A system and method for securely encrypting and booting a headless appliance. A method includes providing the headless appliance with content stored in a memory, wherein the content is encrypted with a key, and wherein the key is separately stored on a remote computing device; booting the headless appliance and loading a fallback configuration; in response to a user device connecting to the headless appliance, directing the user device to a captive portal and capturing credentials of a user; forwarding the credentials to the remote computing device for verification by an identity provider; in response to the credentials being verified as a non-administrator, granting access to a public network for the user; and in response to the credentials being verified as an administrator, obtaining the key from the remote computing device to decrypt the content to provide access to a private network for the user.

A session managing unit connects an interprocess communication between a server device and a client device, and receives a session start message (400) including the first server program identifier that identifies the first server program and the second server program identifier that identifies the second server program, from the client device. When the session start message (400) is received, the session managing unit connects an interprocess communication between a process of the first server program and a process of the second server program.

A device unlock application on a user device may interact with a server to automatically carrier unlock the user device. The server may receive a carrier unlock request for a user device. The server may determine one or more verifications to be performed based at least on a unlock scenario requested by the carrier unlock request. The server may perform the one or more verifications to determine whether the user device is eligible for a carrier unlock. The server may send a unlock command to the user device in response to determining that the user device is eligible for the carrier unlock. The unlock command may disable a comparison of a device carrier code of the user device to a subscriber identity module (SIM) carrier code stored in a SIM card of the user device.

The present disclosure discloses methods and systems for controlling a smart lock. The method may include establishing a secure connection with a network, obtaining security control information through the secure connection, obtaining an operation input; performing a security verification based on the security control information and the operation input, and performing a corresponding operation based on the operation input when the security verification is passed.

A method for generation of an application cryptogram for use in a payment transaction includes: storing, in a first memory, a single use key associated with a transaction account; electronically transmitting the single use key to a processing server; receiving an encrypted session key and a server encryption key from the processing server; executing a first query to store the encrypted session key in the first memory and a second query to store the server encryption key in a second memory; decrypting the encrypted session key using the server encryption key; generating an application cryptogram based on the decrypted session key; and electronically transmitting the generated application cryptogram for use in a payment transaction.

A method, apparatus, article of manufacture, and a memory structure for securely providing data for use by a hardware device of a receiver. The method utilizes a product provisioning key (PPV) held secure from other entities that can be unlocked and used with a secret value securely and unchangeably stored in the hardware device.

In a credential recovery process, a user is authenticated using an application running on a mobile communications device, and requests recovery of a credential. The application generates a session key encrypted with the public key of a gateway, and sends the encrypted key to the gateway. The gateway recovers the credential from a depository, encrypted using a symmetric key shared with the depository. The gateway decrypts the credential and re-encrypts the credential using the session key. Preferably, the decryption and re-encryption is performed within a hardware secure module within the gateway. The re-encrypted credential is sent to the application, which decrypts the credential and outputs it to the user. In this way, the credential is provided securely to the user and may be made available for use immediately, or nearly so.

Embodiments described herein provide enhanced computer- and network-based systems and methods for providing data security with respect to computing services, such as a digital transaction service (DTS). Example embodiments further provide a discovery service that enables nodes that are included in, or otherwise communicatively coupled to, the DTS to actively or passively “discover” roles and keys associated with the nodes. These node roles are associated with the various services provided by the DTS. A security module provides at least a portion of the security services.

A device may provide an upload request to upload a file. The device may receive, based on the upload request, a unique identifier associated with the device. The device may obtain a file key for encrypting the file and a security key for encrypting the file key. The security key may be obtained based on the unique identifier. The device may encrypt the file, using the file key, to create an encrypted file. The device may encrypt the file key, using the security key, to create an encrypted file key. The device may provide the encrypted file and the encrypted file key for storage by a storage device.

Key fob and vehicle control unit identifiers (IDs) are used for entity authentication or trust transfer to achieve a secured initial pairing. The key fob is capable of transmitting only (not receiving) and is paired with a control unit in a vehicle or with any other control device. Use of the key fob and control unit IDs prevents unauthorized pairing and access to the operation key (OpKey) that is later used for communications between the devices. Elliptical curve cryptography (ECC) is used for strong security and efficient implementation. In the pairing process, device IDs are used for entity authentication and public key cryptography is used for easy key management. Symmetric encryption is used for fast normal operation and to accommodate key fob addition or revocation after key fob loss.