The method is aimed at providing secure multicast communication between a plurality of devices forming a cluster of devices connected to one another by a local network. The method provides for electing a key distribution device and generating a group encryption key in said key distribution device. A secure communication channel is then established between the key distribution device and each device of a group of devices to be connected to the cluster. The group encryption key is transmitted from the key distribution device to the devices to be connected to the cluster and stored thereby. When all devices of the cluster have received the group encryption key, multicast communication among the devices of the cluster can start.

A secure communication system is disclosed for communication between first and second party devices. An input interface is provided for receiving from an external host a unique host factor in addition to a user input interface for receiving from a user a unique PIN for a user and a selection input for selecting one of the plurality of stored entropy stores as a user selected entropy store A first private key generator is operable for generating a private key using a key generation algorithm requiring the selected entropy store, the host factor and the unique user PIN. The second party device includes a second storage device for storing a plurality of entropy stores. An input interface is provided for receiving the same unique host factor as received by the first party device. A communication interface facilitates communication with the first party device to receive from the first party device a user PIN and an indication of the user selected entropy store. A second private key generator is operable for generating a private key using the predetermined key generation algorithm with the received user PIN, the received host factor, and an extracted entropy store corresponding to user selected entropy store, wherein the private key generated by both the first and second private key generators are identical. The session is initiated to cause the generation of the identical private keys at both of the first and second private key generators and allow secure communication between the first and second devices. The private key at least one of the first and second devices is deleted at the end of the session.

A method including determining, by a device for a folder associated with encrypted content, a folder access key pair including a folder access public key and a folder access private key; determining, by the device for a group associated with the folder, a group access key pair including a group access public key and a group access private key; encrypting, by the device, the folder access private key by utilizing the group access public key; and accessing, by the device, the folder via the group based at least in part on decrypting the folder access private key. Various other aspects are contemplated.

A method comprises receiving vehicle data comprising information associated with a plurality of sensors of autonomous vehicle and segmenting the received vehicle data into non-public data and public data. The method further comprises partitioning the public data into a plurality of data partitions and generating a plurality of data levels of the public data. Each data level of the plurality of data levels is generated according to an access level of a plurality of access levels and includes one or more data partitions of the plurality of data partitions in an encrypted form. The method further comprises transmitting the generated plurality of data levels to a group of electronic devices. Each electronic device of the group of electronic devices retrieves, according to one of the plurality of access levels, at least a portion of the public data from the transmitted plurality of data levels.

In an authentication method, a first controller generates a first group key, executes first mutual authentication with devices within a group, and shares the first group key with devices that have succeeded in the first mutual authentication. When a second controller joins the group, the first controller decides which coordinator manages a group key used in common. The first controller executes second mutual authentication with the coordinator, and shares the first group key with the coordinator when the second mutual authentication is successful. The coordinator performs encrypted communication within the group using the first group key, generates a second group key when the first group key valid time runs out and before updating the first group key, executes third mutual authentication with the devices and a third controller, and updates the first group key of the devices and the third controller that have succeeded in the third authentication.

The present disclosure provides systems and methods for managed video conferencing. A system can include a media server comprising a processor, a network interface in communication with a plurality of client devices, and a memory storing a cryptographic key shared with an access control server. The system can receive, from a first client device via the network interface, metadata of a video conferencing session and a token, the token provided to the first client device by the access control server responsive to successful registration of the first client device for the video conferencing session. The system can calculate a hash of the metadata with the cryptographic key. The system can compare the calculated hash to the token. The system can, responsive to the calculated hash matching the token, provide at least one media stream of the video conferencing session to the first client device. Such a stream may be provided to the first client device regardless of what other devices are configured to receive the stream or receive other streams within the system.

An apparatus to facilitate enabling stateless accelerator designs shared across mutually-distrustful tenants is disclosed. The apparatus includes a fully-homomorphic encryption (FHE)-capable circuitry to establish a secure session with a trusted environment executing on a host device communicably coupled to the apparatus; generate, as part of establishing the secure session, per-tenant FHE keys for each tenant utilizing the FHE-capable circuitry, the per-tenant FHE keys utilized to encrypt tenant data provided to an FHE-capable compute kernel of the FHE-capable circuitry; process tenant data that is in an FHE-encrypted format encrypted with a per-tenant FHE key of the per-tenant FHE keys; and store the tenant data that is in the FHE-encrypted format encrypted with the per-tenant FHE key of the per-tenant FHE keys.

A backend computer and methods of using the backend computer are described. The method may comprise: receiving, at a first backend computer, sensor data associated with a vehicle; determining a labeling of the sensor data, comprising: determining personal data and determining non-personal data that is separated from the personal data, wherein each of the personal and non-personal data comprise labeled data, wherein the personal data comprises information relating to at least one identified or identifiable natural person; and performing via the personal data and the non-personal data that is separated from the personal data, at the first backend computer, data processing associated with collecting sensor data associated with the vehicle.

Aspects of the invention include initializing a local key manager (LKM) on a node of a computing environment. The node includes a plurality of channels. The LKM is configured to provide a secure data transfer between the node and an other node of the computing environment. A connection is established, by the LKM, between the LKM and an external key manager (EKM) that stores a shared key for the node and the other node. In response to establishing the connection, the LKM registers security capabilities of the plurality of channels. The security capabilities are used by the LKM to provide the secure data transfer between the node and the other node.

Provided is a data security sharing method for multiple edge nodes to operate in a collaboration mode under an industrial cloud environment. The method includes: firstly, edge nodes that need collaborative computing separately applying for a shared key to an authority center; secondly, the authority center generating a shared key and issuing the key to each of the edge nodes applying for participation in the collaborative computing; again, the edge nodes combining industrial characteristics to generate an interference factor set, and adding different interference factors for different types of data; then, the data of the edge nodes is implemented with improved homomorphic encryption and is uploaded to an industrial cloud platform; and finally, the industrial cloud platform performing homomorphic analysis and computing on the data uploaded by each of the edge nodes, and issuing the data back to each of the edge nodes.