A device can include a memory storing user payment data and another memory device storing instructions that cause the device to establish a communication between a separate device and the system based on a gesture associated with the system and via a wireless link between the system and the separate device, the communication being associated with a potential purchase, present, on the display, an instruction associated with the potential purchase, receive a single-interaction from the user of the system to confirm a payment for the potential purchase, the single-interaction including a security measure to prevent unauthorized purchases, retrieve, based on the single-interaction from the user, the user payment data from the memory and transmit the user payment data via the wireless link to the separate device to make a purchase.

Embodiments disclosed herein relate to cryptology, and more particularly to secure sharing of data objects stored in the at least one cloud device between two user devices using the PRE. Embodiments herein disclose methods and systems for enabling a first user device to subscribe with a key server for uploading encrypted data object to at least one cloud device using the PRE. Embodiments herein disclose methods and systems for allowing the first user device to share the encrypted data object stored in the at least one cloud device with a second user through the key server using the PRE.

This application describes systems and methods for using a garbled circuit and a physical unclonable function (PUF) value to authenticate a device. During enrollment, the device and at least one computer collaboratively construct multiple garbled circuits corresponding to bits of an enrollment PUF value generated by PUF circuitry coupled to the device. During authentication, the device and at least one computer evaluate the multiple garbled circuits using an authentication PUF value. Using the results of this evaluation, the at least one computer compares the enrollment PUF value with the authentication PUF value and determines a distance between them. The at least one computer may authenticate the device when the calculated distance is less than a threshold value.

The invention provides a system for encryptedly storing product data of a product having an attached tag centrally on a product data server, and reading out the centrally stored product data by production stations which are to process the product. The product data are encrypted with a document key which in turn is encrypted with a public key of the tag. The tag contains access information for the centrally stored product data. When a production station accesses product data on the product data server, the tag carries out a re-encryption of the document key from the key system of the tag to that of the accessing production station.

Techniques to facilitate protecting control data used in an industrial automation environment are disclosed herein. In at least one implementation, an encryption key pair is generated for an industrial controller, wherein the encryption key pair comprises a public key and a private key. The private key is stored within a secure storage system of the industrial controller. Controller program content is then encrypted using the public key to generate encrypted controller content. The encrypted controller content is then provided to the industrial controller, and the industrial controller is configured to decrypt the encrypted controller content using the private key and execute the controller program content.

An HSM cluster includes a set of hardware security modules that maintain a set of cryptographic keys that are synchronized across the HSM cluster. Individual applications running on client computer systems access the HSM cluster using HSM duster clients running on the client computer systems. The HSMs are accessed via a set of HSM cluster servers that monitor the synchronization of the cryptographic keys. Synchronization of the HSMs is maintained by the HSM cluster clients. If the HSM cluster loses synchronization, an HSM cluster client resynchronizes the HSM cluster by acquiring a list of keys and key versions stored on each HSM, and generating an update map. Using the update map, the HSM client obtains, form various HSM in the HSM cluster, the latest versions of the out-of-date keys in an encrypted form. The HSM cluster client assembles and distributes updates to each HSM in the HSM cluster.

An electronic unlocking system includes an electronic lock and an electronic key. The electronic key includes processing circuitry and transmission circuitry. The processing circuitry is configured to obtain at least one piece of feature data when an unlock operation is triggered. The at least one piece of feature data includes data representing a user that triggers the unlock operation. The processing circuitry is configured to encrypt the obtained at least one piece of feature data to obtain encrypted data. The transmission circuitry is configured to send the encrypted data to the electronic lock to cause the electronic lock to execute the unlock operation.

Methods, systems, and computer-readable media are directed towards receiving, at an untrusted component, a query for a data store. The query includes a plurality of data operations. The data store is accessible by the untrusted component. A first proper subset of data operations is determined from the plurality of data operations that do not access sensitive data within the data store. A second proper subset of data operations is determined from the plurality of data operations that access sensitive data within the data store. The first proper subset of data operations is executed, at the untrusted component, to create first results. The second proper subset of data operations is sent to a trusted component for execution. Second results based on the sending the second proper subset of data operations are received from the trusted component. Results to the query are returned based on the first results and the second results.

An apparatus, computer program, and method are afforded for providing a peer-to-peer security protocol. In operation, a message is identified that is directed from a first peer device to a second peer device. Further, the message is copied, so that a copy of the message is caused to be sent to an auditing server.

A method is performed at a client device distinct from an application server. In the method, a first key is stored in a secure store of the client device. A wrapped second key is received from the application server. The first key is retrieved from the secure store and used to unwrap the second key. Encrypted media content and a media control command to control playback of the media content is received from the application server. The content is decrypted using the unwrapped second key, and decoded for playback. During playback of the media content, a play position of the decrypted media content is transmitted to the application server and the decrypted media content is transmitted to a display device that is coupled to the client device. The decrypted media content is displayed in accordance with the received media control command.