Methods and apparatus to enable a distinction between new and used digital content and to enable a market in used digital content files between mobile phone terminals and an electronic store, securely, by means of a wireless telephony network and a server complex to handle contents right management, transaction reporting, inventory, content delivery, payment, and billing. A server receives a signal generated by a wireless user device that was sent over a wireless telephony network. The signal indicates an election for returning at least one previously purchased digital content item. The server deletes user rights for the at least one digital content item identified by the received signal and sends information to the user device that generated the signal. Access to the associated digital content item at the user device is removed according to the sent information.

A cloud-based system for providing data security, the system having a processor which creates a source data file; wherein the source data file is split into one or more fragments; an encryption key associated with the one or more fragments; and wherein the one or more fragments are encrypted by the encryption key; a plurality of cloud storage providers; wherein the one or more fragments are distributed among the plurality of cloud storage providers whereby no single cloud storage provider possesses all of the one or more fragments; a pointer file which is created on a local computer; wherein the pointer file stores the location of the one or more fragments; and wherein the pointer file is accessed; the encryption key authenticates the plurality of cloud storage providers; the one or more fragments are transferred from the plurality of cloud storage providers to the local computer; and wherein the one or more fragments are reassembled; and the source data file is deleted.

Disclosed herein is a device and method for validating users, such as for entry into a given area. The method includes transmitting a plurality of access control tokens from an access control system to a portable device, and detecting proximity a user portable device associated with one of the plurality of access control tokens to the portable device. A symbolic representation of the access control token associated with the user portable device is generated by and displayed on the portable device. Selection of the displayed symbolic representation is accepted at the portable device. The access control system is notified of selection of the displayed symbolic representation, thereby indicating identification of a user associated with the access control token symbolically represented by the symbolic representation. The venue symbolic representation includes at least one pictograph.

A system comprising a terminal and a server, wherein the terminal is installed in the system by the server being configured to: identify the terminal; generate key generation data, comprising at least one data seed; distribute the at least one seed to the terminal; generate key data and meta data based on said at least one seed and a function; store an identifier for the terminal along with the key data and the meta data for the terminal, wherein the terminal is arranged to receive the at least one seed from the server; generate key data and meta data based on said at least one seed and the same function; store the key data and the meta data, wherein the key data and the meta data stored in the terminal are the same as the key data and the meta data stored in the server.

A system including a mobile terminal having an authenticator, a TPM with tamper resistance and a voice assistant. The voice assistant makes a process request corresponding to voice input of a user to a server in accordance with the input, receives a biometric authentication request from the server, makes a request for a biometric authentication process to the mobile terminal of the user in accordance with the request for biometric authentication via wireless communication, and transmits an authentication result from the mobile terminal to a server. The mobile terminal executes the biometric authentication process using biometric information stored in the authenticator and the TPM in accordance with the request for the biometric authentication process from the voice assistant, and transmits an authentication result to the voice assistant.

Systems and methods receiving an indication that a domain has been blocked. A temporary web server is created that has network address that is different from the network address associated with the blocked domain. Content is created that indicates the blocked domain, and optionally, a reason for the blocking. The network address of the temporary web server is returned to a requesting browser application, which can display the content without providing a security warning.

Methods for secure communications using one-time pad encryption are provided. In one aspect, a method includes generating and sharing, via proximity inter-device communication, unique device codes on each of multiple devices to be paired or grouped together, intermixing the device codes to generate a one-time pad code, generating a random block of data based on the one-time pad code, persisting the one-time pad code and random block of data over each device, and encrypting/decrypting messages between the paired or grouped devices. Systems and machine-readable media are also provided.

A cryptographic key generator for a first optical transceiver includes a photodetector that receives a continuous wave light beam received via an optical channel from a second optical transceiver. The generator samples and quantizes signals from the photodetector during a plurality of intervals to generate respective samples representing respective numbers of photons incident on the photod.etector during each of the plurality of intervals. The generator creates a first cryptographic key from the plurality of digital values. The second optical transceiver receives a continuous wave light beam from the first transceiver and performs the same functions to create a second cryptographic key. Due to the reciprocal nature of the channels, the first and second cryptographic keys match.

In one embodiment, a computer program product includes a computer readable storage medium having program instructions embodied therewith. The embodied program instructions, in response to being executed by a processing circuit, cause the processing circuit to receive an eye gaze of a source user generated by a source augmented reality or virtual reality device (source AR/VR device) on a receiver AR/VR device and determine gazed content from the eye gaze of the source user using a password key phrase determination feature. The embodied program instructions also cause the processing circuit to generate a symmetric password key utilizing the gazed content according to a set of password determination rules and receive encrypted data from the source AR/VR device on the receiver AR/VR device. Additionally, the embodied program instructions cause the processing circuit to decrypt the encrypted data using the symmetric password on the receiver AR/VR device.

Techniques are disclosed relating to relating to a public key infrastructure (PKI). In one embodiment, an integrated circuit is disclosed that includes at least one processor and a secure circuit isolated from access by the processor except through a mailbox mechanism. The secure circuit is configured to generate a key pair having a public key and a private key, and to issue, to a certificate authority (CA), a certificate signing request (CSR) for a certificate corresponding to the key pair. In some embodiments, the secure circuit may be configured to receive, via the mailbox mechanism, a first request from an application executing on the processor to issue a certificate to the application. The secure circuit may also be configured to perform, in response to a second request, a cryptographic operation using a public key circuit included in the secure circuit.