A method for qualifying a validator server used in zero-knowledge transactions including receiving hashed transactions between a prover client and a verifier server from the prover client and hashed transactions between the prover client and the verifier server, accessing the hashed transactions an enforcement node, analyzing the first and second pluralities of hashed transactions by the enforcement node, and qualifying or disqualifying the verifier server by the enforcement node responsive to analyzing the first and second pluralities of hashed transactions.

The disclosure relates to methods for establishing a secure communication link between a mobile station and a secondary base station in a mobile communication system. The disclosure is also providing mobile communication system for performing these methods, and computer readable media the instructions of which cause the mobile communication system to perform the methods described herein. Specifically, the disclosure suggests that in response to the detected or signaled potential security breach, the master base station increments a freshness counter for re-initializing the communication between the mobile station and the secondary base station; and the mobile station and the secondary base station re-initialize the communication there between. The re-initialization is performed under the control of the master base station and further includes deriving a same security key based on said incremented freshness counter, and establishing the secure communication link utilizing the same, derived security key.

One feature pertains to a method for secure wireless communication at an apparatus of a network. The method includes receiving a user equipment identifier identifying a user equipment and a cryptographic key from a wireless wide area network node, and using the cryptographic key as a pairwise master key (PMK). A PMK identifier (PKMID) is generated based on the PMK and the two are stored at the network. A PMK security association is initialized by associating the PMK with at least the PMKID and an access point identifier identifying an access point of the apparatus. An association request is received that includes a PMKID from the user equipment, and it's determined that the PMKID received from the user equipment matches the PMKID stored. A key exchange is initiated with the user equipment based on the PMK to establish a wireless local area network security association with the user equipment.

A capability for controlling access by a mobile device to venue-related items associated with a venue is presented. A server may be configured to detect a presence of the mobile device at the venue and send a venue token toward the mobile device based on detection of the presence of the mobile device at the venue, where the venue token includes an indication of a venue-related item that the mobile device is permitted to access independent of a location of the mobile device. A mobile device may be configured to receive a venue token based on a presence of the mobile device at the venue where the venue token includes an indication of a venue-related item that the mobile device is permitted to access independent of a location of the mobile device, and send a request for the venue-related item toward a server based on the venue token.

Embodiments of the invention relate to methods of generating and using an image-based derived key. In various embodiments, the image-based derived key may be used to facilitate user authentication and data encryption. For some embodiments, a method is disclosed comprising determining an image-based derived key, wherein the image-based derived key is generated from a selection of authentication images chosen by a user, encrypting data using the image-based derived key, and transmitting the encrypted data.

Methods, systems and devices for generating an authentication key are provided. Two or more communications devices can generate an authentication key by monitoring a physical stimulus that is experienced by both devices (e.g., a common physical stimulus). Each device can then use an identical, predetermined algorithm to generate a common authentication key based on the stimulus. The devices can use the common authentication key to establish a secure network.

A credential, such as a password, for an entity is used to generate multiple keys. The generated keys are distributed to credential verification systems to enable the credential verification systems to perform authentication operations. The keys are generated such that access to a generated key allows for authentication with a proper subset of the credential verification systems. Thus, unauthorized access to information used by one authentication system does not, by itself, allow for successful authentication with other authentication systems.

Method, device, and system for deriving keys are provided in the field of mobile communications technologies. The method for deriving keys may be used, for example, in a handover process of a User Equipment (UE) from an Evolved Universal Terrestrial Radio Access Network (EUTRAN) to a Universal Terrestrial Radio Access Network (UTRAN). If a failure occurred in a first handover, the method ensures that the key derived by a source Mobility Management Entity (MME) for a second handover process of the UE is different from the key derived for the first handover process of the UE. This is done by changing input parameters used in the key derivation, so as to prevent the situation in the prior art that once the key used on one Radio Network Controller (RNC) is obtained, the keys on other RNCs can be derived accordingly, thereby enhancing the network security.

The embodiments discussed herein relate to updating and encrypting passwords for one or more computing devices. The computing devices can be associated with a common user account. According to the embodiments discussed herein, the user the can update a password of the user account at one computing device, and log into another computing device using the updated password without having to provide the current password for the other computing device. The embodiments incorporate a variety of encryption and key generation methods in order to safely transmit password updates between local computing devices. Specifically, the embodiments set forth methods and apparatus for generating and storing breadcrumbs that allow for decrypting a current password of a computing device using a new password.

In the communications system, a user equipment UE accesses a core network via a first network-side device by using a first air interface and connects to the first network-side device via a second network-side device by using a second air interface to access the core network. The method includes: acquiring, by the network-side device, an input parameter; calculating, by the network-side device, an access stratum root key KeNB* according to the input parameter and an access stratum root key KeNB on the first air interface, or using, by the network-side device, the KeNB as the KeNB*; and generating, by the second network-side device, an access stratum key on the second air interface according to the KeNB*, or sending, by the first network-side device, the KeNB* to the second network-side devic.