Abstract: One embodiment provides a method, including: receiving, at a server from a device, a request for device authentication across an unsecure network, the request including a device registration token; generating, at the server, a shared registration key utilizing the device registration token; verifying, at the server, the device registration token by comparing the device registration token to a function of the shared registration key; and producing, at the server and responsive to verifying the device registration token, a one-time activation token and sending the one-time activation token to the device. Other aspects are described and claimed.

Abstract: Systems and methods for managing access to data based on a geographic location requirement are disclosed herein. According to an aspect, a system includes a first computing device comprising a data storage manager configured to manage access to stored data based on one or more predetermined rule(s) that specifies geographic location requirement(s) for permissible access to the stored data. The manager is also configured to receive, from a second computing device, a request to access the data. Further, the manager is configured to determine a geographic location of the second computing device, determine whether the geographic location of the second computing device meets the geographic location requirement(s), and permit or deny access to the stored data by the second computing device in response to determining that the geographic location of the second computing device meets the geographic location requirement(s).

Abstract: One or more device(s) is identified for which ownership of the device(s) is to be transferred from an identified transferor system to an identified transferee system. An ephemeral device transfer token is generated for the transferor using an elliptic-curve Diffie-Hellman cryptographic function, wherein the ephemeral device transfer token is only valid over a limited period of time to authorize a transfer of ownership of the device from the transferor to the transferee. The transferor then delivers the ephemeral device transfer token to the transferee. A device ownership record may be modified to transfer ownership of the device from the transferor to the transferee in response to receiving the ephemeral device transfer token from the transferee during the limited time period.

Abstract: A method for performing a blockchain operation includes receiving an indication of a number of a plurality of endpoints in a processing network. The method further includes assigning nonce offsets to each endpoint of the plurality of endpoints and assigning communication randomization windows to each endpoint of the plurality of endpoints. The communication randomization windows stagger communication windows of the endpoints to a head-end. Additionally, the method includes sending a message to each of the endpoints indicating an operation to perform and an expected result. Further, the method includes receiving a success indication from a first endpoint of the plurality of endpoints. The success indication including a nonce match value from the nonce offset of the first endpoint. Furthermore, the method includes verifying a nonce match value with the expected result.

Abstract: One embodiment provides a method, including: receiving, at a remote device and from a user, a request to generate a one-time password for accessing a default account of a device, wherein the remote device comprises a device public key corresponding to the device and an account public/private key pair corresponding to the default account; generating, at the remote device, the one-time password utilizing the account private key and the device public key; and providing, from the remote device, the one-time password to the user. Other aspects are described and claimed.

Abstract: One or more device(s) is identified for which ownership of the device(s) is to be transferred from an identified transferor system to an identified transferee system. An ephemeral device transfer token is generated for the transferor using an elliptic-curve Diffie-Hellman cryptographic function, wherein the ephemeral device transfer token is only valid over a limited period of time to authorize a transfer of ownership of the device from the transferor to the transferee. The transferor then delivers the ephemeral device transfer token to the transferee. A device ownership record may be modified to transfer ownership of the device from the transferor to the transferee in response to receiving the ephemeral device transfer token from the transferee during the limited time period.

Abstract: One embodiment provides a method, including: receiving, at a remote device and from a user, a request to generate a one-time password for accessing a default account of a device, wherein the remote device comprises a device public key corresponding to the device and an account public/private key pair corresponding to the default account; generating, at the remote device, the one-time password utilizing the account private key and the device public key; and providing, from the remote device, the one-time password to the user. Other aspects are described and claimed.

Abstract: One embodiment provides a method, including: receiving, at a server from a device, a request for device authentication across an unsecure network, wherein the request comprises a device registration token; generating, at the server, a shared registration key utilizing the device registration token; verifying, at the server, the device registration token by comparing the device registration token to a function of the shared registration key; and producing and sending, at the server and responsive to verifying the device registration token, a one-time activation token to the device. Other aspects are described and claimed.

Abstract: A method for performing a blockchain operation includes receiving an indication of a number of a plurality of endpoints in a processing network. The method further includes assigning nonce offsets to each endpoint of the plurality of endpoints and assigning communication randomization windows to each endpoint of the plurality of endpoints. The communication randomization windows stagger communication windows of the endpoints to a head-end. Additionally, the method includes sending a message to each of the endpoints indicating an operation to perform and an expected result. Further, the method includes receiving a success indication from a first endpoint of the plurality of endpoints. The success indication including a nonce match value from the nonce offset of the first endpoint. Furthermore, the method includes verifying a nonce match value with the expected result.

Abstract: Systems and methods are provided for generating subsequent encryption keys by a client device as one of a plurality of client devices across a network. Each client device is provided with the same key generation information and the same key setup information from an authentication server. Each client device maintains and stores its own key generation information and key setup information. Using its own information, each client device generates subsequent encryption keys that are common or the same across devices. These subsequent encryption keys are generated and maintained the same across devices without any further instruction or information from the authentication server or any other client device. Additionally, client devices can recover the current encryption key by synchronizing information with another client device.

Abstract: Systems and methods are provided for generating subsequent encryption keys by a client device as one of a plurality of client devices across a network. Each client device is provided with the same key generation information and the same key setup information from an authentication server. Each client device maintains and stores its own key generation information and key setup information. Using its own information, each client device generates subsequent encryption keys that are common or the same across devices. These subsequent encryption keys are generated and maintained the same across devices without any further instruction or information from the authentication server or any other client device. Additionally, client devices can recover the current encryption key by synchronizing information with another client device.

Abstract: Systems and methods for detecting intrusion into a data network are disclosed. Such intrusion can be detected, for example, by providing at least two network devices in a data network. Each of the network devices has a decoy cryptographic key that is used to detect unauthorized data and an authentic cryptographic key that is used to encrypt authorized data. The first network device receives data from the second network device that is encrypted using the decoy cryptographic key. The first network device determines that the data is encrypted using the decoy cryptographic key. The first network device deletes or otherwise discards the data encrypted using the decoy cryptographic key. The first network device can generate an alert message instructing other network devices that the second network device is generating the unauthorized data. The alert message also instructs the other network devices to ignore data originating from the second network device.

Abstract: Systems and methods for detecting intrusion into a data network are disclosed. Such intrusion can be detected, for example, by providing at least two network devices in a data network. Each of the network devices has a decoy cryptographic key that is used to detect unauthorized data and an authentic cryptographic key that is used to encrypt authorized data. The first network device receives data from the second network device that is encrypted using the decoy cryptographic key. The first network device determines that the data is encrypted using the decoy cryptographic key. The first network device deletes or otherwise discards the data encrypted using the decoy cryptographic key. The first network device can generate an alert message instructing other network devices that the second network device is generating the unauthorized data. The alert message also instructs the other network devices to ignore data originating from the second network device.