Techniques are disclosed relating to securely communicating traffic. In some embodiments, an apparatus includes a secure circuit storing keys usable to encrypt data communications between devices over a network. The secure circuit is configured to store information that defines a set of usage criteria for the keys. The set of usage criteria specifies that a first key is dedicated to encrypting data being communicated from a first device to a second device. The secure circuit is configured to receive a request to encrypt a portion of a message with the first key, the request indicating that the message is being sent from the first device to the second device, and to encrypt the portion of the message with the first key in response to determining that the set of usage criteria permits encryption with the first key for a message being sent from the first device to the second device.

Disclosed in some examples are methods, systems, devices, and machine-readable mediums that provide an ability for an entity to independently commence, advance, and complete a resource allocation offer in a matter of minutes as opposed to weeks or months after an automated resource pre-committal process. The system, using and incorporating machine learning techniques and algorithms, may have several phases, including a setup phase, resource pre-committal phase, an import phase, a processing phase, a verification phase, a resource allocation offer phase, and a resource allocation phase in which the system allocates resources to a vendor.

A method for a system includes forming within an app running upon a user smart-device, an ephemeral ID having data associated with a server and anonymous data, outputting the ephemeral ID to a first receiver associated with a first computer and to a second receiver associated with a second computer system separate from the first, receiving from the first receiver an identifier and a nonce, providing the identifier and the nonce to the server, receiving from the server a token associated with the first computer system authorizing access to the first computer system but not the second computer system by the user smart-device, storing the token for facilitated authentication of the user smart-device, and providing the token to the first receiver.

A method of attestation of a host machine based on runtime configuration of the host machine is provided. The method receives, at an attestation machine, a request from the host machine for attestation of a software executing on the host machine, the request including at least one security-related configuration of the software at launch time and a corresponding runtime behavior of the software when the security-related configuration changes. The method then generates a claim based on evaluating a value associated with the at least one security-related configuration and the corresponding runtime behavior of the software when the value changes. The method also generates an attestation token after a successful attestation of the software and include in the attestation token the generated claim. The method further transmits the attestation token to the host machine.

A communication system includes a mobile device and an apparatus. The apparatus obtains unique data from the mobile device by using a common key while the common key is stored in the mobile device, generates a unique key by using the obtained unique data, stores the generated unique key as a service key in the apparatus, and transmits the generated unique key to the mobile device. When the mobile device receives the unique key from the apparatus while the common key is stored in the mobile device, the mobile device rewrites a service key stored in the mobile device from the common key to the unique key.

To address the requirements described above, this document discloses a system and method for performing an action on at least one resource node of a hierarchical organization of resource nodes is disclosed. The system utilizes an external Identity Provider that provide more flexible authentication and authorization services, and leverages such services with secure server such as an on-line data signing service to provide flexible permission management.

System, method, and non-transitory computer-readable storage media for allowing creating a record of an animal on a distributed ledger such as a blockchain. The animals have tags which, when read using a livestock tag reader, allow the owners of the animals to update the animal records with information about the animal, such as health and/or location data. The updated record can then be cryptographically signed and transmitted to a network server which verifies that the cryptographic signature corresponds to an owner's cryptographic signature for the animal.

The systems and methods disclosed herein transparently provide data security using a cryptographic file system layer that selectively intercepts and modifies (e.g., by encrypting) data to be stored in a designated directory. The cryptographic file system layer can be used in combination with one or more cryptographic approaches to provide a server-based secure data solution that makes data more secure and accessible, while eliminating the need for multiple perimeter hardware and software technologies.

Method for the secure execution of programs (smart contracts) implemented between a first wallet node (WN) (WN1) and a second wallet node (WN2), at least the second WN being implemented in an enclave of a processor, and the WNs being capable of executing programs designated in the messages that reach them, the method comprising the following steps: a) sending by WN1 to WN2 of a pre-message; b1) in response to this pre-message, execution in the enclave of a first program (WNRoT); b2) generation by the enclave of a certificate of authenticity of said first program and of the integrity of its execution; b3) sending said certificate to WN1; c) verification by WN1 of said certificate; d) in the event of successful verification, sending by WN1 to WN2 of a message intended to trigger the execution of a given program in WN2, and e) execution of said program in WN2.

A security token is provided having a communication interface with a communication transceiver; a circuit having encoded thereon an immutable hardware key; and a tangible, nonvolatile memory, the nonvolatile memory having stored thereon a mutable software key, the mutable software key including a cryptographic key and an expiry for the cryptographic key.