A data packet verification method and a device improve network security. The method includes: receiving a data packet of a terminal device, where the data packet carries a first token and a service identifier, and the service identifier is used to indicate a type of a service to which the data packet belongs; obtaining first input information based on the data packet, and generating a second token based on the first input information, where the first input information includes an identifier of the terminal device and the service identifier carried in the data packet; and sending the data packet when the first token is the same as the second token.

A method of sharing encrypted data includes, by an electronic device, receiving a password from a user to perform an action, receiving a salt value, generating a user key using the password and salt value, receiving an encrypted key location identifier value, decrypting the encrypted key location identifier value to obtain a key location identifier, receiving an encrypted read token value, decrypting the encrypted read token value using the user key to obtain a read token value, and transmitting the read token value and the key location identifier to a server electronic device.

An authorization method and an authorization system are provided. The authorization method includes displaying, by a service device, authorization information on an e-paper arranged on the service device; obtaining, by a user device, the authorization information from the e-paper; and using, by the user device, the authorization information displayed on the e-paper to perform an authorization operation between the user device and the service device.

Methods and systems are provided for performing operations comprising: receiving, by a credential gateway from a client device, a request to obtain a digital credential for accessing a secure resource, the credential gateway being configured to coordinate an exchange of digital credentials associated with different secure resource types with a plurality of client devices; communicating the request to a server associated with the secure resource; receiving, by the credential gateway from the server associated with the secure resource, a data object that includes the digital credential; selecting, by the credential gateway, based on the data object, a security protocol from a plurality of security protocols; and providing, by the credential gateway, the digital credential to the client device in accordance with the selected security protocol.

Provided is a process that affords out-of-band authentication based on a secure channel to a trusted execution environment on a client device. The authentication process includes one or more authentication steps in addition to verifying any credentials provided by a client device. A notification may be transmitted by a server to a device other than the client device attempting to access the asset. That device may be a mobile device with a trusted execution environment storing user credential information, and the server may store representations of those credentials. The mobile device collects user input credentials and transmits representations for matching the previously stored representations and signed data for verification by the server that received data originated from the mobile device. The access attempt by the client is granted based in part on the result of authenticating the data received from the mobile device in a response to the notification.

Implementations set forth herein relate to an automated assistant that can solicit other devices for data that can assist with user authentication. User authentication can be streamlined for certain requests by removing a requirement that all authentication be performed at a single device and/or by a single application. For instance, the automated assistant can rely on data from other devices, which can indicate a degree to which a user is predicted to be present at a location of an assistant-enabled device. The automated assistant can process this data to make a determination regarding whether the user should be authenticated in response to an assistant input and/or pre-emptively before the user provides an assistant input. In some implementations, the automated assistant can perform one or more factors of authentication and utilize the data to verify the user in lieu of performing one or more other factors of authentication.

A virtual keyboard rendered on a separate computing device is independent of the user's computer. A virtual keyboard displayed on the user's computer screen is blank without any alphanumeric characters. Another virtual keyboard displayed on the user's independent computing device has a randomly generated layout of alphanumeric characters on a keypad. The user enters a password by pressing the blank keys of the blank keyboard on his computer screen with reference to the other virtual keyboard. The position sequence of these entered keys is sent to an application on a remote server computer. The remote server computer shares a virtual keyboard having the randomly generated layout of characters with the independent computing device via an online or off-line technique. When online, an encoded image of the encrypted layout is sent to the client computer and displayed for scanning by the device. When off-line, both the application and the device generate the same random key sequence by using the same pseudo random number generator and the same seed value.

A system for credential storing and verifying includes an interface and a processor. The interface is configured to receive an indication to register a credential. The processor is configured to indicate to store in a distributed ledger a DID document associated with a holder identifier using a smart contract. Storing using the smart contract employs a dual signature authentication scheme to authorize storing based at least in part on an individual signature and a ledger writer signature. The processor is further configured to indicate to store in the distributed ledger a schema associated with an issuer of the credential using the smart contract and indicate to store in the distributed ledger a credential definition associated with the schema using the smart contract.

A computer implemented system for controlling access to data associated with an entity includes a data storage device having a protected memory region, and one or more processors, at least one of which is operable in the protected memory region. The one or more processors are configured for: storing a secret key associated with the entity in a portion of the protected memory region associated with the entity; upon receiving entity data, storing the entity data in the portion of the protected memory region associated with the entity; and upon receiving an access grant signal, generating a smart contract, the smart contract defining the entity data to be accessed and a recipient of the entity data to be accessed.

Example embodiments of systems and methods for data delegation and control through the use of tokenized data are provided. In an exemplary method of data delegation and control, a data device may store private information associated with a user and generate an access token, comprising tokenized data identifying the data device. The data device may transmit the access token to a user device through a front channel and receive an information request from a merchant device comprising the access token through a secure back channel. Upon authenticating the access token, the data device may transmit a portion of the private information to the merchant device through the secure back channel.