A method is provided in which a network access system receives an initial request from a device requesting access to the network. In response to successfully authenticating the initial access request, the system causes a code to be transmitted in light emitted by one or more light fixtures within a physical space in which access to the network is to be restricted. The system receives information from the device requesting access to the network and determines whether to permit the device access to the network based on the initial request and on whether the received information is derived from the code transmitted by the one or more light fixtures, thereby indicating that the requesting device is within the physical space.

A device (CD) is intended for controlling authenticity of a code received with a message by an electronic device (ED2) and resulting from application to this message of a bijective algorithm with at least one predetermined key. This device (CD) has i) a first computation means (CM1) arranged for applying partly this bijective algorithm with this predetermined key, from a starting step to a chosen intermediate step, to the received message, in order to get a first result, ii) a second computation means (CM2) arranged for applying partly in a reverse manner the bijective algorithm with the predetermined key, from an ending step to this chosen intermediate step, to the received code while using the received message, in order to get a second result, and iii) a comparison means (CM3) arranged for comparing these first and second results and for outputting an information representative of the authenticity of the received code when the first and second results are identical.

A first device generates a first signature, by using complete transaction data received from a second device, a first algorithm and a first key, modifies at least one character from t complete transaction data and gets partial transaction data, and sends to the second device the partial transaction data. The second device requests a user to modify the partial transaction data by providing at least one character, as complementary data to the partial transaction data, gets, as request response from a user, at least one character to modify the partial transaction data, a corresponding result being proposed modified transaction data, generates a second signature by using the proposed modified transaction data, the first algorithm and the first key, and sends to the first device the second signature. Only if the second signature does match the first signature, then the first device authorizes to carry out a corresponding transaction.

Root certificates generated by root certificate authorities may be bound at the time of generation. In an example, a first root certificate can include an identity of a first root certificate authority, a first key identifier associated with a first key of the first root certificate authority and an identity of a first digital signature algorithm used by the first root certificate authority. The first root certificate can also include at least one extension including a second key identifier of a second key associated with the second root certificate authority and an identity of a second digital signature algorithm used by the second root certificate authority, the second digital signature algorithm being different from the first digital signature algorithm.

Embodiments of an invention for cryptographic key generation using a stored input value and a stored count value have been described. In one embodiment, a processor includes non-volatile storage storing an input value and a count value, and logic to generate a cryptographic key based on the stored input value and the stored count value.

Systems and methods are provided for an appliance system. The system includes an appliance, and a processor connected to the appliance such that the processor places the appliance in one of an enabled state and a disabled state. The processor is configured to track usage of the appliance and to place the appliance in a disabled state when the usage of the appliance exceeds a threshold amount. The system also includes a data receiving device configured to receive a code, wherein upon receipt of a valid code, the processor is configured to adjust the threshold amount to allow additional usage of the appliance.

A secure digital communications method is provided in which a Certificate Authority generates an improved RSA key pair having a modulus, a public key exponent, a public key, and a private key. The public key exponent can contain descriptive attributes and a digital signature. The digital signature can be responsive to the descriptive attributes and the modulus. A secure session can be established between a first system and a second system, within a secure digital communication protocol. The second system can verify the digital signature to authenticate the public key.

Methods and systems are provided for supporting efficient and secure “Machine-to-Machine” (M2M) communications using a module, a server, and an application. A module can communicate with the server by accessing the Internet, and the module can include a sensor and/or an actuator. The module, server, and application can utilize public key infrastructure (PKI) such as public keys and private keys. The module can internally derive pairs of private/public keys using cryptographic algorithms and a first set of parameters. A server can authenticate the submission of derived public keys and an associated module identity. The server can use a first server private key and a second set of parameters to (i) send module data to the application and (ii) receive module instructions from the application. The server can use a second server private key and the first set of parameters to communicate with the module.

Systems, methods, and software can be used to share content. In some aspect, an electronic device selects a base station to camp on. A first message is sent from the electronic device to the base station. The first message is addressed to a server and requests the server to send a second message to the electronic device. Whether the electronic device receives the second message from the base station within a threshold time period after the first message is sent is determined. The electronic device determines that the base station has a security risk based at least in part on whether the second message is received within the threshold time period.

The method utilizes a passport identification number as an element of a homomorphic encryption used to stamp a passport with country entry/exit data to form a digital representation of a subset of information in the passport. As a result, exchange of the digital representation is permitted to allow a selective transfer of information without exposing a user-sensitive passport identification number. The homomorphic encryption comprises a support for exposing a trusted photo and a trusted group containing country travel entry and exit information. The digitally signed passport stamp may then be used to provide verification of the individual by ensuring linkage to that user's passport. The individual's identity and passport verification may occur unconnected, i.e., without having to connect to a central database.