An enhanced email service that mitigates drawbacks of conventional email services by enabling transmission of encrypted content to a recipient regardless of the recipient having a prior relationship with the sender or having credentials issued from a certificate authority. A method is provided for receiving encrypted content and generating a message includes both the encrypted content as an attachment and a link to enable decrypted access to the decrypted content. The method may include transmitting the message to an intended recipient's mailbox while also storing the message in an organizational mailbox to provide for subsequent decryption of the encrypted content. The link may provide the intended recipient of the message with decrypted access to the encrypted content in various ways depending on, for example, whether the recipient is viewing the message through a webmail browser or through a local mail client that is compatible with the enhanced email service.

Techniques for key distribution are provided. A first symmetric key is generated for a first downstream site, and a second symmetric key is generated for a second downstream site. The first symmetric key is transmitted to the first downstream site, and the second symmetric key is transmitted to the second downstream site. Upon receiving an indication that the first symmetric key was successfully deployed at the first downstream site, the first symmetric key is deployed on a first network node of an upstream site. Finally, upon determining that the second symmetric key was not successfully deployed at the second downstream site, techniques include refraining from deploying the second symmetric key to a second network node of the upstream site, where the second network node continues to communicate with the second downstream site using an original symmetric key.

An access control system and methods according to at least one embodiment leverage wireless access credentials to allow a user to securely gain access to a secured area using his or her mobile device. As such, a credentialed mobile device may permit access to the secured area without requiring a real-time connection to a credential management system and/or an administrative system.

In accordance with an example aspect of the present invention, there is provided an apparatus comprising a receiver configured participate in an association with a first node, and at least one processing core configured to obtain a first credential set based on the association, to determine the apparatus has become associated with a computer, to receive an encrypted first key from the first node, to decrypt the encrypted first key and to provide the decrypted first key to the computer.

Methods in a cloud object store facilitate strong data encryption, customer-management of object (encryption) keys, reductions in latency, globally-distributed object storage, and handling of streamed uploads. A method for encrypting objects stored in a cloud includes encrypting each object with a unique encryption (object) key. The plaintext object keys are generated in advance of uploads. The plaintext object keys can be stored in an object database in the cloud. Alternatively, the plaintext object keys can be provided to a customer's HSM, encrypted, and returned to the cloud, such that encrypted object keys, encrypted by the customer, are stored in the cloud. The cloud can alternatively encrypt the customer's object keys with a master key for the customer, which is then encrypted by the customer's HSM before being stored in the cloud. Proxies are also deployed for efficiently communicating with customer security modules.

This invention concerns a method and system for improving the security of transaction in an emulated Integrated Circuit. Methods and devices for pre-generating session keys for securing transactions are provided. The generated session key is obfuscated with a preventing data for unauthorized use and/or access of the session cryptographic and encrypted. This encrypted obfuscated key is provisioned from a remote computer to the communication device. The mobile application is configured to decrypt and de-obfuscate the received encrypted obfuscated session cryptographic key, during a transaction. The method may also include generating, by the communication device, a transaction cryptogram using the decrypted and de-obfuscated session cryptographic key, and sending by the communication device to the remote system the transaction cryptogram to conduct the transaction. The transaction can be authorized based on at least whether the decrypted and de-obfuscated session cryptographic key is the expected one. With the invention, the session cryptographic key is keep unveiled from the moment they are provisioned to until the very last moment when the session cryptographic key is used to compute the cryptogram.

The solutions disclosed enable security credentials to be shared between two entities. Embodiments of the present invention can be used to facilitate the transfer security credentials associated with a first level of permission of a first entity to a second entity that does not have the security credentials associated with the first level of permission in response to receiving a request to share security credentials between two entities.

A communication system comprising a server device and a client device connected via a public network. The server generates a one time pad (OTP) comprising a plurality of mutually random keys, and pre-shares the OTP with the client via a secure communication channel instantiated on the public network. Thereafter, each time the client transmits a packet of a message, the client encrypts that packet with the top key in the client's local copy of the OTP; and, upon receipt, the server decrypts the encrypted packet using the same top key in the server's local copy of the OTP. Both the client and server then delete the now-used key from the OTP, thereby creating a new top key in both local copies of the OTP. This key consumption process continues until all packets have been securely transmitted.

This application discloses a method of provisioning an electronic device. The electronic device establishes a communication link with a client device that can obtain network credentials for accessing a secure wireless network. The network credentials is configured to enable the electronic device to independently access the secure wireless network. The client device encrypts at least a portion of the network credentials using a password key provided by a remote server. The password key is based on a secret not known to the client device, and the secret is associated with the electronic device at the remote server. The client device sends the encrypted network credentials to the electronic device over the established communication link, thereby allowing the electronic device to recover the network credentials based on the secret and access the secure wireless network using the network credentials.

A device can include a memory storing user payment data and another memory device storing instructions that cause the device to establish a communication between a separate device and the system based on a gesture associated with the system and via a wireless link between the system and the separate device, the communication being associated with a potential purchase, receive purchase data from the separate device via the wireless link, the purchase data being associated with the potential purchase, present, on the display, an instruction associated with the potential purchase, receive a single-interaction from the user of the system to confirm a payment for the potential purchase, the single-interaction comprising a security measure to prevent unauthorized purchases, retrieve, based on the single-interaction from the user, the user payment data from the memory and transmit the user payment data via the wireless link to the separate device to make a purchase.