The various examples are directed to establishing a secure session between a device and a server. The device and the server may establish a session key. The session key may be used for encrypting data. After authenticating the session key, the server may transmit secure session data to the device, and the device may store the secure session data. The server may transmit information for deriving, based on secure session data, the session key to a different server. The device may transmit the secure session data to the server, or to the different server, to re-establish the secure session. The different server may derive, using the information and based on the secure session data, the session key. The different server may re-establish, using the session key, the secure session.

Disclosed are systems and methods for registering a user and/or a client device with a server computer. In one embodiment, a registration method does not use any stored passwords or tokens. In certain embodiments, a method can include (a) generating a plurality of mathematical formulas, at least some of the plurality of mathematical formulas comprising variables; (b) generating a user ID file name comprising a decryption key, the decryption key associated with the plurality of mathematical formulas; (c) generating a plurality of icons; (d) assigning uniquely each mathematical formula from the plurality of mathematical formulas to each of the icons of the plurality of icons; and (e) receiving an ordered selection of icons, the ordered selection of icons selected by the user from said plurality of icons.

The present disclosure relates to methods and apparatus for flexible, security context management during AMF changes. One aspect of the disclosure is a mechanism for achieving backward security during AMF changes. Instead of passing the current NAS key to the target AMF, the source AMF derives a new NAS key, provides the new NAS key to the target AMF, and sends a key change indication to the UE, either directly or through some other network node. The UE can then derive the new NAS key from the old NAS key. In some embodiments, the AMF may provide a key generation parameter to the UE to use in deriving the new NAS key. In other embodiments, the target AMF may change one or more security algorithms.

Provided is a system and method for verifying a blockchain using an external audit chain. The system may include an engine which facilitates communication between two or more independent blockchains. In one example, the method may include reading block data of a source data block that is stored among a hash-linked chain of data blocks on a blockchain, verifying a hash of the source block based on the block data that is read, generating a token based on the hash verification of the source block and storing the generated token in a verification block among the hash-linked chain of blocks on the blockchain to create a verification point on the blockchain, and storing a copy of the generated token in a block among a hash-linked chain of blocks on an audit blockchain that is independent from the blockchain.

Disclosed are systems and methods for authenticating a user and a user device. In one embodiment, a method does not use any stored usernames, passwords, or tokens. In certain embodiments, a when a user requests authentication a server provides variable values to a client device. The client device returns to the server an output based on inputting the variable values into formulas associated with the client device. The server uses the client device generated output to authenticate the client device and the user by, in some embodiments, attempting to decrypt a user ID file associated with the client device. Each time the user requests authentication different variable values are used to prevent prediction and hacking of the system.

Methods and systems are described for using cache objects to store events for adding corresponding objects in a blockchain. In one implementation, a first cache object is identified. The cache object stores events published responsive to updates, insertions, or deletions of records in a database object. An identifier for the cache object is based on a time window with which the cache object is associated, and an identifier for the database object. Events are retrieved from a cache that includes the cache object, based on the identifier for the cache object. The events were stored in the cache object during the time window. A block is added to a blockchain. The block's payload includes objects corresponding to a subset of the events.

Embodiments described herein provide cryptographic techniques to enable a recipient of a signed message containing encrypted data to verify that the signer of the message and the encryptor of the encrypted data are the same party, or at the least, have joint possession of a common set of secret cryptographic material. These techniques can be used to harden an online payment system against interception and resigning of encrypted payment information.

A control system of an electric power distribution system includes processing circuitry and a memory having instructions that, when executed by the processing circuitry, cause the processing circuitry to perform operations that include receiving an indication of a profile, generating a connectivity association key (CAK) based on the profile, distributing a copy of the CAK to a device of the electric power distribution system, and establishing a connectivity association with the device in accordance with the profile based on a verification that the device possesses the copy of the CAK.

An autonomous mobile device (AMD) with various sensors may move through a physical space without human intervention. The AMD may communicate with other devices, such as a user's smartphone or network enabled speaker. Security and privacy for end-to-end communication is provided that involves user interaction with the AMD itself. The sequence of data exchanges and the user interaction with the AMD helps assure the association is authorized and provide for a secure communication channel. Attempts to tamper with the association process, including a man in the middle exploit, are readily detectable and result in a failure. Once detected, actions may be taken, such as notifying the user.

Technologies are provided for generating an encrypted session resumption ticket and using the encrypted session resumption ticket to resume a secure session. As part of establishing a secure session with a client, a server can use a common key that is accessible by multiple servers and secret data (such as a private key, etc.) for a tenant associated with the secure session request to generate a session key. The session key can be used to encrypt a session resumption ticket. The client can transmit the encrypted session resumption ticket to another server to re-establish a secure session. The another server can retrieve the common key and the secret data for the tenant, and can use them to generate the session key. The another server can then decrypt the encrypted session resumption ticket using the session key and use the decrypted session resumption ticket to resume a secure session.