The concepts and technologies disclosed herein are directed to conditional temporary authentication for third party nodes. According to one aspect of the concepts and technologies disclosed herein, a first node of a plurality of nodes can provide a master authentication key to a second node of the plurality of nodes. The first node can receive, from a third node of the plurality of nodes, a temporary child authentication key derived from the master authentication by the second node. The first node can process the temporary child authentication key to determine which portion of a resource to allow the third node to access. The first node can provide the third node access to the portion of the resource.

Embodiments are disclosed that allow encrypted data to be sent between a Bluetooth enabled device and a virtual device associated with a corresponding physical device. In particular, a Bluetooth implementation on the physical device may include one or more raw interfaces to facilitate endpoint to endpoint secure Bluetooth cryptography. Using these raw interfaces, an encrypted Bluetooth channel may be established directly between the virtual device and the Bluetooth enabled device using the radio of the physical device, where data may be encrypted and decrypted at an endpoint of the Bluetooth communication channel (such as at the virtual device or the Bluetooth enabled device) and passed through a Bluetooth implementation on the physical device without any additional encryption or decryption being performed on that data.

An authentication system facilitates a transfer of enrollment in authentication services between client devices. The authentication system enrolls a client device in authentication services to enable the client device to be used for authenticating requests to access one or more services. As part of enrolling the client device, the authentication system receives authentication enrollment information for the client device that is associated with one or more authentication credentials securely stored on the client device (e.g., a multi-factor authentication (MFA) certificate). The authentication system facilitates one or more processes for transferring the enrollment from an enrolled client device to a non-enrolled client device that limit the number and complexity of actions performed by the user. In particular, the authentication system facilitates transfer of enrollment based on receiving enrollment transfer requests authorized by the enrolled client device using one or more authentication credentials associated with the enrollment of the enrolled client device.

Techniques for secure public exposure of digital data include extracting first digital data comprising one or more batches, each batch comprising a plurality of no more than a number T of packets, each packet containing a plurality of a number n of bits. A random binary matrix A consisting of T rows and n columns is generated. For a first batch, a first random n-bit temporary key is generated. For a packet in the first batch, a first packet vector key is generated based on random non-overlapping pairs of bit positions for both the temporary key and for a first packet-corresponding row of matrix A. An encrypted packet is generated for the packet based on the packet and the first packet vector key. The encrypted packet is exposed publicly.

A method for storing a data file (DF) on a storage entity (SE) includes receiving, by a proxy (PE) and from a computing entity (CE), a plurality of hash values corresponding to a plurality of blocks of the DF. The PE may check whether the plurality of blocks of the DF are stored in the SE based on the plurality of hash values. Based on determining that at least a subset of the plurality of blocks of the DF are not being stored in the SE, the PE may compute a secret associated with an encryption key. The PE may transmit, to the CE, the secret. The PE may receive, from the CE, information including storage locations of the subset of the plurality of blocks within the SE and one or more hash values, of the plurality of hash values, associated with the subset of the plurality of blocks.

Methods and apparatus to enable a distinction between “new” and “used” digital content and to enable a market in used digital content files between mobile phone terminals and an electronic store, securely, by means of a wireless telephony network and a server complex to handle contents right management, transaction reporting, inventory, content delivery, payment, and billing. A server receives a signal generated by a wireless user device that was sent over a wireless telephony network. The signal indicates an election for returning at least one previously purchased digital content item. The server deletes user rights for the at least one digital content item identified by the received signal and sends information to the user device that generated the signal. Access to the associated digital content item at the user device is removed according to the sent information.

A method for device authentication comprises receiving, by processing hardware of a first device, a message from a second device to authenticate the first device. The processing hardware retrieves a secret value from secure storage hardware operatively coupled to the processing hardware. The processing hardware derives a validator from the secret value using a path through a key tree, wherein the path is based on the message, wherein deriving the validator using the path through the key tree comprises computing a plurality of successive intermediate keys starting with a value based on the secret value and leading to the validator, wherein each successive intermediate key is derived based on at least a portion of the message and a prior key. The first device then sends the validator to the second device.

Techniques for sorting encrypted data within a software as a service (SaaS) environment. Data is encrypted on a per symbol basis with a symbol based encryption module. Sort and search functionality preserving encryption that allows other modules to sort tokens and to search for tokens is provided. Encrypted tokens that have been encrypted by the symbol based encryption module are stored in a database. Access to the encrypted tokens is provided through the SaaS environment.

Methods and systems pertaining secure transaction systems are disclosed. In one implementation, a computer with a verification token associated with a computer can send user authentication data as well as a secure datum to a control server. The verification token may obtain the secure datum from a validation entity. The control server can validate the secure datum and authentication data and can generate a payer authentication response.

A security device may be utilized to provide security measures to an electronic device that may incorporate the security device or be coupled to it. The security measures may comprise authentication (e.g., authentication of devices, users, or activities), and/or encryption measures (e.g., encrypting or decrypting exchanged data). A transaction or access via the security device may be authenticated by communicating an authentication request by the security device to an authentication server, which may generate, in response, a sequence of information requests that are sent to the security device. The security device may then generate, in response, a sequence of responses that are sent to the authentication server, with the sequence of responses comprising a sequence of reported values each of which are unique. The authentication server may then authenticate the security device based on comparing of the sequence of reported values with a sequence of expected values that identifies the security device.