Embodiments include a system, method, and computer program product that enable secure access to cameras in smart buildings. Some embodiments control outbound video from an environment such as a local network through an intelligent on-event video pushing mechanism. The local intelligent on-event video pushing mechanism hides the IP address of a source video camera, transcodes the video to a reduced size for wide area distribution, and pushes video to a recipient upon an event triggered received within the local environment (e.g., the local network.) Embodiments enable a remote video client on the far-side of the local network firewall to view the video streams of cameras on the near-side of the local network firewall when an event or trigger occurs.

An enhanced device and method for anonymization also offering improved security properties of data exchanged bidirectionally between a client and a server in a communication network. A protocol in respect of data exchange between client and server which relies on a two-level third-party servers architecture as well as on a system for bidirectional communication between the client and the server through these two levels of third-party servers.

Management instructions for a particular managed server within an administrative domain are generated according to an administrative domain-wide management policy that comprises a set of one or more rules. The administrative domain includes a plurality of managed servers. A determination is made regarding which rules within the set of rules are relevant to the particular managed server. Function-level instructions are generated based on the rules that were determined to be relevant. A determination is made regarding which managed servers within the plurality of managed servers are relevant to the particular managed server. The function-level instructions and information regarding the managed servers that were determined to be relevant are sent to the particular managed server. The particular managed server uses the function-level instructions and information regarding the managed servers to configure a management module so that the configured management module implements the administrative domain-wide management policy.

A video acquisition method and device. The method includes setting a video acquisition class in a programming language framework layer. With the video acquisition class inherits a class in a video acquisition underlying library and registers a callback function for the video acquisition underlying library. The video acquisition class sends a video acquisition command to the video acquisition underlying library and the video acquisition underlying library acquires video data according to the video acquisition command. The callback function is applied to acquire the video data from the video acquisition underlying library and the video data is sent to a coder for video data coding.

An Internet Key Exchange protocol message indicating a first Internet Protocol Security traffic flow is to be established via a first device is obtained at the first device. The Internet Key Exchange protocol message is forwarded from the first device to a second device. An encryption key used to transmit traffic via the first Internet Protocol Security Traffic flow is received at the first device from a key value store. The key value store is populated with the encryption key in response to the second device obtaining the Internet Key Exchange protocol message. A first data packet to be transmitted via the first Internet Protocol Security traffic flow is obtained at the first device. The first device provides the first data packet encrypted with the encryption key of the first Internet Protocol Security traffic flow.

Particular embodiments described herein provide for an electronic device that can be configured to intercept a process, store execution profiling for the process if the process involves a privileged resource or a privileged operation, and analyze the code involved in each stack frame to determine malicious activity. If the process does not involve a privileged resource or a privileged operation, then the process is not analyzed.

Methods, systems, and computer programs are presented for protecting restricted actions on encryption keys that control the management of data stored by a service provider. In some implementations, a of the service provider receives a request to generate a data encryption policy (DEP) for data stored by the of the service provider for a customer, the request including a reference to a customer key and an availability key. The customer key and the availability key are root keys for encrypting a data encryption key. The data encryption key is used to encrypt the data stored by the service provider for the customer. Further, destructive changes to the availability key require receiving an approval from an account of the service provider. The of the service provider validates the DEP. The of the service provider stores the DEP based on the validation.

Embodiments comprise construction of a collection of pseudorandom number generators (PRNGs), with either a known or unknown cardinality, using unique brine values that comprise a salt value for the collection and also different index values for each PRNG for the collection. The additive parameters of such PRNGs are based on the respective brine values of the PRNGs, thereby ensuring that the PRNGs in the collection have different state cycles. Embodiments make it likely that PRNGs from different collections have distinct additive parameters by choosing a pseudorandom salt value for each collection. According to embodiments, a stream of generators in a collection is created by a spliterator that carries a salt value for the collection and combines the salt value with index values for the generators to produce brined additive parameters for the PRNGs in the stream. According to embodiments, such a stream may be executed by multiple threads in parallel.

Methods and apparatuses relating to high-performance authenticated encryption are described. A hardware accelerator may include a vector register to store an input vector of a round of an encryption operation; a circuit including a first data path including a first modular adder coupled to a first input from the vector register and a second input from the vector register, and a second modular adder coupled to the first modular adder and a second data path from the vector register, and the second data path including a first logical XOR circuit coupled to the second input and a third data path from the vector register, a first rotate circuit coupled to the first logical XOR circuit, a second logical XOR circuit coupled to the first rotate circuit and the third data path, and a second rotate circuit coupled to the second logical XOR circuit; and a control circuit to cause the first modular adder and the second modular adder of the first data path and the first logical XOR circuit, the second logical XOR circuit, the first rotate circuit, and the second rotate circuit of the second data path to perform a portion of the round according to one or more control values, and store a first result from the first data path for the portion and a second result from the second data path for the portion into the vector register.

First data from a user device is received on an electronic computing device. The first data is encrypted to generate second data. The second data is fragmented and stored in a plurality of data stores.