A security system and method for improving the security of a file/data transmitted from a special purpose user computer to a recipient special purpose computer. A special purpose computer having an individualized encryption software application server that runs individualized encryption software is provided, along with an amino acid database generator having an amino acid database storing natural and/or synthetic amino data. The individualized encryption software applicant server sends a request to the secure amino acid database generator producing the mathematical characteristics of the natural and synthetic amino acids. This is used to construct an amino acid base layer. The amino acid base layer is folded into two or three dimensional shapes and have values assigned to them, and a secret key is provided such that the transmission cannot be opened by a recipient unless he or she has the key and the values associated with the folded amino acids.

A method of operating a second network access node comprises configuring the second network access node to act as a secondary network access node for a dual connectivity mode for a terminal device in which a first network access node acts as a master network access node. The method further comprises establishing, while acting as a secondary network access node for the dual connectivity mode, that the second network access node should switch to acting as a master network access node, deriving a new master network access node security key for use by the second network access node when switched to acting as a master network access node for the dual connectivity mode, and configuring the second network access node to act a master network access node for the dual connectivity mode using the new master network access node security key.

Various examples generally relate to techniques of communicating using a security context of an encryption. Various examples specifically relate to performing negotiation of the security context.

A machine automation system for controlling and operating an automated machine. The system includes a controller and sensor bus including a central processing core and a multi-medium transmission intranet for implementing a dynamic burst to broadcast transmission scheme where messages are burst from nodes to the central processing core and broadcast from the central processing core to all of the nodes.

The present disclosure describes techniques that allow for a client-side application, located on a first client device, to generate a random encryption key and encrypt locally-stored application data with the random encryption key. In order to ensure that the client-device application is unable to decrypt the locally-stored encrypted application data prior to authenticating with an external authentication source (i.e., SSO, IdP), the client-side application divides the random encryption key into at least a first share and a second share according to a secret sharing algorithm. The first share is transmitted to a trusted third party, while the second share is encrypted locally and stored in a secure location on the client device. Upon successful authentication, the trusted third party returns the second share to the first client device. The client-side application derives the random encryption key and decrypts the locally-stored encrypted application data to be used by the client-side application. By dividing the key used to encrypt the client-side application data and storing one of the secret shares necessary to deriving the key at a trusted third party, the present disclosure solves the problem of how to encrypt local application data when the login credentials for the application are managed by a trusted third party, such as an SSO system.

A system, method, and computer-readable recording media for a user account secure with a single sign on (SSO) password hidden authentication. Receiving credential information (CI) and generating the SSO password through at least one client device (CD). Encrypting the SSO password. Storing the SSO password in the CD and an electronic device (ED). Transmit the SSO password and encrypted SSO password to a cloud services platform (CSP), where the CSP stores both. Storing the SSO password in a cloud server (CS). Accessing the user account, if SSO password is unavailable, through the CSP transmitting a one time passcode to a user email, the CD setting a temporary password transferred to the CSP. The CSP confirming a match and transmitting the encrypted SSO password to the CD, the CD decrypting the encrypted SSO password and resetting the temporary password to the SSO password.

Disclosed are various embodiments for providing access to a recovery key of a managed device and rotating the recovery key after it has been accessed. In one example, among others, a system includes a computing device and program instructions. The program instructions can cause the computing device to store a first recovery key for a first managed computing device. The first recovery key is configured to access an encrypted data store of the first managed computing device. A request is received for the first recovery key from a second managed computing device. The first recovery key is transmitted for display on the second managed computing device. A key rotation command is generated for a command queue of the first managed computing device to rotate the first recovery key after transmitting the first recovery key. The second recovery key is received from the second computing device.

In one example, the present disclosure describes a device, computer-readable medium, and method for multi-phase protection of digital content. For instance, in one example, a method includes receiving a request for digital content from a client device, initiating a digital content protection process comprising a plurality of phases, where each phase of the plurality of phases includes verifying credentials provided by the client device, delivering a plurality of seeds to the client device, wherein each individual seed of the plurality of seeds is delivered to the client device upon a successful completion of one phase of the plurality of phases, encrypting the digital content, using an encryption key derived using the plurality of seeds, to generate encrypted content, and delivering the encrypted content to the client device.

A credential, such as a password, for an entity is used to generate multiple keys. The generated keys are distributed to credential verification systems to enable the credential verification systems to perform authentication operations. The keys are generated such that access to a generated key allows for authentication with a proper subset of the credential verification systems. Thus, unauthorized access to information used by one authentication system does not, by itself, allow for successful authentication with other authentication systems.

One embodiment provides a storage management system. During operation, the system identifies a data file of a user. The system obtains an encrypted client registry from a primary cloud provider in a plurality of cloud providers that provide cloud storage to the user and retrieves a key associated with a device of the user by decrypting the encrypted client registry using a hash of a password associated with the user. The system obtains credentials of the plurality of cloud providers by decrypting a locally stored cloud configuration using the key and generates a plurality of coded fragments from the data file based on a generator matrix of erasure encoding. The number of coded fragments is determined based on a number of the cloud providers associated with the user. The system selects a respective coded fragment for uploading to a corresponding cloud provider in the plurality of cloud providers.