A method of unlocking a second device using a first device is disclosed. The method can include: the first device pairing with the second device; establishing a trusted relationship with the second device; authenticating the first device using a device key; receiving a secret key from the second device; receiving a user input from an input/output device; and transmitting the received secret key to the second device to unlock the second device in response to receiving the user input, wherein establishing a trusted relationship with the second device comprises using a key generated from a hardware key associated with the first device to authenticate the device key.

Encryption and decryption techniques based on one or more transposition vectors. A secret key is used to generate vectors that describe permutation (or repositioning) of characters within a segment length equal to a length of the transposition vector. The transposition vector is then inherited by the encryption process, which shifts characters and encrypts those characters using a variety of encryption processes, all completely reversible. In one embodiment, one or more auxiliary keys, transmitted as clear text header values, are used as initial values to vary the transposition vectors generated from the secret key, e.g., from encryption-to-encryption. Any number of rounds of encryption can be applied, each having associated headers used to “detokenize” encryption data and perform rounds to decryption to recover the original data (or parent token information). Format preserving encryption (FPE) techniques are also provided with application to, e.g., payment processing.

A method for detecting a fault injection is described. The method includes providing a secondary code, the secondary code including a predetermined function with a known expected result when the secondary code is executed with a known tested input. A primary code is executed in the data processing system. The primary code may be a portion of code that requires protection from a fault injection attack, such as for example, security sensitive code. The secondary code is executed in parallel with the primary code execution in the data processing system to produce an output. The output is compared with the known expected result to detect the fault injection attack of the data processing system. In one embodiment, the secondary code is not related to the primary code.

Systems and methods for securely pairing a transmitting device with a receiving device are described. The systems and methods may communicate with a first device via a first communication method over a wireless communication network. The systems and methods may transmit, to the first device via a second communication method, a first sensory pattern representing a first key. In addition, the system and methods may communicate with the first device via the first communication method using the first key.

Systems and methods for secure peer-to-peer communications are described. Devices registered into trusted network may be capable of establishing a shared data encryption key (DEK). In embodiments, each device may be configured to obtain a share of a data encryption key (DEKi) that can be stored locally. The shares may be shares in an M of N Secret Sharing Scheme. This may involve a network that includes an integer, N, devices, and in which M devices may share a secret (i.e. the DEK) during communications, M being an integer less than or equal to N. To obtain the entire DEK during encryption/decryption, a requesting device may send requests to M of N devices for their shares of the DEK. Once M shares are obtained, they may be used generate the DEK for encrypting/decrypting data between the devices.

Various embodiments are generally directed to improving card security by providing a user a contactless card with no sensitive card information, such as card number, card verification value, and expiration date, printed thereon, and displaying the sensitive card information relative to the card in augmented reality (AR) based on successful NFC-based user authentication. According to examples, the NFC-based user authentication may be performed by one-tapping or single tapping the contactless card to user mobile device. One or more portions of the sensitive card information may be obfuscated to further enhance card security. Moreover, the user can interact with AR elements including the sensitive card information to perform various actions.

A security platform architecture is described herein. The security platform architecture includes multiple layers and utilizes a combination of encryption and other security features to generate a secure environment.

Systems and Methods are disclosed for real-time decryption of a health registry-issued certificate for signaling a user vaccination and/or test status on a user device comprising the steps of: coupling a first user mobile device to a health registry for real-time decryption of a health registry-issued health certificate over a network; outputting on the first user mobile device at least one of an audible output, visual output, vibrational output, and/or textual output based on a pre-defined signaling protocol to signal a user vaccination status based on a token derived from the real-time decrypted health certificate; and decoding a device identifier/tag or token from the first user mobile device by a second user mobile device, fixed access device, or hand-held scanner, signaling to a second user a first user vaccination status based on a pre-defined signaling protocol and the tag/token.

A data packet verification method and a device improve network security. The method includes: receiving a data packet of a terminal device, where the data packet carries a first token and a service identifier, and the service identifier is used to indicate a type of a service to which the data packet belongs; obtaining first input information based on the data packet, and generating a second token based on the first input information, where the first input information includes an identifier of the terminal device and the service identifier carried in the data packet; and sending the data packet when the first token is the same as the second token.

A user, using a user-computing device connected to a computer network, is authenticated to access a computing resource managed by a system on the computer network. The user computing device presents a user interface to prompt the user to input a value for each of a set of user-defined credentials that the user has previously defined for a SAIF server to authenticate the user to access the computer resource, thereby forming a set of input values. Modified values, each generated from and representing a corresponding one of the input values, are transmitted and validated by comparing them with corresponding modified forms of user-defined credential values stored in a memory, thereby determining whether the user is authenticated to access the computing resource on the system.