A system for security key rotation in a cloud computing environment is disclosed. The system performs steps to at least initiate, at a predetermined interval, a call to determine whether to initiate generation of a public-private key pair for a client application. The system determines whether to initiate generation of the public-private key pair for the client application and based on determining to initiate generation of the public-private key pair for the client application, transmits a control signal requesting generation of the public-private key pair The system generates the public-private key pair and transmits a private key associated with the public-private key pair to a secure storage location for later retrieval by the client application and transmits a public key associated with the public-private key pair to a public key service for later retrieval by a client associated with the client application.

The present invention relates to a method and system of cybersecurity; and particularly relates to an encryption method and system on the basis of cognitive computing for xenomorphic cryptography or unusual form of cryptography; said method comprises generating a Functional Neural Network or KeyNode (KN) of the system by programming a chain of multiple nodes also called Artificial Mirror Neurons (AMN) based on captured information of reaction time and emotional response to a simple task; racing the nodes in the Functional Neural Network or KeyNode (KN) as an encryption device or cipher for the time of use; generating a password at the time of use based on the sum of intrinsic values of the nodes in the racing network at this time and adopting the generated password for authentication. The present invention can be applied to secure online and mobile communication especially at the dawn of 5G with generalization of open API lifestyle platforms so as to allow real-time identification for digital cryptocurrency payments and other public distributed ledger technology (DLT) mechanisms.

Various embodiments of the present application set forth a computer-implemented method that includes generating, based on a resource file stored at an endpoint device, a credential data packet for authenticating with a first application executing in a first network, where the resource file includes a set of encryption keys associated with a plurality of applications including the first application, and where the credential data packet is encrypted with a device key signed by the endpoint device, and the credential data packet is signed by an endpoint device management (EDM) key extracted from the set of encryptions keys included in the resource file, sending, by the endpoint device, the credential data packet to the first application via a trusted communication channel, and receiving, by the endpoint device and in response to the credential data packet, an authorization packet from the first application via the trusted communication channel.

A method including determining, by a device, a sharing decryption key based at least in part on an assigned private key associated with the device and a group access public key associated with a group; decrypting, by the device, a group access private key associated with the group by utilizing the sharing decryption key; and decrypting, by the device, encrypted content included in a folder associated with the group based at least in part on utilizing the group access private key associated with the group. Various other aspects are contemplated.

A secure access control system configured to control access to sensitive data stored on disparate systems is disclosed. A first entity is designated to control access to second entity data. An authentication token, generated using a key derivation function, is used to authenticate the first entity. The authenticated first entity is granted access to second entity data. An access control interface is generated configured to selectively grant or withdraw access to second entity data. The access control interface identifies entities associated with respective access controls. The access control interface is instantiated on a first entity device. Activation indications of access controls is received over a network. Access to second entity data is accordingly granted or withdrawn. Access control transition event rules and/or access control transition time rules are retrieved. Using monitored events and the access control transition event rules, and/or a monitored current time and the access control transition time rules, a determination is made as to transition access control of the second entity data first entity to the second entity.

A device and a method implemented by computer for authorizing, to a user having access rights granted by a first operator, a completely anonymous and secure access, with no trusted third-party, to a collaborative anonymization platform and/or to a service requiring privacy properties based on such a platform operated by various operators.

A server determines an array [[addr]] indicating a storage destination of each piece of data, generates an array of concealed values, and connects the generated array to the array [[addr]] to determine an array [[addr′]]. The server generates a sort permutation [[σ.sub.1]] for the array, applies the sort permutation [[σ.sub.1]] to the array [[addr′]], and converts the array [[addr′]] into an array with a sequence composed of first Z elements set to [[i]] followed by α.sub.i elements set to [[B]]. The server generates a sort permutation [[σ.sub.2]] for the converted array [[addr′]], generates dummy data, imparts the generated dummy data to the concealed data sequence, applies the sort permutations [[σ.sub.1]] and [[σ.sub.2]] to the data array imparted with the dummy data, and generates, as a secret hash table, a data sequence obtained by deleting the last N pieces of data from the sorted data array.

A secure guest of a computing environment requests confidential data. The confidential data is included in metadata of the secure guest, which is stored in a trusted execution environment of the computing environment. Based on the request, the confidential data is obtained from the metadata of the secure guest that is stored in the trusted execution environment.

The technical problem of matching records in different datasets, for example a host dataset and a partner dataset storing records representing respective users, while maintaining the privacy of each dataset, is addressed by providing a privacy safe joint identification protocol. The privacy safe joint identification protocol computes respective anonymous joint identifiers for records in the two datasets. An anonymous joint identifier is generated such that the host-assigned and the partner-assigned identifies that have been determined to represent the same user are mapped to the same anonymous joint identifier.

This disclosure relates to, among other things, systems and methods for deriving key identifiers and managing mapping between keys and key identifiers. Consistent with embodiments disclosed herein, the disclosed systems and methods may provide a mechanism that allows multiple parties to reconstruct unique identifiers given a set of known inputs that may be used to look up, identify, and/or otherwise access services and/or data objects. In some embodiments, this may allow for a service provider and a rights management service to independently derive key identification information based on information that both entities share (e.g., a content document such as a Content Protection Information Exchange Format document), thereby reducing requirements to maintain such mappings.