An example process includes breaking content into multiple fragments; and transmitting at least two of the multiple fragments over different physical channels in order to isolate the at least two fragments during transmission. The example process may include generating session keys; encrypting at least some of the fragments using different session keys; and associating, with each fragment, a session key used to encrypt a different fragment to produce fragment/session key pairs.

A device management service of a provider network maintain a device repository that is accessible to a remote managed network. The device management service assigns different service credentials for different edge devices indicated by the device repository. For a particular edge device, the device management service provides, based on the service credentials assigned for the edge device, secure transmission of a message between the device management service and a network manager of the managed network. The network manager of the managed network provides secure transmission of the message between the network manager and the edge device based on local credentials assigned for the edge device.

Techniques are disclosed for securely distributing entropy in a distributed environment. The entropy that is distributed may be quantum entropy that is generated by a quantum entropy generator or source. The true random entropy generated by a trusted entropy generator can be communicated securely among computer systems or hosts using secure communication channels that are set up using a portion of the entropy. The distribution techniques enable computer systems and hosts, which would otherwise not have access to such entropy generated by the trusted entropy source, to have access to the entropy.

A device and a method implemented by computer for authorizing, to a user having access rights granted by a first operator, a completely anonymous and secure access, with no trusted third-party, to a collaborative anonymization platform and/or to a service requiring privacy properties based on such a platform operated by various operators.

Systems, apparatuses, methods, and computer program products are disclosed for post-quantum cryptography (PQC). An example method includes transmitting a first portion of an electronic communication to a client device over a non-PQC communications channel. The example method further includes transmitting a second portion of the electronic communication to the client device over a PQC communications channel. In some instances, the first portion of the electronic communication may comprise overhead data, and the second portion of the electronic communication may comprise payload data.

A first party uses a secret key to encrypt information, which is then sent through an untrusted connection to a second party. The second party, however, cannot decrypt the information on its own, and it relays the encrypted information through a secure network. The secure network includes one or more nodes linking the first and second parties through one or more trusted connections (“hops”); each hop features uses of a shared secret key unique to that hop. The first party's connection to the network (domain) receives the information relayed through the secure network by the second party, it decrypts that information according to the secret key of the first party, and it then retransmits the decrypted information to the second party using the secure hops. Techniques are provided for sharing a private session key, federated credentials, and private information.

A method for establishing a fully private, information secure interconnection between a source and a destination over a data network with at least a portion of a public infrastructure. The method comprising at the source creating n shares of a source data according to a predetermined secret sharing scheme, and encrypting the n shares using (n, k) secret sharing. Further, defining for at least one node vi a directed edge (Vi1, Vi2) that has a k−1 capacity. All outgoing links of vi are connected to vi2. Additionally, using a maximum flow algorithm to define the maximum number of shares outgoing from vi2, and therefore from vi, on each outgoing link. The number of shares forwarded by node vi does not exceed the number of maximum shares that were defined by the maximum flow algorithm.

Methods and systems for performing a computational operation on a server host are provided. Exemplary methods include: receiving an encrypted service request from a client host, the client host encrypting a service request to produce the encrypted service request using a shared secret, the service request specifying the computational operation; decrypting, in a secure enclave, the encrypted service request using the shared secret to produce a decrypted service request, the secure enclave preventing other software running on the server host from accessing the shared secret and other data stored in a memory space; performing the computational operation, in the secure enclave, using the decrypted service request to generate a service result; encrypting, in the secure enclave, the service result using the shared secret to create an encrypted service result; and providing the encrypted service result to the client host, the client host decrypting the encrypted service result.

A network element and a method for execution by such network element. The method comprises processing a plurality of information streams transiting the network element to identify a particular data stream as a suspected bearer of encrypted media, the particular data stream established between a first node and a second node. The method also comprises establishing a first control stream with the first node and a second control stream with the second node, wherein the first control stream is established using credentials associated with the second node. The method further comprises obtaining a cryptographic key sent by the first node over the first control stream and destined for the second node, sending the cryptographic key to the second node over the second control stream, obtaining encrypted media sent by the second node and destined for the first node and decrypting the encrypted media based on the cryptographic key.

The invention relates to a system for transmitting encoded information over radio channels and wired communication lines, including the Internet. The system includes a transmitting side and a receiving side each comprising various software/hardware modules for generating/displaying the output/received information of the transmitting side, cryptographic calculations of the transmitting side, service information of the transmitting side, a module for generating a set key of the transmitting side, a module for generating a computed key of the transmitting/receiving side, a module of transmitting side communication channel, macroblocks for blocking computer brute-force search including at least three software/hardware modules for information encoding/cryptographic transformations, a module for random numbers generation, and modules for a degree of the setting polynomial. These modules of the transmitting and receiving sides are connected to each other within their respective sides, as well as to each other across a communication channel.