A method for managing data communication between a communication device (102) and another device (112) in a communication network, comprises providing (500) data for transmission by the communication device (102), and controlling by at least one secure management element (300, 304) operating in a secure environment (218) in the communication device the transmission of the provided data by the communication device so as to manage data transmitted by the communication device. The step of controlling may include at least one of controlling an amount of data transmitted, controlling a time of transmission of data and controlling a periodicity of transmission of data. A communication device and a method of managing data received by a communication device are also described.

Disclosed is a method for authenticating requestors and granting access to a permissioned blockchain network shared among enterprise entities. A decentralized registry of credentialled users, in which credentialled users guard their own access information by keeping a private key of a public-private keypair enables systems to avoid keeping information of a large number of users in large, vulnerable containers. A further method removes authenticated users seeking to be forgotten from the registry of users and deletes any personally identifiable information of the withdrawing users.

A method may include receiving an indication that a user has authenticated at a physical authentication location, the user associated with a user profile and a user identifier; querying a database using the user identifier as input to determine if the user profile has an online user account of an online service; determining, based on the querying, that the user profile does not have an online user account of the online service; based on the determining, generating a 2D barcode encoded with a link to open a credential creation user interface on a computing device; receiving an indication of activation of the link from the computing device; and in response to the receiving, presenting on the computing device the credential creation user interface configured to receive a username and password for a new online user account of the online service.

A secure communication system is disclosed for communication between first and second party devices. An input interface is provided for receiving from an external host a unique host factor in addition to a user input interface for receiving from a user a unique PIN for a user and a selection input for selecting one of the plurality of stored entropy stores as a user selected entropy store A first private key generator is operable for generating a private key using a key generation algorithm requiring the selected entropy store, the host factor and the unique user PIN. The second party device includes a second storage device for storing a plurality of entropy stores. An input interface is provided for receiving the same unique host factor as received by the first party device. A communication interface facilitates communication with the first party device to receive from the first party device a user PIN and an indication of the user selected entropy store. A second private key generator is operable for generating a private key using the predetermined key generation algorithm with the received user PIN, the received host factor, and an extracted entropy store corresponding to user selected entropy store, wherein the private key generated by both the first and second private key generators are identical. The session is initiated to cause the generation of the identical private keys at both of the first and second private key generators and allow secure communication between the first and second devices. The private key at least one of the first and second devices is deleted at the end of the session.

Methods, apparatuses and system provide for technology that interleaves a plurality of verification commands with a plurality of copy commands in a command buffer, wherein each copy command includes a message authentication code (MAC) derived from a master session key, wherein one or more of the plurality of verification commands corresponds to a copy command in the plurality of copy commands, and wherein a verification command at an end of the command buffer corresponds to contents of the command buffer. The technology may also add a MAC generation command to the command buffer, wherein the MAC generation command references an address of a compute result.

A system and techniques are described herein for providing authentication. The technique includes registering user authentication data such as biometrics data with a communication device. The authentication data is linked to an account or service provider, and is used to verify the identity of the user when accessing the account. The communication device may obtain a public/private key pair, for which the pubic key may be stored on a secure remote server. When the user attempts to access the account or service provider, the user may provide the authentication data to authenticate the user to the communication device. Thereafter, the communication device may sign an authentication indicator using the private key and send the authentication indicator to the secure remote server. Upon verification of the signature using the public key, the secure remote server may grant access to the user, for example, by releasing a token.

Methods and systems for implementing cryptographically protected sessions in distributed computing systems are described herein. A server receives, from a client, a first request including a first payload and a first cryptographic signature of the first payload. The server attempts to validate the first cryptographic signature by using a stored public key associated with the client. Responsive to failing to validate the first cryptographic signature, the server transmits an invalid session response to the client. The server then receives, from the client, a second request including a second payload and a second cryptographic signature of the second payload. The second payload includes a new public key associated with the client. Responsive to validating the second cryptographic signature by using the new public key, the server establishes a new session associated with the client.

Provided is a method for configuring a security module with at least one derived key, having the following steps: providing a key; deriving a further key from the provided key or from a key previously derived from the provided key, wherein the further key is derived by using an alterable digital fingerprint as key derivation parameter, which is formed on the basis of a measurable current runtime configuration of a runtime environment communicating with the security module.

A method may include receiving an indication that a user has authenticated at a physical authentication location, the user associated with a user profile and a user identifier; querying a database using the user identifier as input to determine if the user profile has an online user account of an online service; determining, based on the querying, that the user profile does not have an online user account of the online service; based on the determining, generating a 2D barcode encoded with a link to open a credential creation user interface on a computing device; receiving an indication of activation of the link from the computing device; and in response to the receiving, presenting on the computing device the credential creation user interface configured to receive a username and password for a new online user account of the online service.