A method for implementing zero-knowledge private key management for including receiving an identity smart contract creation transaction from a zero-knowledge wallet account, generating an identity smart contract responsive to the identity smart contract creation transaction at an identity smart contract address on the blockchain network, receiving a new validator transaction including a validator address, saving the validator address as an active validator to the identity smart contract, receiving a new user transaction from the use, receiving a transaction to validate the user from the validator, comparing the address from which the validate user transaction was received with the validator address, and upon determining the address from which the validate user transaction was received is identical to the validator address, saving the user as a user to the identity smart contract.

A method includes linking a first application with a first Transport Layer Security (TLS) library, linking a second application with a second TLS library, obtaining a sequence of cryptographic keys by a first agent, the sequence of cryptographic keys based on an agent key and provided from the first agent to the first TLS library, obtaining the sequence of cryptographic keys by a second agent, the sequence of cryptographic keys based on the agent key and provided from the second agent to the second TLS library, establishing communication between the first TLS library and the first agent to create a first trusted relationship, establishing communication between the second TLS library and the second agent to create a second trusted relationship, and establishing a third trusted relationship between the first agent and the second agent.

Systems and methods are disclosed in which data associated with a transaction are protected with encryption. At an access device, a PIN associated with a payment account may be encrypted with a first key derived from an initial key of the access device and sensitive data associated with the payment account may be encrypted with a second key derived from the initial key. At a secure module associated with a host server encrypted sensitive data of an authorization request message may be decrypted. The secure module associated with the host server can re-encrypt the sensitive data using a zone encryption key associated with a payment processing network. A translated authorization request message including the re-encrypted sensitive data can be transmitted by the merchant server to the payment processing network.

A computing device includes a secure storage hardware to store a secret value and processing hardware comprising at least one of a cache or a memory. During a secure boot process the processing hardware loads untrusted data into at least one of the cache or the memory of the processing hardware, the untrusted data comprising an encrypted data segment and a validator, retrieves the secret value from the secure storage hardware, derives an initial key based at least in part on an identifier associated with the encrypted data segment and the secret value, verifies, using the validator, whether the encrypted data segment has been modified, and decrypts the encrypted data segment using a first decryption key derived from the initial key to produce a decrypted data segment responsive to verifying that the encrypted data segment has not been modified.

Concepts and technologies are described herein for sharing encrypted data with enhanced security. In some configurations, an encryption key is generated from a password by the use of a password-based key generation technology. In addition, input data is encrypted using the encryption key. The encrypted data and the generated key may be then shared with a remote computer, such as a server. The encrypted data can then be decrypted at the remote computer by the use of the key. By the use of the technologies described herein, the contents of an encrypted file may be accessed at a remote computer without requiring a user to share the actual password.

An apparatus including a processor and a memory, where the processor and the memory are configured to provide a secure execution environment and the memory stores a hardware unique key and a class key. The processor is configured to recover, in the secure execution environment, a certificate signing key based on the class key, where the certificate signing key is associated with a certificate authority. The processor is further configured to derive a device key pair based on the hardware unique key, where the device key pair includes a device public key and a device private key, and generate a device certificate based on the device public key and the certificate signing key. The generated device certificate is configured to be validated based on a public key associated with the certificate authority.

A method for implementing zero-knowledge private key management for decentralized applications on a client device including registering an account with a verifier server, initializing a wallet, generating a public key and a private key, encrypting the private key with a zero-knowledge encryption function, producing an encrypted private key, transmitting the encrypted private key to the verifier server, removing the private key from the decentralized client application, sending a transaction request to a decentralized application, receiving a raw transaction, requesting and receiving the encrypted private key from the verifier server, decrypting the encrypted private key with a zero-knowledge decryption function, signing the raw transaction with the decrypted private key, transmitting the signed transaction to the decentralized application, and removing each of the encrypted private key and the decrypted private key from the client application.

The techniques herein provide for enhanced overlay network-based transport of traffic, such as IPsec traffic, e.g., to and from customer branch office locations, facilitated through the use of the Internet-based overlay routing infrastructure. This disclosure describes a method of providing integrity protection for traffic on the overlay network.

A method of registering and authenticating a user and a user device is disclosed. In one embodiment, the method does not use any stored usernames, passwords, or tokens. In certain embodiments, the method stores algorithmic functions on the user device. When a user requests authentication a server provides variable values to the client device. The values are input into the algorithmic functions. The functions generate an output. The output is sent to the server. The server uses the client device generated output to authenticate the client device and the user. Each time the user requests authentication different variable values are used to prevent prediction and hacking of the system.

Techniques for key distribution are provided. A first symmetric key is generated for a first downstream site, and a second symmetric key is generated for a second downstream site. The first symmetric key is transmitted to the first downstream site, and the second symmetric key is transmitted to the second downstream site. Upon receiving an indication that the first symmetric key was successfully deployed at the first downstream site, the first symmetric key is deployed on a first network node of an upstream site. Finally, upon determining that the second symmetric key was not successfully deployed at the second downstream site, techniques include refraining from deploying the second symmetric key to a second network node of the upstream site, where the second network node continues to communicate with the second downstream site using an original symmetric key.