Systems and methods for data authentication can comprise processing a first secret element to generate a first encrypted secret element, processing a second secret element to generate a non-secret element, and processing the first encrypted secret element and the non-secret element to generate an encrypted data block.

Embedding of digital incentive tokens within a digital image can occur cryptographically using a public key in some embodiments. An encrypted digital incentive token may be embedded within a digital image, including a variety of encrypted information. The digital image with the embedded digital incentive token may be sent to users via delivery mechanisms such as direct webpage embedding, email, text message, and social media sharing. An image recipient may be able to view the image and also take additional action including gaining access to the embedded digital incentive token. Digital incentive tokens can be embedded by altering image metadata so that the image itself is not changed in some embodiments, but data associated with the image is changed to identify the token. Pixel data can be altered to reflect a token for an image. Digital incentive tokens can also be tracked through different platforms to determine usage.

This disclosure relates to, among other things, electronic device security systems and methods. Certain embodiments disclosed herein provide for protection of cryptographic keys and/or associated operations using both an operating system security service and a software-based whitebox cryptographic security service executing on a device. Leveraging operating system security services and software-based whitebox cryptographic security services may provide enhanced security when compared to using either service alone to protect cryptographic keys and associated operations. In additional embodiments, server-side cryptographic security solutions may be further used to enhance device security implementations.

The Distributed Software Defined Network (dSDN) disclosed herein is an end-to-end architecture that enables secure and flexible programmability across a network with full lifecycle management of services and infrastructure applications (fxDeviceApp). The dSDN also harmonizes application deployment across the network independent of the hardware vendor. As a result, the dSDN simplifies the network deployment lifecycle from concept to design to implementation to decommissioning.

A method and system of creating and managing encryption keys that facilitates sharing of encrypted content. The system may include an information management system with a key management server and a computing device having an encryption service module. The encryption service module detects operations at the computing device and encrypts a document with an encryption key created using user information and a secret.

The present invention relates management of security of a computing environment. The method may include; monitoring and learning, through a master computer, a data traffic of the each of the coupled connecting node to alter a security design to speed up the communications; analysing, through the master computer, the data traffic to categorize the each of the coupled connecting node into a first category of node, which is accessed by a human and a second category of node, which is accessed by a bot; utilizing, at the master computer, one or more secured hidden servers for determining a first data communication route to speed up data traffic for the human and a second data communication route to prevent data traffic above a pre-set limit, for the bot.

Disclosed herein are system, method, and computer program product embodiments for providing a diversified cryptographic Root of Trust for application instances installed on different user devices. After installing an application, a client device transmits, to a cryptography server, (1) an application identification corresponding to a key from an operating system key store on the client device and (2) a device identification specific to an instance of the application on the client device. The cryptography server uses this data to generate and transmit a unique device fingerprint to the client device. The client device then diversifies a white-box cryptography (WBC) library using the application identification, the device identification, and the device fingerprint. The diversified WBC library protects the storage of cryptographic keys obtained from the cryptography server. These keys protect sensitive data on the client device and sensitive data sent to the cryptography server and other application servers.

This disclosure provides techniques for recovering a root key from measurement of a circuit function. In some embodiments, a checkpointing feature is used to periodically mark measurements of this function and thereby track drift in the value of the root key over the life of a digital device; the checkpointing feature permits rollback of any measurement of the function in a manner that negates incremental drift and permits recovery of the root key for the life of a device (e.g., an IC circuit or product in which the IC is embedded). This disclosure also provides novel PUF designs and applications.

Systems and methods are provided for implementing a centralized configurator server/service in the cloud that can take the place of conventional mobile devices used for provisioning IoT devices or WiFi clients in a network. In order to provision the IoT devices or WiFi clients, a mobile device or access point (AP) may be used to relay Device Provisioning Protocol (DPP) messages and/or information between the centralized configurator server/service and the IoT devices or WiFi clients.

Embodiments provide methods, and systems for facilitating microservices for cryptographic operations. A method includes receiving, by a server system, a cryptographic service request from at least one application of a plurality of applications over a network communication channel. The cryptographic service request comprises a cryptographic operation to be performed and a cryptographic keys index being an identifier of the at least one application. The method includes generating, by the server system, a cryptographic operation command for the cryptographic operation. The method includes sending, by the server system, the cryptographic operation command to a Hardware Security Module (HSM) communicatively connected to the server system to perform the cryptographic operation. The method includes receiving, by the server system, a response from the HSM for the performed cryptographic operation. The method includes sending, by the server system, the response for the performed cryptographic operation to the at least one application.