A method and system for securely replicating encrypted deduplicated storages. Specifically, the method and system disclosed herein entail the replication and migration of encrypted data between storage systems that support deduplication. More specifically, a first encrypted data, which may have been encrypted using a first public cryptographic key and consolidated on a source storage system, may be translated into an interim (yet still encrypted) state using a first split private cryptographic key. Thereafter, using a compound conversion key, the interim state data may be further translated into a second encrypted data, which may be characterized as being encrypted by a second public cryptographic key. Therefore, substantively, the method and system disclosed herein may be directed to the translation of encrypted data from one encryption scheme to another while in-flight from a source storage system to a target storage system.

A key master service capable of operating on a service provider in a network enables is disclosed. The key master enables authorized parties to securely exchange client information without compromising client security. One feature of the key master service is the generation of a unique key for each client. All parties in an authorized universe access, exchange and modify client information by referencing the universal key, rather than using known client identifiers. Client information is further secured by advantageously applying an obfuscation function to the data. Obfuscated client information is stored together with the universal key as keyed client data at the client and/or server, where it may be directly accessed by the service provider or third parties. Because client information is stored and exchanged without the ability to discern either the client identity or the nature of the information, such information is secured against malicious third-party interception.

Described herein are systems and methods for securely obtaining payment information from a recipient on a payer's mobile device within an application on the payer's mobile device. The securely obtained information can be decrypted in the application, and the recipient information can be extracted. The extracted recipient information can be validated and used by the application to initiate a fund transfer to the recipient's account from the payer's account. The application can include a user interface that can allow the payer to anonymize the payment, securing the privacy of the payer.

This application provides a key distribution method, an apparatus, and a system, includes: determining, by an identity management server based on AAA authentication information, whether AAA authentication on the terminal succeeds; if the AAA authentication succeeds, sending the ID of the terminal to a key management server; and generating, by the key management server, a private key of the terminal and returning the private key to the management server. After negotiating with the terminal to generate a first key, the identity management server encrypts the ID and the private key of the terminal, and sends an encrypted ID and an encrypted private key to the terminal. The terminal obtains the ID and the private key of the terminal. According to the key distribution method, apparatus, and system provided in this application, communication security performance of the terminal during ID-based registration authentication is improved.

The disclosure is directed to use of digital keys in providing access to secured locations, goods and resources as well as other assets. The access may be fee based with the disclosure further directed to including fee payment authorization into the access process. Electronic locks may be employed within modules to faciltiate the access. The digital keys may be accompanied with commands for the electronic locks and/or modules accomodating them to execute in the course of providing the access. The digital keys may be shared, limited to single or multiple use and may be lock agnostic. The commands may be sent from a smart mobile device and be digitally signed for subsequent attestation by the lock for authenticity verification. The digital keys may be generated and otherwise handled under one of a series of escalating security encryption methods typically used and reserved for financial transactions.

Systems and techniques that facilitate universal and efficient privacy-preserving vertical federated learning are provided. In various embodiments, a key distribution component can distribute respective feature-dimension public keys and respective sample-dimension public keys to respective participants in a vertical federated learning framework governed by a coordinator, wherein the respective participants can send to the coordinator respective local model updates encrypted by the respective feature-dimension public keys and respective local datasets encrypted by the respective sample-dimension public keys. In various embodiments, an inference prevention component can verify a participant-related weight vector generated by the coordinator, based on which the key distribution component can distribute to the coordinator a functional feature-dimension secret key that can aggregate the encrypted respective local model updates into a sample-related weight vector. In various embodiments, the inference prevention component can verify the sample-related weight vector, based on which the key distribution component can distribute to the coordinator a functional sample-dimension secret key that can aggregate the encrypted respective local datasets into an update value for a global model.

A space and wave division multiplexing and demultiplexing system and method for quantum key distribution (QKD) using free space laser communications. The system operates to transmit a quantum channel, including a key of QKD, included in a combined laser transmission with a classical channel, including an encrypted message of QKD. The laser transmission can be transmitted through free space to a lens, wherein it is diffracted into two separate diffraction patterns and captured by a double clad optical receiver fiber having an inner core and a concentric outer core. The diffraction pattern of the classical channel is captured by the outer core, while the diffraction pattern of the quantum channel is captured by the inner core, thus allowing separate treatment of each channel.

In general, techniques are described for an encryption key namespace of a kernel, executed by a host computing device, the encryption key namespace having a configuration file that stores an association of a key identifier and a container identifier by which the host computing device can obtain a data encryption key to use for decrypting/encrypting data for the container identified by the container identifier. In this way, a user may associate a container (or container image) with a unique key identifier. By configuring this association in the encryption key namespace for the container, the container may be identified and automatically associated with a key identifier for the appropriate key for decrypting/encrypting data for the container. The host computing device may then obtain, from a key management service, the key using the key identifier.

Techniques for on-demand issuance of private keys for encrypted video transmission are described. A video processing service of a provider network receives a request from a computing device outside the provider network to begin video processing of video data generated by a video source device outside the provider network. The video processing service sends instructions to a video encoding device associated with the video source device to establish the connection for video transmission. The video processing service sends an encryption key to the video encoding device, and sends a decryption key to a video decryption engine. Subsequently, the video processing service receives video data from the video source device, via the video encoding device.

Technologies for secure I/O data transfer includes a compute device, which includes a processor to execute a trusted application, an input/output (I/O) device, and an I/O subsystem. The I/O subsystem is configured to establish a secured channel between the I/O subsystem and a trusted application running on the compute device, and receive, in response to an establishment of the secured channel, I/O data from the I/O device via an unsecured channel. The I/O subsystem is further configured to encrypt, in response to a receipt of the I/O data, the I/O data using a security key associated with the trusted application that is to process the I/O data and transmit the encrypted I/O data to the trusted application via the secured channel, wherein the secured channel has a data transfer rate that is higher than a data transfer rate of the unsecured channel between the I/O device and the I/O subsystem.