The present technology discloses methods and systems for receiving a security profile request from an integrity verifier, the request including a nonce; requesting, from a trusted platform module, a new nonce, wherein the new nonce is generated at least in part by the nonce and a current timestamp from a clock in the trusted platform module; receiving, from the trusted platform module, the new nonce; requesting, from a cryptoprocessor, a set of platform configuration registers; receiving, from the cryptoprocessor, the set of platform configuration registers; and sending a response to the integrity verifier, the response including the new nonce and the set of platform configuration registers to verify a security status of the trusted platform module and the cryptoprocessor.

A method, apparatus, and system of activating and using a contactless card are disclosed. A method includes receiving a transaction card application for a contactless transaction card from an applicant; issuing a contactless transaction card based on the transaction card application, wherein the contactless transaction card comprises a uniform resource locator (URL) embedded thereon; and activating the contactless transaction card in response to receiving information from a contactless communication between the contactless transaction card and a customer device, wherein the contactless communication causes access to a web site associated with the URL.

Systems and methods for attesting an enclave in a network. A method includes receiving, by a first device, proof information from an application provider entity that the enclave is secure, wherein the proof information includes a public part, Ga, of information used by the enclave to derive a Diffie-Hellman key in a key generation process with the application provider entity, processing, by the first device, the proof information to verify that the enclave is secure and ensuring that Ga is authentic and/or valid, deriving, by the first device, a new Diffie-Hellman key, based on Ga and x, wherein x is a private part of information used by the first device to derive the new Diffie-Hellman key, and sending, by the first device, a message including Ga and a public part, Gx, of the information used by the first device to derive the new Diffie-Hellman key to the enclave.

A storage architecture and associated usage techniques are described for providing efficient modification and use of access rights for stored data. The access rights may be associated with data stored on blockchain storage, and a separate ledger storage system may be used to provide improvements for modifying access rights for such stored data. For example, groups of data may be created and stored on blockchain storage before access to the stored data groups is made available to end users, and additional information related to those stored data groups (e.g., about their access rights) may be stored in a separate ledger storage system. When a particular user later requests access rights for one of those previously stored data groups, corresponding modifications may be quickly made to the separate ledger storage system to provide the user with substantially immediate access to that stored data group.

A firmware update shared key management method using a flash memory includes: a firmware data registration step of receiving, from a manufacturer server, at least one of information of a user device that is a firmware update target, and firmware information and registering the received information as firmware data; a firmware data management step of receiving a request from a firmware update server in which the registered firmware data is stored, and storing and managing the registered firmware data in a specific area of a flash memory included in the user device via a network; a shared key verification execution step of using a shared key to execute verification on a command communicating between the user device including the flash memory and the firmware update server that performs firmware update; and a firmware update execution step of performing firmware update of the user device through the firmware update server only when the encrypted command and the shared key pass the verification.

A system for using hardware-secured receptacle devices includes a transfer processing device configured to store transfer method data associated with user on at least a cryptographically secured receptacle device, receive user authentication credentials from a user, authenticate user identity as a function of the user authentication credentials, retrieve a transfer authorization from the at least a cryptographically secured receptacle device as a function of the transfer method data, generate a transfer as a function of the transfer authorization.

Aspects of the present disclosure relate to an apparatus comprising first interface circuitry to communicate with relying party circuitry, the first interface circuitry being configured to receive, from the relying party circuitry, an attestation request in respect of a processing operation requested by attester circuitry to be performed by the relying party circuitry; second interface circuitry to communicate with the attester circuitry, the second interface circuitry being configured to: transmit the attestation request to the attester circuitry; and receive, from the attester circuitry, evidence data associated with the processing operation, and third interface circuitry to communicate with verifier circuitry, the third interface circuitry being configured to: transmit the evidence data to the verifier circuitry; and receive, from the verifier circuitry, attestation result data indicative of a verification of the evidence data, wherein the first interface circuitry is configured to transmit the attestation result data to the relying party circuitry.

There is a provided a digital identity network interface system that may include a communications module and a processor. The processor may be configured to receive a signal representing a digital identity request, the digital identity request defining one or more scopes associated with the request, at least one of the scopes identifying a data type associated with the request, generate a query based on the scopes by translating at least one of the scopes into a query having a query format associated with a digital identity network, the digital identity network storing data associated with a plurality of users, send a signal representing the query to the digital identity network, send a link to an authorization device, after successful authentication, obtain data associated with the digital identity request from the digital identity network, and release at least some of the data.

An authentication system facilitates a transfer of enrollment in authentication services between client devices. The authentication system enrolls a client device in authentication services to enable the client device to be used for authenticating requests to access one or more services. As part of enrolling the client device, the authentication system receives authentication enrollment information for the client device that is associated with one or more authentication credentials securely stored on the client device (e.g., a multi-factor authentication (MFA) certificate). The authentication system facilitates one or more processes for transferring the enrollment from an enrolled client device to a non-enrolled client device that limit the number and complexity of actions performed by the user. In particular, the authentication system facilitates transfer of enrollment based on receiving enrollment transfer requests authorized by the enrolled client device using one or more authentication credentials associated with the enrollment of the enrolled client device.

Methods and systems pertaining secure transaction systems are disclosed. In one implementation, a computer with a verification token associated with a computer can send user authentication data as well as a secure datum to a control server. The verification token may obtain the secure datum from a validation entity. The control server can validate the secure datum and authentication data and can generate a payer authentication response.