A method for secret sharing utilizing multiple features of an input includes: receiving a registration input; obtaining features from the registration input; generating a secret key and a plurality of shared keys according to a shared secret scheme; associating each of the plurality of shared keys with a respective feature of the registration input; generating a plurality of additional features associated with additional keys having a similar format as a shared key associated with a respective feature; storing the plurality of shared keys associated with respective features together with the plurality of additional keys associated with additional features; and encrypting an element to be protected by the secret key using the secret key.

A method and system for communicating between a managed device and a device manager is provided by sending the managed device a message over a first communications channel, and then initiating communication between the managed device and the device manager over a second communications channel in response to the message, wherein the first communications channel and the second communications channel are of different types.

An example communications apparatus includes a plurality of communicatively-interconnected communication domains and an electronic switch, integrated as part of a first domain of the plurality of communicatively-interconnected communications domains. The electronic switch effects secure communications of data over the one or more channels specific to the first domain, by using a first circuit and a second circuit. The first circuit is used to obtain and process sampled channel properties associated with the one or more channels specific to the first domain. The second circuit is used to generate, in response to the first circuit, a domain-specific code that is generated pseudo-randomly using the processed sampled channel properties, the domain-specific code being used for coding data conveyed over the one or more channels specific to the first domain.

A challenge/response authentication procedure determines whether a response is a correct response, a unique incorrect response, or a non-unique incorrect response, the unique incorrect response and non-unique incorrect response being differentiated by comparing the response value with a store of unique incorrect response values. For the correct response, client access to protected computer system resources is allowed, and the challenge value is discarded so as not to be used again. For the unique incorrect response, (1) when a predetermined limit of unique incorrect responses has not been reached, then the response value is added to the store of unique incorrect response values and the process is repeated with reuse of the challenge value, and (2) when the predetermined limit has been reached, then the client is locked out. For the non-unique incorrect response, the process is repeated with reuse of the challenge value.

Examples described herein relate to systems, apparatuses, methods, and non-transitory computer-readable medium for a key management server to manage encryption for data stored by a cloud provider server, including receiving a request for a drop key corresponding to a cipher drop. The raindrop includes at least the cipher drop. The cipher drop is a unit of data stored by the cloud provider server. The request includes at least a hash drop and a drop identifier. The hash drop is a hash of cleartext data associated with the cipher drop and the drop identifier uniquely identifies the cipher drop. The drop key is generated based on at least the hash drop and the drop identifier. The drop key is encrypted. A response including the encrypted drop key is sent to the cloud provider server.

Provided is a method for securely exchanging information during application startup. A processor may send a request for a passphrase to one or more remote devices using a first out-of-band message. The processor may receive, from at least one of the remote devices, a response that includes the passphrase. The response may be a second out-of-band message. The processor may decrypt application startup data that is stored in a first configuration file for the application using the received passphrase. The application startup data may be necessary for the application to execute. The processor may then execute the application using the decrypted application startup data.

Embodiments of the present invention disclose a key processing method in dual connectivity mode and a device, which ensure communication security of UE in dual connectivity mode. The method according to the embodiments of the present invention includes: of a first base station and a second base station that have a communication connection to a terminal each, receiving, by the second base station, first request information sent by the first base station, where the first request information is used to request the second base station to generate a key used for communication with the terminal, and generating, by the second base station based on a security key carried in the first request information, the key used for communication with the terminal.

According to one embodiment, an information recording device includes a memory and a controller. The memory includes a secret recording section. The secret recording section includes a first area and a second area. The controller is configured to control the memory. The controller is configured to permit access to the first area in a case where a first authentication process related to the secret recording section is performed and configured to permit access to the second area in a case where a second authentication process related to the secret recording section is performed.

Aspects of the disclosure relate to token-based authentication mechanism. A computing device may receive information, determined by one or more sensors systems, corresponding to a user. The user information may comprise user biological information as measured by the one or more sensor systems. The computing device may generate a token based on the received user information. The computing device may store the generated token, in a memory associated with the computing device. The computing device may transmit the token to a user token device corresponding to the user. The user token device may be used to authenticate the user.

Example embodiments of systems and methods for data transmission system between transmitting and receiving devices are provided. In an embodiment, each of the transmitting and receiving devices can contain a master key. The transmitting device can generate a diversified key using the master key, protect a counter value and encrypt data prior to transmitting to the receiving device, which can generate the diversified key based on the master key and can decrypt the data and validate the protected counter value using the diversified key.