There is provided a new IWF SMC procedure for establishing security association between an MTC UE (10) and an MTC-IWF (20). The MTC-IWF (20) sends to the UE (10) at least an algorithm identifier which instructs the UE (10) to select one of algorithms for deriving a root key (K_iwf). The UE (10) derives the root key (K_iwf) in accordance with the selected algorithm, and derives at least a subkey for checking the integrity of messages transferred between the UE (10) and the MTC-IWF (20) by using the derived root key (K_iwf). The UE (10) protects uplink messages transmitted to the MTC-IWF (20) with the derived subkey. The MTC-IWF (20) protects downlink messages transmitted to the UE (10) with the same subkey derived at a core network.

Methods, computer program products, and systems are presented. The method computer program products, and systems can include, for instance: obtaining chat session data of a chat session having a first participant provided by a patron user and a second participant provided by an enterprise user; detecting, subsequent to a connectivity failure, that a network connection supporting the chat session has been restored; presenting in response to the detecting a prompt to the first participant, the prompt being in dependence on the chat session data; deciding an authentication action in dependence on a received response of the first participant in response to the presented prompt; and performing the authentication action in accordance with the deciding.

A cloud-based system for securely storing data, the system having a processor which obtains a source data file; splits it into at least three fragments; and uses an encryption key associated with the fragments to encrypt the fragments and distributes the encrypted fragments among at least three cloud storage providers, creates a pointer file containing information for retrieving the encrypted fragments. When a system user requests access to the data, the system uses the information stored in the pointer file to retrieve the stored encrypted fragments from the plurality of clouds; decrypts the fragments and reconstructs the data, and provides data access to the system user.

A command to load or unload data at a storage location is received. In response to the command, a storage integration object associated with the storage location is identified. The storage integration object identifies a cloud identity object that corresponds to a cloud identity that is associated with a proxy identity object corresponding to a proxy identity granted permission to access the storage location. The data is loaded or unloaded at the storage location by assuming the proxy identity.

There is provided mechanisms for updating a private key of a host entity. The private key is based on parameters negotiated between the host entity and a key issuer. The host entity further has a group public key that is generated by the key issuer and associated with the private key. A method is performed by the host entity. The method comprises obtaining a need to acquire a new private key. The method comprises, in response thereto, performing a private key update procedure with the key issuer using the public key and the current private key, wherein parameters for the new private key are negotiated with the key issuer. The method comprises generating the new private key using the negotiated parameters.

A cloud-based system for providing data security, the system having a processor which creates a source data file; wherein the source data file is split into one or more fragments; an encryption key associated with the one or more fragments; and wherein the one or more fragments are encrypted by the encryption key; a plurality of cloud storage providers; wherein the one or more fragments are distributed among the plurality of cloud storage providers whereby no single cloud storage provider possesses all of the one or more fragments; a pointer file which is created on a local computer; wherein the pointer file stores the location of the one or more fragments; and wherein the pointer file is accessed; the encryption key authenticates the plurality of cloud storage providers; the one or more fragments are transferred from the plurality of cloud storage providers to the local computer; and wherein the one or more fragments are reassembled; and the source data file is deleted.

A cryptographic infrastructure, which provides a method for generating private keys of variable length from a cryptographic table and a public key. This infrastructure provides an approximation of the one-time pad scheme. The cryptographic table is shared between a message sender and a message recipient by a secure transfer. After sharing the cryptographic table, no new private keys need to be sent—the private keys are independently generated by each party from the data contained within the shared cryptographic tables, using the public key. After public keys are exchanged, private keys may be generated and used to encrypt and decrypt messages and perform authentication cycles, establishing a secure communication environment between the sender and the recipient.

A command to load or unload data at a storage location is received. In response to the command, a storage integration object associated with the storage location is identified. The storage integration object identifies a cloud identity object that corresponds to a cloud identity that is associated with a proxy identity object corresponding to a proxy identity granted permission to access the storage location. The data is loaded or unloaded at the storage location by assuming the proxy identity.

A system and techniques are described herein for providing authentication. The technique includes registering user authentication data such as biometrics data with a communication device. The authentication data is linked to an account or service provider, and is used to verify the identity of the user when accessing the account. The communication device may obtain a public/private key pair, for which the pubic key may be stored on a secure remote server. When the user attempts to access the account or service provider, the user may provide the authentication data to authenticate the user to the communication device. Thereafter, the communication device may sign an authentication indicator using the private key and send the authentication indicator to the secure remote server. Upon verification of the signature using the public key, the secure remote server may grant access to the user, for example, by releasing a token.

An access management system and method provisions credentials to access a resource, such as external web user accounts. Credentials are generated, encrypted and stored. To access the resource, encrypted credentials are decrypted, masked, and served to users, such that they are not visible to the user requiring access. The user is unaware of the credentials used to authenticate and unable to access the provisioned web resources outside set parameters.