The disclosure provides a key generation method and apparatus. The key generation method comprises: encrypting a first key factor generated by a first device with an initial key, and sending the encrypted first key factor to a second device through a first secure channel, wherein the initial key is a key preset for the first device and the second device; receiving, through the first secure channel, a second key factor encrypted with the initial key, wherein the second key factor is generated by the second device; decrypting the second key factor encrypted with the initial key and received through the first secure channel, so as to obtain the second key factor; and generating a shared key between the first device and the second device according to the first key factor and the second key factor. According to the disclosed embodiments, a gateway device is unable to acquire a shared key negotiated between a first device and a second device, ensuring the security of data transmitted there between, and further reducing the risk of data being illegally captured during transmission.

A data exchange guide device and an execution method thereof provided in the present disclosure are characterized that a processing program, which is executed by an electronic device connected with a connection interface, is able to read private key information, access a tabulation of remote shared data from an existing network available to the electronic device, and display the tabulation on a graphic user interface. Furthermore, a data exchange guide device and an execution method thereof provided in the present disclosure are also characterized that a processing program, which is executed by an electronic device connected with the connection interface and a virtual network card, is able to read private key information, access a tabulation of remote shared data from the virtual network card, and display the tabulation on a graphic user interface.

A secret cryptographic key is stored in a protected state. While in the protected state, the secret cryptographic key is encrypted with a plurality of cryptographic keys, each of which is used to re-create the plaintext version of the secret cryptographic key. A service operated by an online service provider creates an isolated network environment containing a bastion computer system in communication with an HSM. After establishing the isolated network environment, the online service provider provides a service provider key to the HSM. An HSM key is present on the HSM, and an administrator key is provided by one or more key administrators. Using the HSM key, the service provider key, and the administrator key, the HSM performs cryptographic operations using the secret cryptographic key. When complete, the isolated network environment is deconstructed and the secret cryptographic key is returned to online storage in a protected state.

A device can include a memory storing user payment data and another memory device storing instructions that cause the device to establish a communication between a separate device and the system based on a gesture associated with the system and via a wireless link between the system and the separate device, the communication being associated with a potential purchase, present, on the display, an instruction associated with the potential purchase, receive a single-interaction from the user of the system to confirm a payment for the potential purchase, the single-interaction including a security measure to prevent unauthorized purchases, retrieve, based on the single-interaction from the user, the user payment data from the memory and transmit the user payment data via the wireless link to the separate device to make a purchase.

Securing at rest data on a cloud hosted server includes, for each cloud hosted instance of a computer program, creating a key encrypted key (KEK) using a unique customer master key (CMK) corresponding to the instance, but only an encrypted form of the KEK is persisted in a database for the corresponding instance whereas the unencrypted KEK is retained in memory of the encryption process only. Thereafter, in response to a request to persist data by a corresponding instance of the computer program, a data key (DK) is randomly generated and encrypted with the KEK in memory for the corresponding instance. The data itself also is encrypted with the DK and an envelope with the encrypted DK and the encrypted data returned to the requestor, thus ensuring that the data and the encryption keys are never moved or persisted in an un-encrypted form.

A server receives a piece of data for encryption. The server encrypts the piece of data such that no single key can decrypt the encrypted piece of data and any combination of a first multiple of unique keys taken a second multiple at a time are capable of decrypting the encrypted piece of data. Each of the first multiple of unique keys is tied to account credentials of a different user. The second multiple is less than or equal to the first multiple. The encrypted piece of data is returned.

A system (100) for providing a user device (102) access to a resource or data is disclosed. The system (100) comprises: the user device (102) comprising: a light detector (104) configured to detect light (130) emitted by a light source (122), which light (130) comprises an embedded code comprising a light source identifier of the light source (122), a communication unit (108) configured to communicate with a network device (112), a processor (106) configured to retrieve the light source identifier from the light (130), and to communicate the light source identifier to the network device (112). The system (100) further comprises the network device (112), comprising: a receiver (114) configured to receive the light source identifier from the user device (102), and a controller (116) configured to identify the light source (122) based on the light source identifier, to encrypt an access key or data with a public key corresponding lo a private key. and to control the light source (122) such that the light (130) comprises an updated embedded code comprising the encrypted access key or the encrypted data. The processor (106) of the user device (102) is further configured to retrieve the encrypted access key or the encrypted data from the updated embedded code comprised in the light (130), and to decrypt the encrypted access key or the encrypted data with the private key, and access the resource with the decrypted access key or retrieve the decrypted data.

A vehicle includes a controller. The controller is configured to send a nonce encrypted according to a symmetric encryption key. The nonce is sent responsive to receiving a pair request over a personal area network from a nomadic device outside the vehicle. The controller is further configured to initialize a secure connection using a random key and permit vehicle access according to data received via the secure connection. The initialization is responsive to receiving a concatenation of the random key and an incrementation of the nonce encrypted with the symmetric encryption key.

An improved method of distributing timing information is provided. The method includes transmitting encrypted timing signals from two or more beacons at different locations. The encrypted timing signals are transmitted at regular intervals and are received by a receiver. The receiver then performs a logic operation on the encrypted timing signals and validates, based on the logic operation, the authenticity of the timing signals. The logic operation also results in a decrypted message from the beacons, which can contain additional information, for example, data to be sent back to the beacons to verify receipt.

Data is received as part of an authentication procedure to identify a user. Such data characterizes a user-generated biometric sequence that is generated by the user interacting with at least one input device according to a desired biometric sequence. Thereafter, using the received data and at least one machine learning model trained using empirically derived historical data generated by a plurality of user-generated biometric sequences (e.g., historical user-generated biometric sequences according to the desired biometric sequence, etc.), the user is authenticated if an output of the at least one machine learning model is above a threshold. Data can be provided that characterizes the authenticating. Related apparatus, systems, techniques and articles are also described.