devices. Data within the system may also be encrypted with user device keys that prevents unauthorized access to data while permitting recreation of the user device key for data backup and migration.

Systems and methods for policy-controlled communication over the Internet between third party client applications and remote services. A client device enforces policies on the communication between the applications and services. The communication is redirected through a mid-link server using a digitally protected tunnel. Network addresses of the client device and remote service are masked.

Devices and methods for protecting server devices from physical attacks use an encrypted overlay network to securely communicate between a trusted network and one or more host computer devices in communication with the trusted network. The devices and methods may generate VPN tunnels to communicate directly with individual host computer devices. The devices and methods may securely transmit data packets between the trusted network and the host computer devices using the VPN tunnels.

A privacy gateway may communicate with user devices located at a plurality of premises. The privacy gateway may receive a data packet, from one of the user devices, indicating destinations, such as other computing devices, located external to the premises. The privacy gateway may decrypt at least a portion of the data packet to determine that at least a portion of data in the packet is associated with the user device. The privacy gateway may remove the data associated with the user device from the data packet and replace the removed data with data associated with the privacy gateway. The privacy gateway may send the data packet with the replaced data to a destination device. The privacy gateway may receive a response to the data packet from the destination device. The privacy gateway may encrypt a portion of the response and send the response to the user device.

A system and method for tripartite encryption is given. In this system and method of encryption, a distributing party distributes keys, checksums and encrypted data among two receiving parties, so that the two receiving parties may authenticate each other without the distributing party's further intervention and encrypt and decrypt data among themselves.

A method includes generating, by a user device, an initial authorization request message for an interaction to obtain a resource from a resource provider. The user device transmits the initial authorization request message to a first node in a proxy network, wherein the first node processes the initial authorization request message and transmits a routing message to a second node in the proxy network based on the processing of the initial authorization request message, the second node being previously associated with the resource provider. The user device then receives from the second node and stores a pre-authorization approval indicator (PAAI). Upon delivery of the resource by an agent of the resource provider, the user device transmits an authorization request message including the pre-authorization approval indicator, wherein the agent device further processes and transmits the authorization request message to the proxy network for authorization by an authorizing entity.

Systems and methods for processing and transmission of encrypted data are provided. The method includes: encrypting a first data set; encapsulating the encrypted first data set in a protective layer; and transmitting the encapsulated encrypted first data set to a destination over one or more communication channels. The encrypting is performed by using a homomorphic encryption (HE) technique. The encapsulating is performed by using a quantum key distribution (QKD) encapsulation technique to generate a QKD-protected layer. The communication channels may include a classical/non-quantum channel over which the QKD-encapsulated encrypted first set of data is transmitted and a quantum channel over which a quantum key distribution is conducted, or a single communication channel to conduct both.

Disclosed herein are embodiments of systems, methods, and products comprise a computing device, which provides a secure data transport service (SecureX) for data packets traversing from an end user device (EUD) to a mission network over untrusted networks. The disclosed SecureX module may be software product running on the EUD and on a SecureX appliance fronting the mission network. The SecureX module on the EUD compresses the data packets by removing header fields that are constant over the same packet flow and double encrypts the data packets with different cryptographic keys. The SecureX on the EUD transmits the double compressed encrypted data packets over the untrusted network. The SecureX appliance receives the double compressed encrypted data packets, decrypts the data packets and decompresses the data packets to recreate the original data packets. The SecureX appliance transmits the original data packets to the mission network.