Provided is a method and/or system that facilitates offline sharing and verifying digital identity claims among NFC enabled portable smart devices that are enabled by enabling applications. The enabled portable smart-devices store, verify and share identity, peer to peer and offline. Each identity claim is digitally signed by an identity issuing authority, and the claim can be verified to reliably detect tampering of the claim and thus brings trust in the process of claim sharing and verifying the identity/credentials embodied in the claim. Either Blockchain or non-blockchain, as the backend system of the method/system, can be used, via an inter-operable middleware layer, for onboarding claim holders, claim verifiers, and claim issuers, and for creating/issuing, for managing digital identity claims. NFC, as the communication protocol, facilitates secure data sharing among the NFC-enabled devices.

A method is provided for preparing a plurality of distributed nodes to perform a protocol to establish a consensus on an order of received requests. The plurality of distributed nodes includes a plurality of active nodes, the plurality of active nodes including a primary node, each of the plurality of distributed nodes including a processor and computer readable media. The method includes preparing a set of random numbers, each being a share of an initial secret. Each share of the initial secret corresponds to one of the plurality of active nodes. The method further includes encrypting each respective share of the initial secret, binding the initial secret to a last counter value to provide a commitment and a signature for the last counter value, and generating shares of a second and of a plurality of subsequent additional secrets by iteratively applying a hash function to shares of each preceding secret.

A method comprises: a first data processing device requesting attestation of a second data processing device; the second data processing device generating a device-specific attestation message in dependence upon a device-specific key, a hardware configuration of the second data processing device and a software configuration of software running on the second data processing device; the second data processing device generating an application-specific attestation message in dependence upon an interaction protocol by which the first data processing device and the second data processing device interact; the second data processing device cryptographically binding the application-specific attestation message to the device-specific attestation message; the first data processing device verifying the application-specific attestation message, the verifying step comprising detecting a trusted status of the application-specific attestation message by verifying the device-specific attestation message cryptographically bound to the application-specific attestation message; and the first data processing device establishing an interaction with the second data processing device according to the interaction protocol, in dependence upon the verified application-specific attestation message.

The disclosed exemplary embodiments include computer-implemented systems, apparatuses, and processes that, among other things, authorize initiated exchanges of data in real-time based on dynamically generated tokenized data. For example, an apparatus may receive first positional data identifying a first geographic position of a client device and based on the first positional data, the apparatus may determine a value of a parameter characterizing an exchange of data between the client device and a terminal device disposed proximate to the client device during a temporal interval. The apparatus may transmit data requesting a pre-authorization of the data exchange to a computing system, which perform operations that pre-authorize the data exchange in accordance with the parameter value and transmit a digital token representative of the pre-authorized data exchange to the terminal device. The digital token may be valid during the temporal interval and may include a cryptogram associated with the client device.

Aspects of the disclosure relate to cloud computing architectures. A system may include a plurality of clouds. One or more of the clouds may transfer data to another one or more of the clouds. A data integration platform may control the data transfer. The transfer may be securely routed through the data integration platform. The transfer may be logged, and the log may be transmitted to an administrative network.

A system includes sensors disposed within a location for outputting presence signals to a smart device, for receiving an ephemeral ID signal from the smart device, for outputting sensor ID signals to the smart device, for receiving responsive data from the smart device and for determining presence of the smart device in response to the responsive data, an authentication server for receiving the sensor ID signals from the smart device, for determining the responsive data, and for providing the responsive data to the smart device, a hub device coupled to the sensors for receiving an indication of the determination of the presence of the smart device, for determining additional data associated with the smart device, for facilitating a physical change perceptible to a user of the smart device in response to the additional data, and for providing the presence data to a smart device associated with a first responder.

Systems and methods are provided that may be implemented to use compute capabilities of a network interface controller (NIC) to broker a secure connection across a network between a target information handling system (e.g., such as a server) and one or more other entities (e.g., such as other information handling systems implementing a cloud service or private network, and/or that are providing other remote service/s across the network). This secure connection may be brokered by the NIC at a hardware level in a manner that is separate from a host programmable integrated circuit of the same target information handling system, and in a way that is agnostic and independent of any host operating system or other logic that is executing on the host programmable integrated circuit of the target information handling system.

A system and method for signing or encrypting data is disclosed. The method comprises providing, from a first device, data signing information for storage in a first database, the data signing information having at least one key comprising a signing key Ks, wherein the signing key Ks is encrypted according to a wrapping key Kw before storage in the first database; receiving a data signing request comprising a representation of the data; retrieving, in a second device communicatively coupled to an hardware security module (HSM) storing the wrapping key Kw, the stored data signing information from a second database, wherein at least a portion of the second database including the stored signing information is pushed from the first database to the second database; decrypting, in the HSM, the encrypted signing key according to the wrapping key Kw stored in the HSM to recover the signing key Ks; and signing the representation of the data according to the recovered signing key.

Systems, methods, apparatuses, and computer-readable media for cryptographic authentication to control access to storage devices. An applet executing on a processor of a contactless card may receive, via a wireless communications interface of the contactless card, a request to access a storage device of the contactless card, where the storage device is in a locked state. The applet may generate a cryptogram based on the request and transmit the cryptogram to a computing device via the wireless communications interface. The applet may receive, from the computing device, an indication specifying that a server decrypted the cryptogram. The applet may transmit, to a controller of the storage device and based on the indication specifying that the server decrypted the cryptogram, an indication specifying to unlock the storage device. The controller may transition the storage device from the locked state to an unlocked state based on the indication received from the applet.

An application server of an authentication system includes a requesting part that makes a request for possession authentication which is authentication using an authenticator, when the requesting part receives a request for authentication of a user from a terminal, a verifying part that receives an authentication result of the possession authentication and information for verification from the authentication server, and verifies the validity of the authentication server on the basis of the received information for verification, and a providing part that provides a function related to the application to the terminal if the verifying part verifies that the authentication server is valid. The authentication server of the authentication system includes a possession authentication part and a result transmission part that transmits the authentication result of the possession authentication and the information for verification to the application server.