The present invention relates to a method for forcible password change, a server register a user data and a first key, the user signs into a mobile application program according to the user data and the first key. When the login key is different from the first key, and the number of sign-ins exceeds a threshold, the server will stop the user data from signing into the mobile application; the server generates a second key and sends a notification message; a confirmation event is executed to the notification message; after execution of the confirmation event the server allows the user data and the second key to be used to open the mobile application. This method enhances the security of the user account. When it is stolen or possibly stolen, the password is quickly changed and reconfirmed to prevent the account from increasing the loss of theft.

Systems and methods for attesting an enclave in a network. A method includes receiving, by a first device, proof information from an application provider entity that the enclave is secure, wherein the proof information includes a public part, Ga, of information used by the enclave to derive a Diffie-Hellman key in a key generation process with the application provider entity, processing, by the first device, the proof information to verify that the enclave is secure and ensuring that Ga is authentic and/or valid, deriving, by the first device, a new Diffie-Hellman key, based on Ga and x, wherein x is a private part of information used by the first device to derive the new Diffie-Hellman key, and sending, by the first device, a message including Ga and a public part, Gx, of the information used by the first device to derive the new Diffie-Hellman key to the enclave.

Systems and methods for managing provisioning of keys prior to a key rotation are provided. A license server generates a license that is associated with a renewal time. The renewal time is a time that is prior to a key rotation time, and triggers a receiver device to send a renewal request prior to the key rotation time. The renewal time may be a randomized time prior to the key rotation time that differs for different receiver devices. The license is transmitted to the receiver device. The license server then receives a renewal request from the receiver device that is triggered at the renewal time. The license server generates a next license that comprises a next key, whereby the next key is a decryption key for decrypting the encrypted signal after the key rotation time. The next license is transmitted to the receiver device prior to the key rotation time.

A system and method mediate transfer of encrypted data files between local applications and external computer systems. Application containers perform cryptographic operations using stored credentials to decrypt data coming from these external systems and configurably forward them to the local applications, and to encrypt data sent from the local applications to the external systems. Access to this encryption-as-a-service (EaaS) functionality is gated by a fingerprint service that classifies requests by security level, and detects anomalous requests. Security classification is performed by a supervised machine learning algorithm, while anomalous request detection is performed by unsupervised machine learning algorithm. Stored keys are monitored, and when they near expiration or are damaged, embodiments proactively undertake key renewal and key exchange with the external computer systems. Containerization enables key storage in multiple vaults, thereby making such storage vendor-agnostic.

A distributed database encrypts a table using a table encryption key protected by a client master encryption key. The encrypted table is replicated among a plurality of nodes of the distributed database. The table encryption key is replicated among the plurality of nodes, and is stored on each node in a respective secure memory. In the event of node failure, a copy of the stored key held by another member of the replication group is used to restore a node to operation. The replication group may continue operation in the event of a revocation of authorization to access the client master encryption key.

A system and method for geolocation-aware, cyber-enabled infrastructure inventory and asset management with state prediction capability. The system tracks tangible and intangible assets, including states associated with each asset such as the location, condition, and value of each asset. Physical assets may be cyber-enabled by attaching wireless computing devices to some or all of the physical assets to provide data about the physical assets using sensors of the computing devices, including but not limited to, such data as location, conditions of storage, and hours of operation or use. Data for each item is stored in a multi-dimensional time series database, which keeps a historical record of the states of each item. Unknown or future states can be predicted by applying predictive models to the time series data. Parametric evaluations of current and predicted future states can be used to optimize the assets against an objective.

Embodiments of this application provide key update methods and apparatuses in the field of communications technologies. A communications system includes a terminal and a core network device. The terminal can access the core network device using both a first access technology and a second access technology. The first connection and the second connection have a shared key. Key update for the first connection is performed in obtaining a first key identifier that identifies a first key obtained by performing the key update for the first connection. In response to determining that the second connection is in a connected state, the shared key for the second connection and a second key identifier that identifies the shared key are retained. The shared key is kept using for the second connection before performing key update for the second connection.

This disclosure describes methods, non-transitory computer readable storage media, and systems that provide secure password sharing across a plurality of users and client devices via a shared folder. For example, in one or more embodiments, the disclosed system retrieves a public key set including public encryption keys for client devices having access to the shared folder. The disclosed system provides the public key set to a client device requesting to share the shared folder. The disclosed system receives an encrypted payload for the shared folder and a shared encryption key that is utilized to encrypt the payload and is encrypted in the shared folder utilizing the public key set. The disclosed system also detects key rotation events and notifies one or more client devices to generate a modified shared encryption key and re-encrypt the payload for storage within the shared folder.

A storage apparatus sends a request for a key encryption key to a key management server using a storage apparatus ID as a parameter, acquires the key encryption key, for which a request has been sent to the key management server, and its attribute information, and stores the key encryption key and its attribute information in a key encryption key list while eliminating the key encryption key that is duplicated. Then, in the order listed in the key encryption key list, decryption of the encryption key is attempted by the key encryption key stored in the key encryption key list, and the success or failure of the decryption of the encryption key is determined. When the decryption of the encryption key using the key encryption key fails, the decryption of the encryption key is attempted using a key encryption key, which has not been attempted yet, in the key encryption key list.

A secure programming system and method for provisioning and programming a target payload into a programmable device mounted in a programmer. The programmable device can be authenticated before programming to verify the device is a valid device produced by a silicon vendor. The authentication process can include a challenge-response validation. The target payload can be programmed into the programmable device and linked with an authorized manufacturer. The programmable device can be verified after programming the target payload by verifying the silicon vendor and the authorized manufacturer. The secure programming system can provision different content into different programmable devices simultaneously to create multiple final device types in a single pass.