A non-transitory computer readable medium includes instructions that, when executed by processing circuitry, are configured to cause the processing circuitry to operate in a recovery mode after initiating a startup operation, transmit a data frame to a device of an electric power delivery system during the recovery mode, the data frame indicating a request for a security association key (SAK), receive the SAK from the device in response to transmitting the data frame, and use the SAK to communicate data via a media access control security (MACsec) communication link.

An example process includes breaking content into multiple fragments; and transmitting at least two of the multiple fragments over different physical channels in order to isolate the at least two fragments during transmission. The example process may include generating session keys; encrypting at least some of the fragments using different session keys; and associating, with each fragment, a session key used to encrypt a different fragment to produce fragment/session key pairs.

The present disclosure relates to generating a passphrase for an encrypted volume by at least cryptographically combing the first cryptographic key and the shared secret. Where the shared secret is split into a plurality of shares and a first number of the plurality of shares is greater than a second number of the plurality of shares and the second number of the plurality of shares is required to reconstruct the shared secret.

Some embodiments of the invention provide a method for a trusted (or originator) device to modify the security state of a target device (e.g., unlocking the device) based on a securing ranging operation (e.g., determining a distance, proximity, etc.). The method of some embodiments exchanges messages as a part of a ranging operation in order to determine whether the trusted and target devices are within a specified range of each other before allowing the trusted device to modify the security state of the target device. In some embodiments, the messages are derived by both devices based on a shared secret and are used to verify the source of ranging signals used for the ranging operation. In some embodiments, the method is performed using multiple different frequency bands.

A method for enabling a secure communication with a target device over a network includes: opening an unsecured OPC UA Endpoint by an OPC UA Server that runs on the target device; connecting to the OPC UA Server over the network by an OPC UA Client running on a first device, and requesting the initial device certificate; receiving the initial device certificate by unsecured communication over the network; validating, by the first device, the initial device certificate; establishing, by the first device, a device certificate; encrypting, by the first device, at least the device certificate; sending the encrypted data over the network; decrypting, by the target device, the encrypted data using an initial device private key associated with the initial device certificate to obtain at least the device certificate; storing the device certificate on the target device; and opening a secured OPC UA Endpoint by the OPC UA Server.

Systems, devices, media, and methods are presented for retrieving authentication credentials and decryption keys to access remotely stored user-generated content. The systems and methods receive a first authentication credential and access a second authentication credential based on receiving the first authentication credential. The system and methods generate an authentication token and an encryption token. Based on the authentication token, the system and methods access a set of encrypted content and an encrypted content key. The systems and methods decrypt the encrypted content key using the encryption token and decrypt the set of encrypted content using the decrypted content key. At least a portion of the content is presented at the user device.

Disclosed is a method for a secure communication method having a secret key generation technique. The novelty of the proposed method stems from enhancing physical layer security (PHY) by using channel-adaptive keys, after manipulating a channel by introducing an artificial component into the channel. An adaptively designed artificial component is cascaded with the legitimate user’s channel. In an orthogonal frequency division multiplexing (OFDM) system, subcarriers corresponding to a channel gain higher than a threshold value are selected to extract the keys. Since the number of the selected subcarriers is adaptive, the length of the generated key sequences is changing adaptively as well. Thus, the channel reciprocity property in a time division duplexing (TDD) system is utilized.

The present invention relates to a method for forcible password change, a server register a user data and a first key, the user signs into a mobile application program according to the user data and the first key. When the login key is different from the first key, and the number of sign-ins exceeds a threshold, the server will stop the user data from signing into the mobile application; the server generates a second key and sends a notification message; a confirmation event is executed to the notification message; after execution of the confirmation event the server allows the user data and the second key to be used to open the mobile application. This method enhances the security of the user account. When it is stolen or possibly stolen, the password is quickly changed and reconfirmed to prevent the account from increasing the loss of theft.

A method, system, and computer program product for identifying a malicious user obtain a plurality of service requests for a service provided by a processing system, each service request of the plurality of service requests being associated with a requesting user and a requesting system, and a plurality of service responses associated with the plurality of service requests, each service response of the plurality of service responses being associated with the processing system; and identify the requesting user as malicious based on the plurality of service requests and the plurality of service responses.

A first party uses a secret key to encrypt information, which is then sent through an untrusted connection to a second party. The second party, however, cannot decrypt the information on its own, and it relays the encrypted information through a secure network. The secure network includes one or more nodes linking the first and second parties through one or more trusted connections (“hops”); each hop features uses of a shared secret key unique to that hop. The first party's connection to the network (domain) receives the information relayed through the secure network by the second party, it decrypts that information according to the secret key of the first party, and it then retransmits the decrypted information to the second party using the secure hops. Techniques are provided for sharing a private session key, federated credentials, and private information.