An authentication method for a tag device includes exchanging authentication codes between the tag device and an authentication server to perform mutual authentication. A reader device acts as a communications bridge between the tag device and the authentication server. The reader device may observe mutual authentication between the tag device and the authentication server as an indicator that the tag device is authentic. A failure of mutual authentication indicates that the tag device is not authentic.

Zero round trip secure communications are implemented based on noisy secrets with a polynomial secret sharing scheme. A sender identifies two negotiated noisy secrets associated with an encrypted message to send to a receiver system. The sender utilizes a first negotiated noisy secret for sub-key selection, and generates a secret polynomial using Shamir's polynomial-based secret sharing scheme with N positive integer points and a message key as a secret. The sender divides the first negotiated noisy secret into a plurality of sub-keys, and divides a second negotiated noisy secret into test blocks of a length equivalent to a length of a sub-key. The sender utilizes each of the plurality sub-keys for encrypting a corresponding test block along with one unique point of the secret polynomial. Moreover, the sender sends all encrypted test blocks and corresponding encrypted points of the secret polynomial to the receiver with the encrypted message.

Techniques for enabling a system to verify operations or transactions as being associated with a user account are described. A system receives message data associated with an unverified operation or an unverified transaction. The system generates first audio data that includes a representation of a first digital signature based on at least a first verification code. The system sends a message including second message data with an ability to output the first audio data responsive to first device playing the first audio data within earshot of the second device. The system receives, from a second device, second audio data that represents the first audio data. The system determines that the second audio data includes an audio representation of a second digital signature based on at least the first verification code. The system verifies the unverified operation and associates the operation with the user account to indicate that the operation is a verified operation.

Various embodiments are generally directed to improving card security by providing a user a contactless card with no sensitive card information, such as card number, card verification value, and expiration date, printed thereon, and displaying the sensitive card information relative to the card in augmented reality (AR) based on successful NFC-based user authentication. According to examples, the NFC-based user authentication may be performed by one-tapping or single tapping the contactless card to user mobile device. One or more portions of the sensitive card information may be obfuscated to further enhance card security. Moreover, the user can interact with AR elements including the sensitive card information to perform various actions.

Systems (100) and methods (800) for communicating information. The methods comprise: storing message sets in Communication Devices (“CDs”) so as to be respectively associated with speaker information; performing operations, by a first CD, to capture an audio message spoken by an individual and to convert the audio message into a message audio file; comparing the message audio file to each reference audio file in the message sets to determine whether one of the reference audio files matches the message audio file by a certain amount; converting the audio message into a text message when a determination is made that a reference audio file does match the message audio file by a certain amount; generating a secure text message by appending the speaker information that is associated with the matching reference audio file to the text message, or by appending other information to the text message; transmitting the secure text message.

A method for execution by a storage network begins by issuing a decode threshold number of read requests for a set of encoded data slices to a plurality of storage units of a set of storage units and continues by determining whether less than a decode threshold number of read requests has been received in a time window. The method continues by identifying one or more encoded data slices encoded data slices associated with read requests of the decode threshold number of read requests that have not been received and for an encoded data slice of the one or more encoded data slices, issuing a priority read request to a storage unit storing a copy of the encoded data slice. The method then continues by receiving a response from the storage unit storing the copy of the encoded data, where the storage unit storing the copy of the encoded data slice is adapted to delay one or more maintenance tasks in response to the priority read request.

A method for side-channel attack mitigation in streaming encryption includes reading an input stream into a decryption process, extracting an encryption envelope having a wrapped key, a cipher text, and a first message authentication code (MAC) from the input stream, generating a second MAC using the wrapped key of the encryption envelope, and performing decryption of the cipher text in constant time by determining whether the encryption envelope is authentic by comparing the first MAC extracted from the encryption envelope and the second MAC generated using the wrapped key.

A computer-implemented method of generating shares of private keys, wherein the method is performed by a first participant of a group of participants and comprises: obtaining a first seed share, wherein each other participant has a respective seed share; generating a first master private key share of a shared master private key, wherein the first master private key share is generated based on the first seed share and the respective seed share of each other participant, and wherein each other participant has a respective master private key share; and generating one or more first private key shares based on the first master private key share, wherein each first private key share is a share of a respective shared private key.

A network gateway apparatus monitors Quic user datagram protocol (UDP) Internet Connection (QUIC) packets between a first device and a second device, extracts a version of the QUIC protocol and a connection identification from an unprotected portion of the protected header in response to detecting a QUIC packet having a protected header in use, determines a salt used in encryption of the protected header based on the version of the QUIC protocol, calculates a client initial secret based on the salt and the connection identification, determines an unprotected payload of the QUIC packet based on the client initial secret, a protected payload of the QUIC packet and the unprotected portion of the protected header, and extracts a server name indication (SNI) from the unprotected payload.

Securely executing instructions of software on a computerized device by accessing a software of a computerized device, wherein the software includes a plurality of instructions and respective reference message authentication codes (MACs), generating a cryptographic key based at least in part on a key derivation function, wherein arguments of the key derivation function are based at least in part on a unique identifier of the computerized device and a value extended from a measurement of a content of the software of an extension mechanism of a platform configuration register of the computerized device, verifying an instruction of the plurality of instructions of the software based at least in part on the cryptographic key and a reference MAC of the respective reference MACs, and in response to verifying the instruction of the plurality of instructions of the software, executing the instruction.