Embodiments are disclosed that allow data to be sent between a Bluetooth enabled device and a virtual device associated with a corresponding physical device. In particular, embodiments of a virtual mobile device system may include one or more components for processing Bluetooth calls where these Bluetooth components may process received Bluetooth calls in a first manner in a connected state and process Bluetooth calls in a disconnected state in a second manner.

Disclosed herein are systems, methods, and non-transitory computer-readable storage media for erasing user data stored in a file system. The method includes destroying all key bags containing encryption keys on a device having a file system encrypted on a per file and per class basis, erasing and rebuilding at least part of the file system associated with user data, and creating a new default key bag containing encryption keys. Also disclosed herein is a method of erasing user data stored in a remote file system encrypted on a per file and per class basis. The method includes transmitting obliteration instructions to a remote device, which cause the remote device to destroy all key bags containing encryption keys on the remote device, erase and rebuild at least part of the file system associated with user data, and create on the remote device a new default key bag containing encryption keys.

A method, a device, and a non-transitory storage medium are described in which a global identification service is provided. The service includes a selection of an Internet Protocol version 6 (IPv6) address to an end device. The service encrypts a unique identifier of the end device with an encryption key to generate an IPv6 address. The service verifies whether the IPv6 address is an IPv6 address allocated to or owned by a service provider. When the IPv6 address is an allocated or owned IPv6 address, the IPv6 address is assigned to the end device. When the IPv6 address is not an allocated or owned IPv6 address, the service selects another encryption key until a suitable IPv6 address is generated. Subsequent to an assignment of the IPv6 address, a network uses the IPv6 address as a globally unique identifier for the end device.

Disclosed are systems, methods, and non-transitory computer-readable media for symmetric cryptography using varying sized symbol sets. To protect against a brute force or other similar type of attack, multiple symbol sets of varying sizes can be used for encrypting/decrypting data. For example, different portions of the data (e.g., data blocks representing multiple symbols, set of bits representing a single symbol) may be encrypted/decrypted using different symbol sets that include different numbers of unique symbols. Using varying sized symbol sets adds additional complexity to the encryption process, thereby greatly increasing the difficulty in decrypting the encrypted data with a brute force attack.

System and methods for infectious disease prevention includes transmitting, via a server, a facility credential associated with a facility configured to identify a user operating on an application deployed by server on a mobile computing device. The server receives a user identification test code (UITC) associated with a status of an infectious disease of the user. The server then generates a two-dimensional code associated with the facility credential based on the UITC. The server determines if the two-dimensional code is valid for permitting access to the facility based on a vaccine indicator confirming that the user has been vaccinated for the infectious disease. Thereafter, the server activates the two-dimensional code on the mobile computing device for a predetermined period of time. A gatekeeper device scans the two-dimensional code from the mobile computing device and then permits the user access to the facility within the predetermined period of time based on the facility credential and the two-dimensional code.

The embodiments relate to a method and a digital circuit area for securely providing a key using a request unit and a provision unit. In this case, a key is derived from parameters, at least one of which is used for the key derivation in a non-predefinable manner by the request unit. In this case, the key derivation is carried out in a digital circuit area in which the request unit and the provision unit are implemented.

A device unlock application on a user device may interact with a server to automatically carrier unlock the user device. The server may receive a carrier unlock request for a user device. The server may determine one or more verifications to be performed based at least on a unlock scenario requested by the carrier unlock request. The server may perform the one or more verifications to determine whether the user device is eligible for a carrier unlock. The server may send a unlock command to the user device in response to determining that the user device is eligible for the carrier unlock. The unlock command may disable a comparison of a device carrier code of the user device to a subscriber identity module (SIM) carrier code stored in a SIM card of the user device.

A cryptographic system is provided comprising multiple configuration servers (200, 201, 202) arranged to configure multiple network devices (300, 350, 360) for key sharing. Each configuration server comprising a computation unit (220) arranged to compute local key material for the network device from root key material specific to the configuration server and the network device identity number of the network device that is being configured. At least two configuration servers of the multiple configuration servers provide computed local key material to said network device. The network devices are configured to determine a shared key with any one of multiple network devices. A network device comprises a shared key unit (330) arranged to derive a shared key from another network device's identity number and at least two of the multiple local key materials of the network device.

There is described a challenge-response method for a computing device. The method comprises steps of: (a) receiving challenge data at a secured module of the computing device, the challenge data comprising image content encrypted using an encryption key, and the image content including a nonce; (b) the secured module recovering the image content through decryption using one or more keys associated with the encryption key; (c) the secured module of the computing device outputting the recovered image content; (d) capturing the image content as output by the secured module; (e) processing the captured image content so as to obtain the nonce; and (f) providing the nonce as a response. There is also described a computing device arranged to carry out the challenge-response method, a computer program for causing a processor to carry out the challenge-response method, and a computer readable medium storing such a computer program.

An entity authentication method includes: an entity A generates and sends N.sub.A to an entity B; the entity B generates N.sub.B and ZSEED.sub.B, computes a key MKA∥KEIA and first encrypted authentication data AuthEncData.sub.B, and sends the N.sub.B∥N.sub.A∥AuthEncData.sub.B to the entity A for verification; the entity A generates ZSEED.sub.A, computes second encrypted authentication data AuthEncData.sub.A, a shared key seed Z, a master key MK and a first message authentication identifier MacTag.sub.A, and sends the N.sub.A∥N.sub.B∥AuthEncData.sub.A∥MacTag.sub.A to the entity B for verification; the entity B computes Z, MK and MacTag.sub.A, compares the MacTag.sub.A with the received MacTag.sub.A, and if the two are equal, considers that the entity A is valid; the entity B computes and sends a second message authentication identifier MacTag.sub.B to the entity A; and the entity A computes MacTag.sub.B, compares the MacTag.sub.B with the received MacTag.sub.B, and if the two are equal, considers that the entity B is valid.