Systems and methods for fingerprint revocation are described. In some embodiments, an Information Handling System (IHS) may include: a processor; and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution, cause the IHS to: identify an endpoint device; and transmit a key management command to the endpoint device over a network, where the endpoint device includes a host processing system and an off-host processing system segregated from the host processing system, where the off-host processing system includes an off-host processor and an off-host memory coupled to the off-host processor, where the off-host memory includes Personal Identifiable Information (PII) encrypted with a master key, and where the off-host processor is configured to change a status of the master key in response to having received the key management command.

A system is provided for secure data transmission. The system stores a public master key, private decryption key and secure messaging module for securely transmitting and receiving a digital model data file for transmission via a work order message. For transmitting and receiving the work order message, the system generate public encryption keys using a key generation algorithm in which each of the public encryption keys are unique to a designated message recipient and generated using an input including the public master key, a validity period, and an identifier of the designated message recipient. The system may also store a revocation list that includes identifiers of message recipients that have revoked access to the public master key or private decryption key, and based thereon determine whether or not to encrypt and transmit the work order message, or receive and decrypt the work order message.

This disclosure describes methods, non-transitory computer readable storage media, and systems that provide secure password sharing across a plurality of users and client devices via a shared folder. For example, in one or more embodiments, the disclosed system retrieves a public key set including public encryption keys for client devices having access to the shared folder. The disclosed system provides the public key set to a client device requesting to share the shared folder. The disclosed system receives an encrypted payload for the shared folder and a shared encryption key that is utilized to encrypt the payload and is encrypted in the shared folder utilizing the public key set. The disclosed system also detects key rotation events and notifies one or more client devices to generate a modified shared encryption key and re-encrypt the payload for storage within the shared folder.

Technologies are disclosed herein for epoch-based expiration of temporary security credentials. A temporary security credential is issued that identifies one or more epochs and that specifies one or more versions of the identified epochs during which the temporary security credential is valid. The temporary security credential may then be utilized to request access to another system, service or component. In order to determine whether such a request may be granted, current epoch versions for the epochs identified in the temporary security credential are obtained. The current epoch versions for the identified epochs are then compared to epoch versions specified in the temporary security credential to determine if the request can be granted. The current epoch versions may be periodically modified in order to expire previously issued temporary security credentials. A temporary security credential might also specify an expiration time after which the temporary security credential is no longer valid.

Techniques for seamlessly onboarding a wireless device. A system utilizing such techniques can include a key-based authentication system and a unique pre-shared key seamless onboarding system. A method utilizing such techniques can include key-based authentication management and unique pre-shared key seamless onboarding management.

Systems, methods, and non-transitory computer-readable storage media for rotating security keys for an online synchronized content management system client. A client having a first security key as an active security key may send a request to a server for a new security key as a replacement for the first security key. The server may receive the request and generate a candidate security key. The server can issue the candidate security key to the client device. After receiving the candidate security key, the client may send a key receipt confirmation message to the server. In response to the confirmation message, the server may mark the candidate key as the new security key for the client and discard the client's old security key. The server may send an acknowledgment message to the client device. In response, the client may also mark the candidate key as its new active key.

Method and server for issuing a cryptographic key. One method includes distributing a first group key to a first communication device and a second communication device. The method also includes distributing a security request to the first communication device. The method further includes receiving a security status from the first communication device responsive to transmitting the security request. The method also includes determining when security of the first communication device is compromised based on the security status. The method further includes distributing, via a server, the cryptographic key to the first communication device when the security of the first communication device is not compromised. The method also includes distributing, via the server, a second group key to the second communication device when the security of the first communication device is compromised and the first communication device cannot be fixed or deactivated.

Disclosed are various embodiments for providing access to a recovery key of a managed device and rotating the recovery key after it has been accessed. In one example, among others, a system includes a computing device and program instructions. The program instructions can cause the computing device to authenticate a user on the computing device in order to unlock an operating system based on a first recovery key. A key rotation command can be received from the management service. The key rotation command can include an instruction to rotate the first recovery key. The computing device can generate a second recovery key and transmit the second recovery key to the management service.

A method comprising generating an updated security key upon expiration of a key exchange timer, transferring the updated security key to a Coaxial Network Unit (CNU), retaining an original key, wherein the updated security key comprises a different key identification number than the original key, accepting and decrypting upstream traffic that employs either the original key or the updated key, after transferring the updated security key to the CNU, creating a key switchover timer, before the key switchover timer expires, verify that upstream traffic transferred from the CNU on a logical link uses the updated security key, and when upstream traffic is encrypted using the updated security key, begin using the updated security key to encrypt downstream traffic and clear the key switchover timer.

Automatic key rolling for link encryption is described. In accordance with the described techniques, data packets are encrypted at a first endpoint of a communication link using a first data encryption key. The encrypted data packets are communicated over the communication link to a second endpoint. A key rolling event that is known by both the first endpoint and the second endpoint is detected at the first endpoint. Responsive to detecting the key rolling event, the first data encryption key is rolled to a second data encryption key for encrypting data packets communicated over the communication link. In one or more implementations, the second endpoint is also configured to roll from the first data encryption key to the second data encryption key responsive to the key rolling event in order to decrypt data packets encrypted with the second data encryption key which are received from the first endpoint.