The disclosed embodiments relate to a memory device. In one embodiment, a memory device is disclosed comprising a storage array, the storage array including a first region, the first region storing a server public key associated with a server, and a key table; and a controller configured to: receive a message from the server, the message including a command modifying the key table, validate the message using the server public key, and modify the key table based on the message.

The present application relates to networking technologies, communication cube technologies, and, more particularly, to methods, apparatus, techniques, and means for communication security, encryption, and privacy in network communications.

A scheme for securely transferring a patient data file to an intended recipient regardless of a transfer mode selected by a sender. Encryption system executing at the sender device is operative to encrypt each plaintext data line of a file, one by one, using a symmetric key and a starting IV that is incremented per each line, resulting in corresponding ciphertext lines added to an encrypted file. A hash is generated based on the encrypted file. An encrypted header containing the symmetric key, starting IV and the hash is generated using a public key of the recipient, which is appended to the encrypted file. The encrypted header and associated encrypted file are transmitted to the recipient in any manner. Upon receipt, the recipient decrypts the encrypted header using a private key to obtain the symmetric key, starting IV and the hash, which are used by the recipient to validate and decrypt the encrypted file on a line-by-line basis.

A method including determining, by a device, a sharing decryption key based at least in part on an assigned private key associated with the device and a group access public key associated with a group; decrypting, by the device, a group access private key associated with the group by utilizing the sharing decryption key; and decrypting, by the device, encrypted content included in a folder associated with the group based at least in part on utilizing the group access private key associated with the group. Various other aspects are contemplated.

A decentralized public key management system for named data networks based on blockchain, which solves the Compromised Certificate Authority (CA) Problem. The system divides the power of an individual CA among multiple Public Key Miners (PKMiners) that maintain the public key blockchains. The majority rule in name-principal validation allows the present invention to tolerate compromised PKMiners without causing any damage.

In some examples, in response to a request from a client device for information relating to a transaction stored by a blockchain, a system identifies, using information stored in a distributed storage system that stores data for the blockchain, multiple data owner entities from which permissions are to be obtained for access of the information, and determines an authorization requirement for the information based on a smart contract. The system sends authorization information based on the authorization requirement to trigger a retrieval of authorization tokens from the identified data owner entities for access of the information, and sends the information to the client device in response to receiving the authorization tokens.

A method performs cryptographic operations on data in a processing device. An iterative operation between a first operand formed by a given number of words and a second operand using a secret key is performed. The iterative operation includes, for each bit of the secret key, applying one of a first set operations and a second set of operations to the first operand and to the second operand depending on of the bit, and conditionally swapping words of the first and the second operand based on a control bit value obtained by applying a logic XOR function to a random bit.

Methods and systems for assessing internet exposure of a cloud-based workload are disclosed. A method comprises accessing at least one cloud provider API to determine a plurality of entities capable of routing traffic in a virtual cloud environment associated with a target account containing the workload, querying the at least one cloud provider API to determine at least one networking configuration of the entities, building a graph connecting the plurality of entities based on the networking configuration, accessing a data structure identifying services publicly accessible via the Internet and capable of serving as an internet proxy; integrating the identified services into the graph; traversing the graph to identify at least one source originating via the Internet and reaching the workload, and outputting a risk notification associated with the workload. Systems and computer-readable media implementing the above method are also disclosed.

Provided is a method for securely diversifying a generic application stored in a secure processor of a terminal, said method comprising: Generating at the request of a manager application hosted in an application processor of said terminal, at the level of a distant server, a server challenge; Sending said server challenge to said application; Generating a first message at said application, said first message being function of said server challenge, an application challenge and an unique identifier of said application; Sending said first message to a Root-Of-Trust service hosted in a secure processor of said terminal, said Root-of-Trust service generating an attestation of said first message, said attestation guaranteeing that said first message has not been modified and originates from said secure processor; and Transmitting said attestation of said first message to said distant server in an enablement request message.

Methods and apparatus are disclosed for enabling digital content from a content provider (12, 5 14) to be provided via a communication network (10) from intermediate digital content stores (16) to user-devices (18). According to one aspect, the method comprises the content provider (12, 14) providing digital content encrypted using a cryptographic encryption key to an intermediate digital content store (16), the cryptographic encryption key being a public key of a key-pair and having an associated private key. In response to a request from a user-device (18) to the content provider (12, 14) for the digital content, a cryptographic session key is shared between the content provider (12, 14) and the requesting user-device (18). The content provider (12, 14) provides to the intermediate digital content store (16) the cryptographic re-encryption key and indications of the requested digital content and of the user-device (18).