A technique for providing access to protected resources uses personal authentication tags (PATs) and enforces a requirement that a workstation sending an authentication request be trusted by a server that receives the request. Accordingly, the server allows an authentication request to proceed only when the request is received from a workstation having a trust relationship with the server. Otherwise, the server denies the authentication request. By restricting PAT-type authentication requests to trusted workstations, risks posed by malicious users are greatly reduced.

Embodiments include a storage device, comprising: a communication interface; data storage media; key storage media; and control logic configured to: receive a first key associated with a second key through the communication interface; store the first key in the key storage media; and restrict access through the communication interface to data stored in the data storage media using at least one of the first key and the second key.

A mobile device can establish a communication with a separate device via a single function action such as bringing the devices near to each other. A method can include establishing a communication between a mobile device and a separate device a via a wireless link, presenting an instruction associated with the potential purchase and receiving, after the instruction is displayed and interpreted by the mobile device, a single-function gesture which can be a security measure to prevent unauthorized purchase. The method includes retrieving the payment data from a memory of the mobile device and transmitting the payment data via the wireless link to the separate device to make a purchase.

The embodiments herein relate to encryption and decryption of media data transmitted between an Unmanned Aerial Vehicle (UAV) and a ground controlling base, when recording and playing back the media data by combining symmetric and asymmetric cryptography.

A key management system includes a managed system coupled to a management system through a network. The managed system includes managed device locking subsystem(s) coupled to a managed device and a key storage. The managed device locking subsystem(s) retrieve, through the network from the management system, a managed device locking key that is configured to unlock the managed device. The managed device locking subsystem(s) then encrypt the managed device locking key to provide an encrypted managed device locking key, and store the encrypted managed device locking key in the key storage. Subsequent to storing the encrypted managed device locking key, the managed device locking subsystem(s) retrieve the encrypted managed device locking key from the key storage, and decrypt the encrypted managed device locking key to provide a decrypted managed device locking key. The managed device locking subsystem(s) then use the decrypted managed device locking key to unlock the managed device.

Techniques are disclosed relating to generating authentication information independent of user input. In some embodiments, an authentication application repeatedly performs operations to authenticate a client application to one or more hosts of a server system during an automated tasks. In some such embodiments, an instance of the operations includes receiving, from the client application, a request to generate authentication information. In response to the request, the authentication application may retrieve authentication data for the user and, independent of user input, generate an item of authentication information based on the authentication data. The authentication application may then output the item of authentication information to the client application, where the item of authentication information is usable by the client application to authenticate to at least one of the one or more hosts.

An electronic device and method for providing vehicle information based on personal authentication and vehicle authentication are disclosed. According to various example embodiments, an electronic device includes a communication module comprising communication circuitry configured to communicate with a vehicle device and a first server and a processor electrically connected with the communication module, in which the processor is configured to receive an encrypted session key set including at least one session key from the first server, to transmit the encrypted session key set to the vehicle device, receive, from the vehicle device, second vehicle information in which first vehicle information of the vehicle device is encrypted using a first session key of the at least one session key and is signed using a secret key of the vehicle device, and to transmit, to the first server, third vehicle information in which the received second vehicle information is signed using a secret key of a user.

This disclosure includes techniques for using multiple cryptographic certificates for a secure connection. One embodiment is a method including: receiving by a client N public encryption keys over a network from a server, wherein N is an integer greater than 1; generating N session keys in response to receiving the N public encryption keys; encrypting each of the N session keys with a respective one of the N public encryption keys; subsequent to encrypting each of the N session keys, sending the N session keys encrypted over the network to the server; encrypting, with a first one of the N session keys, a first portion of a payload associated with a first message; encrypting, with a second one of the N session keys, a second portion of the payload associated with the first message; and sending the first message, comprising the payload encrypted, to the server from the client.

A data management method includes decrypting the first encryption key using the second encryption in response to receiving the first encryption key, decrypting the data by using the first encryption key in response to receiving the data encrypted with the first encryption key, and encrypting the data with the third encryption key and transmitting the data externally.

Generally described, one or more aspects of the present application correspond to techniques for creating encrypted block store volumes of data from unencrypted object storage snapshots of the volumes. These encryption techniques use a special pool of servers for performing the encryption. These encryption servers are not accessible to users, and they perform encryption and pass encrypted volumes to other block store servers for user access. The encryption context for the volumes can be persisted on the encryption severs for as long as needed for encryption and not shared with the user-facing servers in order to prevent user access to encryption context.