A network can operate a WiFi access point with credentials. An unconfigured device can support a Device Provisioning Protocol (DPP), and record bootstrap public keys and initiator private keys. The network can record bootstrap public and responder private keys and operate a DPP server. A responder proxy can establish a secure and mutually authenticated connection with the network. The network can (i) derive responder ephemeral public and private keys, (ii) record the initiator bootstrap public key, and (iii) select a responder mode for the responder. The network can derive an encryption key with at least the (i) recorded the initiator bootstrap public key and (ii) derived responder ephemeral private key. The network can encrypt credentials using at least the derived encryption key and send the encrypted credentials through the responder proxy to the initiator, which can forward the encrypted credentials to the device, thereby supporting a device configuration.

A method of registering and authenticating a user and a user device is disclosed. In one embodiment, the method does not use any stored usernames, passwords, or tokens. In certain embodiments, the method stores algorithmic functions on the user device. When a user requests authentication a server provides variable values to the client device. The values are input into the algorithmic functions. The functions generate an output. The output is sent to the server. The server uses the client device generated output to authenticate the client device and the user. Each time the user requests authentication different variable values are used to prevent prediction and hacking of the system.

Example embodiments of systems and methods for data transmission system between transmitting and receiving devices are provided. In an embodiment, each of the transmitting and receiving devices can contain a master key. The transmitting device can generate a diversified key using the master key, protect a counter value and encrypt data prior to transmitting to the receiving device, which can generate the diversified key based on the master key and can decrypt the data and validate the protected counter value using the diversified key.

Embodiments of the present invention provide systems and techniques for changing cryptographic keys in high-frequency transaction environments to mitigate service disruptions or loss of transactions associated with key maintenance. In various embodiments, a server device can employ a working key encrypted with a first master key to decrypt messages being communicated from a client device, whereby each message is encrypted with a first cryptogram that was generated based on the working key encrypted with the first master key. While the working key encrypted with the first master key is being employed, the server device can generate a notification including a second cryptogram generated based on the working key encrypted with a second master key for transmission to the client device. The transmitted notification can cause the client device to encrypt the messages being communicated with the second cryptogram. The server device can concurrently employ the working key encrypted with one of the first and second master keys to decrypt messages received from the client device, whether encrypted with the first cryptogram or the second cryptogram.

Embodiments include method, systems and computer program products for providing entropy to generate random numbers.

In an imaging system according to an embodiment of the present invention, a camera unit is configured to transmit imaging data to an information-processing unit as a downlink packet. The camera unit is configured to hold predetermined data in the imaging data as a transmission key. The information-processing unit is configured to receive the downlink packet, recognize the predetermined data in the imaging data as the transmission key, and generate a reception key on the basis of the transmission key. The information-processing unit is configured to transmit an uplink packet including the reception key and a register-setting signal indicating an imaging condition to the camera unit. The camera unit is configured to write the register-setting signal received with the reception key in a register when the transmission key and the reception key meet a predetermined condition.

Methods, systems, and devices for wireless communications are described. A user equipment (UE) may communicate with a base station in a wireless communications system. The base station may transmit signaling to the UE over a broadcast channel. The base station may transmit control signaling to the UE that indicates a broadcast root key. The UE may identify the broadcast root key for a wireless network corresponding to the base station. The base station may transmit an encrypted broadcast transmission. The UE may receive the encrypted broadcast transmission from the base station, and the UE may decrypt the encrypted broadcast transmission to obtain broadcast information based on a cell-specific key derived from the broadcast root key.

Cryptographic keys are generated for components of a distributed system in a decentralized manner. A root key is generated for a universe of components, including capturing data and components for processing the data. A cryptographic key for a processing component is derived from the root key and one or more attributes or identifiers of the processing component, which may be provided in a specific region or domain. Cryptographic keys for capturing components (e.g., cameras) within the region or domain are derived from the cryptographic keys of the processing component and one or more attributes or identifiers of the respective capturing components. The capturing components encrypt data using their respective cryptographic keys and transfer the encrypted data to the processing component, which re-derives the cryptographic keys for such capturing components and decrypts the encrypted data using the re-derived cryptographic keys.

The concepts and technologies disclosed herein are directed to conditional temporary authentication for third party nodes. According to one aspect of the concepts and technologies disclosed herein, a first node of a plurality of nodes can provide a master authentication key to a second node of the plurality of nodes. The first node can receive, from a third node of the plurality of nodes, a temporary child authentication key derived from the master authentication by the second node. The first node can process the temporary child authentication key to determine which portion of a resource to allow the third node to access. The first node can provide the third node access to the portion of the resource.

Systems and methods are described for securely and efficiently processing electronic content. In one embodiment, a first application running on a first computing system establishes a secure channel with a second computing system, the secure channel being secured by one or more cryptographic session keys. The first application obtains a license from the second computing system via the secure channel, the license being encrypted using at least one of the one or more cryptographic session keys, the license comprising a content decryption key, the content decryption key being further encrypted using at least one of the one or more cryptographic session keys or one or more keys derived therefrom. The first application invokes a second application to decrypt the license using at least one of the one or more cryptographic session keys, and further invokes the second application to decrypt the content decryption key using at least one of the one or more cryptographic session keys or one or more keys derived therefrom, and to decrypt a piece of content using the content decryption key. The first application then provides access to the decrypted piece of content in accordance with the license.