A system and method are provided for generating access tokens on a user device rather than via a remote server computer. An access token can be generated on a second user device by combining and encrypting, with format preservation, a primary access identifier, variable value, and salt. The resulting value can be provided to a first user device that can subsequently can provide the access token to an access device as part of an interaction. The access device can generate an authorization request message that comprises the access token and transmit it to a remote server computer for processing. The remote server computer can process the access token to determine the primary access identifier despite not being involved in the generation of the access token, providing an improvement over conventional tokenization methods.

Example methods and systems disclosed herein facilitate the introduction and use of client-specified object encryption within a computing environment using remote third-party storage systems, where data objects stored on the remote third-party storage systems were previously either stored in unencrypted form or encrypted with a single key tied to an account that owns the data. In some embodiments, the encryption is introduced into the system in gradual stages, so as to minimize or entirely eliminate data availability downtime. In some embodiments, the introduction of client-specified object encryption involves registration of a user function on the third-party storage system, where the user function handles object decryption in response to requests of content consumers for data objects stored by the third-party storage system.

Methods are described for a data creator to securely send a data payload to another device in a transient symmetric key technology (TSKT) system, and for the other device to securely receive the payload data. One method includes receiving a first seed and a formula from a command and control server. A second seed is generated, and the first seed and the second seed are combined using the formula to create a data seed. A first key is generated using the first seed, and the second seed is encrypted using the first key to form an encrypted second seed. A second key is generated using the data seed, and the data payload is encrypted using the second key to form an encrypted data payload. The encrypted data payload and the encrypted second seed are combined in a secure container, and subsequently all keys and seeds and the formula are destroyed.

A vehicle includes a wireless transceiver; and one or more controllers, programmed to receive, via the wireless transceiver, a hailing instruction that identifies a user to ride in the vehicle, the hailing instruction including an identifier of a mobile device of the user, responsive to receiving a key from the mobile device via a wireless connection between the mobile device and the wireless transceiver, associate the key with the identifier, and send the key and the identifier as an associated pair to a server via the wireless transceiver.

An apparatus to facilitate descriptor resiliency in a computer system platform is disclosed. The apparatus comprises a non-volatile memory to store firmware for a computer system platform, wherein the firmware comprises a primary descriptor including access permission details for platform components and a secondary descriptor including a backup copy of the access permission details and a controller, coupled to the first non-volatile memory, including recovery hardware to detect a problem during a platform reset with the primary descriptor, recover the contents of the primary descriptor from the backup copy included in the secondary descriptor and store the contents of the backup copy to primary descriptor.

A system and method for generating a cryptographic key using a sequence of data segments selected by a user from one or more data resources. Raw data from the one or more data resources corresponding to each of the selected data segments, and the sequence in which such data segments are selected, is extracted and processed to generate a key. The key can be used for any cryptographic and authentication purpose. By enabling a user to select the sequence of data segments from the one or more data resources in any manner the user desires, the user can create a strong key, but also easily remember the underlying data resource and chosen sequence. This technique provides enhanced security while maintaining ease of creation and use of such security.

In one embodiment, a system includes a non-volatile memory that may serve as both the main memory system and the backing store (or persistent storage). In some embodiments, the non-volatile memory is divided into a main memory portion and a persistent portion. Data in the main memory operation may be encrypted using one or more first keys, and data in the persistent portion may be encrypted using one or more second keys, in an embodiment. The volatile behavior of main memory may be implemented by discarding the one or more first keys in a power down event or other event that indicates a loss of main memory data, while the one or more second keys may be retained. In one embodiment, the physical address space of the non-volatile memory may be a mapping from a second physical address space that is used within the system.

An example method includes receiving an encrypted biometric enrollment data and user identifier data. The encrypted biometric enrollment data includes at least one biometric enrollment sample from a user encrypted using an encryption key. The encryption key is generated based on a user secret and the user identifier is associated with the user. The user identifier is matched with a stored user secret. A decryption key is generated based on the stored user secret. The encrypted biometric enrollment data is decrypted using the decryption key. The at least one biometric enrollment sample is retrieved from the decrypted biometric enrollment data. The at least one biometric enrollment sample is processed using a biometric processing algorithm to generate a biometric reference template. A biometric reference template identifier uniquely identifying the biometric reference template is generated. An encryption key is generated based on the stored user secret and encrypts an enrollment confirmation message.

Disclosed are a method and system for implementing a platform for providing offline information to smart glass. A computer device for implementing an information platform may include an information manager configured to manage service information to be exposed on smart glass based on service configuration information to be broadcasted through an information broadcasting device (IBD) registered by an information owner, and a content manager configured to distribute content, generated based on the managed service information, in a format configured in the smart glass.

A distributed database encrypts tables using table encryption keys protected by a client master encryption key. The client may revoke authorization to access the client master encryption key. Subsequent to a revocation of authority to access the client master encryption key, the distributed database generates interim snapshots of the table using the table encryption key. Also subsequent to the revocation, the distributed database generates a backup of the table using a backup encryption key protected by the client master encryption key.