A networked device communication system can configure network devices (e.g., a primary and secondary database) to send and receive sequences of messages, such as replicated data, using one or more keypairs and wrapping keys. The sequences of messages can include an initial set of messages that are encrypted by a wrapping key, and further include another set of messages that are encrypted by a replaced staggered key. The sequence of messages can be configured to be decrypted without exporting keys of hardware security modules.

An access control system and methods according to at least one embodiment leverage wireless access credentials to allow a user to securely gain access to a secured area using his or her mobile device. As such, a credentialed mobile device may permit access to the secured area without requiring a real-time connection to a credential management system and/or an administrative system.

The present disclosure discloses methods and systems for controlling a smart lock. The method may include establishing a secure connection with a network, obtaining security control information through the secure connection, obtaining an operation input; performing a security verification based on the security control information and the operation input, and performing a corresponding operation based on the operation input when the security verification is passed.

One disclosed example method includes obtaining a meeting cryptographic key; transmitting, from a client device to a video conference provider, a request to initiate an encrypted video conference, the encrypted video conference including a plurality of participants; distributing the meeting cryptographic key to each participant of the plurality of participants; obtaining a public cryptographic key of a key pair, the key pair including the public cryptographic key and a private cryptographic key; encrypting the meeting cryptographic key using the public cryptographic key; transmitting, from the client device to the video conference provider, a request to record the video conference; encrypting audio and video from a microphone and image sensor of the client device using the meeting cryptographic key; transmitting the encrypted audio and video to the video conference provider; and providing the encrypted meeting cryptographic key to the video conference provider.

The present application relates to a method and apparatus for intelligent wireless protocol optimization including storing, in a memory, a first customer key and a second customer key, receiving, by a processor, a secret key, decrypting, by the processor, the secret key using a first customer key to extract a master key, provisioning, by the processor, an electronic control unit in response to the master key, and deleting, by the processor, the second customer key in response to the provisioning of electronic control unit in response to the master key.

A method of generating a biometric electronic signature authenticated key exchange (“BESAKE”) token. The method begins when a biometric sample captured from a signing party is received. A secret knowledge factor is received. An encryption key is generated using the secret knowledge factor as an input to a password authenticated key exchange protocol. The biometric sample is encrypted with the encryption key. The BESAKE token is generated and includes the encrypted biometric sample and a signing party identifier associated with the secret knowledge factor. The BESAKE token can be verified using a decryption key generated using a stored knowledge factor as an input to the password authenticated key exchange protocol. The secret knowledge factor is retrieved based on the signing party identifier. The identity of the signing party can be authenticated by decrypting the biometric sample from the BESAKE token using the decryption key and matching the decrypted biometric sample.

Rekeying in a storage system, including: receiving a request to rekey a first storage location of a storage system, wherein the first storage location is associated with a first cryptographic key; acknowledging completion of the request to rekey the first storage location without re-encrypting data stored at the first storage location of the storage system; and mapping a second cryptographic key identified by the request to rekey to the first storage location of the storage system.

Disclosed are systems, methods, and non-transitory computer-readable media for verification push notifications provided through a web-browser application. An authentication system provides a web-client Software Development Kit (SDK) to enable verification push notifications through a client-side application. Some client-side applications, such as web-browser applications (e.g., Chrome, Firefox, etc.) may not support certain features to provide for secure storage of data and encryption keys that are used to provide for verification push notifications. For example, some client-side applications may utilize a local storage that stores data in plain text that can be easily accessed and read, thereby presenting a security threat. The web-client SDK provided by the authentication system provides for secure storage of data and encryption keys to enable a client-side application to securely provide verification push notifications.

The invention is directed toward systems, methods and computer program products that enable end to end user authentication along with encryption to mitigate the risks posed by untrusted or unsecure intermediary entities. The invention (i) enables full end to end encryption of sensitive data that has been input by a user on a terminal device at one end, and the intended or authorized recipient at the other end, (ii) ensures that data entered by the user on the terminal device is not readable by any intermediary entity including a partner application or other software application implemented within the terminal device, and (iii) eliminates the risk of successful local attacks on the terminal device to unauthorizedly access user data, or to unauthorizedly obtain access to encryption/decryption keys that can be used to unauthorizedly access encrypted user data.

Techniques are disclosed for managing encrypted storage resources based on key-metadata. The per-key key-metadata is stored in a key management system/server (KMS) along with respective cryptographic keys. The cryptographic keys in the KMS may be data keys or wrapping keys for the data keys. The management of the storage resources is provided via a central console which is a user interface of a console server in authenticated communication with the KMS. The key-metadata associates cryptographic keys to their respective encrypted storage resources. This association is used by the console server to drive the console. The console allows an admin to view/list all encrypted storage resources and related cryptographic objects including keys and digital certificates, as well as to perform various administrative/management functions on them.