A method performed by a processing system includes identifying a first node in a metadata tree of a patient that corresponds to an encrypted electronic health record in an encrypted data store and preventing a portion of the first node from being decrypted with a node key of a first healthcare participant in response to a second node of the metadata tree including key rotation information that indicates that the node key has been revoked by a second healthcare participant.

Systems and processes are described for a message service with distributed key caching for server-side encryption. Message requests are received by message handlers of the message service that cache data encryption keys used to encrypt and decrypt messages that are stored to message containers in back end storage. A metadata service obtains the data encryption keys from a key management service, caches the keys locally, and sends the keys to the message handlers upon request, where the keys are cached, again. The key management service may generate the data encryption keys based on a master key (e.g., a client's master key). The message handlers may send both message data encrypted using the data encryption key and an encrypted copy of the data encryption key to be stored together in the data store.

Techniques are provided for distributed lock and authorities management. An origin may host a resource, such as a file, that may be accessed by clients through a plurality of caches. The origin may receive a first retrieve request from a first endpoint to obtain a first authority for a resource. The origin may delegate the first authority for the resource to the first endpoint. The origin may delegate the second authority for the resource to the second endpoint in response to determining that the delegated authority information and a set of locks held by the origin do not conflict with a second retrieve request from a second endpoint to obtain a second authority.

Key management for encrypted data includes establishing a cache of key decryption keys and periodically evicting the keys from the cache. A pool of key encryption keys also is created and periodically, selected key encryption keys are removed from service. Notably, the rate of removal of the encryption keys differs from the rate of cache eviction for the decryption keys. Thereafter, clear data is encrypted with a cipher to produce cipher text, and the cipher is encrypted with a selected key encryption key from the pool. Finally, in response to an access request for the clear data, an attempt to locate in the cache a key decryption key for the encrypted cipher is made. If attempt fails, the key decryption key is retrieved from remote memory. Finally, the encrypted cipher is decrypted with the located key, and the cipher text decrypted to produce the clear data.

Disclosed are techniques for securing electronic control units (ECUs) in a vehicle. A security platform for a vehicle includes a key distribution center (KDC) for the vehicle. The KDC is configured to verify that a digital certificate associated with a first electronic control unit (ECU) on the vehicle is a valid certificate, where the digital certificate indicates a first security level of the first ECU. The KDC is configured to generate, based on the first security level of the first ECU, one or more security keys for secure communication between the first ECU and a set of ECUs on the vehicle, and provision the one or more security keys to the first ECU and the set of ECUs. In some embodiments, the KDC uses the provisioned keys to authenticate each ECU when the vehicle is powered up.

A method for Internet of Things (IoT) network security includes collecting information for each network device (device), determining a minimum viable resource allocation for each device based on the information, which defines the minimum resources needed by each device to engage the IoT network and handle data, and for each device, distributing minimum viable resource allocations and rules, determining monitoring sets, monitoring using the monitoring set, collecting updated information based partially on the monitoring set, analyzing the updated information to determine trends and insights relative to the devices and the IoT network, updating the monitoring set, minimum viable resource allocation, and rules based on the analyzed updated information, checking compliance with a current minimum viable resource allocation and rules, identifying devices having violations, and performing same on a continuous as it and automatic basis. The method establishes and maintains a chain of custody for data traversing through multiple network segments.

An authentication server may obtain information about a plurality of nodes or information about a replacement node in an in-vehicle system, and perform authentication on the nodes based on the information about the nodes or perform authentication on the replacement node based on the information about the replacement node. After the authentication succeeds, the authentication server may further send an identifier of a subnode of a node, key information of the subnode of the node, an identifier of a parent node of the node, and key information of the parent node of the node to the node in the in-vehicle system. Therefore, when the in-vehicle system is started, the node performs authentication on another node in the in-vehicle system.

Key management for encrypted data includes establishing a cache of key decryption keys and periodically evicting the keys from the cache. A pool of key encryption keys also is created and periodically, selected key encryption keys are removed from service. Notably, the rate of removal of the encryption keys differs from the rate of cache eviction for the decryption keys. Thereafter, clear data is encrypted with a cipher to produce cipher text, and the cipher is encrypted with a selected key encryption key from the pool. Finally, in response to an access request for the clear data, an attempt to locate in the cache a key decryption key for the encrypted cipher is made. If attempt fails, the key decryption key is retrieved from remote memory. Finally, the encrypted cipher is decrypted with the located key, and the cipher text decrypted to produce the clear data.

A method and apparatus provide for security for restricted local operator services. At least one of a restricted local operator services indication and security capabilities associated with the restricted local operator services can be sent. A non-access stratum key exchange request including a symmetric root key can be received. The symmetric root key can be encrypted with a public key. The non-access stratum key exchange request can be acknowledged. A non-access stratum security key can be derived with the symmetric root key. Radio interface keys for user plane and radio resource control can be derived with the symmetric root key.

An intelligent method of mutual validation between a cluster manager and a new node, also enabling automatic signing of an application certificate for the new node. A root certificate authority is embedded in a cluster manager at the factory. The certificate includes the cluster manager serial number. Similarly, a certificate is embedded in an appliance to be joined as a new node, the certificate including the appliance's serial number. When requesting to join the cluster, the node sends its certificate to the cluster manager. The cluster manager verifies that the serial number in the certificate matches a serial number in its white list and validates the certificate ownership by the node. Conversely, the cluster manager sends its certificate to the node, so that the node can verify its communicating with a valid cluster manager. The node can then ask the manager to sign its application certificate, and the manager uses its root certificate authority to sign the certificate.