A method in a first virtual private network (VPN) server associated with clustering a plurality of VPN servers in a clustered network, the method including receiving, from a VPN service provider (VSP) control infrastructure, VPN data associated with a user device having an established VPN connection with the clustered network; and communicating, utilizing key information, the VPN data with the user device during the established VPN connection. Various other aspects are contemplated.

The invention relates to a method for operating a container (100) providing a service to a user in a cloud environment, wherein the container is generated from a container image (51) which comprises an encrypted software package, the container image further comprising a decryption entity, wherein the method comprises the steps of receiving a message to set up the container (100) out of the container image (51), the message comprising an access identifier allowing access to a restricted area (60) to which the access is not provided without the access identifier, the restricted area comprising a plurality of decryption keys, and accessing the restricted area (60) using the access identifier received with the message, and retrieving a decryption key from the restricted area (60) based on the access identifier, and decrypting the encrypted software package with the retrieved decryption key in order to generate a decrypted software package, providing the service to the user based on the decrypted software package.

In a digital communication system, using a symmetric key encryption protocol, the identifier of a transmitter included in a message transmitted to a receiver is encrypted. The identifier is divided into P parts, P being an integer number at least equal to two. The parts are ordered and associated, respectively, with ranks varying between one and P. For at least one part of rank greater than or equal to two, an encryption key is determined on the basis of the values of the parts of preceding rank and is encrypted with the encryption key thus determined. An encrypted identifier is then determined from the one or more encrypted parts thus obtained. The message to be transmitted is then formed from the encrypted identifier thus determined, and then transmitted to the receiver.

A method for data processing is performed by an operation data recording device. The method includes: in response to a data access request sent by a client for a target vehicle, generating symmetric keys for symmetrically encrypting operation data of the target vehicle, in which the symmetric keys are generated based on a user ID and a primary public key for a third party, and the user ID is carried in the data access request; obtaining target encrypted data by symmetrically encrypting the operation data using the symmetric keys; and sending the target encrypted data to the client.

A system and method are provided for authenticating client devices communicating with an enterprise system. The method includes providing a policy enforcement interceptor to intercept API calls and enabling the policy enforcement interceptor to communicate with a policy information point to query the at least one endpoint for entitlements associated with an account. The method also includes intercepting an API call to the application API, communicating with the policy information point to determine entitlements associated with the account by having the policy information point query an entitlements database and, when the entitlements returned to the policy enforcement interceptor are valid, invoking a policy decision point to validate the client device. The method also includes, when the client device is validated, permitting invocation of the API. The method also includes providing an API response to the client device to permit access to the application via the API.

A method of facilitating an anonymous message board may include receiving a secret key share associated with a published public key. An initial table state may be generated by encrypting, via the public key, an initial table including a table index and table initial values. A user post encrypted via the public key may be received, the user post including a message and a message index value. The initial table state may be updated to an updated table state by replacing an initial table value of the initial table values with the message. In response to a time interval associated with a predetermined length of time expiring after generating the initial table state, the updated table state may be partially decrypted via the first secret key share as a partially decrypted table. The partially decrypted table may be broadcast.

Secure communication in a geographic incident area is disclosed. Computer-implemented methods are also disclosed, one of which is for restricting access to a resource and includes generating a key and splitting it into N key parts (where N is an integer greater than two). The method also includes encrypting the N key parts. The method also includes transmitting, over a network, to a device: the N encrypted key parts; and identifying information for N secret objects expected to be visible within the area. Each of the N encrypted key parts is decryptable based on at least one video analytics-discernable object attribute for each respective secret object of the N secret objects. The method also includes allowing an additional entity to access the resource only by presentation of a complete key formed from decrypted versions of less than all of the N key parts.

Techniques are provided herein for secure display device communications. In one example, a video communications device provides, to a display device over a first connection, communication information that enables the display device to contact a server over a second connection. The video communications device further provides, to the display device over the first connection, a command configured to initiate an interaction with the server. The server obtains, from the display device over the second connection, a message initiating the interaction in response to the command based on the communication information.

A computer implemented method to detect a data breach in a network-connected computing system including generating, at a trusted secure computing device, a copy of data distributed across a network; the computing device accessing sensitive information for the network-connected computer system and searching for at least part of the sensitive information in the copy of the data; in response to an identification of sensitive information in the copy of the data identifying the sensitive information as compromised sensitive information.

A computer system is provided. The computer system includes a memory and a processor. The processor is configured to scan user interface (UI) data representative of a plurality of UI controls; detect a portion of the UI data associated with private information, the portion corresponding to a UI control of the plurality of UI controls; record first session data comprising an obfuscated version of the UI control and unobfuscated versions of other UI controls of the plurality of UI controls; record second session data comprising an unobfuscated version of the UI control; encrypt the second session data to generate encrypted session data; and store the encrypted session data in association with the first session data.