A computer implemented method and system for anonymous information rights management to allow tracking of downloaded documents without authentication is disclosed. The method comprises receiving, at an IRM server, a request from an anonymous user to access an encrypted document; in response to receiving the request from the anonymous user, determining an identity of a first user who downloaded the encrypted document from the IRM server, wherein the first user is different from the anonymous user; determining whether the first user currently has permission to access to the encrypted document; and providing a decryption key to the anonymous user when the first user is determined to have permission to access the encrypted document.

In various embodiments, there is provide a method for organizing devices in a policy hierarchy. The method includes creating a first node. The method further includes assigning a first policy to the first node. The method further includes creating a second node, the second node referencing the first node as a parent node such that the second node inherits the first policy of the first node.

The disclosure presents a method and a communication system comprising; an audio gateway including; a first wireless interface configured to transmit and receive an audio signal via a first communication link, a processing unit configured to transfer the audio signal into an audio streaming signal, a second wireless interface configured to transmit the audio streaming signal via a second communication link, a plurality of communication units comprising a master communication unit and at least a first slave communication unit, wherein each of the communication unit comprises: a first wireless interface configured to receive the audio streaming signal via the second communication link and to communicate with a communication unit, a speaker configured to sound the audio streaming signal received from the audio gateway, a memory unit, and wherein the master communication unit is configured to transmit a pairing request via the second communication link to the audio gateway, and the audio gateway transmits then an encryption key to the master communication unit, and the first slave communication unit is configured to request the encryption key by transmitting an encryption request including an identification of the first slave communication unit to the master communication unit via a first internal communication link, and the master communication unit transmits then the encryption key relating to the second communication link to the first slave communication unit based on an access criteria, and the first slave communication unit is then configured to eavesdrop the audio streaming signal being communicated via the second communication link between the audio gateway and the master communication unit.

Techniques for key distribution are provided. A first symmetric key is generated for a first downstream site, and a second symmetric key is generated for a second downstream site. The first symmetric key is transmitted to the first downstream site, and the second symmetric key is transmitted to the second downstream site. Upon receiving an indication that the first symmetric key was successfully deployed at the first downstream site, the first symmetric key is deployed on a first network node of an upstream site. Finally, upon determining that the second symmetric key was not successfully deployed at the second downstream site, techniques include refraining from deploying the second symmetric key to a second network node of the upstream site, where the second network node continues to communicate with the second downstream site using an original symmetric key.

Operating upon encrypted data with a particular data scope. A base encryption key is established and associated with the particular data scope, and then stored in a base encryption key store. That base encryption key store might be managed by an application or service that stores base encryption keys for multiple data scopes. A proxy encryption key acts as a kind of proxy for the base encryption key. The proxy encryption key may be used for frequent operations on encrypted data within the particular data scope. Thus, the principles described herein act as a frequency amplifier that allows key-based operations upon the particular data scope to be performed at much higher frequencies than otherwise would be possible by operating directly using the base encryption key

Systems and processes are described for a message service with distributed key caching for server-side encryption. Message requests are received by message handlers of the message service that cache data encryption keys used to encrypt and decrypt messages that are stored to message containers in back end storage. A metadata service obtains the data encryption keys from a key management service, caches the keys locally, and sends the keys to the message handlers upon request, where the keys are cached, again. The key management service may generate the data encryption keys based on a master key (e.g., a client's master key). The message handlers may send both message data encrypted using the data encryption key and an encrypted copy of the data encryption key to be stored together in the data store.

Digital certificates include pointers to remote certificate information stores that maintain usage information associated with digital certificates. The pointers provide a mechanism for enabling the remote certificate information stores to be queried for usage information associated with a particular digital certificate. The usage information can be used to determine a validity of the digital certificate.

A client establishes a communication session with a service by negotiating a first cipher suite from a plurality of available cipher suites to secure communications over the first communication session. A cipher suite strength measure from the first cipher suite is recorded to a database and when the customer attempts to negotiate a second cipher suite to secure communications over a second communication session, the second cipher suite strength measure is compared to the database of strength measurements to determine whether the second cipher suite is at least as secure as the previously used cipher suites.

A system and method provide aircraft-specific customization of gas turbine engine operation. The system includes a gas turbine engine, a first processing unit, and an engine controller. The first processing unit is configured to selectively transmit an activation key. The engine controller is in operable communication with the first processing unit and the gas turbine engine. The engine controller is configured to receive the activation key transmitted by the first processing unit and is operable, upon receipt of the activation key, to: verify the received activation key is correct, enable operational parameters in the gas turbine engine and the engine controller when the received activation key is correct, and control the gas turbine engine using the enabled operational parameters.

Disclosed are techniques for securing electronic control units (ECUs) in a vehicle. A security platform for a vehicle includes a key distribution center (KDC) for the vehicle. The KDC is configured to verify that a digital certificate associated with a first electronic control unit (ECU) on the vehicle is a valid certificate, where the digital certificate indicates a first security level of the first ECU. The KDC is configured to generate, based on the first security level of the first ECU, one or more security keys for secure communication between the first ECU and a set of ECUs on the vehicle, and provision the one or more security keys to the first ECU and the set of ECUs. In some embodiments, the KDC uses the provisioned keys to authenticate each ECU when the vehicle is powered up.