Disclosed herein is a data storage device comprising a data path and an access controller. The data path comprises a data port configured to transmit data between a host computer and the data storage device. The data storage device is configured to register with the host computer as a block data storage device. A non-volatile storage medium stores encrypted user content data and a cryptography engine is connected between the data port and the storage medium and uses a cryptographic key to decrypt the encrypted user content data. The access controller generates a challenge for an authorized device; sends the challenge to the authorized device; receives a response to the challenge from the authorized device over the communication channel; calculates the cryptographic key based on the response; and provides the cryptographic key to the cryptography engine to decrypt the encrypted user content data stored on the storage medium.

Some implementations of the disclosure are directed to receiving, at an authentication server system, a distributed ledger address transmitted by a client device to identify itself during an authentication process for accessing a network, where the distributed ledger address corresponds to a distributed ledger network; transmitting an authentication challenge message from the authentication server to the client device; in response to transmitting the authentication challenge message from the authentication server to the client device, receiving at the authentication server, a response to the challenge message including a signature; and using at least the distributed ledger network to determine if the signature used to sign the response to the challenge message is associated with the distributed ledger address transmitted by the client device.

A method for gesture-based multi-factor authentication includes mapping a gesture password to a first substitution string, generating a cryptographic key using the first substitution string as an input to a password authenticated key exchange protocol, encrypting a challenge response with the cryptographic key to generate an encrypted challenge response, and transmitting, to a relying party computing system, a first authentication message comprising the encrypted challenge response and a user identifier identifying a user.

Systems and methods for securely verifying integrity of application responses are disclosed. One example method includes receiving, from a client, an application encrypted in accordance with a fully homomorphic encryption (FHE) algorithm, generating, with a trained machine learning model associated with the FHE algorithm, a plurality of first application labels, each first application label indicating a true or false response associated with the application, inverting a randomly selected portion of the plurality of first application labels, generating a first randomly sorted list including the plurality of first application labels, transmitting the first randomly sorted list to the client, receiving a first decrypted list from the client, performing a validation of at least the first decrypted list, the validation based at least in part on the plurality of first application labels, and in response to the validation being successful, providing the client with a response to the application.

The disclosure is directed to providing content access control in information centric networking (ICN) networks. Methods and systems include hardware and/or software that perform operations for sending to a content provider of an ICN network an access request for content in response to receiving a first content request from a client. The operations also include receiving from the content provider access control information for the content. The operations further include sending to the client a challenge. Additionally, the operations include receiving from the client an authorization of the content provider that includes information obtained by the client from the content provider based on the challenge. Furthermore, the operations include verifying the authorization received from the client using the access control information received from the content provider. Moreover, the operations include sending to the client the content.

A method for device authentication comprises receiving, by processing hardware of a first device, a message from a second device to authenticate the first device. The processing hardware retrieves a secret value from secure storage hardware operatively coupled to the processing hardware. The processing hardware derives a validator from the secret value using a path through a key tree, wherein the path is based on the message, wherein deriving the validator using the path through the key tree comprises computing a plurality of successive intermediate keys starting with a value based on the secret value and leading to the validator, wherein each successive intermediate key is derived based on at least a portion of the message and a prior key. The first device then sends the validator to the second device.

A security device may be utilized to provide security measures to an electronic device that may incorporate the security device or be coupled to it. The security measures may comprise authentication (e.g., authentication of devices, users, or activities), and/or encryption measures (e.g., encrypting or decrypting exchanged data). A transaction or access via the security device may be authenticated by communicating an authentication request by the security device to an authentication server, which may generate, in response, a sequence of information requests that are sent to the security device. The security device may then generate, in response, a sequence of responses that are sent to the authentication server, with the sequence of responses comprising a sequence of reported values each of which are unique. The authentication server may then authenticate the security device based on comparing of the sequence of reported values with a sequence of expected values that identifies the security device.

At a transmitter node, a commitment value C is obtained as a function of a message m. The commitment value C and transmitter terms of use T.sup.A for the message m are then sent to a receiver node without disclosing the message m. A cryptographic receiver signature S.sub.B over the commitment value C and the transmitter terms of use T.sup.A is received from the receiver node, where the cryptographic receiver signature S.sub.B is signed with a private key kprv-B associated with the receiver node. The receiver signature S.sub.B may be authenticated using a public key kpuh-B for the receiver node. If the receiver signature S.sub.B is successfully authenticated, the message m and the receiver signature S.sub.B are signed using a private key kprv-A for the transmitter node to obtain a transmitter signature S.sub.A. The message m and the transmitter signature S.sub.A may then be sent to the receiver node.

Connectionless data transfer is disclosed. Authentication of a device and network node may be performed when data is sent from the device to an application server of an application service provider via a selected network. The transfer of data may take place in an absence of an existing device context between the network node interacting with the device and the core network through which the data travels. State management overhead and signaling overhead may be reduced by use of the exemplary aspects disclosed herein. For example, the device does not need to perform an authentication and key agreement (AKA) procedure to transfer the data and an existing (or pre-existing) device context need not be maintained at the core network.

A method and apparatus for a certificate authority system providing authentication to a plurality of devices associated with an organization are described. The method may include receiving, at the certificate authority system, a request from a device to sign authentication information of the device, wherein the device is associated with the organization. The method may also include sending a challenge to the device to perform an action with a system other than the certificate authority system, and receiving the response to the challenge from the device. Furthermore, the method may include verifying that the response was generated correctly based on the challenge, and signing the authentication information of the device with one or more keys of the certificate authority system as an authentication of an identity of the device.