A system for security key rotation in a cloud computing environment is disclosed. The system performs steps to at least initiate, at a predetermined interval, a call to determine whether to initiate generation of a public-private key pair for a client application. The system determines whether to initiate generation of the public-private key pair for the client application and based on determining to initiate generation of the public-private key pair for the client application, transmits a control signal requesting generation of the public-private key pair The system generates the public-private key pair and transmits a private key associated with the public-private key pair to a secure storage location for later retrieval by the client application and transmits a public key associated with the public-private key pair to a public key service for later retrieval by a client associated with the client application.

A method of facilitating an anonymous message board may include receiving a secret key share associated with a published public key. An initial table state may be generated by encrypting, via the public key, an initial table including a table index and table initial values. A user post encrypted via the public key may be received, the user post including a message and a message index value. The initial table state may be updated to an updated table state by replacing an initial table value of the initial table values with the message. In response to a time interval associated with a predetermined length of time expiring after generating the initial table state, the updated table state may be partially decrypted via the first secret key share as a partially decrypted table. The partially decrypted table may be broadcast.

Certain embodiments provide a method of updating a security. The method can include monitoring a bearer that includes first and second radio accesses according to different radio technologies between user equipment and a communications network. One or more properties of the monitored bearer can be determined. An update of a security key utilized for securing communications over at least one of the radio accesses can be triggered in response to determining that the determined properties meet at least one triggering condition capable of indicating a need for the update.

A method and processing system for managing user access to one or more resources is disclosed. A central service may receive an access change request message regarding a user. The access change request message may include a user identifier, a user role, and an access action for the user. Example access actions may include adding or removing user access with respect to a resource. The central service may determine which resources are associated with the user role and transmit one or more event messages to the resources to implement the access actions. The resources may send acknowledgement messages to the central service to confirm that the access actions have been completed.

A communication system including a first device (1a, 1a′) and a second device (1b, 1b′). The first device (1a, 1a′) comprises a memory storing first-device-specific identification data and the second device (1b, 1b′) comprises a memory storing second-device-specific identification data. The first device (1a, 1a′) is configured to receive a copy of the second-device-specific identification data and to store the copy in the memory of the first device (1a, 1a′) and the second device (1b, 1b′) is configured to receive a copy of the first-device-specific identification data and to store the copy in the memory of the second device (1b, 1b′). The first device (1a, 1a′) is configured to derive a first encryption key from the first-device-specific identification data and the received copy of the second-device-specific identification data. The second device is configured to derive the first encryption key from the second-device-specific identification data and the received copy of the first-device-specific identification data. The first device (1a, 1a′) encrypts transmission data using the first encryption key and transmits the encrypted transmission data to the second device (1b, 1b′). The second device (1b, 1b′) receives the encrypted transmission data from the first device (1a, 1a′) and decrypts the encrypted transmission data using the first encryption key.

The present invention relates to a method for forcible password change, a server register a user data and a first key, the user signs into a mobile application program according to the user data and the first key. When the login key is different from the first key, and the number of sign-ins exceeds a threshold, the server will stop the user data from signing into the mobile application; the server generates a second key and sends a notification message; a confirmation event is executed to the notification message; after execution of the confirmation event the server allows the user data and the second key to be used to open the mobile application. This method enhances the security of the user account. When it is stolen or possibly stolen, the password is quickly changed and reconfirmed to prevent the account from increasing the loss of theft.

Systems and methods for managing provisioning of keys prior to a key rotation are provided. A license server generates a license that is associated with a renewal time. The renewal time is a time that is prior to a key rotation time, and triggers a receiver device to send a renewal request prior to the key rotation time. The renewal time may be a randomized time prior to the key rotation time that differs for different receiver devices. The license is transmitted to the receiver device. The license server then receives a renewal request from the receiver device that is triggered at the renewal time. The license server generates a next license that comprises a next key, whereby the next key is a decryption key for decrypting the encrypted signal after the key rotation time. The next license is transmitted to the receiver device prior to the key rotation time.

In response to a UE in a wireless network leaving a multicast group to which the user equipment belonged or switching between multiple access nodes belonging to the multicast group, sending by an access node a rekeying token for UE(s) in the multicast group to use to access data for the multicast group. The access node generates key(s) based at least on the rekeying token. The access node multicasts traffic to the UE(s) in the multicast group using the key(s). In response to an other UE in a wireless network leaving a multicast group to which a UE belongs or switching by the UE between multiple access nodes belonging to the multicast group, receiving, at the UE from an access node, a rekeying token to use. The UE generates key(s) based at least on the rekeying token and receives multicast traffic using the key(s).

This disclosure describes methods, non-transitory computer readable storage media, and systems that provide secure password sharing across a plurality of users and client devices via a shared folder. For example, in one or more embodiments, the disclosed system retrieves a public key set including public encryption keys for client devices having access to the shared folder. The disclosed system provides the public key set to a client device requesting to share the shared folder. The disclosed system receives an encrypted payload for the shared folder and a shared encryption key that is utilized to encrypt the payload and is encrypted in the shared folder utilizing the public key set. The disclosed system also detects key rotation events and notifies one or more client devices to generate a modified shared encryption key and re-encrypt the payload for storage within the shared folder.

The concepts and technologies disclosed herein are directed to conditional temporary authentication for third party nodes. According to one aspect of the concepts and technologies disclosed herein, a first node of a plurality of nodes can provide a master authentication key to a second node of the plurality of nodes. The first node can receive, from a third node of the plurality of nodes, a temporary child authentication key derived from the master authentication by the second node. The first node can process the temporary child authentication key to determine which portion of a resource to allow the third node to access. The first node can provide the third node access to the portion of the resource.