Systems and methods for encrypted storage device telemetry data are described. Storage device telemetry data may be collected for a telemetry message, such as a non-volatile memory express (NVMe) telemetry command, and encrypted using a first encryption key. The first encryption key may be encrypted using one or multiple second encryption keys and the encrypted first encryption key may be added to the telemetry message. A client system may receive the telemetry message, decrypt the encrypted first encryption key, and use the first encryption key to decrypt the encrypted storage device telemetry data.

A method includes receiving, by a server computer, a thin client identifier from a thin client on a communication device. The server computer can then retrieve an encrypted first cryptographic key based on the thin client identifier. The encrypted first cryptographic key is a first cryptographic key that is encrypted with a second cryptographic key. The server computer can initiate the sending of the encrypted first cryptographic key to the thin client. The server computer then receives an encrypted secret from the thin client, the encrypted secret being a secret encrypted with the first cryptographic key.

A method is provided for securely providing data for use in a consumer electronics device having a processor performing instructions defined in a software image. The method includes receiving the data encrypted according to a global key, further encrypting the data according to a device-unique hardware key, storing the further encrypted data in a secure memory of the consumer electronics device, providing the global key to a whitebox encoder for encoding according to a base key to generate a whitebox encoded global key, and transmitting the software image to the consumer electronics device for storage in an operating memory of the consumer electronics device, the software image having a whitebox decoder utility corresponding to the whitebox encoder and the whitebox encoded global key.

An operator for a global total order broadcast domain may send an operation out of band to nodes of participating parties, receive a certificate and a signature on an operation identifier for each participating node, generate a randomness vectors for each party participating in the operation, generate a random symmetric encryption key, encrypt the certificates, the signatures, and the randomness vector for each participating party with the symmetric encryption key, encrypt the symmetric encryption key under each public key for each participating party, and hash the symmetric encryption key, and recording, by the operator, the hashed symmetric encryption key on the global total order broadcast domain.

A method for wrapped keys with access control predicates includes obtaining a cryptographic key for content. The method also includes encrypting the content using the cryptographic key and generating an encryption request. The encryption request requests that a third party cryptography service encrypts an encapsulation of the cryptographic key and an access control condition governing access to the content. The method also includes communicating the encryption request to the third party cryptography service. The encryption request includes the cryptographic key.

A payment processing server generates an asymmetric cryptographic key pair, over one secure communications channel providing a mobile device with one cryptographic key of the cryptographic key pair, and saves another cryptographic key of the cryptographic key pair in a pending transaction database in unique association with a single-use payment number and a financial account. The server encrypts the payment number, which does not identify the financial account, with the another cryptographic key and provides the mobile device with the encrypted payment number over another secure communications channel distinct from the one secure communications channel. The server receives from a payment terminal a payment completion request that includes the encrypted payment number decrypted with the one cryptographic key. The payment processing server queries the pending transaction database with the decrypted payment number to identify the associated financial account, and effects completion of the transaction using the identified financial account.

Systems and methods are disclosed for managing secure connection between a mobile device and an Internet of things device, such as an electronic lock. In some instances, a mutual authentication process is performed, and public keys are exchanged. Once keys are exchanged, subsequent communication between the devices may be encrypted using a shared key generated using the exchanged keys.

A method of protecting confidentiality of air-gapped logs comprises: generating, during a first log processing cycle, a data processor key and a drive encryption key, wherein the data processor key and the drive encryption key are unique to a log drive mounted to at least one computer processor; wrapping the drive encryption key with the computer processor key; storing the drive encryption key wrapped by the computer processor key in a database, where the database is mapped to data uniquely identifying the log drive; wrapping the drive encryption key with a default key that is known to at least one originator device; wiping the log drive; and writing the drive encryption key wrapped by the default key to the log drive. Some methods described also include a method of processing logs by an originator. Systems and computer program products are also provided.

Provided are a method for safely and reliably designing augmented reality (AR) applications on at least one server and at least one augmented reality device connected to each other and a network structure consisting of at least one server and at least one augmented reality device connected to each other. The method proposes a platform for developing and running augmented reality applications. Accordingly, at least two users can use the method to develop an AR application, to modify an AR application or run a ready application. The method prevents information leakage by calling some elements from TEE with asymmetric cryptography and safely operates a reliable system. In this way, the method provides a secure environment since third party access to asymmetric passwords is prevented.

A terminal device that acquires record information recorded on an IC card and performs information processing includes: a terminal key acquisition unit configured to acquire a terminal key from a terminal key card different from the IC card; and an authentication unit configured to perform connection authentication with a server performing the connection authentication with the own terminal device using the terminal key.