A method for authenticating a secure credential transfer to a device includes verifying user identity and device identity. In particular, the method includes verifying user identity by requesting and receiving a user identification input at a first client device and verifying device identity of a second client device by (i) determining a security status of the second client device from hardware of the second client device, (ii) invoking an identifier related to the security status of the second client device to an authentication server, and (iii) obtaining certification from the authentication server for the second client device based on the invoked identifier. After verifying the user identity and the device identity, the method includes establishing a secure channel between the first client device and the second client device for the secure credential transfer using one or more tokens generated by the authentication server.

A server computing system generates a universally unique identifier (UUID) associated with a first application, the UUID to be encrypted using a private key associated with the first application to generate a first digital signature. The server computing system generates a first session key associated with the first application, the first digital signature to be encrypted using the first session key to generate a first encrypted digital signature. The server computing system encrypts the first session key using a public key associated with a second application to generate a first encrypted session key, wherein the first application and the second application are deployed with the PaaS associated with the server computing system. The server computing system transmits the UUID, the first encrypted digital signature, and the first encrypted session key to the second application using hypertext transfer protocol (HTTP) to enable the second application to authenticate the first application.

A computing system can associate a customer device of a customer with a financial transaction record and the merchant, the financial transaction record indicative of a first purchase from the merchant by the customer, transmit a first query to the customer device prompting the customer to input information regarding an aspect of the first purchase, the first query including a description of a predetermined product parameter of the financial transaction record indicative of the first purchase from the merchant by the customer, authenticating, by the computing system, the first request by determining that the customer-input response to the first query corresponds to the established aspect of the first purchase in accordance with a predetermined accuracy threshold, and authorizing, by the computing system, connection of the customer device to the network provided by the merchant based at least in part on the first request being authenticated.

Embodiments of the present disclosure provide a method and a device for cross-domain strong logically isolation and secure access control in the Internet of Things (IoT). The method includes the following. When one IoT gateway receives the identity authentication request, the IoT gateway sends the identity authentication request to all IoT gateways in the domain excluding that IoT gateway. When all IoT gateways in the domain receive the identity authentication request, all IoT gateways verify separately whether the identity authentication request is legal. After a certain IoT gateway obtains the identity authentication result, a distributed consensus procedure is initiated. The IoT gateways in the domain reach a consensus on the identity authentication result through a distributed consensus mechanism, and the identity authentication result is written and stored to a block of a blockchain.

A digital media data management system in the field of software solutions deployed to an apparatus satisfying the specific hardware requirements. The system's purpose is to register, process, store and transfer data (mostly media). More specifically, the system comprises custom embedded firmware—the media server encapsulating the complete cycle of registration, processing (pre- and post-), storing in a permanent memory and transferring of data over networks, using for these purposes the proprietary implementations of the software-defined data storage service and the custom data streaming technique. Later

Systems and methods for performing mutual authentication between a hardware access token and a reader device are provided. The systems and methods include reading a unique or pseudo-unique identifier of the hardware access token and computing a password for the hardware access token based on the unique or pseudo-unique identifier and a group secret of the reader device.

A Quorum network comprising an access controlled multi-tenant network is provided that is configured to enable access control and state isolation in a multi-tenancy Ethereum-based distributed ledger system. The access-controlled network includes one or more authenticating servers (also referred to as access controls) for providing permission control to the nodes in the network. In a standard multi-tenant network, each user of an entity (also referred to as an organization) is limited to only transacting with (also referred to as accessing) their own authorized resources. The access-controlled network utilizes an access controller to provide a singular truth for a set of managed nodes through a trusted entity (such as a Network Authorization Server).

A computer-implemented method comprising: establishing, by an operation device, a wireless communication with a remote device; authenticating, by the operation device, the wireless communication with the remote device; receiving, at the operation device, a first command to perform a first operation; establishing a first maximum delay period using an estimated time delay, wherein the estimated time delay comprises an authentication delay, an encryption delay, or a combination thereof; determining, by the operation device, that the first command is received within a first maximum delay period; performing, by the operation device, the first operation; receiving, at the operation device, a second command to perform a second operation; establishing a second maximum delay period using the estimated time delay; determining, by the operation device, that the second command is received within a second maximum delay period; and performing, by the operation device, the second operation instructed in the second command.

Techniques are disclosed relating to securely authenticating communicating devices. In various embodiments, a computing device receives, via a network connection with a network, a first certificate for a first public key pair of the computing device. The computing device provides the first certificate to an offline accessory device and receives a second certificate for a second public key pair maintained by the offline accessory device. The computing device performs a verification of the second certificate and, responsive to the verification being successful, interacts with the offline accessory device. In some embodiments, prior to providing the first certificate, the computing device determines an ordering in which the first and second certificates are to be exchanged by the first computing device and the offline accessory device, and the first certificate is provided to the offline accessory device in accordance with the determined ordering.

The techniques described herein provide for authentication of a reader device over a wireless protocol (e.g., NFC or Bluetooth, BLE). The mobile device can receive and store the static public key of the reader device and one or more credentials, each credential specifying access to an electronic lock. The mobile device can receive an ephemeral reader public key, a reader identifier, and a transaction identifier. The mobile device can generate session key using the ephemeral mobile private key and the ephemeral reader public key and send the ephemeral mobile public key to the reader device. The reader device can receive the ephemeral mobile public key and sign and transmit a signature message to the mobile device. The mobile device can validate a reader signature and generate an encrypted credential that the reader can use to access an electronic lock. The reader device can authenticate the mobile device for mutual authentication.