Methods are described for a data creator to securely send a data payload to another device in a transient symmetric key technology (TSKT) system, and for the other device to securely receive the payload data. One method includes receiving a first seed and a formula from a command and control server. A second seed is generated, and the first seed and the second seed are combined using the formula to create a data seed. A first key is generated using the first seed, and the second seed is encrypted using the first key to form an encrypted second seed. A second key is generated using the data seed, and the data payload is encrypted using the second key to form an encrypted data payload. The encrypted data payload and the encrypted second seed are combined in a secure container, and subsequently all keys and seeds and the formula are destroyed.

An example method includes receiving an encrypted biometric enrollment data and user identifier data. The encrypted biometric enrollment data includes at least one biometric enrollment sample from a user encrypted using an encryption key. The encryption key is generated based on a user secret and the user identifier is associated with the user. The user identifier is matched with a stored user secret. A decryption key is generated based on the stored user secret. The encrypted biometric enrollment data is decrypted using the decryption key. The at least one biometric enrollment sample is retrieved from the decrypted biometric enrollment data. The at least one biometric enrollment sample is processed using a biometric processing algorithm to generate a biometric reference template. A biometric reference template identifier uniquely identifying the biometric reference template is generated. An encryption key is generated based on the stored user secret and encrypts an enrollment confirmation message.

One example process may include identifying a paused active communication session between a client device and a server, releasing communication session resources dedicated to the communication session to a session resource pool, and re-establishing the active data session responsive to receiving a message from the client device including one or more session re-establishment parameters.

A key server network device may install, on the key server network device, a new decryption key based on a timer-based key rollover setting and may provide, to peer network devices, messages identifying the new decryption key. The key server network device may utilize an original encryption key, to encrypt traffic, until all of the peer network devices provide acknowledgements of installation of the new decryption key. The key server network device may be configured to utilize the original encryption key based on the timer-based key rollover setting. The key server network device may generate an alarm. The alarm may include information indicating that the key server network device is waiting for the acknowledgements from one or more peer network devices and information identifying the one or more peer network devices.

A secure method for data exchange between a terminal and a server is described. The server can use a cryptographic module configured to encrypt or decrypt a message based on input parameters comprising the message, a response to a challenge and a symmetric key. The terminal can use a white-box cryptography module constituting a white-box implementation of the cryptographic module of the server for this symmetric key.

The present invention provides a processing device (1) including a storage unit (112) that stores device-specific information in association with device identification information for identifying each of a plurality of devices, an authentication key request reception unit (101) that receives an authentication key request including the device identification information, an authentication key issuing unit (102) that issues the authentication key, a license key request reception unit (103) that receives a license key request including the device identification information and the authentication key, a license key issuing unit (104) that issues a license key, a user identification information registration unit (107) that stores the user identification information of the user who has presented the license key, in association with the device identification information associated with the license key, and a device control unit (111) that integrally controls the plurality of devices identifying a plurality of pieces of device identification information associated with the same user identification information.

An authentication and encryption protocol is provided that can be implemented within a single clock cycle of an integrated circuit chip while still providing unbreakable encryption. The protocol of the present invention is so small that it can co-exist on any integrated circuit chip with other functions, including a general purpose central processing unit, general processing unit, or application specific integrated circuits with other communication related functionality.

One or more computing devices, systems, and/or methods for managing security associated with applications are provided. In an example, a central security gateway may determine first security policy information associated with a first application. The central security gateway may establish a first encrypted connection with a first device of the first application. The central security gateway may manage, based upon the first security policy information and using the first encrypted connection, security associated with the first application. The central security gateway may determine second security policy information associated with a second application. The central security gateway may establish a second encrypted connection with a second device of the second application. The central security gateway may manage, based upon the second security policy information and using the second encrypted connection, security associated with the second application.

A system is provided for electronic data encryption and decryption using a consensus draft process. In particular, the system may use a custom encryption algorithm that generates an array with a number of entries that is dependent on the number of computing devices that participate in the encryption process. The encryption algorithm may cause a first computing device to open and read the array, randomly select and remove an entry, and pass on the remaining entries to a second computing device. The second computing device may then open and read the array, randomly select and remove an entry, then pass the remaining entries to a third computing device. The process may be executed in a reiterative manner until the entire array is distributed among the participating computing devices. In this way, encryption of data may be performed without revealing shared information among the participating computing devices.

A system within an ego vehicle for robust association of a physical identity and a virtual identity of a target vehicle includes a data processor, including a wireless communication module and a visible light communication module, positioned within an ego vehicle, and a plurality of perception sensors, positioned within the ego vehicle and adapted to collect data related to a physical identity of the target vehicle and to communicate the data related to the physical identity of the target vehicle to the data processor via a communication bus, the data processor within the ego vehicle adapted to receive, via a wireless communication channel, data related to a virtual identity of the target vehicle, associate the physical identity of the target vehicle with the virtual identity of the target vehicle, and initiate, via the wireless communication channel and a visible light communication channel, a challenge-response protocol between the ego vehicle and the target vehicle.