Techniques to facilitate verification of in-situ network telemetry data of data packet of data traffic of packet-switched networks are described herein. A technique described herein includes a network node obtaining a data packet of data traffic of a packet-switched network. The data packet includes an in-situ network telemetry block. The network node obtains telemetry data and cryptographic key. The cryptographic key confidentially identifies the network node. The node encrypts at least a portion of the telemetry data based on the cryptographic key to produce signed telemetry data and updates telemetry-data entry of the in-situ network telemetry block. The telemetry data and signed telemetry data is inserted into the telemetry-data entry. The node forwards the data packet with the updated telemetry-data entry to another network node of the packet-switched network.

Disclosed are various embodiments for providing access to a recovery key of a managed device and rotating the recovery key after it has been accessed. In one example, among others, a system includes a computing device and program instructions. The program instructions can cause the computing device to authenticate a user on the computing device in order to unlock an operating system based on a first recovery key. A key rotation command can be received from the management service. The key rotation command can include an instruction to rotate the first recovery key. The computing device can generate a second recovery key and transmit the second recovery key to the management service.

Systems, apparatuses, and methods are disclosed for quantum entanglement authentication (QEA). An example method includes transmitting, a first electronic identification of a first subset of a first set of entangled quantum particles to a first computing device, transmitting, by the classical communications circuitry, a second number to a second computing device, wherein each entangled quantum particle in the first set of entangled quantum particles is entangled with a respective entangled quantum particle in a second set of entangled quantum particles, receiving, from the first computing device, a first number, the first number representative a measurement of the first subset of the first set of the entangled quantum particles, and in an instance in which the second number corresponds to the first number, authenticating a session between the first computing device and the second computing device.

A novel key management approach is provided for securing communication handoffs between an access terminal and two access points. An access terminal establishes a secure communication session with a first access point based on a first master session key based on a master transient key. The access terminal obtains a second access point identifier associated with a second access point and sends a message associated with a handoff to either the first access point or the second access point. The access terminal generates a second master session key based on at least the master transient key and the second access point identifier. The second master session key is used for secure communications with the second access point in connection with an intra-authenticator handoff from the first access point to the second access point. The access terminal then moves the secure communication session to the second access point.

A computer-implemented method for establishing a secure communication tunnel between a device and a server is provided. The method comprises the server receiving a session request from the device to establish a secure tunnel. A handshake procedure is carried out to set up an encryption/decryption key for the secure tunnel. The handshake procedure uses a first communication channel from the server to the device. The method also includes sending a component of the handshake procedure to the device via a second communication channel. This component is required by the device to continue the handshake procedure or to commencing use of the secure tunnel established by the handshake procedure.

Aspects of various embodiments are directed to applications utilizing secret keys for authentication and/or encrypted communication. In certain embodiments, authentication data is provided from a source network communication device to a target network communication device that allows a computing server to verify that the key migration has been is authorized by the source network communication device. The authentication data also enables the data provider and the target network communication device to independently determine a temporary key for establishing a secure communication channel between the service provider and the target network communication device and/or determine a new key for the target network communication device. In some implementations, the authentication data may be exchanged between the source and target network communication devices between offline without involvement of the computing server. When the target network communication device later connects to the computing server, the authentication data may be used to verify that the key migration is authorized and/or generate key(s).

Space-efficient methods of defining a key allocation scheme within a broadcast encryption system are provided. In some embodiments, a descriptor is received. The descriptor includes a plurality of subset definitions and a plurality of pointers. A data segment is resolved from each of the plurality of pointers. The resulting data segments are assembled into a plurality of variant definitions. A media key block is generated from the plurality of subset definitions and the plurality of variant definitions.

A device hosting a universal integrated circuit card (UICC or eUICC) initiates a provisioning call flow with an electronic subscriber identity module (eSIM) server. The purpose of the provisioning call flow is to perform a particular provisioning action or function. The eSIM server, the device and/or the eUICC maintain state information related to the provisioning call flow. The provisioning call flow includes generation of a one-time public key (otPK) at the eUICC. The provisioning call flow is interrupted by an error event before, for example, successful installation of a profile in the eUICC. A subsequent provisioning call flow is initiated. The eSIM server assists the eUICC to recover from the error event based on the state information of the eSIM server, the device and/or the eUICC. In some embodiments, the recovery and subsequent successful profile installation makes use of the otPK generated during the earlier provisioning call flow.

A storage network receives data and a corresponding task, selects a storage units for the task, determines whether the data slice is locally available and when the data slice is not locally available, determines whether a redundant data slice is available from another storage unit. When the redundant data slice is not available from another storage unit, the storage network facilitates rebuilding the data slice to produce a rebuilt data slice by retrieving a decode threshold number of data slices corresponding to the data slice, decoding the decode threshold number of data slices to reproduce a data segment and re-encoding the data segment to produce a pillar width number of data slices that includes the rebuilt data slice. The storage network then stores locally either the rebuilt data slice or the redundant data slice and processes one of: the data slice locally available, the rebuilt data slice stored locally, or the redundant data slice stored locally in accordance with the corresponding partial task to produce a partial result.

A method for generating cryptograms in a webservice environment includes: receiving, in a first environment of a computing system, a credential request transmitted by an external computing device using a secure communication protocol, the credential request including a transaction identifier and account identifier; transmitting, by the first environment, a data request to a second environment of the computing system, the data request including the account identifier; receiving, by the first environment, an account profile and session key from the second environment; transmitting, by the first environment, a cryptogram request to a third environment of the computing system, the cryptogram request including the account profile and session key; receiving, by the first environment, a cryptogram from the third environment generated using the account profile and session key; and transmitting, by the first environment, the cryptogram and transaction identifier to the external computing device via the secure communication protocol.