Aspects of this description provide for a computer program product comprising computer executable instructions. In at least some examples, the instructions are executable by a controller to cause the controller to broadcast, in a data frame, a scan request to a node, the scan request including a certificate of the controller and a public authentication key of the controller, receive, in the data frame, a scan response from the node, the scan response including a certificate of the node and a public authentication key of the node, and perform pairing between the controller and the node based on the public authentication key of the node and a private authentication key of the controller.

According to an aspect, a method for accessing a computing device includes receiving, by the computing device, an authentication credential for recovery access to the computing device, the authentication credential being different from an authentication credential used to access encrypted data on the computing device, obtaining, in response to receipt of the authentication credential for recovery access, a first key portion stored on the computing device, transmitting, over a network, a request to receive a second key portion, receiving, over the network, a response that includes the second key portion, recovering a decryption key using the first key portion and the second key portion, and decrypting the encrypted data on the computing device using the decryption key.

A method for sharing data encryption keys among a plurality of storage systems is disclosed. The method generates, by a first storage system, a data encryption key for encrypting data sent from the first storage system to cloud storage. The method stores the encrypted data in the cloud storage in the form of an encrypted data object. In certain embodiments, the first storage system stores an Internet Protocol (IP) address of a second storage system belonging to a same key sharing network as the first storage system. The method replicates, from the first storage system to the second storage system, the data encryption key. The second storage system retrieves the encrypted data object from the cloud storage and decrypts the encrypted data in the encrypted data object using the data encryption key received from the first storage system.

Methods, systems, apparatuses, and computer-readable storage mediums described herein enable executable code of a hardware security platform (HSP) circuit to communicate with a hypervisor in a separate processor. The hypervisor generates and manages virtual machines. The HSP code comprises trusted platform module (TPM) logic, that processes TPM commands received via the hypervisor, and in response to the processing, communicates security information (e.g., measurements, keys, authorization data) with the virtual machines via the hypervisor. The TPM logic receives security information related to a virtual machine from the hypervisor and stores the security information in non-volatile memory of the HSP circuit, where security information from a particular VM is distinguishable from security information from another VM in the HSP memory. The hypervisor (and VMs) communicate via a network fabric with the HSP circuit within an SOC, or the HSP may reside on a discrete chip and communicate via a secure encrypted channel.

An authentication apparatus includes a processor configured to: obtain information on a first authentication technique used by a user when the user requests authentication for a first service; and output information for presenting an additional authentication screen to a device used by the user for authentication if the first authentication technique does not satisfy a predetermined condition set for the first service, the additional authentication screen being used for requesting the user to perform additional authentication by using a second authentication technique different from the first authentication technique.

A computer-implemented method of operating an electronic draw system, the method comprising: obtaining a bit sequence in one or more blocks of one or more different blockchains; generating a seed value based on the bit sequence in the one or more blocks of the one or more different blockchains; applying a random number generator algorithm to calculate a sequence of random numbers using the seed value as input; and converting the sequence of random numbers to an electronic drawing output of the electronic draw system.

The present disclosure provides a graphical watermark, a method and an apparatus for generating a graphical watermark, and a method and an apparatus for authenticating a graphical watermark. The graphical watermark includes: a plurality of graphical markers carrying position and pose information, and identity information of the graphical watermark; and a watermark pattern provided between a pair of graphical markers.

Described herein is a system and method for validating media integrity using asymmetric key cryptography utilizing a public/private cryptographic key pair. The private key is kept secret and is known to an originator and/or publisher of a media file. The public key is added to the media file and is used to validate integrity of the media file, that is, that content of the media file (e.g., portion(s), frame(s)) has not been altered since publication of the media file. By validating integrity of the media file, strong proof that the media file came from an owner of the keypair (e.g., had possession of the private key) can be obtained, for example, resolving issues of trust and/or authenticity common in altered content. In some embodiments, information regarding an origin of the content can further be determined.

A system for security key rotation in a cloud computing environment is disclosed. The system performs steps to at least initiate, at a predetermined interval, a call to determine whether to initiate generation of a public-private key pair for a client application. The system determines whether to initiate generation of the public-private key pair for the client application and based on determining to initiate generation of the public-private key pair for the client application, transmits a control signal requesting generation of the public-private key pair The system generates the public-private key pair and transmits a private key associated with the public-private key pair to a secure storage location for later retrieval by the client application and transmits a public key associated with the public-private key pair to a public key service for later retrieval by a client associated with the client application.

A cryptographic method and system. A plurality of ciphers is identified in a message received by a recipient, such message encrypting a digital asset. A private key associated with the recipient is obtained. The private key corresponds to a public key associated with the recipient. The method includes solving for x in the equation: [(f.sub.0(R.sub.0.sup.−1 N′.sub.0 mod S)+P′+f.sub.λ(R.sub.n.sup.−1 N′.sub.n mod S))/(h.sub.0(R.sub.0.sup.−1 N′.sub.0 mod S)+Q′+h.sub.λ(R.sub.n.sup.−1 N′.sub.n mod S))]*h(x)−f(x)=0 mod p, where (i) P′, Q′, N′.sub.0, and N′.sub.n correspond to the ciphers in the received message; (ii) R.sub.0, R.sub.n and S are data elements of the private key; (iii) f(.Math.) is a polynomial function defined by coefficients f.sub.0, f.sub.1, . . . f.sub.λ that are also data elements of the private key; and (iv) h( ) is a polynomial function defined by coefficients h.sub.0, h.sub.1, . . . h.sub.λ that are also data elements of the private key. The value of x is assigned to the digital asset, which is then stored in non-transitory memory or packaged in a message sent over the data network.