A device and method for using biometric technologies to ensure secure transactions using blockchain technology are disclosed. The embodiments described mitigate at least some security related problems in conventional blockchain digital wallets, particularly those that cannot reliably authenticate user identity. The present disclosure presents a method and apparatus for using authentication and data protection for implementing a blockchain offline wallet using biometrics.

Techniques for computer security, and more specifically timestamp-based key generation techniques, are described. Some implementations provide a table of key generation processes that is shared as a secret between a first computing system and a second computing system, both of which have two clocks. The first clock is a real-time clock and the second clock is a variable-time clock. The variable time clocks are synchronized and run at the same rate, faster or slower than real time. Both computing systems use the same technique for selecting a key generation process from the table, such as based on a random number generator seeded with a timestamp obtained from their variable time clocks. Since the computing systems have synchronized variable-time clocks, they both select and use the same key generation process, thereby generating the same encryption key without the need to communicate the key from one system to another.

A computer readable medium having executable code that causes one or more processors to: receive at least one of a first image of the user or a first representation of a face of the user; if a first image of the user was received, then generate a generated representation of the face of the user using the first image; capture a second image of the user and generate a second representation of the face of the user using the second image; receive an authentication factor; determine validity of the authentication factor; reduce a confidence threshold based on the authentication factor; determine a likelihood of a match between the second representation and at least one of the first representation and the generated representation; and permit access by the user to a secure asset in instances where the likelihood of a match meets the confidence threshold.

A method for using a self-signed digital certificate for establishing a secure connection between an Extensible Provisioning Protocol (EPP) client and a server on a communications network, including: receiving a communicated self-signed certificate from the EPP client; obtaining a unique identifier of the EPP client, the unique identifier associated with a domain name stored in a Domain Name System (DNS); using the unique identifier to access a designated DNS record in a DNS zone of the DNS associated with the domain name; retrieving the copy of the digital certificate from the designated DNS record, the copy of the digital certificate containing a public key of the EPP client bound to the domain name; authenticating the copy of the digital certificate with the communicated self-signed certificate; and receiving a generated session key from the EPP client to establish the secure connection over the communications network with the EPP client.

A process running on client devices intercepts requests destined for an identity provider (“IdP”) system and injects a digital signature corresponding to a user associated with the request. In order to reduce or eliminate the burden on providers of the applications or other resources used by the users, the organization providing the IdP system may also provide components that run locally on the client devices of users and integrate with the users' applications. For example, in one embodiment code of the IdP system is run within a container of an application to handle communication with the IdP system. Additionally, code of the IdP system is run as a local process that handles request interception and digital signature injection. For client devices not supporting the use of the local process, a separate verifier application of the IdP can be run locally and allow interactively performing authentication via a user interface.

Disclosed is a computer-implemented method for establishing a secure connection between two electronic computing devices which are located in a network environment, the two electronic computing devices being a first computing device offering the connection and a second computing device designated to accept the connection, the method comprising executing, by at least one processor of at least one computer, a connection-establishing application for exchanging an information packet between the first computing device and the second computing device comprising a secret usable for establishing the connection, and evaluating a response from the second computing device for establishing the secure connection.

A system and techniques are described herein for providing authentication. The technique includes registering user authentication data such as biometrics data with a communication device. The authentication data is linked to an account or service provider, and is used to verify the identity of the user when accessing the account. The communication device may obtain a public/private key pair, for which the pubic key may be stored on a secure remote server. When the user attempts to access the account or service provider, the user may provide the authentication data to authenticate the user to the communication device. Thereafter, the communication device may sign an authentication indicator using the private key and send the authentication indicator to the secure remote server. Upon verification of the signature using the public key, the secure remote server may grant access to the user, for example, by releasing a token.

Techniques for encrypting data using a randomly selected data block from a set of data are described herein. An index indicates a subset of data within a data object. The data block is selected based at least in part on the index, an input to a cryptographic operation is generated from the data block, and the input to the cryptographic operation is provided to the cryptographic operation.

A method and apparatus for providing a license to a client device, the license providing a key for decrypting a content instance. In one embodiment, the method comprises accepting a token request, the token request having client device credentials including a client device identifier (client ID) and a content instance identifier (content ID), deriving a private key according to a token key seed, a token key identifier (token key ID), and the content ID, generating a token having a payload and a token identifier (token ID) and being digitally signed according to the derived private key; transmitting the generated token to the client; and providing the license to the client device according to the generated token.

A system and techniques are described herein for providing authentication. The technique includes registering user authentication data such as biometrics data with a communication device. The authentication data is linked to an account or service provider, and is used to verify the identity of the user when accessing the account. The communication device may obtain a public/private key pair, for which the pubic key may be stored on a secure remote server. When the user attempts to access the account or service provider, the user may provide the authentication data to authenticate the user to the communication device. Thereafter, the communication device may sign an authentication indicator using the private key and send the authentication indicator to the secure remote server. Upon verification of the signature using the public key, the secure remote server may grant access to the user, for example, by releasing a token.