The invention relates to a method for operating a container (100) providing a service to a user in a cloud environment, wherein the container is generated from a container image (51) which comprises an encrypted software package, the container image further comprising a decryption entity, wherein the method comprises the steps of receiving a message to set up the container (100) out of the container image (51), the message comprising an access identifier allowing access to a restricted area (60) to which the access is not provided without the access identifier, the restricted area comprising a plurality of decryption keys, and accessing the restricted area (60) using the access identifier received with the message, and retrieving a decryption key from the restricted area (60) based on the access identifier, and decrypting the encrypted software package with the retrieved decryption key in order to generate a decrypted software package, providing the service to the user based on the decrypted software package.

A system includes a purchase portal configured to receive a purchase order from a customer, wherein the purchase order includes a service from each of a plurality of service providers. When receipt of the purchase order is detected, a processor determines first and second ones of the service providers associated with the purchase order; and establishes a trust relationship between the first service provider and the second service provider in a context of the customer. The processor also sends a first request for a first trust artifact to the first service provider and a second request for a second trust artifact to the second service provider; receives the first trust artifact from the first service provider, receives the second trust artifact from the second service provider, sends the first trust artifact to the second service provider, and sends the second trust artifact to the first service provider.

A computer-implemented method of verifying a user's identity comprising the steps of receiving biometric user data, personalized user data, and unique phone data of a verifying user from the verifying user's electronic computing device 102, compiling the biometric user data, personalized user data, and unique phone data of a verifying user into a single user identity data file, encrypting the single user identity data file and generating a data decryption key, and segregating the single user identity data file into a plurality of encrypted segregated user identity data files each independently stored on a first administrator server and a second administrator server, wherein the plurality of encrypted segregated user identity data files may only be aggregated and decrypted upon providing secondary biometric user data, personalized user data, and unique phone data which matches the original biometric user data, personalized user data, and unique phone data of the verifying user.

A non-transitory computer readable medium includes instructions that, when executed by processing circuitry, are configured to cause the processing circuitry to operate in a recovery mode after initiating a startup operation, transmit a data frame to a device of an electric power delivery system during the recovery mode, the data frame indicating a request for a security association key (SAK), receive the SAK from the device in response to transmitting the data frame, and use the SAK to communicate data via a media access control security (MACsec) communication link.

An example process includes breaking content into multiple fragments; and transmitting at least two of the multiple fragments over different physical channels in order to isolate the at least two fragments during transmission. The example process may include generating session keys; encrypting at least some of the fragments using different session keys; and associating, with each fragment, a session key used to encrypt a different fragment to produce fragment/session key pairs.

A method of operating a second network access node comprises configuring the second network access node to act as a secondary network access node for a dual connectivity mode for a terminal device in which a first network access node acts as a master network access node. The method further comprises establishing, while acting as a secondary network access node for the dual connectivity mode, that the second network access node should switch to acting as a master network access node, deriving a new master network access node security key for use by the second network access node when switched to acting as a master network access node for the dual connectivity mode, and configuring the second network access node to act a master network access node for the dual connectivity mode using the new master network access node security key.

A tamper resistant device can be used for an integrated circuit card. The device includes memory storing a first security domain that includes a telecommunication profile and a second security domain that includes an application profile. A first physical interface is configured to be coupled to a baseband processor configured to operate with a mobile telecommunications network. A second physical interface configured to be coupled to an application processor. The first physical interface configured to allow the baseband processor to access the telecommunication profile and the second physical interface is configured to allow the application processor to access the application profile. The tamper resistant device is configured to enable accessibility to the application profile if corresponding commands are received at the first interface and to enable accessibility to the telecommunication profile if corresponding commands are received at the second interface.

A system and method is disclosed for assuring that networked communications between parties playing a game on a network (e.g., the Internet) are not tampered with by either of the parties for illicitly gaining an advantage over the other party. An initial sequence of tokens (e.g., card representations) for playing the game are doubly encrypted using an encryption key from each of the parties. Accordingly, during play of the game neither party can modify the initial sequence of game tokens during the game. At termination of the game, at least one of the parties can fully decrypt the initial sequence of tokens, and thereby, if desired, compare the played token sequence with the corresponding the initial token sequence.

A system, a method, and a computer program are provided for securely connecting a main network to one or more subnetworks in an enterprise network through a group of enterprise routers has all data traffic routed between the main network and the subnetwork through an encrypted virtual private network (VPN) tunnel. The data traffic is monitored for a cyberthreat indication in the enterprise network, and any cyberthreat indication is has the cyberthreat remediated by modifying a policy in a firewall or one of the group of enterprise routers to stop routing exchange or cease encryption or transmission of data between the main network and the one or more subnetworks. In part, a key server and each router and the group of enterprise routers is configured with an Internet Protocol address, a group security association value, and a group profile which are employed by the technological solution for secure enterprise connectivity.

A mesh network system suitable for connection to a cloud server is provided. The system includes: a first node device, configured to store a first private key and encrypt to-be-verified data according to the first private key to generate first encrypted data; and a second node device, configured to receive the first encrypted data and send the first encrypted data to the cloud server. After sending the first encrypted data, the second node device obtains, from the cloud server, second encrypted data generated by encrypting a first key according to the first public key. The second node device sends the second encrypted data to the first node device. The first node device decrypts the second encrypted data according to the first private key to obtain the first key from the second encrypted data, and performs encrypted communication with the cloud server according to the first key.