A method including determining, by a first device for a folder associated with encrypted content, a folder access key pair including a folder access public key and a folder access private key; determining, by the first device for a group, a group access key pair including a group access public key and a group access private key; encrypting, by the first device, the folder access private key by utilizing the group access public key; and accessing, by a second device, the folder via the group based at least in part on decrypting the folder access private key, the second device being different than the first device. Various other aspects are contemplated.

Disclosed herein are various embodiments an SQL extension to source server operations for a key transfer system with authenticity, confidentiality, and integrity. An embodiment operates by receiving, at a source database server, a target public key generated by a target database server. At the source database server, a key pair including both a source public key and a source private key are generated. The source secret is encrypted as an encrypted secret using the received target public key generated by the target database. A digital signature is generated from the encrypted secret using the source private key. The digital signature, source public key, and encrypted secret are provided to the target database, wherein the target database is configured to verify the digital signature, and use the source public key to decrypt the encrypted secret, and access the encrypted data using the source secret.

Disclosed is a zero-knowledge distributed application configured to securely share information among groups of users having various roles, such as doctors and patients. Confidential information may be encrypted client-side, with private keys that reside solely client side. Encrypted collections of data may be uploaded to, and hosted by, a server that does not have access to keys suitable to decrypt the data. Other users may retrieve encrypted data from the server and decrypt some or all of the data with keys suitable to gain access to at least part of the encrypted data. The system includes a key hierarchy with multiple entry points to a top layer by which access is selectively granted to various users and keys may be recovered.

A networked device communication system can configure network devices (e.g., a primary and secondary database) to send and receive sequences of messages, such as replicated data, using one or more keypairs and wrapping keys. The sequences of messages can include an initial set of messages that are encrypted by a wrapping key, and further include another set of messages that are encrypted by a replaced staggered key. The sequence of messages can be configured to be decrypted without exporting keys of hardware security modules.

A system and method for providing payments is disclosed. A method can include establishing a wireless link between a mobile device and a merchant device. After an instruction is displayed on the mobile device, a combination of a first type of input and a second type of input are received on the mobile device, first type of input including at least one button press of a physical button and the second type of input received from a user to confirm a payment for the purchase. Based on the inputs, payment data is retrieved from a memory of the mobile device. The method includes receiving the payment data at the merchant device to make the purchase, wherein receiving the payment data, via the wireless link, at the merchant device to make the purchase is performed according to a protocol for communicating the payment data to the merchant device.

The disclosure provides a key generation method and apparatus. The key generation method comprises: encrypting a first key factor generated by a first device with an initial key, and sending the encrypted first key factor to a second device through a first secure channel, wherein the initial key is a key preset for the first device and the second device; receiving, through the first secure channel, a second key factor encrypted with the initial key, wherein the second key factor is generated by the second device; decrypting the second key factor encrypted with the initial key and received through the first secure channel, so as to obtain the second key factor; and generating a shared key between the first device and the second device according to the first key factor and the second key factor. According to the disclosed embodiments, a gateway device is unable to acquire a shared key negotiated between a first device and a second device, ensuring the security of data transmitted there between, and further reducing the risk of data being illegally captured during transmission.

Systems, devices, media, and methods are presented for device independent secure messaging. The systems and methods generate an encrypted message by encrypting message content, designated for a specified recipient, with an encryption key. The systems and methods select a set of recipient keys, associated with the specified recipient, from a plurality of member keys. For each recipient key, the systems and methods encrypt the encryption key to generate a set of encrypted keys and transmit the encrypted message and an encrypted key of the set of encrypted keys to one or more client devices associated with the specified recipient. The systems and methods then receive an acknowledgement indicating a termination status of the encrypted message.

A client-server architecture for a control system of a technical installation, wherein the client-server architecture includes at least one first device formed as a client and at least one second device that formed as a server assigned to the client, where the client is configured to establish contact with the server, and is configured to execute a code received from the server, communication from the client to the control system exists via the server which is configured to detect whether the code, which the client executes, corresponds to the code that the client received from the server, and where the server, in the event of the code not corresponding, is further configured to interrupt the execution of the code by the client and lock the client out of communication with the control system.

Methods, apparatus, systems and articles of manufacture manage credentials in hyper-converged infrastructure s are disclosed. An example method includes establishing, by executing an instruction with at least one processor, a communication between a software defined data center manager of the hyper-converged infrastructure and a component of the hyper-converged infrastructure using first credentials included in a known hosts file. The example method also includes generating, by executing an instruction with the at least one processor, second credentials at the component in response to a power-on event detected by the software defined data center manager. The example method also includes recording, by executing an instruction with the at least one processor, the second credentials at the known host file.

A distributed messaging system to aggregate particular types of messages regarding a client from customers of said client and for generating response and informational messages to the customers is provided. The system comprises one or more processors executing computer instructions and one or more non-transitory computer readable media with computer executable instructions stored thereon executed by the one or more processors to provide the method. The system receives and securely stores client account credentials of the client for a group of client determined user accounts comprising predetermined ones of social media and email accounts of the client. The system utilizes the client account credentials to access the user accounts; capturing all customer messages received at the user accounts. The system filters all the captured messages for predetermined keywords, aggregates the filtered customer messages in a database, and determines severity, trust and validity of the filtered customer messages.