Systems and methods for sharing secrets including passwords, keys, and other confidential information used in computing environments. A secrets record generated at a secrets vault client device is encrypted using an application key associated with a computing environment. The encrypted secrets record is stored in the secrets vault server. The secrets vault client device configures a sharing client device and associated with an access token. The secrets vault client device hashes the access token and sends to the secrets vault server as a client identifier. The sharing client device performs a first-time authentication using a hashed access token with the secrets vault server. Upon successful authentication, the sharing client device requests secrets records from the secrets vault server using the client identifier.

The disclosure herein describes securing access to a service resource within a security boundary. A security gateway instance receives a request from an edge deployment outside the security boundary. The request includes identity data identifying the edge deployment. The identity data is validated based on allowed identity data of the security gateway instance and based on a validation handler associated with the service resource. Based on validating the identity data and validating the request, the identity data is transformed using security data specific to the security gateway instance. The transformed identity data indicates the request has been validated by the security gateway instance. Based on transforming the identity data of the request, the transformed identity data and the request are forwarded to the service resource via a network link within the security boundary, wherein the service resource is configured to process the request based on identifying the transformed identity data.

An example operation may include one or more of receiving a request associated with a key-value pair stored in a database, determining whether a state of the key-value pair has changed since a most recently received request, and in response to a determination that the state of the key-value pair has changed, generating a data block that includes a changed state of the key-value pair and adding the generated data block to a hash-linked chain of data blocks.

A method for generating energy-optimized travel routes for a motor vehicle includes one or more of the following: receiving an origin destination (OD) of the motor vehicle and an encrypted energy consumption database of the motor vehicle; generating N candidate routes for the OD; evaluating encrypted energy consumption over a route using an encrypted energy consumption database; applying at least one of homomorphic addition function or homomorphic multiplication function to the encrypted energy consumption data; and returning N candidate routes and their encrypted energy consumption to a client.

An electric vehicle charger includes a power supply and a controller. The power supply is for supplying electric power over a charging connection to an electric vehicle. The charging connection employs charging conductors to supply electric power from the power supply to the electric vehicle for charging. The power supply is adapted to send data to and receive data from the electric vehicle over the charging conductors according to a power-line communications protocol. The controller coupled to the power supply to control supply of electric power to the electric vehicle, The controller is adapted to, prior to initiating supply of electric power by the power supply to the electric vehicle for charging, communicate with the electric vehicle to identify a payment method associated with the electric vehicle and with the payment network to authorize the payment method for payment for electric power supplied to the electric vehicle for charging.

The disclosed embodiments relate to a system that provides a selective encryption technique that encrypts all of the fields in a profile, and selectively enables consumers of the profile information to decrypt specific fields in the profiles. This is accomplished by encrypting each field in the profile using a randomly generated symmetric key, and then encrypting the symmetric key for each field with public keys belonging to individuals who are authorized to access each field. These encrypted public keys are stored in a header of the profile to enable individuals to use their corresponding private keys to decrypt symmetric keys for the specific fields that they are authorized to access.

Embodiments of the invention are directed to systems, methods, and devices for securely performing federated tasks (e.g., the generation and utilizing of machine-learning models). A secure platform computer may operate a secure memory space. Entities participating in a federated project may transmit respective portions of project data defining the federated project. Each entity may provide their respective (encrypted) data sets for the project that in turn can be used to generate a machine-learning model in accordance with the project data. The machine-learning model may be stored in the secure memory space and accessed through an interface provided by the secure platform computer Utilizing the techniques discussed herein, a machine-learning models may be generated and access to these models may be restricted while protect each participant's data set from being exposed to the other project participants.

This disclosure describes methods, non-transitory computer readable storage media, and systems that provide secure password sharing across a plurality of users and client devices via a shared folder. For example, in one or more embodiments, the disclosed system retrieves a public key set including public encryption keys for client devices having access to the shared folder. The disclosed system provides the public key set to a client device requesting to share the shared folder. The disclosed system receives an encrypted payload for the shared folder and a shared encryption key that is utilized to encrypt the payload and is encrypted in the shared folder utilizing the public key set. The disclosed system also detects key rotation events and notifies one or more client devices to generate a modified shared encryption key and re-encrypt the payload for storage within the shared folder.

An authentication system facilitates a transfer of enrollment in authentication services between client devices. The authentication system enrolls a client device in authentication services to enable the client device to be used for authenticating requests to access one or more services. As part of enrolling the client device, the authentication system receives authentication enrollment information for the client device that is associated with one or more authentication credentials securely stored on the client device (e.g., a multi-factor authentication (MFA) certificate). The authentication system facilitates one or more processes for transferring the enrollment from an enrolled client device to a non-enrolled client device that limit the number and complexity of actions performed by the user. In particular, the authentication system facilitates transfer of enrollment based on receiving enrollment transfer requests authorized by the enrolled client device using one or more authentication credentials associated with the enrollment of the enrolled client device.

A security device may be utilized to provide security measures to an electronic device that may incorporate the security device or be coupled to it. The security measures may comprise authentication (e.g., authentication of devices, users, or activities), and/or encryption measures (e.g., encrypting or decrypting exchanged data). A transaction or access via the security device may be authenticated by communicating an authentication request by the security device to an authentication server, which may generate, in response, a sequence of information requests that are sent to the security device. The security device may then generate, in response, a sequence of responses that are sent to the authentication server, with the sequence of responses comprising a sequence of reported values each of which are unique. The authentication server may then authenticate the security device based on comparing of the sequence of reported values with a sequence of expected values that identifies the security device.