An example system includes a processor to receive a graph-based masking policy and a composite payload containing a data object to be masked. The processor is to instantiate a masking engine based on the graph-based masking policy. The processor is to execute the masking engine on the composite payload to generate a masked payload comprising a masked data object. The data object to be masked is masked in place such that the resulting composite payload type is maintained. The processor is to output the masked payload.

A mechanism for building decentralized computer applications that execute on a distributed computing system. The present technology works within a web browser, client application, or other software and provides access to decentralized computer applications through the browser. The present technology is non-custodial, wherein a public-private key pair, which represents user identity, is created on a client machine and then directly encrypted by a third-party platform without relying on one centralized computing system.

Systems and methods are provided that may be implemented to use compute capabilities of a network interface controller (NIC) to broker a secure connection across a network between a target information handling system (e.g., such as a server) and one or more other entities (e.g., such as other information handling systems implementing a cloud service or private network, and/or that are providing other remote service/s across the network). This secure connection may be brokered by the NIC at a hardware level in a manner that is separate from a host programmable integrated circuit of the same target information handling system, and in a way that is agnostic and independent of any host operating system or other logic that is executing on the host programmable integrated circuit of the target information handling system.

A method for secure file transmission comprises: encrypting a file using a location key system having multi-part keys; generating an identification for the encrypted file; transmitting the identification from a sender to a recipient; transmitting a public key from the recipient to the sender; generating, by M of N devices of a set of devices associated with the sender, its respective partial secret for the encrypted file and encrypting respective partial shared secrets with the public key; transmitting, by the sender, the encrypted file and encrypted partial shared secrets to the recipient; decrypting, by the recipient, the received encrypted partial shared secrets; combining the decrypted partial shared secrets with a threshold scheme; and decrypting the encrypted file using the combined secrets.

Concepts and technologies disclosed herein are directed to a data security cube with a key cube. According to one aspect of the concepts and technologies disclosed herein, a system can execute a data security cube application. The application can receive user data associated with a user. The application can create a data cube that includes at least one data layer that, in turn, includes the user data represented in a binary format. The application can create a key cube that includes at least one key layer that, in turn, includes a data type of the user data, an element identifier that identifies a location of the user data within the data cube, and a decryption logic that decrypts the user data in the binary format. The application can store the data cube and the key cube in secure storage component of the system.

Methods and devices for privately verifying and enhancing location data by a distributed ledger system are disclosed. A location-based services server receives a possible location of a mobile device. A location verification system determines a detected location of the mobile device. A distributed ledger system uses a private set intersection technique to determine whether the possible location corresponds to the detected location without the possible location or detected location being shared. Probabilities associated with the possible and detected locations can also be combined to enhance the accuracy of the possible location.

A Computing environment is described to enable an information handling system (IHS) to receive a public encryption key from another IHS; and decrypt with a public encryption key one or more encrypted symmetric encryption keys, encrypted via a private encryption key, to obtain one or more symmetric encryption keys respectively associated with one or more memory address ranges. The IHS may physically receive a memory device that was utilized by the other IHS to store information in an encrypted fashion. The IHS may further decrypt, with a first encryption key of the one or more symmetric encryption keys associated with a first address range of the one or more address ranges, first encrypted data stored by the at least one non-volatile memory medium to obtain first data.

Example methods and computer systems for receive-side processing for encapsulated encrypted packets. One example may comprise: in response to receiving, over a tunnel, a first encapsulated encrypted packet that includes a first encrypted inner packet and a first outer header, generating a first decrypted inner packet by performing decryption and decapsulation; and based on content of the first decrypted inner packet, assigning the first decrypted inner packet to a first processing unit. The method may further comprise: in response to receiving, over the tunnel, a second encapsulated encrypted packet that includes a second encrypted inner packet and a second outer header, generating a second decrypted inner packet by performing decryption and decapsulation; and based on content of the second decrypted inner packet, assigning the second decrypted inner packet to a second processing unit, thereby distributing post-cryptography processing over multiple processing units.

This disclosure includes techniques for using multiple cryptographic certificates for a secure connection. One embodiment is a method including: receiving by a client N public encryption keys over a network from a server, wherein N is an integer greater than 1; generating N session keys in response to receiving the N public encryption keys; encrypting each of the N session keys with a respective one of the N public encryption keys; subsequent to encrypting each of the N session keys, sending the N session keys encrypted over the network to the server; encrypting, with a first one of the N session keys, a first portion of a payload associated with a first message; encrypting, with a second one of the N session keys, a second portion of the payload associated with the first message; and sending the first message, comprising the payload encrypted, to the server from the client.

A cell phone is disclosed for acquiring information to be transmitted to a receiving facility and for transmitting such thereto. A capture device captures information from an external source. A processor is provided for associating with the captured information a representation of the date and time of the capture of the information, such that the representation of the date and time information in association with the captured information forms augmented captured information. The processor also places the augmented captured information in association with subscriber information in a transmission of the augmented captured information to a receiving facility requiring such subscriber information. A transmitter transmits the transmission including the augmented captured information and the subscriber information to the receiving facility. An encryptor encrypts the augmented captured information with a symmetrical encryption algorithm to provide encrypted augmented captured information in the transmission with the subscriber information.