Methods for protecting software licensing information via a trusted platform module (TPM) are performed by systems and devices. When a licensing server is unreachable, a license is generated for a software application by a licensing manager. The license is generated via a secure register of the TPM using an asymmetric key, specific to the software application and policy-tied to the secure register, to generate a signature of a hashed license file for the software application. The asymmetric key is stored, mapped to the license file, and used for subsequent license validation. A licensing manager validation command is provided to validate the license using the key, as applied to the hash, to verify the signature and checking validity of the time stamp. Time stamp expiration or alteration of the license are determined to provoke invalidation indications for the validating application.

A secure communication system enabling secure transport of information is disclosed. The system comprises a secure network with one or more packet processing units connected by links through an internal communication system. The secure network transports packets of information between credentialed and authenticated agents. Each packet is associated with a visa issued by a visa service. The visa specifies the procedures governing the processing of the packet by the packet processing units as it is transported along a compliant flow, between agents thorough the network, according to a set of policies specified in a network configuration. Packet processing units include docks and forwarders. Adaptors serving the agents communicate with the network through tie-ins to docks. The system also includes and admin service, accessible to one more admins, that facilitates configuration and management of the network.

A method, system, and computer program product for dynamically ensuring SDK integrity load, at a merchant system, a software development kit (SDK) wrapper from a payment gateway system via a merchant webpage associated with the merchant system; execute the SDK wrapper, the SDK wrapper loading an SDK core when executed; determine an integrity of the SDK core; in response to determining the integrity of the SDK core, perform a handshake between the SDK wrapper and the SDK core and overload a real function exported by the SDK wrapper; and provide, from the merchant system via the SDK core, a secure payment container request to a payment gateway system.

Example embodiments of systems and methods for data transmission system between transmitting and receiving devices are provided. In an embodiment, each of the transmitting and receiving devices can contain a master key. The transmitting device can generate a diversified key using the master key, protect a counter value and encrypt data prior to transmitting to the receiving device, which can generate the diversified key based on the master key and can decrypt the data and validate the protected counter value using the diversified key.

Disclosed are an electronic device and a method of performing digital key provisioning of an electronic device. The electronic device according to an embodiment includes a communication unit, a memory that stores programs and data for performing digital key provisioning, and a processor configured to, by executing the programs stored in the memory, perform device authentication on a target device by performing short-range communication with the target device, identify a digital key service access right of the target device through a server by obtaining user information, and control generation and storing of a digital key in response to a digital key generation request from the target device.

Example embodiments of systems and methods for data transmission system between transmitting and receiving devices are provided. In an embodiment, each of the transmitting and receiving devices can contain a master key. The transmitting device can generate a diversified key using the master key, protect a counter value and encrypt data prior to transmitting to the receiving device, which can generate the diversified key based on the master key and can decrypt the data and validate the protected counter value using the diversified key.

This specification discloses devices and methods for a security concept that includes an immobile hardware token (e.g., a “wall token” that is fixed within a wall) which ensures that the more sensitive actions of electronic banking (e.g., money transfers of large sums to foreign bank accounts) can only be done from the account owner's home, but not from a remote place. However, other less sensitive (and lower security risk) actions can still be done from anywhere else. In some embodiments, the hardware token includes sensors to ensure that the token is not moved or tampered with, interfaces to provide distance bounding, and a crypto-processor to provide secure authentication. The distance bounding can be used to determine if the authentication device is in close proximity to the hardware token, which can in turn ensure that the authentication device is within the account owner's home.

A method for authenticating an origin of a network device. The method includes reading one or more encrypted parameters from a memory of the network device, decoding the one or more encrypted parameters, and determining whether one or more of the decoded parameters match parameters obtained from a trusted platform module (TPM) installed in the network device and/or a read only memory (ROM) of the network device. In response to a mismatch between the decoded parameters and the parameters obtained from the TPM or the ROM, at least one of suspending operation of the device or transmitting a report of an authentication failure across a network on which the device is operating.

Methods are described for performing a timely authorization of digital credential data delivered from a mobile device that is without access to a local persistently stored permanent cryptographic key. An application executable in the operating system of a mobile device receives a first non-permanent cryptographic key associated with the account from a remote computer system, stores the first non-permanent cryptographic key as a local cryptographic key associated with the account; generates a response cryptogram using the local cryptographic key and without accessing the permanent cryptographic key and sends a device response communication from the mobile device to an electronic reader of a POS terminal, the device response communication comprising an application data protocol unit containing the response cryptogram and an account identifier for the account.

A description is given of a method for securing a multi-access edge computing network, where provision is made for a hardware security device designed to be connected to a host module of the network. The method, implemented by the hardware security device, includes upon reception of a presence request from the host module in the network, verifying whether the presence request comprises data representative of an identifier of the host module, and, if so, sending a presence response to the host module, comprising a signature of the hardware security device.