A system and process for performing a touchless key provisioning operation for a communication device. In operation, a key management facility (KMF) imports a public key and a public key identifier uniquely identifying the public key of the communication device. The public key is associated with an asymmetric key pair generated at the communication device during its factory provisioning and configuration. The KMF registers the communication device and assigns a key encryption key (KEK) for the communication device. The KMF then provisions the communication device by deriving a symmetric touchless key provisioning (TKP) key based at least in part on the public key of the communication device, encrypting the KEK with the symmetric TKP key to generate a key wrapped KEK, and transmitting the key wrapped KEK to the communication device for decryption by the communication device.

Management of key information as described herein enables a respective service provider to distribute encrypted content to subscribers, preventing improper use of the content without authorization. For example, the service provider can distribute encrypted content for recording by a subscriber at a remote location. At or around a time of recording the encrypted content, and on behalf of the user, the service provider initiates storage of the corresponding decryption information that is needed to decrypt the recorded encrypted content. In order to play back the recorded segments of the encrypted content, the subscriber communicates with a server resource to be authenticated. Subsequent to being authenticated, the server resource distributes a copy of decryption information needed to decrypt the previously recorded segments of encrypted content to the subscriber. Accordingly, the service provider retains control of playing back content via controlled distribution of the corresponding copy of decryption information.

A streaming server receives a first request to view the media item from the client device via a connection between the client device and the streaming server. An encrypted portion of the media item is provided to the client device. A cryptography key is sent to the client device for decrypting the encrypted portion of the media item by the client device to facilitate the playback of the decrypted portion of the media item. A verification is received to determine whether the client device is authorized to play the decrypted media item.

An automated system configured for streamed contents, to be self-aware in preventing fraudulent tactics, during real-time and offline usages, while communicating with its owner for accurate decision making, comprising: a content player module, and a content streaming service module; configured using a codec module to embed logic, encryptions, heuristics data, associated meta data, and management data into the content format; configured to use symmetric encryption keys, public keys, biometrics, and payload data; configured to authenticate the user and content owner; configured to request, receive, send, stream content, and analytics through a secure communication; configured to provide secure virtual communications between users and content owners; configured to use a call-home data, to enable the content and content owner to communicate and update one another securely; Configured to provide real-time, and offline, fraud prevention heuristics using artificial intelligence.

A system includes a purchase portal configured to receive a purchase order from a customer, wherein the purchase order includes a service from each of a plurality of service providers. When receipt of the purchase order is detected, a processor determines first and second ones of the service providers associated with the purchase order; and establishes a trust relationship between the first service provider and the second service provider in a context of the customer. The processor also sends a first request for a first trust artifact to the first service provider and a second request for a second trust artifact to the second service provider; receives the first trust artifact from the first service provider, receives the second trust artifact from the second service provider, sends the first trust artifact to the second service provider, and sends the second trust artifact to the first service provider.

A method including determining, by a processor, an assigned key pair associated with a user device, the assigned key pair including an assigned public key and an assigned private key; authenticating, by the processor, received biometric information; selectively transmitting, by the processor to a trusted device based at least in part on a result of authenticating the received biometric information, an encryption request to encrypt the assigned private key; and encrypting, by the processor based at least in part on selectively transmitting the encryption request, content based at least in part on utilizing the assigned public key is disclosed. Various other aspects are contemplated.

A method including determining, by a first device, encrypted content based at least in part on utilizing a symmetric key; determining, by the first device, a sharing link to be utilized by a second device to obtain access to the encrypted content, the sharing link including a static portion and a dynamic portion; transmitting, by the first device to the second device, the sharing link to enable the second device to obtain access to the encrypted content; transmitting, by the second device to the endpoint, a request to access the encrypted content, the request being routed to the endpoint based at least in part on the static portion; and receiving, by the second device, access to the encrypted content based at least in part on transmitting the request. Various other aspects are contemplated.

A method for communication between an application implementing a service run on a user device and a main server. When an attempt is made to establish a first secure communication, the compliance of a public key certificate sent by the main server is checked against a reference certificate for the main server, the establishment of secure communication being conditional upon the compliance check. If the public key certificate sent by the main server is not compliant, a second secure communication is established with an update server, and a public key certificate sent by the update server is checked for compliance against a reference certificate for the update server. Once the second secure communication has been established, an updated reference certificate for the main server is received, the updated certificate being intended to be used by the client application the next time secure communication is established with the main server.

In some example, a method for accessing a cryptographic recovery key of an encryption system of a device comprises mapping a device identity received at a key management system to a recovery key stored in the key management system, specifying at least one device-related operation to which the recovery key is linked, generating an encrypted message for the device, the encrypted message comprising the recovery key, and transmitting the encrypted message and a signed message to the device.

An indication that a secure connection has been established with a key management service is received. The secure connection is associated with an automatically generated session encryption key utilized for encryption of data communication through the secure connection. In response to the indication that the secure connection has been established with the key management service, a determination is made to perform a rotation of a local encryption key utilized in encrypting locally stored data. The rotation of the local encryption key is performed based at least in part on the automatically generated session encryption key.