A trusted server receives a request for an activation code, which includes an identifier associated with the trusted server and a one-time password, for a client device. The trusted server obtains the identifier from a public server, generates the one-time password, and combines the one-time password with the identifier to create the activation code. The trusted server provides the activation code to a provisioning client, which presents the activation code to the client device. The trusted server and client device secure a communication session using the one-time password as a shared secret. The trusted server downloads trusted cryptographic information to the client device over the secure communication session.

System and methods for infectious disease prevention includes transmitting, via a server, a facility credential associated with a facility configured to identify a user operating on an application deployed by server on a mobile computing device. The server receives a user identification test code (UITC) associated with a status of an infectious disease of the user. The server then generates a two-dimensional code associated with the facility credential based on the UITC. The server determines if the two-dimensional code is valid for permitting access to the facility based on a vaccine indicator confirming that the user has been vaccinated for the infectious disease. Thereafter, the server activates the two-dimensional code on the mobile computing device for a predetermined period of time. A gatekeeper device scans the two-dimensional code from the mobile computing device and then permits the user access to the facility within the predetermined period of time based on the facility credential and the two-dimensional code.

Technology is described for using a first key to secure communications over a network link between a server and a client. A second key may be identified. A first message may indicate the server may receive data from the client using the second key but not to transmit data to the client using the second key, and that the first key is valid for sending and receiving data between the server and the client. A second message may indicate that the client may send and receive data with the server using the second key, and that the client may receive data from the server using the first key but not transmit data to the server using the first key. A third message may indicate that the server may send and receive data with the client using the second key, and that the first key is invalid for sending and receiving data between the server and the client.

A method for secure file sharing comprises a sender encrypting content using a dynamic key and uploading the encrypted content and a share link which is sent to a server. The server stores the encrypted content until a request to decrypt the content is received from a receiver. The receiver selects the share link and decrypts the content using a partial dynamic key. Once content is decrypted, a download link is sent and decrypted content is conveyed to the receiver.

A method for generation of an application cryptogram for use in a payment transaction includes: storing, in a first memory, a single use key associated with a transaction account; electronically transmitting the single use key to a processing server; receiving an encrypted session key and a server encryption key from the processing server; executing a first query to store the encrypted session key in the first memory and a second query to store the server encryption key in a second memory; decrypting the encrypted session key using the server encryption key; generating an application cryptogram based on the decrypted session key; and electronically transmitting the generated application cryptogram for use in a payment transaction.

Methods, apparatus, and systems for generating and verifying one time passwords in connection with a risk assessment are disclosed. The risk assessment may comprise a client-side risk assessment. The risk assessment may also comprise a server-side risk assessment.

A physical access control system enables acceptable portal entry codes upon receiving each physical access request by operating on the elapsed time from a previous physical access request to generate a temporal credential. The controller receives a plurality of physical access requests from a plurality of mobile application devices. Upon authenticating the first access request, the controller eliminates repetition from the space of acceptable successor requests from each mobile application device. Monotonic nonces advance the range of temporal code matches. Entry code generation is decentralized to distributed application devices and is inherently unknowable until a successor access request is initiated by the same application device.

A high-safety user multi-authentication system, comprising: a server having a user habit information and a key generator for generating a real key corresponding to the user habit information and at least one bait key; and a user application unit disposed on a communication device having a user interface, a key receiving unit for receiving the real key and the at least one bait key from the server, an OTP (one time password) generator for generating a real OTP based on the real key and at least one bait OTP based on the at least one bait key; wherein the real OTP is provided to the user interface when the communication device is operated according to the user habit information.

A computer-implemented method for validating the origination of an incoming customer call on a wireless communication network may include receiving a SIP invite message at the wireless communication network when the call is initiated, determining whether the SIP invite message includes one or more indicators indicating that the call originated within the wireless communication network from a device with a SIM registered in the wireless communication network, and writing a classification code to a database indicating that the call is validated if the SIP invite message includes the one or more indicators. The method may further include receiving the call at an agent computer device with caller identification information, querying the database via the agent computer device according to the caller identification information to obtain the classification code of the customer call, and suppressing a step used for call authentication if the classification code indicates that the call is validated.

Example routing systems and methods are described. In one implementation, a first set of routing systems is interfaced with a network connection via a network interface. A second set of routing systems interfaced with a secure system is configured to receive information from the first set of routing systems via a first unidirectional data channel. In some embodiments, the first set of routing systems is configured to receive information from the second set of routing systems via a second unidirectional data channel. The secure system is not visible from the network interface.