A multi-phase boot operation of a virtualization manager at a virtualization host is initiated at an offload card. In a first phase of the boot, a security key stored in a tamper-resistant location of the offload card is used. In a second phase, firmware programs are measured using a security module, and a first version of a virtualization coordinator is instantiated at the offload card. The first version of the virtualization coordinator obtains a different version of the virtualization coordinator and launches the different version at the offload card. Other components of the virtualization manager (such as various hypervisor components that do not run at the offload card) are launched by the different version of the virtualization controller.

As disclosed herein a computer system for secure database backup and recovery in a secure database network has N distributed data nodes. The computer system includes program instructions that include instructions to receive a database backup file, fragment the file using a fragment engine, and associate each fragment with one node, where the fragment is not stored on the associated node. The program instructions further include instructions to encrypt each fragment using a first encryption key, and store, randomly, encrypted fragments on the distributed data nodes. The program instructions further include instructions to retrieve the encrypted fragments, decrypt the encrypted fragments using the first encryption key, re-encrypt the decrypted fragments using a different encryption key, and store, randomly, the re-encrypted fragments on the distributed data nodes. A computer program product and method corresponding to the above computer system are also disclosed herein.

A method of sharing collaborative data between registered users in an online collaboration system. The collaboration system has a server and one or more electronic user devices that are capable of data communication with the server over a data network. Each registered user is allocated a unique asymmetric key pair comprising a user public key and a user private key for encryption and decryption of shared data content. The server is able to modify uploaded encrypted data content to enable access by multiple authorised users, and is able to convert uploaded data content into alternative formats, typically to enable web-browser viewing.

A connectionless system for handing off data, content or information includes a proximity detection component that allows devices to detect other local devices within range. Devices within range may use advertisement and scanning to exchange communications so that one device can handoff data, content, or information to another device without having to connect, e.g., pair, with the other device(s).

The disclosed exemplary embodiments include computer-implemented devices, apparatuses, and processes that, among other things, perform dynamic biometric authentication based on distributed ledger data. For example, a device may compute a first hash value based on first biometric data captured by a sensor unit, and may transmit a request to, and receive a response from, a computing system across a communications network via the communications unit. The request may cause the computing system to execute instructions maintained within the distributed ledger data, and to extract second biometric data maintained within an element of the distributed ledger data. The second biometric data may include a second hash, which the computing system may incorporate into the response. The device may authenticate an identity associated with the device when the first hash value corresponds to the second hash value incorporated within the response.

A device and a method for implementing a physically unclonable function is disclosed. In one aspect, the device includes at least one electronic structure including a dielectric. A conductive path is formed at a random position through the dielectric due to an electrical breakdown of the dielectric, or the electronic structure is adapted for generating an electrical breakdown of the dielectric such that the conductive path is formed through the dielectric at a random position. The at least one electronic structure is adapted for determining a distinct value of a set comprising at least two predetermined values. The distinct value is determined by the position of the conductive path through the dielectric.

Systems and methods for provisioning secure terminals for secure transactions are disclosed herein. A disclosed method includes generating a key using a key generator element on a secure terminal and sending a key validation request for the key from the secure terminal to a provisioning device. The method also includes parsing the key validation request and generating a key validation for the key and a trusted time stamp on the provisioning device. The method also includes sending, from the provisioning device, the key validation and the trusted time stamp to the secure terminal. The method also includes setting a clock on the secure terminal using the trusted time stamp and storing the key validation at the secure terminal.

Generally described, physical computing devices in a virtual network can be configured to host a number of virtual machine instances. The physical computing devices can be operably coupled with offload devices. In accordance with an aspect of the present disclosure, a security component can be incorporated into an offload device. The security component can be a physical device including a microprocessor and storage. The security component can include a set of instructions configured to validate an operational configuration of the offload device or the physical computing device to establish that they are configured in accordance with a secure or trusted configuration. In one example, a first security component on the offload device can validate the operational computing environment on the offload device and a second security component on the physical computing device can validate the operational computing environment on the physical computing device.

The embodiments provide cryptography that is performed in each of two communicating devices and is based on information known only to the devices. The information is determined in each of the devices at the time of communications. Each of the devices determines the information without communicating key information related to the encryption key with each other. Channel characteristic reciprocity between the two devices allows creation of identical keys in each device. Each of the devices sends a first setup signal to the other device, receives a second setup signal from the other device, where the second setup signal may be a looped back version of the first setup signal, samples the second setup generates sampling results, creates a key based on the sampling results, and utilizes the key to exchange one or more secure data signals with the other device.

The embodiments provide a cryptography key for two communicating devices that is based on information known only to the devices. The information may only be determined by the devices. Each device determines the information without communicating key information related to the encryption key with the other. Channel characteristic reciprocity between the devices allows creation of identical keys in each device. Each device sends a signal to the other device at the same power level based on the distance between the devices. The power level may be set to result in a target receive power level at the other device. Each device samples the received signal, generates sampling results, creates a key based on the sampling results and a threshold power level, and utilizes the key. The threshold power level may be based on the target receive power level, or a median power determined from the sampling results.