In one aspect, a system component includes a printed circuit (PC) board on which plural conductive ink segments are disposed. The system component also includes a sealed housing that houses the PC board. The plural conductive ink segments define a bit pattern to establish a key.

The present disclosure generally relates to creating virtualized block storage devices whose data is replicated across isolated computing systems to lower risk of data loss even in wide-scale events, such as natural disasters. The virtualized device can include at least two volumes, each of which is implemented in a distinct computing system. Each volume can be encrypted with a distinct key, and an encryption service can operate to transform data “in-flight” on the replication path between the volumes, reencrypting data according to the key appropriate for each volume.

An operation method of a user device which performs near field communication (NFC) with a card reader includes downloading a service certification of a service, which the card reader provides, from a service authentication server through a network, sending status information of the user device to the card reader, receiving a service identifier (ID) which the card reader sends depending on the status information, performing an authentication process with the card reader based on a symmetric key when the service ID is present in the downloaded service certification, and sending an authentication success message to the card reader when the authentication process succeeds.

A system is provided for performing secure key exchange between a plurality of nodes of a communication network. The system comprises a master node and at least two slave nodes. In this context, the master node is configured to authenticate the at least two slave nodes with a pair-wise authentication key corresponding to each pair of master node and slave nodes. The master node is further configured to generate a group authentication key common to the plurality of nodes. Furthermore, the master node is configured to encrypt the group authentication key with the pair-wise authentication key for each respective pair of master node and slave nodes, thereby generating a respective encrypted group authentication key. Moreover, the master node is configured to communicate the encrypted group authentication key to the respective slave nodes.

The present disclosure describes method and system for generating and distributing a web form for securely collecting data. The system provides an interactive and visualized tool to add, edit, distribute web form and collect and analyze one or more response to the web form. Users of the system may edit the forms in a way that what you see is what you get. The system also automatically generates the data structure that can be easily transferred to and stored in the database, which only require minimal input from the user in terms of the data structure. The stored web form and the received responses are encrypted so as to be only available to the user. In some aspects, the system manages all the projects and workflow and allows for real time monitoring of this process through dashboard.

A method and device are provided for secure internet communication between a computing device and a server. The method employs non-extractable data stored within the device for the generation of a pair of master encryption keys, and the secure, non-internet transfer of one of the pair of keys to the server. Thereafter, communications between the device and the server are encrypted with one-time keys, the one-time keys being themselves encrypted with the master keys. At no time are either of the master keys transmitted over the internet, and at no time are the master keys stored together in a single device.

A method for encryption in a distributed datastore is provided. The method generally includes receiving random data from a virtualization management platform as a wrapped data encryption key (DEK), retrieving a key encryption key (KEK) from a key management server (KMS), decrypting the wrapped DEK using the KEK to determine a blank DEK, where the blank DEK is common to a plurality of hosts of a host cluster accessing a distributed datastore; encrypting first data using the blank DEK, and storing the encrypted first data in one or more disks of the distributed datastore, the one or more disks belonging to the plurality of hosts.

Method, device and computer program product for managing a plurality of encryption keys using a keystore seed that defines a seed bit set. A key management process defines a key mapping between the seed bit set and the plurality of encryption keys. The key management process enables each encryption key to be generated from the seed bit set using a corresponding keying material value and the key mapping. The key mapping specifies that an encryption key is generated by partitioning the seed bit set into a plurality of seed bit partitions, determining a keying value from the keying material value, determining a key sequence using the plurality of seed bit partitions and the keying value, and determining the encryption key from the key sequence. Management of a large number of encryption keys can be simplified through indirect management via the keystore seed and the key management process.

The system described herein provides for storing the databases and encryption keys for decrypting the data in the databases into two separate partitions. In an embodiment, the first partition includes the databases while the second partition includes a configuration database and a payload database. The payload database stores a data encryption key for decrypting the data stored in the databases. The payload database is encrypted and may be decrypted using a body encryption key. The body encryption key itself is encrypted twice. In the first instance a key encryption key is generated and in the second instance a second access key is generated. The key encryption key or the second access key may be used to decrypt the body encryption key. The second access key is stored in a secure location, to be retrieved in situations when the key encryption key is inaccessible.

A system and process for performing a touchless key provisioning operation for a communication device. In operation, a key management facility (KMF) imports a public key and a public key identifier uniquely identifying the public key of the communication device. The public key is associated with an asymmetric key pair generated at the communication device during its factory provisioning and configuration. The KMF registers the communication device and assigns a key encryption key (KEK) for the communication device. The KMF then provisions the communication device by deriving a symmetric touchless key provisioning (TKP) key based at least in part on the public key of the communication device, encrypting the KEK with the symmetric TKP key to generate a key wrapped KEK, and transmitting the key wrapped KEK to the communication device for decryption by the communication device.