Abstract: Described herein are technologies for application authentication and/or data encryption without stored pre-shared keys. In one resource controller, a processing device receives an application identifier (ID) from the application. The processing device provides a current nonce responsive to the application ID and provides the application access to the system resource responsive to determining that a hash of a current key received from the application equals a current tag. The current key is generated by the application based on code of the application and the current nonce. The current tag was previously provided from the application to the resource controller. The current tag can also be hashed by the application using the current key.

Abstract: Aspects of the present disclosure involve a method, a system and a computer readable memory to perform a secure update of a target device, including communicating an update instruction to the target device, generating one or more data values using the update instruction, generating a first authentication value using the data value(s), receiving a second authentication value from the target device, wherein the second authentication value is generated by the target device in response to the update instruction, and determining whether the secure update has been successful based on a comparison of the first authentication value and the second authentication value.

Abstract: A request, from a tester device, to generate a secure data asset to be securely provisioned to a target device is received by an appliance cluster. The request includes an authorization token. Responsive to receiving the request, one or more verification operations to determine whether the tester device is authorized to request the generation of the secure data asset is performed based on the authorization token. Responsive to determining that the tester device is authorized to request the generation of the secure data asset, a generation of the secure data asset by a hardware security module (HSM) is caused. The generated secure data asset is sent to the tester device in response to the request to generate the secure data asset.

Abstract: An application executing at a first platform receives, from a tester device, a first request to generate a secure data asset to be securely provisioned to a target device. Responsive to receiving the first request, the application performs one or more operations related to the generation of the secure data asset. Subsequent to performing the one or more operations related to the generation of the secure data asset, the application sends, to a second secure platform, a second request to generate the secure data asset. The application receives, from the second secure platform, the generated secure data asset.

Abstract: Pairing data associated with a second device may be received at a first device. The pairing data may be received from a server. A first authentication proof may be generated based on the pairing data received from the server. A second authentication proof may be received from the second device. Furthermore, an authentication status of the second device may be updated based on a comparison of the first authentication proof that is based on the pairing data received from the server and the second authentication proof that is received from the second device.

Abstract: Described herein are technologies for application authentication and/or data encryption without stored pre-shared keys. In one resource controller, a processing device receives an application identifier (ID) from the application. The processing device provides a current nonce responsive to the application ID and provides the application access to the system resource responsive to determining that a hash of a current key received from the application equals a current tag. The current key is generated by the application based on code of the application and the current nonce. The current tag was previously provided from the application to the resource controller. The current tag can also be hashed by the application using the current key.

Abstract: Pairing data associated with a second device may be received at a first device. The pairing data may be received from a server. A first authentication proof may be generated based on the pairing data received from the server. A second authentication proof may be received from the second device. Furthermore, an authentication status of the second device may be updated based on a comparison of the first authentication proof that is based on the pairing data received from the server and the second authentication proof that is received from the second device.

Abstract: Pairing data associated with a second device may be received at a first device. The pairing data may be received from a server. A first authentication proof may be generated based on the pairing data received from the server. A second authentication proof may be received from the second device. Furthermore, an authentication status of the second device may be updated based on a comparison of the first authentication proof that is based on the pairing data received from the server and the second authentication proof that is received from the second device.

Abstract: Pairing data associated with a second device may be received at a first device. The pairing data may be received from a server. A first authentication proof may be generated based on the pairing data received from the server. A second authentication proof may be received from the second device. Furthermore, an authentication status of the second device may be updated based on a comparison of the first authentication proof that is based on the pairing data received from the server and the second authentication proof that is received from the second device.

Abstract: Pairing data associated with a second device may be received at a first device. The pairing data may be received from a server. A first authentication proof may be generated based on the pairing data received from the server. A second authentication proof may be received from the second device. Furthermore, an authentication status of the second device may be updated based on a comparison of the first authentication proof that is based on the pairing data received from the server and the second authentication proof that is received from the second device.

Abstract: Pairing data associated with a second device may be received at a first device. The pairing data may be received from a server. A first authentication proof may be generated based on the pairing data received from the server. A second authentication proof may be received from the second device. Furthermore, an authentication status of the second device may be updated based on a comparison of the first authentication proof that is based on the pairing data received from the server and the second authentication proof that is received from the second device.