Abstract: A silo system process includes providing a partner with a digitally-signed CKM authorization key by an issuer, thereby allowing the partner to create a silo of an agreed size on a storage medium. The owner of the storage medium provides a personal card for provisioning. The partner creates a silo on the personal card. The partner instantiates a silo and provisions the silo with partner-specific CKM keys. The partner notifies the issuer by that the silo has been created, thereby allowing the issuer to track creation of silos on each card for card management and billing purposes. The partner manages the silo by using the partner-specific keys.

Abstract: A method of generating a constructive channel key includes providing an issuer with a card public key as the keying part of a CKM credential. An ephemeral key pair is computed by the issuer using pre-established enterprise domain parameters. A shared value for the ephemeral private key and the card public key is computed using D-H key agreement. The ephemeral private key is destroyed. The shared value is combined with a static key value. The static key value is split into four blocks. The first block is truncated to be used for a session encryption key. The second block is truncated to be used for a session MAC key. The third block is truncated to be used for a session key encryption key. The fourth block is truncated to be used for an initial IVEC.

Abstract: A method of authenticating a user to use a system includes using a provider token to generate a random value. The token generates a derived key based at least in part on a token-provided salt value and a user-provided password. The provider generates a token unlock key based at least in part on the derived key and sends it to the token. First and second challenge data instances are generated by the provider and the token, respectively, and the process is terminated if the challenge data instances are determined not to match. If the challenge data instances are determined to match, then an encrypted data transfer system is established between the token and the provider, and the token unlocks locked private data stored on the token. The user is authenticated for secured use of the system based at least in part on the unlocked private data.

Abstract: A method of providing object security includes selecting an object to secure, selecting at least one criterion for authorization to access the object, generating an authorization profile based on the at least one criterion, generating an encryption key, binding the authorization profile to at least one of the object and the key, and encrypting the object with the encryption key.

Abstract: A method of authenticating a user to use a system includes using a provider token to generate a random value. The token generates a derived key based at least in part on a token-provided salt value and a user-provided password. The provider generates a token unlock key based at least in part on the derived key and sends it to the token. First and second challenge data instances are generated by the provider and the token, respectively, and the process is terminated if the challenge data instances are determined not to match. If the challenge data instances are determined to match, then an encrypted data transfer system is established between the token and the provider, and the token unlocks locked private data stored on the token. The user is authenticated for secured use of the system based at least in part on the unlocked private data.

Abstract: An integrated automotive repair shop network is designed to greatly enhance the efficiency and quality of diagnostic and repair work performed in an automotive repair shop. The network employs a data entry terminal for the entry of routine customer information into a shop management system, including the identification of the vehicle to undergo diagnosis or repair. The shop management system is configured to generate an appropriate repair order. Computerized diagnostic and repair devices linked through the network to the shop management system are configured to access the customer information contained in the repair orders, as well as to extract relevant technical specifications, service bulletins, parts listings, and prior services records from interconnected information databases.