A method for resuming a Transport Layer Security (TLS) session in a Service Function Chain comprising a plurality of Service Function nodes coupled to a Service Function Forwarder. A request is received at a first Service Function node to establish a TLS session, and a Pre-Shared Key (PSK) and a PSK identifier that uniquely correspond to the first Service Function node and the TLS session are generated. The PSK identifier is forwarded to one or more of the Service Function Forwarder and the plurality of Service Function nodes. A request to resume the TLS session is received from a client device that previously disconnected. It is determined that the connection request contains the PSK identifier, a second Service Function node is selected, and the TLS session is re-established between the client device and the second Service Function node using the same PSK as the prior TLS session.

A method of filtering authenticated synthetic transactions comprises receiving over a network, at a server providing a first networked application, a plurality of requests for the first networked application, wherein the plurality of requests includes a first synthetic transaction. The method further comprises analyzing a respective header of each of the plurality of requests; identifying a synthetic token in the respective header of the first synthetic transaction in response to analyzing the respective header of each of the plurality of requests; determining that the identified synthetic token corresponds to the first networked application; and bypassing usage monitoring for the first synthetic transaction in response to determining that the identified synthetic token corresponds to the first networked application.

A method for recovering a network key of an access point to a network, implemented by a terminal. The network key allows the terminal to be associated with the access point upon a first connection of the terminal to the access point. The network key recovery method includes: receiving, by the terminal, a network key provided by the access point on a server following a request, by the terminal to the server, for the network key of the access point, the request including an identifier of the access point and having been relayed by the server to the access point associated with the identifier of the access point in the request. Thus, as the access point does not transmit the network key directly to the terminal, but to a server on which the terminal will recover it, this limits intrusions into the network linked to the vulnerability of the Wi-Fi network.

Embodiments of the invention are directed to systems, methods and computer program products for end to end encryption on a network without using certificates. The system utilizes a correlation between two quantum particles that are entangled. In this way, data may be encrypted with the particles and transmitted to end users. Since the particles are forced to behave the same way even if they are separated, the data associated with the particles is not able to be breached. In the application encryption processing, that means the particles are not hackable and the encryption is always true and accurate. In this way, verification of application encryption occurs via particle measurement by leveraging the fact that that there is only one sender and one receiver, because they are of the same particle computation or physical end-point, instead of current encryption relying on logical end-points.

A system is described for authenticating a user on a client device using the user's mobile device and utilizing the audio channel. An authentication server receives a request from the client to initiate a session for the user, creates the session, and sends a session token back to the client along with a request for authentication. The client broadcasts an audio transmission containing the token to the mobile device over an audio channel using data-over-sound transmission. The mobile device receives the transmission via a microphone, obtains the token and the server identity from the transmission, and sends user credentials that are stored on the mobile device along with the token identifying the session directly to the authentication server. The server verifies the received credentials, confirms the token, and logs the user into the session.

Various aspects of this disclosure provide a method of encrypting data in a network system. The method may include generating within a trusted network of the network system an associated private key based on an attribute associated with an user, a homomorphically encrypted associated private key based on the associated private key via homomorphic encryption, and a homomorphic key pair. The method may also include transmitting the homomorphically encrypted associated private key from the trusted network to a non-trusted network of the network system. The method may further include generating within the trusted network encrypted data based on said data, and a homomorphically and attribute based encrypted control key. The method may further include transmitting the encrypted data, and the homomorphically and attribute based encrypted control key, from the trusted network to the non-trusted network.

Examples are disclosed herein to implement remote authentication and passwordless password reset. An example server includes: at least one processor to forward executable instructions to a client device, the executable instructions, when executed at the client device, to cause the client device to: authenticate a user of an account based on a biometric authentication factor; obtain a local storage key by decrypting an encrypted local storage key with a cloud key obtained from a remote authentication server, the cloud key associated with the client device; decrypt a key bag with the local storage key, the key bag including a content encryption key and an encrypted credential encrypted with the content encryption key, the encrypted credential associated with the user; and decrypt the encrypted credential with the content encryption key to obtain a credential without the user supplying a master password associated with the account.

A system may include a client device to connect to a network and a network device communicatively coupled to the client device. The network device may determine that the client device has been authenticated to the network via a captive portal page. The network device may further create a ticket corresponding to the client device. Possession of the ticket by the client device may indicate authentication of the client device to the network. The network device may then transmit the ticket to the client device for storage on the client device. The stored ticket may enable the client device to remain authenticated to the network after a period of inactivity.

Embodiments of the invention provide improved account authentication using public-private key cryptography instead of passwords. Instead of registering a password and using that password to login to an account, an authentication server of an account provider registers a public key received from a user device. To authenticate the user device for logging into an account, the authentication server generates a challenge and encrypts using the registered public key. The encrypted challenge is sent to the user device, which can decrypt the challenge using the private key corresponding to the registered public key. The decrypted challenge is used for authentication instead of using a password. The private key corresponding to the public key is securely stored and not revealed to the authentication server.

An HSM cluster includes a set of hardware security modules that maintain a set of cryptographic keys that are synchronized across the HSM cluster. Individual applications running on client computer systems access the HSM cluster using HSM cluster clients running on the client computer systems. The HSMs are accessed via a set of HSM cluster servers that monitor the synchronization of the cryptographic keys. Synchronization of the HSMs is maintained by the HSM cluster clients. The HSM cluster clients replicate key-addition and key-deletion operations across the HSM cluster. When a new key is created by a particular HSM, a prefix associated with the particular HSM is added to the identifier associated with the new key to avoid key-namespace collisions. If the set of cryptographic keys becomes unsynchronized across the HSM cluster, applications may continue read-only cryptographic operations while the HSM cluster is resynchronized by the HSM cluster clients.