A system includes a secure payload generator and a payload warehouse. The secure payload generator receives a payload, which includes a private key and a corresponding public key. For example, the private key may include information for decrypting a message encrypted with the public key. An encryption vector is determined based at least in part on the public key. The private key is encrypted using the determined encryption vector. The encrypted private key and the corresponding public key are provided to the payload warehouse. The payload warehouse stores the encrypted private key and the corresponding public key as a secured payload.

Example embodiments of systems and methods for application verification are provided. An application may generate a cryptographic key, and encrypt the cryptographic key with a predefined public key. A server, in data communication with the application, may include a predefined private key. The application may transmit the cryptographic key to the server. The server may receive, from the application, the cryptographic key; decrypt the cryptographic key using the predefined private key; encrypt an authorization token using the decrypted key; and transmit, to the client application, the authorization token via an out-of-band channel. The application may receive, from the server, the authorization token via the out-of-band channel; and decrypt the authorization token to obtain access to one or more services associated with the server.

The disclosure includes novel encryption and/or decryption methods and systems that provide various security benefits. More specifically, the disclosure includes a description of a file encryption process and its ability to dynamically control permissions on who is allowed to decrypt the file. Moreover, the disclosed process permits an encrypted file to be freely distributed without losing the ability to govern/regulate decryption.

A set of hardware security modules (HSMs) in a database system may implement a key management system with a database storing encryption keys or other secrets. The set of HSMs may identify a first key encryption key (KEK) and a second KEK stored in the set of HSMs. The set of HSMs may retrieve, from the database, a set of encryption keys encrypted by the first KEK and decrypt each encryption key of the set of encryption keys using the first KEK. The set of HSMs may re-encrypt each encryption key of the set of encryption keys with the second KEK and transmit, to the database, the set of encrypted encryption keys encrypted by the second KEK for storage. Then, the set of HSMs may delete the first KEK from the set of HSMs.

Control systems and methods for securely loading software in a power control system. In some examples, the control system includes a computing device and a plurality of security modules. The computing device may obtain and divide an executable image into a plurality of images. The computing device may generate a control hash as a function of the plurality of images, and record the control hash. The computing device may store each of the plurality of images in a plurality of security modules. At boot up, the computing device may load, from each security module, the stored image, and store each image to a memory device. The computing device may generate a hash based on the stored images, and compare the generated hash to the recorded control hash. Based on the comparison, the computing device may allow execution of the executable image.

A server receives a piece of data for encryption. The server encrypts the piece of data such that no single key can decrypt the encrypted piece of data and any combination of a first multiple of unique keys taken a second multiple at a time are capable of decrypting the encrypted piece of data. Each of the first multiple of unique keys is tied to account credentials of a different user. The second multiple is less than or equal to the first multiple. The encrypted piece of data is returned.

Examples of the present disclosure describe systems and methods relating to user-session management in a zero-knowledge environment. When a user authenticates with a computing service to begin a session, a credential-cipher key is used to encrypt the user's authentication credentials, thereby generating session-resume data. The computing service stores the credential-cipher key, such that it is not retained by the user's computing device. Accordingly, when the user resumes the session, a resume request is generated to retrieve the credential-cipher key from the computing service, wherein the request is validated before providing the key. Upon successful validation, the computing service provides the credential-cipher key, which is then used to decrypt the session-resume data and regain access to the user's authentication credentials. The encrypted user data may then be decrypted, thereby obviating the need for the user to re-authenticate, while still retaining the privacy and security benefits of the zero-knowledge environment.

A communication system using a random code as an encryption code is disclosed. A first terminal transfers a request to the second terminal for providing a random code (rKey). The random code is used to encrypt commands in the proceeding communication process instead of using a master key (mKey) so as to avoid that the master key (mKey) is captured. The safety in data transmission is promoted greatly. In practical use, the encryption way can be used to a door access system which includes a mobile phone, a card reader, a door access controller, and a server program (such as ACX server program). The communication system using a random code as an encryption code assures that the communications between these devices are highly safe.

This application discloses a method of provisioning an electronic device. The electronic device establishes a communication link with a client device that can obtain network credentials for accessing a secure wireless network. The network credentials is configured to enable the electronic device to independently access the secure wireless network. The client device encrypts at least a portion of the network credentials using a password key provided by a remote server. The password key is based on a secret not known to the client device, and the secret is associated with the electronic device at the remote server. The client device sends the encrypted network credentials to the electronic device over the established communication link, thereby allowing the electronic device to recover the network credentials based on the secret and access the secure wireless network using the network credentials.

A method includes receiving, at an access point, an access request from a first device after an expiration of a first passcode. The access request is encrypted based on the first passcode. The method includes making a determination by the access point before an expiration of a usage time of a first passcode usage list that an identifier of the first device is included in the first passcode usage list. The method also includes, in response to making the determination, generating, at the access point, data representing a second passcode by encrypting the second passcode using the first passcode; and sending the data representing the second passcode from the access point to the first device.