A system and techniques are described herein for providing authentication. The technique includes registering user authentication data such as biometrics data with a communication device. The authentication data is linked to an account or service provider, and is used to verify the identity of the user when accessing the account. The communication device may obtain a public/private key pair, for which the pubic key may be stored on a secure remote server. When the user attempts to access the account or service provider, the user may provide the authentication data to authenticate the user to the communication device. Thereafter, the communication device may sign an authentication indicator using the private key and send the authentication indicator to the secure remote server. Upon verification of the signature using the public key, the secure remote server may grant access to the user, for example, by releasing a token.

Techniques for computer security, and more specifically timestamp-based key generation techniques, are described. Some implementations provide a table of key generation processes that is shared as a secret between a first computing system and a second computing system, both of which have two clocks. The first clock is a real-time clock and the second clock is a variable-time clock. The variable time clocks are synchronized and run at the same rate, faster or slower than real time. Both computing systems use the same technique for selecting a key generation process from the table, such as based on a random number generator seeded with a timestamp obtained from their variable time clocks. Since the computing systems have synchronized variable-time clocks, they both select and use the same key generation process, thereby generating the same encryption key without the need to communicate the key from one system to another.

Provided a method for configuring a security module with at least one derived key, having the following steps: providing a key; deriving a further key from the provided key or from a key previously derived from the provided key, wherein the further key is derived by using an alterable digital fingerprint as key derivation parameter, which is formed on the basis of a measurable current runtime configuration of a runtime environment communicating with the security module.

Systems, apparatuses and methods may provide for encryption based technology. Data may be encrypted locally with a graphics processor with encryption engines. The graphics processor components may be verified with a root-of-trust and based on collection of claims. The graphics processor may further be able to modify encrypted data from a non-pageable format to a pageable format. The graphics processor may further process data associated with a virtual machine based on a key that is known by the virtual machine and the graphics processor.

There is provided mechanisms for updating a private key of a host entity. The private key is based on parameters negotiated between the host entity and a key issuer. The host entity further has a group public key that is generated by the key issuer and associated with the private key. A method is performed by the host entity. The method comprises obtaining a need to acquire a new private key. The method comprises, in response thereto, performing a private key update procedure with the key issuer using the public key and the current private key, wherein parameters for the new private key are negotiated with the key issuer. The method comprises generating the new private key using the negotiated parameters.

A method for initiating a secure session using a smartphone as a physical token to provide strong authentication. The phone is used through a public and independent real-time notification service. The notifications are exchanged in an encrypted manner so that their content is only accessible to the mobile phone and the authentication server.

A terminal device may execute a communication of authentication information with a communication device, the authentication information being prepared by the terminal device or the communication device without being inputted in the terminal device or the communication device by a user; send the authentication information to a first sever; and send specific information to the first server. The communication device may execute the communication of the authentication information with the terminal device; and send the authentication information to the first server. The first server may register the service information in the memory of the first server in a case where the authentication information is received from both of the terminal device and the communication device, and the specific information is received from the terminal device.

A command to load or unload data at a storage location is received. In response to the command, a storage integration object associated with the storage location is identified. The storage integration object identifies a cloud identity object that corresponds to a cloud identity that is associated with a proxy identity object corresponding to a proxy identity granted permission to access the storage location. The data is loaded or unloaded at the storage location by assuming the proxy identity.

A secure communication system is disclosed for communication between first and second party devices. An input interface is provided for receiving from an external host a unique host factor in addition to a user input interface for receiving from a user a unique PIN for a user and a selection input for selecting one of the plurality of stored entropy stores as a user selected entropy store A first private key generator is operable for generating a private key using a key generation algorithm requiring the selected entropy store, the host factor and the unique user PIN. The second party device includes a second storage device for storing a plurality of entropy stores. An input interface is provided for receiving the same unique host factor as received by the first party device. A communication interface facilitates communication with the first party device to receive from the first party device a user PIN and an indication of the user selected entropy store. A second private key generator is operable for generating a private key using the predetermined key generation algorithm with the received user PIN, the received host factor, and an extracted entropy store corresponding to user selected entropy store, wherein the private key generated by both the first and second private key generators are identical. The session is initiated to cause the generation of the identical private keys at both of the first and second private key generators and allow secure communication between the first and second devices. The private key at at least one of the first and second devices is deleted at the end of the session.

A method, computer system, and a computer program product for secure transport of data is provided. The present invention may include defining a trust relationship based on a secret. The present invention may also include associating a trusted transport key identity (TTKI) based on the defined trust relationship. The present invention may then include receiving a trusted transport key (TTK), wherein the TTK is digitally signed and encrypted with the TTKI. The present invention may further include verifying the digitally signed TTK. The present invention may also include enveloping the secret with the TTK.