Abstract: A system, method, and computer program product are provided for implementing zero round trip secure communications based on a noisy secret. In operation, a sender system utilizes a randomly generated message key for encrypting a message to send to a receiver system. The sender system selects a plurality of different sub-keys from a negotiated noisy secret to encrypt the randomly generated message key. The sender system encrypts the message utilizing the randomly generated message key. The sender system sends the encrypted message, all encrypted message keys, and a message MAC that is calculated and added for every sub-key, to the receiver system such that the receiver system is able to perform a MAC-based verification to test sub-key validity of the plurality of different sub-keys.

Abstract: A system, method, and computer program product are provided for implementing zero round trip secure communications based on two noisy secrets. The method comprises: a) generating, by a sender system, a message key (e.g.

Abstract: A system, method, and computer program product are provided for implementing hardware backed symmetric operations for password based authentication. In operation, a system receives a request to access software utilizing password-based authentication. Further, the system receives a password for the password-based authentication. The system computes a hash utilizing the password and a hardware-based authenticator associated with hardware of the system utilizing hardware backed symmetric encryption. Moreover, the system verifies that the hash computed utilizing the password and the hardware-based authenticator is correct for accessing the software.

Abstract: A system, method, and computer program product are provided for implementing zero round trip secure communications based on noisy secrets with a polynomial secret sharing scheme. In operation, a sender system identifies (e.g. negotiates, etc.) two negotiated noisy secrets associated with an encrypted message to send to a receiver system. The sender system utilizes a first negotiated noisy secret for sub-key selection. The sender system generates a secret polynomial using Shamir's polynomial-based secret sharing scheme with N points, where N is a positive integer, and a message key as a secret. The sender system divides the first negotiated noisy secret into a plurality of sub-keys. The sender system divides a second negotiated noisy secret into test blocks of a length equivalent to a length of a sub-key. The sender system utilizes each of the plurality sub-keys for encrypting a corresponding test block along with one unique point of the secret polynomial.

Abstract: An apparatus, computer program, and method are afforded for providing a peer-to-peer security protocol. In operation, a message is identified that is directed from a first peer device to a second peer device. Further, the message is copied, so that a copy of the message is caused to be sent to an auditing server.

Abstract: A system, method, and computer program product are provided for peer-to-peer event ordering using a two part event identifier. In use, a peer-to-peer communication channel is established by a first peer device with a second peer device. A current event identifier is initialized at the first peer device, and the second peer device initializes a different current event identifier at the second peer device. A plurality of events are communicated between the first peer device and the second peer device, where the events are each configured to include an event identifier that is the current event identifier of a sender of the event, and where the current event identifier includes two portions that are updated differently when sending and receiving events. Further, the events are ordered by the first peer device, using the event identifier included with each of the events.

Abstract: A system, method, and computer program product are provided for multi-layer encryption of an efficient broadcast message. In use, a message is identified that includes data to be broadcasted to a plurality of recipients as well as identifiers of the plurality of recipients. The message is encrypted using a first encryption process to form a first header portion and a first data portion. Additionally, the message with the first data portion is encrypted using a second encryption process to form a second header portion and a second data portion. Further, the first header portion is encrypted using a third encryption process to form a third header portion. A multi-layer efficient broadcast message is then formed for broadcasting the data to the plurality of recipients, the multi-layer efficient broadcast message including the second header portion, the third header portion, and the second data portion.

Abstract: A communication system is provided for enabling secure communications between at least a sender communication device and at least a recipient communication device or point-of-presence, wherein the then current recipient communication device(s) or point(s)-of-presence for the recipient(s) can vary over time. The communication system includes a network server component configured to maintain a current set of identification information elements for communicating with communication device(s) or points-of-presence associated with the one or more recipients; and if applicable provide up to date one or more identifiers or identification information elements for the one or more recipients to a sender communication device thereby prompting the sender communication device to send the secure communication based on the updated one or more identifiers or identification information elements.

Abstract: A system, method, and computer program product are provided for peer-to-peer event ordering using a two part event identifier. In use, a peer-to-peer communication channel is established by a first peer device with a second peer device. A current event identifier is initialized at the first peer device, and the second peer device initializes a different current event identifier at the second peer device. A plurality of events are communicated between the first peer device and the second peer device, where the events are each configured to include an event identifier that is the current event identifier of a sender of the event, and where the current event identifier includes two portions that are updated differently when sending and receiving events. Further, the events are ordered by the first peer device, using the event identifier included with each of the events.

Abstract: A system, method, and computer program product are provided for end-to-end security of centrally accessible group membership information. In use, membership information defining a user group in a messaging system is accessed from a central server, where the membership information includes (1) at least one change to members of the user group, and (2) for each change of the at least one change, a digital signature of a user that made the change. Additionally, a verification process on the membership information is performed, including: for each change of the at least one change, verifying the digital signature of the user that made the change. Further, members of the user group are determined, as a result of the verification process, and at least one action is performed in association with the members of the user group.

Abstract: A system, method, and computer program product are provided for multi-layer encryption of an efficient broadcast message. In use, a message is identified that includes data to be broadcasted to a plurality of recipients as well as identifiers of the plurality of recipients. The message is encrypted using a first encryption process to form a first header portion and a first data portion. Additionally, the message with the first data portion is encrypted using a second encryption process to form a second header portion and a second data portion. Further, the first header portion is encrypted using a third encryption process to form a third header portion. A multi-layer efficient broadcast message is then formed for broadcasting the data to the plurality of recipients, the multi-layer efficient broadcast message including the second header portion, the third header portion, and the second data portion.

Abstract: An apparatus, computer program, and method are provided for securely broadcasting a message to a plurality of recipient devices. In operation, a message is identified, and the message is encrypted utilizing a first key. A message authentication code (MAC) is generated utilizing a second key that is mathematically coupled to the first key (that is utilized to encrypt the message). The encrypted message is caused to be broadcasted to a plurality of recipient devices, utilizing the MAC.

Abstract: A communication system is provided for enabling secure communications between at least a sender communication device and at least a recipient communication device or point-of-presence, wherein the then current recipient communication device(s) or point(s)-of-presence for the recipient(s) can vary over time. The communication system includes a network server component configured to maintain a current set of identification information elements for communicating with communication device(s) or points-of-presence associated with the one or more recipients; and if applicable provide up to date one or more identifiers or identification information elements for the one or more recipients to a sender communication device thereby prompting the sender communication device to send the secure communication based on the updated one or more identifiers or identification information elements.

Abstract: An apparatus, computer program, and method are afforded for providing a peer-to-peer security protocol. In operation, a message is identified that is directed from a first peer device to a second peer device. Further, the message is copied, so that a copy of the message is caused to be sent to an auditing server.

Abstract: A method can output content of interest of a structured electronic document from a computer or distributed computer system having a processor and memory. The method includes loading a common expression and a data structure definition into memory, the common expression identifying a content element in a first structured electronic document, the data structure definition defined according to the common expression; creating in memory an instance of a data structure defined by the data structure definition; applying with the processor the common expression to a second structured electronic document to extract a content element from the second structured electronic document; storing the extracted content element in the instance of the data structure; and populating a template structured electronic document using the instance of the data structure to produce an output structured electronic document.

Abstract: An electronic device includes multiple applications that can access a smart card or other security apparatus. A first application that is to use the security apparatus prompts a user for a security string such as a PIN or password. Upon receipt of the PIN or password, the first application unlocks the security apparatus for use. Additionally, the first application receives a token from a security service that interfaces with the security apparatus. The token can be shared by the first application with other applications. For example, the first application can share the token with other trusted applications. The other applications that receive the token can refrain from issuing a prompt for a security string and receiving a response from the user. The token can be used instead of the security string to obtain access to the security apparatus.

Abstract: In some aspects, a first device detects information encoded in a wireless authenticator device based on a wireless interaction between the first device and the wireless authenticator device. The first device detects the information while securing resources on the first device according to a first security mode. Based on the detected information, the first device selects a second security mode associated with the wireless authenticator device. The first device then applies the selected second security mode. The selected second security mode is one of multiple distinct security modes. Each of the multiple distinct security modes is associated with a respective one of multiple wireless authenticator devices and defines accessibility attributes of the resources on the first device.

Abstract: Often, for reasons of wireless bandwidth conservation, incomplete messages are provided to wireless messaging devices. Employing cryptography, for secrecy or authentication purposes, when including a received message that has been incompletely received can lead to lack of context on the receiver's end. By automatically obtaining the entirety of the message to be included, an outgoing message that includes the received message can be processed in a manner that securely and accurately represents the intended outgoing message. Alternatively, a server can assemble a composite message from a new message and an original message and, in cooperation with a wireless messaging device, encrypt and sign the composite message. Conveniently, security considerations are maintained even in view of bandwidth optimization measures.

Abstract: Methods and devices for storing sent message data are described. The sent message data corresponds to a message sent to a destination by a communication device via a server. The method includes compiling a first portion of the message which has a plurality of components; applying security encoding to the first portion; and storing the first portion. The first portion includes at least one but not all of the plurality of components in the message, and pointers to the components not included in the first portion. A method of verifying sent message data on a communication device is also described.

Abstract: A system and method for controlling access to a secure resource in a device are disclosed. In some embodiments, the device may include a processor capable of receiving a first request from a first application of a plurality of applications executable by the processor, where the first request requests access to the secure resource, and the first request identifies the plurality of applications. In response to the first request, the processor is capable of generating a ticket associated with the secure resource and with each of the plurality of applications, and then storing the ticket in a memory. After receiving a second request from a second application requesting access to the secure resource, the processor is capable of granting the second application access to the secure resource, if the ticket associated with the secure resource exists and if the ticket is associated with the second application.