A device for wireless terminal authentication may include at least one processor configured to receive, from a wireless terminal device, a request for user information, the request comprising a certificate corresponding to the wireless terminal device. The at least one processor may be further configured to verify the certificate based at least in part on a public key stored on the electronic device. The at least one processor may be further configured to, when the certificate is verified, determine whether the certificate indicates that the wireless terminal device is authorized to receive the requested user information. The at least one processor may be further configured to transmit, to the wireless terminal device, the requested user information when the certificate indicates that the wireless terminal device is authorized to receive the requested user information.

A device for wireless terminal authentication may include at least one processor configured to receive, from a wireless terminal device, a request for user information, the request comprising a certificate corresponding to the wireless terminal device. The at least one processor may be further configured to verify the certificate based at least in part on a public key stored on the electronic device. The at least one processor may be further configured to, when the certificate is verified, determine whether the certificate indicates that the wireless terminal device is authorized to receive the requested user information. The at least one processor may be further configured to transmit, to the wireless terminal device, the requested user information when the certificate indicates that the wireless terminal device is authorized to receive the requested user information.

Aspects of the current subject matter are directed to secure group file sharing. An architecture for end-to-end encrypted, group-based file sharing using a trusted execution environment (TEE) is provided to protect confidentiality and integrity of data and management of files, enforce immediate permission and membership revocations, support deduplication, and mitigate rollback attacks.

A method and token (3) for corroborating a document (25) includes having a registered token (3) with a token identity. The token (3) is able to print visual markings. A document identifier is obtained (18) based on at least the token identity and a timestamp. The document identifier is encoded (19) into a visual marking (24), and the visual marking (24) is applied to the document (25). A copy of the document (25) is obtained (27) with or without the visual marking (24), and copy is stored in association with the document identifier. The token (3) includes storage holding a token identity and a printing unit. The token (3) is configured to receive the visual marking (24) encoding a document identifier associated with the token identity and to print the received visual marking (24). A method also verifies a document (41) having a corresponding visual marking (42).

A method and token (3) for corroborating a document (25) includes having a registered token (3) with a token identity. The token (3) is able to print visual markings. A document identifier is obtained (18) based on at least the token identity and a timestamp. The document identifier is encoded (19) into a visual marking (24), and the visual marking (24) is applied to the document (25). A copy of the document (25) is obtained (27) with or without the visual marking (24), and copy is stored in association with the document identifier. The token (3) includes storage holding a token identity and a printing unit. The token (3) is configured to receive the visual marking (24) encoding a document identifier associated with the token identity and to print the received visual marking (24). A method also verifies a document (41) having a corresponding visual marking (42).

Methods, systems, and computer media provide attestation tokens that protect the integrity of communications transmitted from client devices, while at the same time avoiding the use of stable device identifiers that could be used to track client devices or their users. In one approach, client devices can receive batches of N device integrity elements from a device integrity computing system, each corresponding to a different public key. The N device elements can be signed by a device integrity computing system. The signing by the device integrity computing system can be signing with a blind signature scheme. Client devices can include throttlers imposing limits on the quantity of attestation tokens created by the client device.

Systems and methods are described for rotating keys in a trust store to be used by a group of peer devices for secure communications between the peers in the group. In some examples, a service, such as an identify authority service, may make a determination that a set of peers that individually trust at least one public key from a group of public keys satisfies a set of conditions. As a result of the determination, the service may update the plurality of public keys by at least removing at least one public key from the group of public keys and indicate the updated plurality of public keys to at least one of the peers in the group. The service may remove the at least one public key from the group upon determining that less than a threshold number of peers in the group use the at least one public key.

A vault encryption abstraction framework computing system provides interface functionality to facilitate integration of client applications with vaulting solutions. The vault encryption abstraction framework manages custom authentication and authorization using the vaulting solution application for one or more client applications such as by periodically rotating or renewing any authentication tokens. The vault encryption abstraction framework includes a scheduler to manage timing requirements and to configure the client application to the schedule by setting the renewed token value to an API endpoint (e.g., a function return) and/or a configuration file for access by one or more client applications. This event triggers the client application to update to the latest token value. The vault encryption abstraction framework then triggers the vaulting solution to create and return the new key. The new key is then returned to the client application. A history of the key generation messages and subsequent status is saved in a data log.

Embodiments of systems and methods for platform framework policy management are described. A platform framework may receive, from an application of an IHS (Information Handling System), a registration as a user of a platform policy that is used to operate one or more of the hardware devices of the IHS. A platform framework of the IHS provides the application with a reference to the platform policy. In response to notifications of updates to the platform policy, the platform framework identifies the application as a registered user of the platform policy and provides the application with a reference to the updated platform policy. The platform policy may include a communication handle by which the policy is retrieved, where the handle may include a token that validates the authenticity of the platform policy.

Systems, devices, methods, and computer readable media are provided in various embodiments having regard to authentication using secure tokens, in accordance with various embodiments. An individual's personal information is encapsulated into transformed digitally signed tokens, which can then be stored in a secure data storage (e.g., a “personal information bank”). The digitally signed tokens can include blended characteristics of the individual (e.g., 2D/3D facial representation, speech patterns) that are combined with digital signatures obtained from cryptographic keys (e.g., private keys) associated with corroborating trusted entities (e.g., a government, a bank) or organizations of which the individual purports to be a member of (e.g., a dog-walking service).