A system/method for secure communication between client devices includes receiving a request, at a secure communication platform, from a from a first client device to communicate with a second client device; determining, by the secure communication platform, whether the first client device is permitted to communicate with the second client device; if communication is permitted: generating, by the secure communication platform, a one-time use ephemeral key; transmitting, by the secure communication platform, the generated one-time use ephemeral key to the first and second client devices; establishing, by the secure communication platform, a secure communication session directly between the first and second client devices, wherein communications between the first and second client devices are encrypted and decrypted using the one-time use ephemeral key; and destroying, by the secure communication platform, the one-time use ephemeral key upon termination of the secure communication session between the first and second client devices.

A sharing user of a content management system can request to share a content item in his namespace. When such a request is made, the sharing user's client device broadcasts a notification that can be received by devices that are within a limited broadcast range of the sharing client device. A receiving user's client device that is within the limited broadcast range of the sharing client device receives the broadcasted notification. Based on the notification, the receiving client device obtains a token from the sharing client device that identifies the content item being shared by the sharing user. At the request of the receiving user, the receiving client device transmits the token to the content management system and requests that the content management system add the shared content item to the receiving user's namespace with the system. The receiving user can then access the item from his namespace.

A method for registering an intelligent electronic device with a certification authority. The method includes enrolling a configuration tool at the certification authority; generating a one-time password for the intelligent electronic device and storing the one-time password in the certification authority and in the configuration tool; connecting to the intelligent electronic device with the configuration tool, wherein the configuration tool authenticates at the intelligent electronic device; sending the one-time password from the configuration tool to the intelligent electronic device; enrolling the intelligent electronic device at the certification authority with the one-time password and registering the intelligent electronic device with the certification authority; and receiving a device certificate from the certification authority in the intelligent electronic device.

A method and system for providing a secure network. The system can have a URL programming interface, a server, and a database connected to the server. The server can be configured to receive requests from the URL programming interface. The server can include a file manager, an authentication server, a resource server, and a collaboration server.

A self-updating system for defending against a cyberattack requests connected devices to solve a problem that is created in a random manner. The problems are created in a manner such that the system can determine whether the client device is being used as part of a cyberattack based on how the client device responds to the problems.

Aspects of various embodiments are directed to applications utilizing secret keys for authentication and/or encrypted communication. In certain embodiments, authentication data is provided from a source network communication device to a target network communication device that allows a computing server to verify that the key migration has been is authorized by the source network communication device. The authentication data also enables the data provider and the target network communication device to independently determine a temporary key for establishing a secure communication channel between the service provider and the target network communication device and/or determine a new key for the target network communication device. In some implementations, the authentication data may be exchanged between the source and target network communication devices between offline without involvement of the computing server. When the target network communication device later connects to the computing server, the authentication data may be used to verify that the key migration is authorized and/or generate key(s).

A device hosting a universal integrated circuit card (UICC or eUICC) initiates a provisioning call flow with an electronic subscriber identity module (eSIM) server. The purpose of the provisioning call flow is to perform a particular provisioning action or function. The eSIM server, the device and/or the eUICC maintain state information related to the provisioning call flow. The provisioning call flow includes generation of a one-time public key (otPK) at the eUICC. The provisioning call flow is interrupted by an error event before, for example, successful installation of a profile in the eUICC. A subsequent provisioning call flow is initiated. The eSIM server assists the eUICC to recover from the error event based on the state information of the eSIM server, the device and/or the eUICC. In some embodiments, the recovery and subsequent successful profile installation makes use of the otPK generated during the earlier provisioning call flow.

A method and apparatus for authenticating a user for access to a service provider over a network is disclosed. It includes a first device configured to receive a request for a ticket, generate the ticket, send the ticket to at least one additional device, generate a first partial signature of the ticket, receive additional partial signatures of the ticket, generate a complete signature of the ticket, encrypt the ticket and the complete signature of the ticket, send the encrypted ticket and encrypted complete signature of the ticket to the service provider, receive an encrypted verification code from the service provider, decrypt the encrypted verification code, and display the decrypted verification code.

A computing platform may receive, from a client portal server, a request to authenticate a first user to a first user account. The computing platform may generate a first one-time passcode for a first computing device associated with the first user account and may send, to the first computing device, the first one-time passcode. The computing platform also may generate a second one-time passcode for a second computing device associated with the first user account and may send, to the second computing device, the second one-time passcode. Thereafter, the computing platform may receive first one-time passcode input and second one-time passcode input, which the computing platform may validate. Based on the validating, the computing platform may generate a validation message directing the client portal server to provide the first user with access to the first user account, which the computing platform may send to the client portal server.

Embodiments provide a system and method for stateless session synchronization between inspectors for high availability deployments. Man in the Middle inspectors of a communication session between a client and server exchange a shared key that is used as a common seed value in a mapping function algorithm. Each inspector generates identical key-pairs using the common mapping function algorithm, and the inspectors generate the session keys from the key-pairs. Inspectors use the session keys to decrypt and either actively or passively inspect data transferred in a session between a client and server.