Systems and methods for authenticating a biometric device using a trusted coordinating smart device in accordance with embodiments of the invention are disclosed. In one embodiment, a process for enrolling a configurable biometric device with a network service includes obtaining a device identifier (ID) of the configurable biometric device using a coordinating smart device, communicating the device ID from the coordinating smart device to a network service, communicating a first challenge based on a challenge-response authentication protocol from the network service to the coordinating smart device, communicating the first challenge and a response uniform resource locator (URL) from the coordinating smart device to the configurable biometric device, generating a first response to the first challenge and communicating the first response to the network service utilizing the response URL, receiving a secure channel key by the coordinating smart device from the network service, communicating the secure channel key from the coordinating smart device to the configurable biometric device, performing a biometric enrollment process using the configurable biometric device including capturing biometric information from a user, and creating a secure communication link between the configurable biometric device and the network service using the secure channel key when the first response satisfies the challenge-response authentication protocol.

A security device (6) is provided for facilitating management of secret data items such as cryptographic keys which are used by a remote server (2) to authenticate operations of the server (2). The device (6) has a user interface (13), control logic (16) and a computer interface (11) for connecting the device (6) to a local user computer (5) for communication with the remote server (2) via a data communications network (3). The control logic is adapted to establish via the user computer (5) a mutually-authenticated connection for encrypted end-to-end communications between the device (6) and server (2). In a backup operation, the secret data items are received from the server (2) via this connection. The control logic interacts with the user via the user interface (13) to obtain user authorization to backup secret data items and, in response, stores the secret data items in memory (10). To restore secret data items to the server, the control logic interacts with the user via the user interface (13) to obtain user authorization to restore secret data items and, in response, sends the secret data items to the server (2) via said connection.

In one embodiment, a client device 110 may use an attestation service 140 to verify a secure server 120. The secure server 120 may receive a signed trusted credential 310 from an attestation service 140 validating the secure server 120 as trustworthy to a client device 110 seeking access. The secure server 120 may protect the signed trusted credential 310 in a server secure module 280.

Delegating authorizations sufficient to access services is contemplate. The authorization may be delegated in the form of a token or other transmissible construct relied upon to authenticate access to services, such as but not necessarily limited to conferring a user identity established via authenticated device for the purposes of enabling an unauthenticated or unsecured device to access a service associated with the user identity.

A system to facilitate preventing security breach of internal organizational resources by authorized system users. Resource access analysis prevents breaching sensitive organizational information stored in a cloud infrastructure environment. A virtual machine (VM) breach-detection proxy controls and monitors activities of a system user. A virtual machine (VM) breach-detection portal provides system administration of organizational data sensitive regions. The system interfaces with the cloud environment to retrieve log files and provides indexed video session representations of system user activities accessing data sensitive region.

In accordance with embodiments, there are provided mechanisms and methods for facilitating protection of data in a database environment in an on-demand services environment according to one embodiment. In one embodiment and by way of example, a method includes detecting, by a first computing device in the database environment, sensitive data associated with a user having access to a second computing device, where the sensitive data is capable of being communicated within a geographic residency. The method may further include performing, by the first computing device, secured communication of the sensitive data between at least one of multiple computing devices and multiple application frames within the geographic residency, wherein the first computing device includes a proxy server that is locally situated within the geographic residency.

Examples include techniques for a field programmable gate array (FPGA) to perform one or more functions for an application specific integrated circuit (ASIC). Example techniques include communication between the ASIC and the FPGA via a sideband communication link to enable the ASIC to indicate to the FPGA a need for the FPGA to perform a function to fulfill a request received by the ASIC.

An infrastructure delivery platform provides a RSA proxy service as an enhancement to the TLS/SSL protocol to off-load, from an edge server to an external cryptographic server, the decryption of an encrypted pre-master secret. The technique provides forward secrecy in the event that the edge server is compromised, preferably through the use of a cryptographically strong hash function that is implemented separately at both the edge server and the cryptographic server. To provide the forward secrecy for this particular leg, the edge server selects an ephemeral value, and applies a cryptographic hash the value to compute a server random value, which is then transmitted back to the requesting client. That server random value is later re-generated at the cryptographic server to enable the cryptographic server to compute a master secret. The forward secrecy is enabled by ensuring that the ephemeral value does not travel on the wire.

Systems, methods, and apparatus, including computer programs encoded on computer storage media, for facilitating communication in an industrial control network. A system includes an industrial control network, one or more controller devices, one or more emulators, and an encryption relay processor. Each controller device can be operable to control one or more operational devices connected to the industrial control network. Each emulator can be configured to communicate with a respective controller device, and each emulator can be configured to reference a respective profile that includes information about security capabilities of the respective controller device. The encryption relay processor can be operable to facilitate communication to and from each emulator over the industrial control network. The encryption relay processor can execute a cryptographic function for a communication between the emulator and a node on the industrial control network when the respective controller device is incapable of performing the cryptographic function.

An encryption device 200 outputs a ciphertext ct including a ciphertext c and a ciphertext c.sup.. The ciphertext c has been set with one of attribute information x and attribute information v related to each other. The ciphertext c.sup. has been set with one of attribute information y and attribute information z related to each other. A decryption device 300 outputs a re-encryption key rk including a decryption key k.sup.*rk, a decryption key k.sup.*rk, and encrypted conversion information .sup.rk. The decryption key k.sup.*rk is obtained by converting the decryption key k* which is set with the other one of attribute information x and attribute information v, with conversion information W.sub.1,t. The decryption key k.sup.*rk has been set with the other one of the attribute information y and the attribute information z. The encrypted conversion information .sup.rk is obtained by encrypting the conversion information W.sub.1,t by setting one of attribute information x and attribute information v related to each other. A re-encryption device 400 outputs a re-ciphertext ret including a ciphertext c.sup.renc and a decryption key k.sup.*renc. The ciphertext c.sup.renc is obtained by setting one of additional information H and additional information to the ciphertext ct. The decryption key k.sup.*renc is obtained by setting the other one of the additional information H and the additional information to the re-encryption key rk.