Techniques to perform federated authentication are described. An apparatus may comprise a resource server may have an authentication proxy component to perform authentication operations on behalf of a client. The authentication proxy component comprises an authentication handling module operative to receive an authentication request to authenticate the client using a basic authentication protocol. The authentication proxy component also comprises an authentication discovery module communicatively coupled to the authentication handling module, the authentication discovery module operative to discover an identity server for the client. The authentication proxy component further comprises an authentication manager module communicatively coupled to the authentication discovery module, the authentication manager module operative to retrieve authentication information from the identity server using an enhanced authentication protocol, and authenticate the client to access resource services using the authentication information. Other embodiments are described and claimed.

An encryption processing system includes: a first device; second devices; and a third device, wherein the first device generates synthesis keys by selecting public keys of the second devices; generates an intermediate text from confidential texts generated by encrypting secret information by using public keys of the second devices having decryption authority; generates ciphertexts by further encrypting the intermediate text using the synthesis keys; and makes public the ciphertexts, each of the second devices verifies validity of the ciphertexts; generates decryption key fragments by using an own private key; and makes public the decryption key fragments, the third device verifies validity of the decryption key fragments; generates a decryption key by combining decryption key fragments; generates the Intermediate text by decrypting one of the ciphertexts; and makes public the intermediate text, and the second device decrypts the intermediate text using the own private key; and restores the secret information.

Techniques to securely store and retrieve data are disclosed. In various embodiments, a process of retrieving secure data includes receiving a request, where the request includes a first secret data and a second secret data. The process further includes identifying a first encrypted data to retrieve based on the request, using the first secret data to decrypt the first encrypted data to generate a decrypted data, generating a second encrypted data, where the second encrypted data is encrypted using the second secret data. In response to the request, the second encrypted data is provided.

First communication units use a public key thereof certified by a certification authority on a PKI (Public Key Infrastructure), which is held by the first communication units in advance, and a secret key of the first communication units or delegation information generated by using secret information, as public key certificate, of the first communication units to thereby allow a proxy server to perform security processing, i.e. key exchange processing, authentication processing or processing for providing compatibility of encryption schemes, between the first communication units and a second communication unit on behalf of the first communication units.

A method, system, and computer program product generate, with a payment network, a first value (a) and a second value (g.sup.a), the second value (g.sup.a) generated based on the first value (a) and a generator value (g); generate, with the payment network, a plurality of random merchant numbers (m.sub.i) for a respective plurality of merchant banks; determine, with the payment network, a merchant product (M) based on a product of the plurality of random merchant numbers (m.sub.i); generate, with the payment network, a public key (pk.sub.i) based on the second value (g.sup.a), the merchant product (M), and the random merchant number (m.sub.i) and a random key (rk.sub.i) based on the merchant product (M) and the random merchant number (m.sub.i) for each respective merchant bank; and communicate, with the payment network, the public key (pk.sub.i) and the random key (rk.sub.i) to at least one respective merchant bank.

A system, method, and device includes a platform data storage that stores a wrap that secures an executable controller and executable sensors. The wrap is verified, optionally through a downloaded authentication driver. After verifying the wrap, the wrap is opened and a sister of the executable controller is installed into the platform memory to cooperate with the executable controller. Additionally or alternatively, the authentication driver may cooperate with the executable controller. The executable controller allows the platform processor to access data secured in a vault and/or verify the platform to create a connection to an application server.

There is provided a method for creating an authentication entity derived from an original data carrier, wherein the original data carrier has a key pair that is individual to the original data carrier and comprises a public key and a secret key of the original data carrier, and a certificate for the public key of the original data carrier. The method comprises the following steps: deriving a secret key for the derived authentication entity from the secret key of the original data carrier by the original data carrier; forming derivation data for the derived authentication entity; transferring authentication data to the derived authentication entity, wherein the authentication data have the derivation data, the certificate of the public key of the original data carrier as well as a derived key pair which comprises the derived secret key and the public key of the original data carrier.

This disclosure provides enhanced management of access rights for dynamic groups of users sharing secret data. Instead of relying on traditional administrative techniques for modifying access rights for stored data, the techniques disclosed herein allow a storage service to communicate with a group management system to verify membership of user groups, e.g., channels, chat session, or meetings, and automatically change access rights to stored data as users leave or join a group. Encrypted data can be stored within a storage vault. The storage vault can be dedicated to storing encrypted data shared between a user group, e.g. a channel. A server managing the storage vault can receive membership data from a group management service. As users join the group or leave a group managed by the group management service, each user's access permissions to the storage vault can be added, removed or modified.

Embodiments disclosed herein describe computing private set intersection (PSI) between various parties using delegation to other devices and in one round of interaction (request and response). The various parties involved and their associated computing devices are referred to herein as participants. The protocol is forward-secure and completely hides the data of participants from an eavesdropper. Because the protocol only uses a single round of interaction, it is more efficient and does not require each participant to have servers that remain online continuously.

System and method to digitally validate a document, the method including: receiving, by a secure development platform (SDP), a security information from an end user, the SDP comprising an SDP processor coupled to a secure SDP memory; exchanging a security token with a user device based upon the security information; receiving, from the user device, a request for a digital certificate; managing and storing public/private key pairs; transmitting, to the PKI service processor, the request for a digital certificate; if information in the request for a digital certificate is correct: creating the digital certificate; and receiving the digital certificate from the PKI service processor; and storing the digital certificate in the secure SDP memory, the secure SDP memory not directly accessible by the user device, the SDP processor configured to request a signature generation by use of the private key associated with the digital certificate, the SDP processor configured to request a validation by use of the digital certificate.