Techniques are disclosed for cryptographically secure shuffling processes for generating and utilizing secrets in an infrastructure-as-a-service (IaaS) environment. In an embodiment, a method comprises generating a source list and a destination list, the source list and destination list association with a sequential format and the source list comprising a plurality of elements in the sequential format; generating a first random number and a second random number; determining a first element in the source list, the first element corresponding to a position in the sequential format of the source list based on the first random number; determining a first destination position in the destination list, the first destination position corresponding to a position in the sequential format of the destination list based on the second random number; and updating the destination list to include the first element in the source list at the first destination position.

Exemplary embodiments relate to techniques for sending ephemeral content messages via a communications service. An interface may be presented to allow a user to initially access ephemeral content functionality and select content for inclusion in the ephemeral content message. The interface may present a streamlined set of use cases without regard to the manner in which the content was initially captured. Different types of content may be used as ephemeral content, including images, videos, weather reports, news stories, text, audio recordings, location tags, etc. The ephemeral content may be sent through the communications service as an end-to-end encrypted message. When a user replies to an ephemeral content message, the reply may trigger a one-to-one conversation between the originating user and the replying user. Alternatively, an ephemeral content message may be initially sent to a selected group, and replies may be sent back to the entire group.

A security system makes secure exchanges between a services platform and a communicating thing, which includes a control device. The system further includes a server, referred to as a “mediation” server, which receives a message, referred to as a “first” message, from the services platform, encrypts the first message, and sends the encrypted first message to the communicating thing. The communicating thing is also fitted with an IC card that is distinct from the control device and that decrypts the encrypted first message and sends the decrypted first message to the control device. The encryption and decryption operations are performed by at least one secret key shared between the mediation server and the IC card.

A microprocessor conditionally grants a request to switch from a normal execution mode in which encrypted instructions cannot be executed, into a secure execution mode (SEM). Thereafter, the microprocessor executes a plurality of instructions, including a store-key instruction to write a set of one or more cryptographic key values into a secure memory of the microprocessor. After fetching an encrypted program from an instruction cache, the microprocessor decrypts the encrypted program into plaintext instructions using decryption logic within the microprocessor's instruction-processing pipeline.

One embodiment provides a system and method for sharing a security application. During operation, the security application receives a service key associated with a first application executed on a terminal device. The security application resides in a secure element within the terminal device. The security application receives service data associated with the first application; processes the service data based on the service key; and returns the processed service data to the first application, thereby facilitating the first application in performing service based on the processed service data.

Blockchain-based systems and methods are used to control access to property. One system includes a mobile device, a key fob, and a server. The mobile device generates an encrypted code and transmits it to the key fob. The key fob transmits the encrypted code to the property and the server updates a log of the key fob in a hyper ledger. The property includes a computing device that validates the encrypted code and grants a key fob user access to the property. Another system includes a server that validates an access key and a first station that transmits an access key to a second station via the server and a satellite. The second station transmits data to the first station via the server and the satellite. The server saves a transmission log in a hyper ledger and transmits the access key in response to a request by the first station.

A trust relationship can be established between two or more identities without the need of a certificate authority. Trust relationships between identities can be maintained in a distributed ring of trust between two or more identities. The distributed ring of trust can be on a signed identity list. A node desiring to add an identity to the ring of trust sends a request to a member of the ring of trust. The receiving member can determine whether or not to approve the request. In some aspects, approval can be based on a previously shared key or a two-party verification. Upon approval, the requested identity is added to a trusted identity list indicating identities associated with current members of the ring of trust. The updated trusted identity list can then be distributed to the members of the ring of trust.

Processing encoded identification information entails receiving the encoded identification information via a short range magnetic induction connection with a corresponding device, as well as decoding information corresponding to the encoded identification information. At least one of a decryption or decoding of the encoded identifier using the decoding information is performed to produce a decoded information item. Then additional information based upon the decoded information item is communicated over another connection separate from the short range magnetic induction connection.

The present disclosure is directed to sealing data using chain of trust key derivation. In at least one embodiment, a chain of trust may be used to derive sealing keys for sealing data on a device. The device may comprise, for example, at least a memory and processor. The processor may be to at least load code modules from the memory. Following the loading of a code module, the processor may further be to measure the code module, determine a sealing key corresponding to the code module, wherein the sealing key is determined based at least on a prior sealing key corresponding to a previously loaded code module and the measurement of the code module, and seal data corresponding to the loaded code module using the sealing key. Since the sealing keys are state dependent, a method for authorized migration of sealed data during software upgrades is also disclosed.

A technique to cache content securely within edge network environments, even within portions of that network that might be considered less secure than what a customer desires, while still providing the acceleration and off-loading benefits of the edge network. The approach ensures that customer confidential data (whether content, keys, etc.) are not exposed either in transit or at rest. In this approach, only encrypted copies of the customer's content objects are maintained within the portion of the edge network, but without any need to manage the encryption keys. To take full advantage of the secure content caching technique, preferably the encrypted content (or portions thereof) are pre-positioned within the edge network portion to improve performance of secure content delivery from the environment.