An asymmetric cryptographic method for securing access to a private key generated and stored in a device is provided. The method includes generating an application password relating to a predetermined level of entropy; generating, within a trusted execution environment relating to a key manager, a user private key secured by using the application password; receiving, from a user via an input device, user entropy relating to a unique identifier for the user; deriving, using a password derivation function, a symmetric key based on the user entropy; encrypting, using an encryption system, the application password by using the symmetric key; and storing, in a memory, a device payload component relating to the application password and the symmetric key in a password management system.

Systems, methods, and devices of the various embodiments disclosed herein may provide a protocol and architecture for decentralization of content delivery. Various embodiments may provide a client based method for content delivery from content delivery networks (CDNs) via tiered caches of content hosted by Internet Service Providers (ISPs). In various embodiments, content delivery protocol (CDP) messages may enable clients to discover local cache network topologies and request content from a CDN based on a discovered local cache network topology. In various embodiments, security may be provided for the content delivery by the use of key encryption and/or file hashing.

A security processor includes a key generator circuit configured to randomly generate a key, an encryption circuit configured to encrypt user data based on the key, and a security manager circuit configured to receive a first user identification (ID), which uniquely corresponds to a user of a device, and determine whether to allow access to the user data by authenticating the first user

ID.

A secure element device that is configured to be cryptographically bound to a host device includes a secure element host key slot configured to store host key information that allows only the host device to control the secure element, a secure memory storing binding information, and limited functionality allowing the binding information to be read from the secure memory by the host device during a binding process. The binding information is cryptographically correlated with the host key information. The host key information is generated by the host device using the binding information read from the secure element and a secret key. The secure element device further includes general functionality only accessible to the host device using the host key information that is generated by the host device. The secure memory includes prevention measures impeding unauthorized entities from obtaining information from the secure memory.

The present technology relates to a file processing device and a file processing method for enabling restriction of viewing of an image.

A file control unit generates a file that stores an encrypted image obtained by encrypting an image with a first encryption key, and an encrypted encryption key obtained by encrypting the first encryption key with a second encryption key, the encrypted image and the encrypted encryption key being associated with each other in the file. The file control unit also decrypts the encrypted encryption key in the file into the first encryption key, and, with the first encryption key obtained by the decryption, decrypts the encrypted image into the image. The present technology can be applied to a digital camera and the like that capture images, for example.

A key management method serves as an electronic control unit (ECU) in an onboard network system having a plurality of ECUs that perform communication by frames via a network. The method includes storing a shared key and executing encryption processing based on the shared key. The method further includes executing inspection of a security state of the shared key stored in a case where a vehicle is in at least one of the following particular states: the vehicle is not driving and is an accessory-on state; a fuel cap of the vehicle is open, and the vehicle is not driving and is fueling; the vehicle is parked, which is indicated by the gearshift; the vehicle is in a stopped state before driving, which is indicated by the gearshift; and a charging plug is connected to the vehicle, and the vehicle is electrically charging.

Performing cryptographic operations such as encryption and decryption may be computationally expensive. In some contexts, initialization vectors and keystreams operable to perform encryption operations are generated and stored in a repository, and later retrieved for use in performing encryption operations. Multiple devices in a distributed system can each generate and store a subset of a larger set of keystreams.

Method and system for training a neural network. The neural network is split into first and second portions. A k-layer first portion is sent to a client training/inference engine and the second portion is retained by a server training/inference engine. At the splitting point, the kth layer is a one-way function in output computation has a number of nodes that are less than any other layer of the first portion. The client training/inference engine trains the first portion with input data in a set of training data. The server training/inference engine receives a batch of outputs from the client training and applies them to the second portion to train the entire neural network.

The present application describes a method, system, and non-transitory computer-readable medium for exchanging encrypted communications using hybrid encryption. According to the present disclosure, a first device receives an encrypted communication from a second device. The encrypted communication includes a first encrypted secret, a second encrypted secret, a first signature, and a second signature. The first device verifies the first signature and the second signature, and, when the first and second signatures are valid, decrypts the first encrypted secret using a first encryption algorithm and the second encrypted secret using a second encryption algorithm. The first device combines the first decrypted secret and the second decrypted secret to recover a first communication and provides the first communication to a user of the first device.

Techniques described herein relate to systems and methods of data storage, and more particularly to providing layering of file system functionality on an object interface. In certain embodiments, file system functionality may be layered on cloud object interfaces to provide cloud-based storage while allowing for functionality expected from a legacy applications. For instance, POSIX interfaces and semantics may be layered on cloud-based storage, while providing access to data in a manner consistent with file-based access with data organization in name hierarchies. Various embodiments also may provide for memory mapping of data so that memory map changes are reflected in persistent storage while ensuring consistency between memory map changes and writes. For example, by transforming a ZFS file system disk-based storage into ZFS cloud-based storage, the ZFS file system gains the elastic nature of cloud storage.