In a blockchain network, a “cold wallet” allows users to securely create and store their private key and sign their transaction data only when the wallet is completely offline. When a user requests a transaction, a user key tag that identifies the user's key is determined. The transaction data and the user's key tag are transmitted to a cold wallet that includes an HSM Trusted Client and an HSM over a first one-way communication channel during a window in a first sequence of connection windows. Inside the cold wallet, the HSM Trusted Client uses the user key tag to determine an encrypted version of the user's signing key. During a processing window, the transaction data and encrypted signing key are transmitted to the HSM, where a cleartext key is recovered and used to sign the transaction, and the signed transaction is transmitted back to the HSM Trusted Client. During a second connection window, the signed transaction is transmitted from the HSM Trusted Client for transmission to the blockchain network. The processing and connection windows do not overlap. The one-way communication paths combined with the non-overlapping connection and processing prevent unauthorized access to the signing keys.

Methods and systems for improved and novel encryption that make it difficult or impossible in any practical way to extract data that has been protected on the computing system. A computing device may receive authentication data from a client device. The computing device may generate an encryption key and a corresponding decryption key. The computing device may receive, from the client device, information associated with a timed access window. The computing device may send, to the client device, the encryption key. The computing device may receive, from the client device, a request for the corresponding decryption key. The computing device may calculate that the request for the corresponding decryption key is during the timed access window and send, to the client device, based on the request and the calculation that the request for the corresponding decryption key is during the timed access window, the corresponding decryption key.

An orchestration engine intermittently scans secrets, of different secret types, to identify secrets that are to be rotated. The orchestration engine calls an application programming interface (API) exposed by a serverless management system and wakes up the serverless management system. The serverless management system generates a new secret, stores the new secret for rotation, and interacts with a dependent system in order to revoke an old secret and implement the new secret. Once the secret is rotated, and the new secret is implemented, the orchestration engine stores the new secret in a secret store.

In one embodiment, the invention provides a portable wireless personal communication system for cooperating with a remote certification authority to employ time variable secure key information pursuant to a predetermined encryption algorithm to facilitate convenient, secure encrypted communication. The disclosed system includes a wireless handset, such as PDA, smartphone, cellular telephone or the like, characterized by a relatively robust data processing capability and a body mounted key generating component which is adapted to be mounted on an individual's body, in a permanent or semi-permanent manner, for wirelessly broadcasting, within the immediate proximity of the individual, a secret or private key identifying signal corresponding to a time variable secure key information under the control of the certification authority. The key identifying signal is generated in a format that facilitates secure wireless communication with the individual in accordance with a predetermined encryption algorithm including a PKI encryption algorithm. The disclosed system may be used with a console for coordinating access to a variety of different communication system and networks.

A computer system detects that a digital certificate is set to expire within a threshold amount of time. In response to detecting that the digital certificate is set to expire, the computer system generates an update to cause a second computer system to perform operations to indicate an upcoming expiration of the digital certificate. The computer system provides the update to the second computer system to cause the second computer system to perform the operations.

The present disclosure pertains to provisioning of credentials, and in particular to provisioning of authentication credentials to a computer device for accessing a cloud platform computer system. The computer device obtains sensor data and sends a request including a device identifier to a provisioning server using a provisioning server network address. The computer device receives a response, from the provisioning server, including a platform credential and a platform server network address of a platform server. The computer device stores the platform credential. The computer device sends the sensor data and the platform credential to the platform server using the platform server network address.

The present disclosure includes apparatuses, methods, and systems for secure communication for a key replacement. An embodiment includes a processing resource, memory having a first operator's key, and a vehicular communication component. The vehicular communication component can be configured to provide, to a server, a public key generated along with a private key and decrypt, in response to receipt of a second operator's key (e.g., received in response to providing the public key to the server) encrypted using the public key, the second operator's key using the private key. The vehicular communication component can be configured to replace, in response to decrypting the encrypted second operator's key, the first operator's key with the second operator's key.

An indication that a secure connection has been established with a key management service is received. The secure connection is associated with an automatically generated session encryption key utilized for encryption of data communication through the secure connection. In response to the indication that the secure connection has been established with the key management service, a determination is made to perform a rotation of a local encryption key utilized in encrypting locally stored data. The rotation of the local encryption key is performed based at least in part on the automatically generated session encryption key.

An access key retrieval service receives a request from a client device to configure an application on the client device. In response to the request, the access key retrieval service provides a setup code comprising a first component of an authentication key. Additionally, the access key retrieval service provides files for configuring the application, including a manifest file that includes a second component of the authentication key. The client device uses a set of key components that comprises the first component and the second component to derive the authentication key and provides information demonstrating access to the authentication key. The access key retrieval service receives this information and provides an access key usable to enable the application to access computing resources of a service provider.

Systems and methods are provided for persistent login. Such persistent login may be based on linking user identity across accounts of different entities to allow each entity to maintain control over their respective sets of user data, while providing a streamlined user experience that avoids much of the repetitive need to login to different services with different login credentials (e.g., during periods of heavy use). Such persistent login may utilize a set of tokens issued and exchanged between devices of the partnering entities. Such tokens may include an access token, refresh token, and identity token. When a user associated with a first entity requests access to information secured by a second entity, such request may be associated with the access token. If the access token is determined to be expired, the refresh token may be used to refresh the access token, which may also trigger issuance of a new refresh token. The refreshed access token may be used in conjunction with the identity token to access the requested information secured by the second entity.