A system on chip (SoC) is designed to include a protective moat allowing the external interfaces of the SoC to act as security enforcers. Data is prevented from being delivered to non-trusted devices. Data may leave only to friendly devices that are able to protect the data at its respective security class. Code is prevented from accessing data or jumping to addresses which the code is not authorized to process or jump to. According to an embodiment, both data and code are stored encrypted in corresponding classes, each class having a different encryption key. An n-by-n matrix defines the way security classes may mix, specifically when two different security classes are used. This provides for securing data-data, code-code and data-code interactions. During configuration, processor context switching and secure communication, a trusted execution environment (TEE) is used. The classification rules matrix is programmable under the TEE.

Disclosed are examples of systems, apparatus, devices, computer program products, and methods implementing aspects of a decentralized content fabric. In some implementations, one or more processors are configured to provide fabric nodes of an overlay network, including one or more fabric nodes that receive a client's request to access digital content on the overlay network. The request includes an authorization token digitally signed by or on behalf of a user of the client. The fabric node(s) extract a user identifier (ID) from the authorization token, then determine that one or more rules maintained on the overlay network are satisfied. The one or more rules condition access to the digital content upon the extracted user ID matching an ID associated with an owner of a digital instrument. The digital instrument, which can be a non-fungible token, is stored in a blockchain ledger as a unique representation of the digital content.

A computer-implemented method includes receiving, by a transcoder, second encrypted data. The second encrypted data is data that has been encrypted in a first key to create first encrypted data that is then encrypted in a second key to create the second encrypted data. The method includes receiving the second key and decrypting the second encrypted data using the second key to obtain the first encrypted data. The method includes encrypting the first encrypted data using a third key to create third encrypted data, and sending the third encrypted data to a destination node. A computer-implemented method includes receiving, by a transcoder, a second encrypted key. The second encrypted key is a key that has been encrypted in a first key to create a first encrypted key that is then encrypted in a second key to create the second encrypted key.

Disclosed are techniques for providing driver assistance to a non-autonomous vehicle while operating in an autonomous vehicle environment. In one embodiment, a method is disclosed comprising establishing a secure connection with an object selected from a group consisting of a road and lane of a road; receiving, from the object, a packet, the packet describing a condition of the object; validating the packet; generating an augmented display using data within the packet; and displaying the augmented display in a vehicle.

Embodiments of the present systems and methods may provide techniques to provide host side encryption while maintaining compression and deduplication benefits and providing communication between the host and the storage system that does not leak information about the data compressibility/deduplication properties. For example, in an embodiment, a method may comprise compressing, at a computer system, an original sector of data, generating a new sector of data including a first part including metadata and padding data, and a second part including the original sector of data that has been compressed and encrypted using a data encryption key (DEK), encrypting, at the computer system, the new sector of data using a data reduction key (DRK), and transmitting, at the computer system, the encrypted new sector of data to a storage system.

Techniques for load balancing encrypted traffic based on security parameter index (SPI) values of packet headers and sets of 5-tuple values of the packet headers are described herein. Additionally, techniques for including quality of service (QoS)-type information in SPI value fields of packet headers are also described herein. The QoS-type information may indicate a particular traffic class according to which the packet is to be handled. Further, techniques for pre-configuring a backend host such that encrypted traffic may be migrated to the backend host from another backend host without causing temporary service disruptions are also described herein.

A system for interfacing with a decisioning service from a third-party domain. A backend system may receive a request to interface with the decisioning service to generate a prequalification result for a user for a specified product, in response to the actuation of a button included in a third-party web domain rendering a product. The backend system may execute a call on a website of the decisioning service. The backend system may receive the product information from the button. The backend system may generate the website within the third-party domain, including a request for information about the user, in response to executing the call to the website. The backend system may transmit a request for generating prequalification result for the product to the decisioning service. The backend system may receive the prequalification result from the decisioning service.

Systems and methods to securely send or write data to a cloud storage or server. In one embodiment, a method includes: establishing a connection to a client using a client-side transport protocol; receiving, over the connection, data from the first client; decrypting, using a client session key, the received data to provide first decrypted data; encrypting the first decrypted data using a stored payload key (that is associated with the client) to provide first encrypted data; encrypting, using a cloud session key, the first encrypted data using a remote-side transport protocol to provide second encrypted data; and sending the second encrypted data to the cloud storage or server.

An approach is disclosed on a blockchain platform for authenticating clients. A public and private key is created at a client device. The private key into is split two or more parts. The split private key part is split into to two or more client devices including a first client device and a remaining client devices. Signing to authenticate a challenge to login using a partial key part occurs at the first client device. The challenge is sent to the remaining client devices wherein the remaining client devices that sequentially sign using short range wireless network connection and respond back to the challenge to login without a password.

Although TLS provides desirable end-to-end encryption, there are circumstances in which it is desirable or a regulatory requirement for a client to establish a TLS connection through an intermediary that is capable of creating an archival record. There is provided a modification to the TLS protocol that allows an aware client to provide a recovery record to such an intermediary. The recovery record permits the intermediary to verify that the encrypted recovery records can be decrypted by a party that holds the corresponding private key but does not enable decryption by the intermediary.