This disclosure includes techniques for using multiple cryptographic certificates for a secure connection. One embodiment is a method including: receiving by a client N public encryption keys over a network from a server, wherein N is an integer greater than 1; generating N session keys in response to receiving the N public encryption keys; encrypting each of the N session keys with a respective one of the N public encryption keys; subsequent to encrypting each of the N session keys, sending the N session keys encrypted over the network to the server; encrypting, with a first one of the N session keys, a first portion of a payload associated with a first message; encrypting, with a second one of the N session keys, a second portion of the payload associated with the first message; and sending the first message, comprising the payload encrypted, to the server from the client.

A mobile device securely communicates with an electronic device within an automobile. The mobile device transmits encrypted spatial state information and the electronic device provides commands to the automobile in response. Spatial state information may include location, motion, or the like. Commands to the automobile may include door unlock commands, remote start commands, horn honk commands, or the like.

Memory devices, systems including memory devices, and methods of operating memory devices are described, in which security measures may be implemented to control access to a fuse array (or other secure features) of the memory devices based on a secure access key. In some cases, a customer may define and store a user-defined access key in the fuse array. In other cases, a manufacturer of the memory device may define a manufacturer-defined access key (e.g., an access key based on fuse identification (FID), a secret access key), where a host device coupled with the memory device may obtain the manufacturer-defined access key according to certain protocols. The memory device may compare an access key included in a command directed to the memory device with either the user-defined access key or the manufacturer-defined access key to determine whether to permit or prohibit execution of the command based on the comparison.

In one embodiment, an illustrative method herein may comprise: determining, by a device of a communication session, that a new epoch has occurred within the communication session, wherein the communication session has one or more member devices; generating, by the device and in response to the new epoch, a new key encryption key and a key bundle comprising one or more keys to decrypt content of the communication session from one or more previous epochs of the communication session; encrypting, by the device, the key bundle with the new key encryption key to create an encrypted key bundle; and sharing, from the device, the encrypted key bundle with the one or more member devices to allow the one or more member devices to access the content of the communication session from the one or more previous epochs.

Methods and systems for unified HSM and key management services are disclosed. According to certain embodiments, an encryption service request is issued by a client instance to a key management service (KMS) logic in a KMS cloud instance. The KMS logic parses the request to verify authorization for the request, identify the instance ID, and provide additional information to the request needed by hardware security management (HSM) middleware and hardware. A router receives the request from the KMS logic and routes the request to a service based on the instance ID, that transfers the request to HSM middleware. The HSM middleware parses HSM type from the request, translates the request to HSM vendor-specific instructions and routes the translated request to an HSM. The HSM according to certain embodiments is in a cloud computing environment separate from the KMS cloud instance, and in some embodiments the HSM is on-prem at a physical client site.

A method including determining, by a first device, a sharing encryption key based at least in part on an access private key associated with encrypted content and an assigned public key associated with a second device; encrypting the access private key associated with the encrypted content utilizing the sharing encryption key; and transmitting the encrypted access private key to enable the second device to access the encrypted content. Various other aspects are contemplated.

A method including determining, by a first device, a sharing encryption key based at least in part on an access private key associated with encrypted content and an assigned public key associated with a second device; encrypting the access private key associated with the encrypted content utilizing the sharing encryption key; and transmitting the encrypted access private key to enable the second device to access the encrypted content. Various other aspects are contemplated.

Disclosed herein are various embodiments an SQL extension to key transfer system with authenticity, confidentiality, and integrity. An embodiment operates by generating a key pair including both a target public key and a target private key. The target public key is provided to a source database server, wherein the source database server includes a source secret for unencrypting encrypted data accessible to the target database server. A source public key generated by the source database server and a digital signature signed with a source private key generated by is received from the source database server including an encrypted version of the source secret. The digital signature is verified as being valid. The encrypted version of the source secret is unencrypted using the target private key and the source secret is used to access the encrypted data.

Systems and methods for device registration and authentication are disclosed. In one embodiment, a method for authentication of a device may include (1) receiving, at a mobile device, a first credential; (2) transmitting, over a network, the first credential to a server; (3) receiving, from the server, a first key and a first value, the first value comprising a receipt for the first credential; (4) receiving, at the mobile device, a data entry for a second credential; (5) generating, by a processor, a second key from the data entry; (6) retrieving, by the mobile device, a third credential using the first key and the second key; (7) signing, by the mobile device, the first value with the third credential; and (8) transmitting, over the network, the signed third value to the server.

Embodiments of the invention are directed to a method. The method may include transmitting, by a first device, an encrypted first biometric template generated from a first biometric sample of a user of the first device to a second device, wherein the second device inputs the encrypted first biometric template and a second biometric template generated from a second biometric sample of the user into a function to generate an encoded output. The first device may receive the encoded output from the second device, and may decode the encoded output to recover the encrypted first biometric template and the second biometric template of the user. Upon determining a match result between first and second biometric templates, the first device may transmit unique data to the second device.