Disclosed herein is an Internet of things (IoT) device which is capable of defending against an attack such as hacking while strengthening security of IoT by dynamically determining whether to operate as a master device in an IoT network, and, when the master device is determined, generating, distributing, and managing private keys of other IoT devices in the IoT network.

Systems and methods for securing objects in a computing environment. Objects are encrypted using keys that are also encrypted after encrypting the objects. In order to access the objects, a master key that is unknown to the service storing the objects and/or managing the keys is used to decrypt the keys so that the objects can be decrypted with the decrypted key. Thus, a key is needed to access the key needed to access the object. The master key is typically maintained separately from all of the encrypted objects and corresponding encrypted keys.

The disclosed technology for a hardware system to access a secure backend system uses non-volatile memory to hold encrypted secrets, volatile memory to hold decrypted secrets ready for use, a keys-for-all (K4A) server, and app servers running K4A clients. To access the backend system in production, each app server uses a decrypted secret and a certificate that identifies the app server and certifies its role and physical and logical location. At initialization of the app server, a K4A client is instantiated that launches and tracks processes, running on the app server, that are authorized to request decryption services. The K4A client responds to a decryption request from an authorized process, determined based on tracking of processes launched, by requesting decryption by a K4A server, using the certificate, and returns to the process, in volatile memory, a decrypted secret or a reference to the decrypted secret, decrypted by the K4A server.

A method of secure reception, in a card reader, of a piece of data entered into a terminal connected to the card reader. The method includes the following acts by the card reader: obtaining an encipherment reader key from the card reader; encrypting the encipherment reader key by using an authentic encipherment key shared between the card reader and an authentication server, delivering an encrypted reader key; sending the encrypted reader key to the authentication server for transmission of the reader key from the authentication server to the terminal; receiving an encrypted key sent by the authentication server, resulting from an encryption of a terminal key, obtained by the authentication server, by using the authentic key; and receiving encrypted data sent by the terminal, resulting from an encryption, by using at least the reader key and of the terminal key, of the at least one piece of data.

Data is received as part of an authentication procedure to identify a user. Such data characterizes a user-generated biometric sequence that is generated by the user interacting with at least one input device according to a desired biometric sequence. Thereafter, using the received data and at least one machine learning model trained using empirically derived historical data generated by a plurality of user-generated biometric sequences (e.g., historical user-generated biometric sequences according to the desired biometric sequence, etc.), the user is authenticated if an output of the at least one machine learning model is above a threshold. Data can be provided that characterizes the authenticating. Related apparatus, systems, techniques and articles are also described.

A failover system can receive active data from user devices running an application specific to a service entity providing an application service. For each user device, the active data can indicate a current status. The failover system can transmit restoration data to the user devices for storage to restore the current status of the user devices in the case of a failover event. When a failover event occurs, the failover system can recover the restoration data from a first user device to restore the current status of the application service for the first user device.

A computer-implemented method for securely retrieving data on a client device in a distributed environment is disclosed. The method comprises retrieving a key encryption key from a local storage, retrieving an encrypted private key associated with the key encryption key from the distributed environment, the encrypted private key being remotely stored in the distributed environment, decrypting the encrypted private key using the key encryption key, thereby generating a private key, retrieving encrypted data from the distributed environment, the encrypted data being remotely stored in the distributed environment, and decrypting the encrypted data using the private key. A respective client device, a method for securely providing data in the distributed environment, and a distributed environment are disclosed.

Systems and methods for tamper-proof detection triggering of automatic lockdown using a recoverable encryption mechanism issued from a secure escrow service. In an illustrative, non-limiting embodiment, an Information Handling System (IHS) may include: a processor; a secure storage device coupled to the processor, wherein the secure storage device comprises a container encrypted with a derived container key; and a memory coupled to the processor, the memory including program instructions stored thereon that, upon execution, cause the IHS to: receive a digital certificate from a remote server, wherein the digital certificate includes a public key and, in response to a detection of a tampering event, encrypt the derived container key using the public key.

A vehicle includes a controller. The controller is configured to send a nonce encrypted according to a symmetric encryption key. The nonce is sent responsive to receiving a pair request over a personal area network from a nomadic device outside the vehicle. The controller is further configured to initialize a secure connection using a random key and permit vehicle access according to data received via the secure connection. The initialization is responsive to receiving a concatenation of the random key and an incrementation of the nonce encrypted with the symmetric encryption key.

In one example, a control node can receive a job request from a client device to perform a job using a computing environment, where the job request includes first secure information and second secure information. The control node can authenticate the user by validating the second secure information using a first secret key. The control node can then obtain access to a job-execution service of a server node within the computing environment using the first secure information. For example, the control node can use the first secure information to obtain third secure information that is specific to the server node, and then transmit the third secure information to the server node. The server node can validate the third secure information and responsively authorize the control node to access the job-execution service. The control node can then initiate execution of the job on the server node on behalf of the user.