Methods in a cloud object store facilitate strong data encryption, customer-management of object (encryption) keys, reductions in latency, globally-distributed object storage, and handling of streamed uploads. A method for encrypting objects stored in a cloud includes encrypting each object with a unique encryption (object) key. The plaintext object keys are generated in advance of uploads. The plaintext object keys can be stored in an object database in the cloud. Alternatively, the plaintext object keys can be provided to a customer's HSM, encrypted, and returned to the cloud, such that encrypted object keys, encrypted by the customer, are stored in the cloud. The cloud can alternatively encrypt the customer's object keys with a master key for the customer, which is then encrypted by the customer's HSM before being stored in the cloud. Proxies are also deployed for efficiently communicating with customer security modules.

Embodiments of this application provide a hybrid-cloud data storage method and apparatus, a related device, and a cloud system. The data storage method includes: obtaining, by a gateway of a private cloud, to-be-stored data; determining partial data to be encrypted in the to-be-stored data, to obtain first target data; obtaining a first ciphertext obtained after the first target data is encrypted, the first target data being encrypted according to a first key provided by an encryption chip connected to the gateway; generating second target data including the first ciphertext according to the first ciphertext; generating a data slice corresponding to the second target data according to the second target data; and transmitting the data slice corresponding to the second target data to a public cloud for storage.

A network device decrypts a record, received from a client device, that is associated with an encrypted session between the client device and an application platform. The network device incorporates decrypted record data, from the decrypted record, into a payload field of a transmission control protocol (TCP) packet to be transmitted to another device, identifies a record header in the record, and determines, based on the record header, a record type associated with the decrypted record. Based on the record type, the network device marks the one or more TCP packets as including urgent data by setting a TCP urgent control bit in a header of the one or more TCP packets, and sets a second field, in the header of the TCP packet, to a second value that identifies an end of the urgent data, which corresponds to an end of the decrypted record data in the payload field.

Techniques discussed herein relate to providing composable edge devices. In some embodiments, a user request specifying a set of services to be executed at a cloud-computing edge device may be received by a computing device operated by a cloud computing provider. A manifest may be generated in accordance with the user request. The manifest may specify a configuration for the cloud-computing edge device. Another request can be received specifying the same or a different set of services to be executed at another edge device. Another manifest which specifies the configuration for that edge device may be generated and subsequently used to provision the request set of services on that device. In this manner, manifests can be used to compose the platform to be utilized at any given edge device.

Described embodiments provide systems and methods for protecting private data or confidential information. A device can receive a request from a client for a page from a server that includes confidential information to be verified with an owner of the confidential information. The device may be intermediary between the client and the server. Prior to providing the page to the client for rendering, the device may replace a first user interface (UI) element having the confidential information in the page, with a second UI element to obfuscate the confidential information. The device may receive an activation of the second UI element to request the owner to verify the confidential information from the client. The device may send to the client an update to the page to include an indication of whether the confidential information has been correctly verified with the owner.

A system for vaultless tokenization and encryption includes an iframe service for collecting data and a tokenization service for (de)tokenizing and encrypting/decrypting data. The system is accessible to users and partners that submit requests causing various functions to be executed by the system. The functions include, but are not limited to, providing (de)tokenization and/or encryption services, and managing and creating templates for iframe collection, (de)tokenization, and encryption/decryption. A template service facilitates generation of templates that parametrize collection of original data via served iframe elements, tokenization and/or encryption of original data, and detokenizing and/or decrypting tokens to recover original data. An iframe service is configured for providing a virtual terminal, an iframe that provides users direct access to (de)tokenization and/or decryption/encryption services. Access to system services is managed via identifiers that include authentication credentials and parameters for performing (de)tokenization and/or encryption/decryption processes.

Systems, methods, and apparatus for a virtual transponder utilizing inband commanding are disclosed. In one or more embodiments, a disclosed method comprises receiving, by a payload antenna on a vehicle via a hosted receiving antenna, encrypted hosted commands transmitted from a hosted payload (HoP) operation center (HOC). The method further comprises receiving, by the vehicle, encrypted host commands transmitted from a host spacecraft operations center (SOC). Also, the method comprises reconfiguring a payload on the vehicle according to the unencrypted host commands and/or the unencrypted hosted commands. In addition, the method comprises transmitting, by the payload antenna, payload data to a host receiving antenna and/or the hosted receiving antenna. Additionally, the method comprises transmitting, by a host telemetry transmitter, the encrypted host telemetry to the host SOC. Further, the method comprises transmitting, by a hosted telemetry transmitter, the encrypted hosted telemetry to the HOC via the host SOC.

An Internet-connected device, such as a car, refrigerator, or even a laptop can use a second device, such as a cell phone, to support cryptographic operations and communication with token service providers or other processing services requiring pre-provisioned capabilities that may include cryptographic secrets. By removing the need to store personally sensitive data in “Internet of Things” (IoT) devices, a user's personal information and other sensitive financial information may be contained to a relatively small number of devices. This may help prevent theft of goods or services by IoT devices that are not always under the close control of the user.

A communication network encrypts a first portion of a transaction associated with point-to-point communications using a point-to-point encryption key. A second portion of the transaction associated with end-to-end communications is encrypted using an end-to-end encryption key.

A system includes a plurality of computer devices connected to a network. The computer devices are operable by a plurality of users. The system further includes a server connected to the network. The server is to communicate data with the plurality of computer devices. The system further includes a bridge device connected to the network. The bridge device is to receive connection requests from the plurality of computer devices via the network. The bridge device is further to receive connection requests from the server via the network. The bridge device is further to mediate data communications between the plurality of computer devices and the server by communicating data through open connections made based on connection requests received from the plurality of computer devices and the server.