A data file is encrypted with a file-specific encryption key and sent to a remote data storage system. The file-specific encryption key is encrypted with a master key. The encrypted file-specific encryption key and the master key are both stored remotely from the encrypted file and they are stored remotely from one another.

A method includes receiving, at an access point, an access request from a first device after an expiration of a first passcode. The access request is encrypted based on the first passcode. The method includes making a determination by the access point before an expiration of a usage time of a first passcode usage list that an identifier of the first device is included in the first passcode usage list. The method also includes, in response to making the determination, generating, at the access point, data representing a second passcode by encrypting the second passcode using the first passcode; and sending the data representing the second passcode from the access point to the first device.

A mobile device can establish a communication with a separate device via a single function action such as bringing the devices near to each other. A method can include establishing a communication between a mobile device and a separate device a via a wireless link, presenting an instruction associated with the potential purchase and receiving, after the instruction is displayed and interpreted by the mobile device, a single-function gesture which can be a security measure to prevent unauthorized purchase. The method includes retrieving the payment data from a memory of the mobile device and transmitting the payment data via the wireless link to the separate device to make a purchase.

Hardware Security Modules (HSMs) may be utilized to store master keys that are used to secure (e.g., wrap) encryption keys that are stored outside of the HSMs. The wrapping of the encryption keys may include using the master key to mask each of the plurality of encryption keys. The master keys are then stored within the HSMs and the wrapped encryption keys may be stored outside of the HSMs. Since the plurality of encryption keys are wrapped, the wrapped encryption keys may be stored outside of the HSMs with a reduced potential for the wrapped encryption keys to be misappropriated. As such, the plurality of encryption keys may be stored in systems that do not have as many security requirements, and thus, have more memory available. As such, the memory needed to store keys within the HSMs is reduced.

A system and method for enabling user session persistence between a native application and a mobile internet browser on a mobile device. The method includes authenticating a use of the native application and issuing an authentication token to the native application. The method also includes receiving from the native application the authentication token in connection with a destination address and obtaining first identifying data regarding the mobile device. The method further includes generating a key; associating the key, the authentication token, the destination address, and the first identifying data regarding the mobile device together in a database; encrypting the key to generate an encrypted key; and transmitting the encrypted key to the native application. The native application passes the encrypted key and the client key to the internet browser. The method includes receiving from the mobile internet browser the encrypted key; obtaining second identifying data in connection with the encrypted key received; decrypting the encrypted key to generate a decrypted key; locating the authentication token, the destination address, and the first identifying data within the database using the decrypted key; and confirming that the mobile internet browser is executing on the mobile device based at least in part on a comparison of the first identifying data and the second identifying data. If the mobile internet browser is confirmed, it is granted access to the destination address, which may include a feature implemented on a web application.

Example implementations relate to encrypting data objects. In an example, data objects of a file system instance contained by a security domain are encrypted using a Data Encryption Key that is specific to the security domain and is wrapped by a Key Encryption Key shared exclusively within a cluster. A backup of the file system instance is created on a backup node. The backup includes at least some of the encrypted data objects. The DEK is sent to the backup node. The backup node cannot decrypt the backup unless the backup node is a member of the cluster and has access to the KEK to unwrap the DEK.

In one embodiment, a method of secure network transmission is performed by a computer system. The method includes encrypting a payload via a first symmetric key and encrypting the first symmetric key via a second symmetric key. The method further includes encrypting an author header comprising the encrypted first symmetric key and a recipient list via a third symmetric key, wherein the recipient list comprises at least one recipient. The method also includes encrypting the third symmetric key via a public asymmetric key associated with an authentication server. Furthermore, the method includes transmitting the encrypted author header and the encrypted third symmetric key to the authentication server for use in recipient-initiated pre-access authentication. In addition, the method includes transmitting the encrypted payload and the second symmetric key over a computer network to the at least one recipient.

Methods in a cloud object store facilitate strong data encryption, customer-management of object (encryption) keys, reductions in latency, globally-distributed object storage, and handling of streamed uploads. A method for encrypting objects stored in a cloud includes encrypting each object with a unique encryption (object) key. The plaintext object keys are generated in advance of uploads. The plaintext object keys can be stored in an object database in the cloud. Alternatively, the plaintext object keys can be provided to a customer's HSM, encrypted, and returned to the cloud, such that encrypted object keys, encrypted by the customer, are stored in the cloud. The cloud can alternatively encrypt the customer's object keys with a master key for the customer, which is then encrypted by the customer's HSM before being stored in the cloud. Proxies are also deployed for efficiently communicating with customer security modules.

An electronic device and a method for managing an electronic key thereof are provided. The electronic device includes a wireless communication circuit, a hardware-based security element comprising circuitry configured to provide a timestamp, a processor operatively coupled with the communication circuit and the security element, and a memory operatively coupled with the processor. The memory stores instructions that when executed by the processor, control the electronic device to: launch an application related with an electronic key of a door lock, receive an input for using the electronic key to open the door lock through the application, determine the validity of credential information related with the input, based at least in part on the timestamp, and open the door lock based on the validity of the credential information.

Methods in a cloud object store facilitate strong data encryption, customer-management of object (encryption) keys, reductions in latency, globally-distributed object storage, and handling of streamed uploads. A method for encrypting objects stored in a cloud includes encrypting each object with a unique encryption (object) key. The plaintext object keys are generated in advance of uploads. The plaintext object keys can be stored in an object database in the cloud. Alternatively, the plaintext object keys can be provided to a customer's HSM, encrypted, and returned to the cloud, such that encrypted object keys, encrypted by the customer, are stored in the cloud. The cloud can alternatively encrypt the customer's object keys with a master key for the customer, which is then encrypted by the customer's HSM before being stored in the cloud. Proxies are also deployed for efficiently communicating with customer security modules.