A contactless card can include a plurality of keys for a specific operation, e.g., encryption or signing a communication. The contactless card can also include an applet which uses a key selection module. The key selection module can select one of the plurality of keys and the applet can use the key to, e.g., encrypt or sign a communication using an encryption or signature algorithm. The contactless card can send the encrypted or signed communication to a host computer through a client device. The host computer can repeat the key selection technique of the contactless device to select the same key and thereby decrypt or verify the communication.

A security system for a vehicle network of a vehicle is provided. The vehicle network includes a gateway and domain controllers for specific areas of the vehicle. The security system may validate messages sent from the gateway. The security system may also utilize split decryption keys in order to decrypt messages in the vehicle network. The security system may also utilize asymmetrical encryption keys in order to secure data within the vehicle network.

Groups of devices may be prevented from accessing content by encrypting the content. A plurality of secrets associated with a decryption key may be generated using a secret sharing algorithm. The plurality of secrets may be sent to one or more groups of devices to derive the decryption key. A non-restricted subset of the groups of devices may receive one or more secrets. Devices within the non-restricted subset of the groups may be able to use one or more secrets to determine the decryption key for the content. Groups that do not receive one or more secrets may be unable to determine the decryption key for the content.

Systems and methods that provide improved security and scalability in digital token exchange are disclosed. In one example, a system may receive from a requester one or more old cryptographically signed tokens each including a shared class and denomination. After validating the previously issued Value Tokens, the system may sign newly issued Value Tokens having the shared class and send them to the requester as a swap for the previously issued Value Tokens. Some tokens have intrinsic value while other coded Value Tokens require reference to a record of valid tokens to validate them. The system allows tokens of one type to be swapped for tokens of the other type, but issues intrinsic Value Tokens only as a swap for coded Value Tokens.

A server establishes a secure session with a client device where a private key used in the handshake is stored in a different server. An encrypted connection is established between the first server and the second server. A message is received from the client device that initiates a procedure to establish the secure session between the client device and the first server. As part of this procedure, the first server transmits over the encrypted connection a request to the second server to use the private key. The first server receives, over the encrypted connection, a response to the request that includes a result of the use of the private key. The first server uses the result during the procedure to establish the secure session.

A method, apparatus and system for secure forensic investigation of a target machine by a client machine over a communications network. In one aspect the method comprises establishing secure communication with a server over a communications network, establishing secure communication with the target machine over the communications network, wherein establishing secure communication with the target machine includes establishing secure communication between the server and the target machine, installing a servelet on the target machine, transmitting a secure command to the servelet over the communications network, executing the secure command in the servelet, transmitting data, by the target machine, in response to a servelet instruction, and receiving the data from the target machine over the communication network.

A cable includes a wiring assembly with a knuckle and wires bundled together. The cable also includes a connector assembly with a connector having connections for the wires, where the connections are arranged along a longitudinal axis. In some embodiments, the connector assembly captures an end of the wiring assembly, and the knuckle of the wiring assembly is pivotally connected to the connector assembly. In some embodiments, the cable includes circuitry configured to authenticate the cable to a device connected to the cable by the connector and/or to authenticate the device connected to the cable. A control system includes control elements and/or subsystems coupled with a backplane adjacent to one another and cables configured to connect to the control elements and/or subsystems. Wiring assemblies of the cables can articulate to be parallel to each respective connector. Further, each cable can authenticate the cables and/or the control elements or subsystems.

The present disclosure is directed to preventing computer data from being usurped and exploited by individuals or organizations with nefarious intent. Methods and systems consistent with the present disclosure may store keys and keying data for each of a plurality of connections in separate memory locations. These memory locations may store data that maps a virtual address to a physical memory address associated with storing information relating to a secure connection. These separate memory locations may have a unique instance for each individual communication connection session, for example each transport layer security (TLS) connection may be assigned memory via logical addresses that are mapped to one or more physical memory addresses on a per-core basis. Such architectures decouple actual physical addresses that are used in conventional architectures that assign a single large continuous physical memory partition that may be accessed via commands that access physical memory addresses directly.

A system is disclosed for pre-registering authentication devices. A security key provider system may receive a request to pre-register a security key with identified applications from an enterprise. Responsive to receiving the request, the security key provider system instructs the security key to generate a unique authentication code for each of the applications. The security key provider system may generate pre-registration information based on the authentication codes and pre-register the authentication codes of the security key to the applications by providing the pre-registration information to the applications on behalf of the enterprise. The security key provider system may instead provide the pre-registration information to the enterprise to allow the enterprise to pre-register the authentication codes.

Techniques and mechanisms described herein facilitate the management of digital rights for media content item presentation. According to various embodiments, a request for a content decryption key may be received at a media application implemented at a computing device. The request may be transmitted by a media content player implemented at the computing device. The request may be transmitted in accordance with a designated key exchange protocol. A license for an encrypted media content item corresponding with the requested content decryption key may be identified at the media application. Based on information included in the license, encrypted key material may be decrypted to create the requested content decryption key via a processor at the computing device. The requested content decryption key may be provided to the media content player.