A system and method of wireless display, including a transmitter processing a first encrypted content into a second encrypted content without decoding, and transferring the second encrypted content over a wireless display connection to a receiver.

A gateway system is used to establish secure connections between building management system control panels and connected services system servers. This enables status monitoring of the panels and maintenance of the panels and the building management systems.

A non-transitory computer-readable storage medium comprising instructions stored thereon. When executed by at least one processor, the instructions may be configured to cause a computing system to at least receive a message, the message including a header, an encrypted symmetric key, and an encrypted body, decrypt the encrypted symmetric key using a private key to generate a decrypted symmetric key, decrypt the encrypted body using the decrypted symmetric key to generate a decrypted body, and store the header, the decrypted symmetric key, and the decrypted body in long-term storage.

Securing public hotspot communications by: generating a public-private key pair, deriving an SSID using the generated public key, creating a network using the SSID, specifying a network security setting, and providing a Client the SSID and network security settings. Further, by: receiving a network connection request from the Client, establishing a connection with the Client, receiving a probe request from a network access point, sending an authentication message, receiving SSID configuration information from the network access point, associating the SSID network and the network access point, and receiving Client data.

A variety of mechanisms to perform End-to-End authentication between entities having diverse capabilities (E.g. processing, memory, etc.) and with no prior security associations are used. Security provisioning and configuration process is done such that appropriate security credentials, functions, scope and parameters may be provisioned to an Entity. Mechanisms to distribute the security credentials to other entities which could then use the credentials to perform an End-to-End authentication at the Service Layer or the Session Layer and using Direct or Delegated modes are developed.

A method and apparatus provide centralized encryption key management for sharing data across diverse entities. In particular, the present invention relates to a universal and regulatory compliant system and method for sharing personal data records across diverse entities while maintaining unique identifiers at each entity for protecting the identity of any particular person. The present invention enables multiple organizations to be able to share their respective disparate data in a manner in which the disparate personal data records can be aggregated and manipulated by a single entity without putting the personal data records at risk.

An encrypted data receiving unit (201) receives encrypted data which has been encrypted, in which a decryption condition to define a user attribute of a decryption-permission user who is permitted to decrypt the encrypted data is embedded. A data storage unit (202) stores the encrypted data received by the encrypted data receiving unit (201) in an encrypted state. A revocation processing unit (209) adds revocation information in which a user attribute of a revoked user who is no longer the decryption-permission user is indicated, to an embedded decryption condition that is embedded in the encrypted data, while the encrypted data remains in an encrypted state.

A system and method for user authentication at a kiosk from a mobile device is disclosed. A particular embodiment is implemented for: configuring a kiosk to detect the presence of a mobile device in the proximity of the kiosk; configuring the mobile device to detect the presence of kiosk in the proximity of the mobile device; prompting a user of the mobile device to perform a login operation on the mobile device upon detection of the kiosk in the proximity of the mobile device; verifying the authentication of the user with the mobile device as a result of the login operation on the mobile device; and transferring unique kiosk session keys from the mobile device to the kiosk in proximity of the mobile device upon authentication of the user with the mobile device.

An application server sends a public key from an asynchronous key-pair to a user system to encrypt a user encryption secret that forms part of a first encryption key. The application server uses a second encryption key provided by a key derivation server to encrypt a private key from the asynchronous key-pair. The application server then deletes the second encryption key to prevent decryption of the user encryption secret received from the user system. The application server receives the encrypted user encryption secret from the user system and sends a request to the key derivation server to re-encrypt the user encryption secret. The key derivation server uses a key encryption secret to generate the second encryption key and decrypt the private key. The key derivation server uses the decrypted private key to decrypt the user encryption secret and then re-encrypts the first encryption secret to prevent decryption by the application server.

Systems and methods for authenticating a biometric device using a trusted coordinating smart device in accordance with embodiments of the invention are disclosed. In one embodiment, a process for enrolling a configurable biometric device with a network service includes obtaining a device identifier (ID) of the configurable biometric device using a coordinating smart device, communicating the device ID from the coordinating smart device to a network service, communicating a first challenge based on a challenge-response authentication protocol from the network service to the coordinating smart device, communicating the first challenge and a response uniform resource locator (URL) from the coordinating smart device to the configurable biometric device, generating a first response to the first challenge and communicating the first response to the network service utilizing the response URL, receiving a secure channel key by the coordinating smart device from the network service, communicating the secure channel key from the coordinating smart device to the configurable biometric device, performing a biometric enrollment process using the configurable biometric device including capturing biometric information from a user, and creating a secure communication link between the configurable biometric device and the network service using the secure channel key when the first response satisfies the challenge-response authentication protocol.