Embodiments of systems and methods disclosed herein provide a simple and effective method for authentication and key exchange that is secure from man-in-the-middle attacks and is characterized by perfect forward secrecy. More specifically, in certain embodiments, the systems and methods are disclosed that enable secure communications between a local device and a remote device(s) via a protocol that uses a Central Licensing Authority that shares derived secrets with the endpoints, without sharing the secrets themselves. The derived secrets may be comprised of public information, taking the form of nonces, in order to protect the system against replay-style attacks. Each endpoint can generate its own nonce with sufficient entropy such that neither endpoint is dependent on the trustworthiness of the other.

The present disclosure discloses an information storage method performed at a server. The method includes: receiving an information storage request sent by a terminal device, the information storage request carrying a first user identifier, an account address, and a to-be-stored ciphertext; performing identity authentication on a user according to a the first user identifier when receiving an information storage request sent by a terminal device, the information storage request carrying the first user identifier, an account address, and a to-be-stored ciphertext; generating a serving end serialization factor according to preset configuration information if after the identity authentication succeeds; obtaining a plurality of ciphertext fragments of the to-be-stored ciphertext according to the serving end serialization factor and the to-be-stored ciphertext; and storing the account address corresponding to the first user identifier, and respectively storing, corresponding to the account address, the plurality of ciphertext fragments into different ciphertext databases.

A medical monitoring and communication system for wireless communication between an implantable medical device, a mobile user device, and a remote server includes a sensor device coupled to the implantable medical device. The sensor device is configured to default to a master mode prior to pairing with the mobile user device, listen for a request to connect from the mobile user device, refrain from communicating with the mobile user device responsive to the request to connect from the mobile user device being invalid, and switch to a slave mode to allow cooperative pairing with the mobile user device responsive to the request to connect from the mobile user device being valid. The mobile user device facilitates communication between the sensor device and the remote server when the mobile user device and the sensor device are cooperatively paired.

An encrypting method of a security short message includes performing a first encryption computation according to a short message content and a deadline code to generate a verification code, performing a second encryption computation according to the short message content, deadline code and verification code to generate an encrypting field, and combining a non-encrypting field and the encrypting field to create the security short message.

A system for connecting a first network device and a second network device includes one or more servers. The servers are configured to: (a) receive, from the first network device, a request to look up a network address of the second network device based on an identifier associated with the second network device; (b) determine, in response to the request, whether the second network device is available for a secure communications service; and (c) initiate a virtual private network communication link between the first network device and the second network device based on a determination that the second network device is available for the secure communications service, wherein the secure communications service uses the virtual private network communication link.

Methods, system and devices for sharing a secret between an isolated device connected to a network through a transmit-only unidirectional secure channel and a network connected user device, comprising generating a secret value divided to first and second components, transmitting the first component, via the unidirectional secure channel, to one or more computing nodes of a distributed system, and transferring the second component, via a tamper-resistant unidirectional insecure channel, to the network connected user device associated with the user to enable the network connected user device to reproduce the secret value by combining the first component received from one or more of the computing nodes with the second component.

Aspects of the present disclosure provide techniques for enabling data traffic having security of different Purdue Enterprise Reference Architecture security levels to traverse a common network. Techniques disclosed herein maintain logical separation between the different data traffic types by assigning each to a discrete virtual LAN, and discretely encrypting each data traffic type.

An apparatus configured to construct an email message addressed to a plurality of recipients. The apparatus is further configured to apply a cipher and a first encryption key to a first portion of the email message, which will be viewable by each of the recipients. The apparatus applies the cipher and a second encryption key to a second portion of the email message, which will be viewable by a first recipient from among the recipients. The apparatus further applies the cipher and a third encryption key to a third portion of the mail message, which will be viewable by a second recipient from among the recipients. The apparatus then transmits the email message to a server.

Embodiments include a method for secure data storage including constructing an encryption key from a plurality of key elements, the constructing including distributing the plurality of key elements to a plurality of key maintenance entities, each of the plurality of key maintenance entities employing a plurality of independent safe guards for their respective key elements of the plurality of key elements; and requiring access to the plurality of key elements to construct the encryption key. The method includes receiving a subset of the plurality of key elements via a twice-encrypted communications channel; and regenerating the encryption key at the client node; and after encrypting data, deleting the subset of the plurality of key elements received over the twice-encrypted communications channel, retaining any of the plurality of key elements previously stored at the client node.

Techniques for secure team-based communication on existing wireless mesh networks are disclosed. In an example, a first network node receives a network encryption key from a headend system. The first network node receives a sub-group encryption key that is unique to a sub-group of nodes, a sub-group identifier, and a sub-group node list that lists the sub-group of nodes associated with the sub-group identifier. The first network node generates an application layer message for a second node of the sub-group of nodes at an application layer. The first network node encrypts the application layer message using the sub-group encryption key. The first network node generates a team packet that is addressed to a selected node and includes the encrypted application layer message and the sub-group identifier. The first network node encrypts the team packet using the network encryption key and transmits the encrypted team packet to the selected node.