A request may be received to transfer from a first entity to a second entity a right related to a digital asset stored in an on-demand database system. The on-demand database system may provide computing services to a plurality of entities via the internet. A token associated with the digital asset may be identified. The token may being included in a smart contract recorded within a distributed trust ledger and may be owned by a first distributed trust ledger account. The smart contract may be executed within the distributed trust ledger to record a transfer of the token from the first distributed trust ledger account to a second distributed trust ledger account. The on-demand database system may be updated to include one or more database entries reflecting the recorded transfer.

A firmware update shared key management method using a flash memory includes: a firmware data registration step of receiving, from a manufacturer server, at least one of information of a user device that is a firmware update target, and firmware information and registering the received information as firmware data; a firmware data management step of receiving a request from a firmware update server in which the registered firmware data is stored, and storing and managing the registered firmware data in a specific area of a flash memory included in the user device via a network; a shared key verification execution step of using a shared key to execute verification on a command communicating between the user device including the flash memory and the firmware update server that performs firmware update; and a firmware update execution step of performing firmware update of the user device through the firmware update server only when the encrypted command and the shared key pass the verification.

An electronic device may include at least one wireless communication module configured to transmit and receive a wireless signal; a memory electrically configured to store instructions; and at least one processor operatively connected to the at least one wireless communication module and the memory, the at least one processor being configured to execute the instructions to: based on an attempt to connect to an access point (AP), identify whether a pairwise master key security association (PMKSA) for the AP, generated based on to a previous connection of the electronic device to the AP, is present, and based on identifying that the PMKSA is present, determine whether to reuse a pairwise master key (PMK) stored in the PMKSA by comparing a lifetime of the PMK with a margin time in which a use of the PMK is guaranteed.

A distributed database encrypts a table using a table encryption key protected by a client master encryption key. The encrypted table is replicated among a plurality of nodes of the distributed database. The table encryption key is replicated among the plurality of nodes, and is stored on each node in a respective secure memory. In the event of node failure, a copy of the stored key held by another member of the replication group is used to restore a node to operation. The replication group may continue operation in the event of a revocation of authorization to access the client master encryption key.

Systems and methods for controlling record relationship changes in a content management system. The content management system may have several layers of access controls, which may include a layer of access control at the object level, a layer of access control at the row level and a layer of access control at the field level. Access may be controlled at the object level by a user's security profile, at the object record level (or row level) by the user's role, and/or at the object field level by the user's role or a state in a document lifecycle. A secure inbound relationship attribute may be used to control record relationship changes. Actions for creating, deleting and reassigning are permitted only when the inbound relationship is editable according to the secure inbound relationship attribute.

An apparatus and method for mapping user-associated data to an identifier. The apparatus includes a processor configured to store a plurality of user identifiers. User identifiers may be determined by way of user or by machine-learning modules or the like. Apparatus receives user-associated data from a user to be stored in a resource data storage system. User-associated data may include a plurality of data sets to be mapped to an identifier. Mapping a data set to an identifier may be user determined or use a machine-learning module. Apparatus is configured to update the immutable sequential listing associated with the data set with the mapped identifier.

This disclosure describes methods, non-transitory computer readable storage media, and systems that provide secure password sharing across a plurality of users and client devices via a shared folder. For example, in one or more embodiments, the disclosed system retrieves a public key set including public encryption keys for client devices having access to the shared folder. The disclosed system provides the public key set to a client device requesting to share the shared folder. The disclosed system receives an encrypted payload for the shared folder and a shared encryption key that is utilized to encrypt the payload and is encrypted in the shared folder utilizing the public key set. The disclosed system also detects key rotation events and notifies one or more client devices to generate a modified shared encryption key and re-encrypt the payload for storage within the shared folder.

A method for device authentication comprises receiving, by processing hardware of a first device, a message from a second device to authenticate the first device. The processing hardware retrieves a secret value from secure storage hardware operatively coupled to the processing hardware. The processing hardware derives a validator from the secret value using a path through a key tree, wherein the path is based on the message, wherein deriving the validator using the path through the key tree comprises computing a plurality of successive intermediate keys starting with a value based on the secret value and leading to the validator, wherein each successive intermediate key is derived based on at least a portion of the message and a prior key. The first device then sends the validator to the second device.

In general, in one aspect, a method includes receiving software code with an invalid characteristic, repeatedly attempting to execute the software code with the invalid characteristic on a device, and in response to successful execution of the software code with the invalid characteristic, taking an action. The action may include an action to remediate the device.

Use of cryptographic key-store hardware security modules is optimized in a system having a first scarce high-security key storage device and a second more plentiful low-security key storage device comprising securing a cryptographic key to the higher security level by initially storing the key in the first storage device, then responsive to an event, evaluating the stored key against one or more rules, and subsequent to the evaluation, reclassifying the stored key for relocation, encrypting the reclassified key using a key-encryption key; relocating the reclassified key into the second, lower-security storage device, and storing the key-encryption key in the first storage device.