A key master service capable of operating on a service provider in a network enables is disclosed. The key master enables authorized parties to securely exchange client information without compromising client security. One feature of the key master service is the generation of a unique key for each client. All parties in an authorized universe access, exchange and modify client information by referencing the universal key, rather than using known client identifiers. Client information is further secured by advantageously applying an obfuscation function to the data. Obfuscated client information is stored together with the universal key as keyed client data at the client and/or server, where it may be directly accessed by the service provider or third parties. Because client information is stored and exchanged without the ability to discern either the client identity or the nature of the information, such information is secured against malicious third-party interception.

Cluster state information is generated in response to a request to establish a connection with a cloud service system. The cluster state information includes a first instance of a security token and host information. The cluster state information is provided to a web browser associated with a user. The web browser associated with the user is redirected to a cloud identity provider. The cloud identity provider is configured to provide to the cloud service system via the web browser associated with the user, the cluster state information that includes the first instance of the security token and the host information. A certificate is requested from the cloud service system. The cluster state information that includes a second instance of the security token is provided to the cloud service system. The cloud service system is configured to establish the connection based on comparison between the first instance of the security token and the second instance of the security token. The established connection enables the user to manage a secondary storage system via the cloud service system.

A method of secure data export from an automotive ECU to a requesting entity includes receiving a signed request, the request transmitting a first public encryption key. The signature is verified using a second public key stored in the automotive ECU. Further, the requesting entity is authenticated. Only upon successful verification and authentication the automotive ECU generates a random symmetric key for encrypting the data to be exported. The symmetric key is encrypted using the first public key received in the request, and unencrypted data is deleted. The encrypted data is exported to the requesting entity, which decrypts the symmetric key using a first private key associated with the first public key, and decrypts the data encrypted with the symmetric key.

A self-updating system for defending against a cyberattack requests connected devices to solve a problem that is created in a random manner. The problems are created in a manner such that the system can determine whether the client device is being used as part of a cyberattack based on how the client device responds to the problems.

A method includes detecting proximity between a mobile device and a remote device associated with a transaction reserved by a user of the mobile device and a mode of the electronic device. A verification password is sent to the remote device responsive to detecting the proximity and the mode. A device includes a module to detect proximity between the device and a remote device associated with a transaction reserved by a user of the device occurring within a predefined distance threshold and a processor coupled to the module. A device includes another module to detect a stationary mode of the electronic device occurring for at least a predefined duration threshold. The processor is sends a verification password to the remote device responsive to detecting the proximity and the mode.

A key master service capable of operating on a service provider in a network enables is disclosed. The key master enables authorized parties to securely exchange client information without compromising client security. One feature of the key master service is the generation of a unique key for each client. All parties in an authorized universe access, exchange and modify client information by referencing the universal key, rather than using known client identifiers. Client information is further secured by advantageously applying an obfuscation function to the data. Obfuscated client information is stored together with the universal key as keyed client data at the client and/or server, where it may be directly accessed by the service provider or third parties. Because client information is stored and exchanged without the ability to discern either the client identity or the nature of the information, such information is secured against malicious third-party interception.

Techniques are disclosed to obtain device posture of a third party managed device. In various embodiments, a unique identifier of the third party managed device is embedded in a registration communication sent from a third party managed device to an access node associated with a first party management entity. The registration communication is sent from the third party managed device to the access node. The access node is configured to store data associating the unique identifier with the third party managed device, and to use the unique identifier to obtain from the third party management entity device posture information for the third party managed device.

A permission control method and apparatus for a terminal device, where the method includes: acquiring, in response to detecting a login operation of the target user on the target application, from the server, a permission control code of the target user for the target application; processing the permission control code into at least one permission code, the permission code being used to indicate that a user has a use permission for a corresponding functionality of the target application; and controlling, on the basis of the at least one permission code, the use of at least one functionality of the target application by the target user.

Aspects of the invention include detecting that a rekey timer has expired. The rekey timer is one of a shared key rekey timer for a current shared key between the first node and a second node, and a session key rekey timer for a session key used in a secure communication between a channel on the first node and a channel on the second node. The session key was created based on the current shared key and is used for encrypting data in the secure communication. Based on the rekey timer being the shared key rekey timer, a new shared key is obtained and stored as the current shared key. Based on the rekey timer being the session key rekey timer, a new session key that is based at least in part on the current shared key is obtained and used in the secure communication.

A method comprising receiving, by a one-time pad (OTP) hub, from a first user of a computer network, a communication encrypted with an OTP associated with said first user, wherein said communication is intended for a second user; encrypting, by said hub, said communication with an OTP associated with said second user; decrypting, by said hub, said communication with an OTP associated with said first user; and delivering said communication to said second user.