A method may include transferring data from a host to an encryption offload engine through an interconnect fabric, encrypting the data from the host at the encryption offload engine, and transferring the encrypted data from the encryption offload engine to a storage device through a peer-to-peer connection in the interconnect fabric. The method may further include transferring the encrypted data from the storage device to the encryption offload engine through a peer-to-peer connection in the interconnect fabric, decrypting the encrypted data from the storage device at the encryption offload engine, and transferring the decrypted data to the host through the interconnect fabric. The method may further include transferring the encrypted data from the storage device to the host, and verifying the encryption of the encrypted data at the host.

An example operation may include one or more of receiving a request to verify a first encrypted document from a computing device, retrieving a second set of encrypted tokens of a second encrypted document from a blockchain, determining a similarity value of the first encrypted document with respect to the second encrypted document based on a first set of encrypted tokens in the first encrypted document and the second set of encrypted tokens in the second encrypted document, and outputting the determined similarity value to the computing device in response to the request.

Seamlessly securing access to application programming interface gateways includes receiving a request from a client for a token using which the client can make a call to an API. The request includes a client identifier identifying the client. In response to receiving the request, a call is made to the API for the token, and the token, including application credentials, are received from the API. In response to receiving the token, the token is encoded to include the encrypted client identifier and the encrypted application credentials. The encoded token is transmitted to the client.

Location-based validation of a wireless authentication device. A request is received by a security hardware computing device for an action requiring authentication in connection with security hardware. A security hardware location is received or accessed. A wireless authentication device location of a wireless authentication device in possession of a requester is received by security hardware computing device. The security hardware computing device receives a mobile device location for a mobile device in possession of the requester. The security hardware computing device determines whether the security hardware location, the mobile device location, and the wireless authentication device location are in a proximity. The security hardware computing device performs the action requiring authentication in connection with the security hardware.

Methods are provided to authorize a secondary user device for a network service provided over a network. Responsive to receiving a request from a primary user device, a voucher may be transmitted over the network to the primary user device. A request for an authorization waiver may be received from the secondary user device over the network, wherein the request for the authorization waiver includes the voucher that was transmitted to the primary user device. Responsive to receiving the request from the secondary user device including the voucher, an authorization waiver may be transmitted to the secondary user device. Related methods of operating primary and secondary user devices are also discussed.

A method for enrolling a device in a secure network to which an information system is connected, the method comprising the steps, implemented by a trusted device connected to the secure network, of: a) receiving from a user terminal, distinct from the device to be enrolled, an authorization to connect to the device to be enrolled, b) generating cryptographic keys intended for the device to be enrolled to access the secure network, and c) transmitting the cryptographic keys to the device to be enrolled.

Methods and systems for consensus-based online authentication are provided. An encryption device may be authenticated based on an authentication cryptogram generated by the encryption device. The encryption device may transmit a request for security assessment to one or more support devices. The support devices may individually assess the encryption device, other security devices, and contextual information. The support devices may choose to participate in a multi-party computation with the encryption device based on the security assessments. Support devices that choose to participate may transmit one or more secret shares or partial computations to the encryption device. The encryption device may use the secret shares or partial computations to generate an authentication cryptogram. The authentication cryptogram may be transmitted to a decryption device, which may decrypt the authentication cryptogram, evaluate its contents, and authenticate the encryption device based on its contents.

Physically supplied user information is used to first verify the identity of a user before an app is supplied to a user device. Hardware identifiers of the user device are reviewed to determine whether to allow or deny use of the app on the user device. Once the app is approved, a user request is received by the app which is forwarded to the provider. The provider approves or disapproves of the request based, in part, on whether data in the request matches data maintained by the provider. Such approval/disapproval is provided from the provider to a party responsible for satisfying the user request. In addition, the provider generates a one-time-use electronic signature using data from a sequencer and data from the request, and the one-time-use electronic signature can be supplied to a signature repository and/or added to legal documents.

An industrial internet of things gateway boot method is described wherein installation, operation and maintenance phases are controlled to limit the chance of a malicious attack on a connected network.

A computer chip, such as an System on chip (SOC), can receive firmware updates having two separate signatures; a first of the signatures is used to authenticate the firmware using a processor within the computer chip, and a second of the signatures is used by a controller, separate from the processor. A first key, used by the processor to authenticate the firmware, can be a boot key that is hardwired in the computer chip. A second key, used by the controller, can be a key that is provided to the controller at any time and is updatable. The controller can suspend the processor so that the controller can perform a first authentication of the firmware using the second signature and the second key. If the authentication is successful, the controller can release the processor, which then uses the first key and the first signature to perform a second authentication.