Abstract: A system, method, and computer program product are provided for implementing hardware backed symmetric operations for password based authentication. In operation, a system receives a request to access software utilizing password-based authentication. Further, the system receives a password for the password-based authentication. The system computes a hash utilizing the password and a hardware-based authenticator associated with hardware of the system utilizing hardware backed symmetric encryption. Moreover, the system verifies that the hash computed utilizing the password and the hardware-based authenticator is correct for accessing the software.

Abstract: A system, method, and computer program product are provided for performing hardware-backed password-based authentication. In operation, a system receives a request to access software utilizing password-based authentication. Further, the system receives a password for the password-based authentication. The system computes a hash utilizing the password and a hardware-based authenticator associated with hardware of the system. Moreover, the system verifies that the hash computed utilizing the password and the hardware-based authenticator is correct for accessing the software.

Abstract: A system, method, and computer program product are provided for implementing hardware backed symmetric operations for password based authentication. In operation, a system receives a request to access software utilizing password-based authentication. Further, the system receives a password for the password-based authentication. The system computes a hash utilizing the password and a hardware-based authenticator associated with hardware of the system utilizing hardware backed symmetric encryption. Moreover, the system verifies that the hash computed utilizing the password and the hardware-based authenticator is correct for accessing the software.

Abstract: A system, method, and computer program product are provided for implementing hardware backed symmetric operations for password based authentication. In operation, a system receives a request to access software utilizing password-based authentication. Further, the system receives a password for the password-based authentication. The system computes a hash utilizing the password and a hardware-based authenticator associated with hardware of the system utilizing hardware backed symmetric encryption. Moreover, the system verifies that the hash computed utilizing the password and the hardware-based authenticator is correct for accessing the software.

Abstract: A system, method, and computer program product are provided for sensitive data recovery in high security systems. In operation, a client device receives a request by a user to initiate a data recovery process to recover data that is encrypted. The client device generates a new data recovery request key pair. The client device creates a data recovery request that includes a data recovery request public key. The client device signs the data recovery request using an identity private key that is associated with a certificate issued by a certification authority (CA). The client device sends the data recovery request to a server system storing the data. The server system accesses an offline data recovery subsystem (ODRS) storing a data recovery key pair to authenticate the user. The ODRS generates and stores a secret data recovery code. The client device receives the secret data recovery code that was communicated to the user.

Abstract: A system, method, and computer program product are provided for end-to-end security of centrally accessible group membership information. In use, membership information defining a user group in a messaging system is accessed from a central server, where the membership information includes (1) at least one change to members of the user group, and (2) for each change of the at least one change, a digital signature of a user that made the change. Additionally, a verification process on the membership information is performed, including: for each change of the at least one change, verifying the digital signature of the user that made the change. Further, members of the user group are determined, as a result of the verification process, and at least one action is performed in association with the members of the user group.

Abstract: A system, method, and computer program product are provided for performing hardware-backed password-based authentication. In operation, a system receives a request to access software utilizing password-based authentication. Further, the system receives a password for the password-based authentication. The system computes a hash utilizing the password and a hardware-based authenticator associated with hardware of the system. Moreover, the system verifies that the hash computed utilizing the password and the hardware-based authenticator is correct for accessing the software.

Abstract: A system, method, and computer program product are provided for sensitive data recovery in high security systems. In operation, a client device receives a request by a user to initiate a data recovery process to recover data that is encrypted. The client device generates a new data recovery request key pair. The client device creates a data recovery request that includes a data recovery request public key. The client device signs the data recovery request using an identity private key that is associated with a certificate issued by a certification authority (CA). The client device sends the data recovery request to a server system storing the data. The server system accesses an offline data recovery subsystem (ODRS) storing a data recovery key pair to authenticate the user. The ODRS generates and stores a secret data recovery code. The client device receives the secret data recovery code that was communicated to the user.

Abstract: A system, method, and computer program product are provided for implementing hardware backed symmetric operations for password based authentication. In operation, a system receives a request to access software utilizing password-based authentication. Further, the system receives a password for the password-based authentication. The system computes a hash utilizing the password and a hardware-based authenticator associated with hardware of the system utilizing hardware backed symmetric encryption. Moreover, the system verifies that the hash computed utilizing the password and the hardware-based authenticator is correct for accessing the software.

Abstract: An apparatus, computer program, and method are afforded for providing a peer-to-peer security protocol. In operation, a message is identified that is directed from a first peer device to a second peer device. Further, the message is copied, so that a copy of the message is caused to be sent to an auditing server.

Abstract: A system, method, and computer program product are provided for peer-to-peer event ordering using a two part event identifier. In use, a peer-to-peer communication channel is established by a first peer device with a second peer device. A current event identifier is initialized at the first peer device, and the second peer device initializes a different current event identifier at the second peer device. A plurality of events are communicated between the first peer device and the second peer device, where the events are each configured to include an event identifier that is the current event identifier of a sender of the event, and where the current event identifier includes two portions that are updated differently when sending and receiving events. Further, the events are ordered by the first peer device, using the event identifier included with each of the events.

Abstract: A communication system is provided for enabling secure communications between at least a sender communication device and at least a recipient communication device or point-of-presence, wherein the then current recipient communication device(s) or point(s)-of-presence for the recipient(s) can vary over time. The communication system includes a network server component configured to maintain a current set of identification information elements for communicating with communication device(s) or points-of-presence associated with the one or more recipients; and if applicable provide up to date one or more identifiers or identification information elements for the one or more recipients to a sender communication device thereby prompting the sender communication device to send the secure communication based on the updated one or more identifiers or identification information elements.

Abstract: A system, method, and computer program product are provided for peer-to-peer event ordering using a two part event identifier. In use, a peer-to-peer communication channel is established by a first peer device with a second peer device. A current event identifier is initialized at the first peer device, and the second peer device initializes a different current event identifier at the second peer device. A plurality of events are communicated between the first peer device and the second peer device, where the events are each configured to include an event identifier that is the current event identifier of a sender of the event, and where the current event identifier includes two portions that are updated differently when sending and receiving events. Further, the events are ordered by the first peer device, using the event identifier included with each of the events.

Abstract: A system, method, and computer program product are provided for end-to-end security of centrally accessible group membership information. In use, membership information defining a user group in a messaging system is accessed from a central server, where the membership information includes (1) at least one change to members of the user group, and (2) for each change of the at least one change, a digital signature of a user that made the change. Additionally, a verification process on the membership information is performed, including: for each change of the at least one change, verifying the digital signature of the user that made the change. Further, members of the user group are determined, as a result of the verification process, and at least one action is performed in association with the members of the user group.

Abstract: An apparatus, computer program, and method are provided for securely broadcasting a message to a plurality of recipient devices. In operation, a message is identified, and the message is encrypted utilizing a first key. A message authentication code (MAC) is generated utilizing a second key that is mathematically coupled to the first key (that is utilized to encrypt the message). The encrypted message is caused to be broadcasted to a plurality of recipient devices, utilizing the MAC.

Abstract: An apparatus, computer program, and method are afforded for providing a peer-to-peer security protocol. In operation, a message is identified that is directed from a first peer device to a second peer device. Further, the message is copied, so that a copy of the message is caused to be sent to an auditing server.

Abstract: A communication system is provided for enabling secure communications between at least a sender communication device and at least a recipient communication device or point-of-presence, wherein the then current recipient communication device(s) or point(s)-of-presence for the recipient(s) can vary over time. The communication system includes a network server component configured to maintain a current set of identification information elements for communicating with communication device(s) or points-of-presence associated with the one or more recipients; and if applicable provide up to date one or more identifiers or identification information elements for the one or more recipients to a sender communication device thereby prompting the sender communication device to send the secure communication based on the updated one or more identifiers or identification information elements.

Abstract: A client application, when executed by a processor, is operative to create a HyperText Transfer Protocol (HTTP) request containing a target header that includes a confidential value. The HTTP request is to be sent over a Secure Sockets Layer (SSL) 3.0 connection or a Transport Layer Security (TLS) 1.0 connection to a web server. The client application implements at its HTTP layer a countermeasure to a blockwise chosen-boundary attack. The client application generates an additional header having a header name that is not recognizable by the web server and inserts the additional header into the HTTP request ahead of the target header, thus creating a modified HTTP request. The modified HTTP request is to be sent, instead of the unmodified HTTP request, over the SSL 3.0 connection or the TLS 1.0 connection to the web server.

Abstract: A method, performed by a mobile device, for managing electronic tickets, the method comprising receiving an electronic ticket, identifying private information and public information on the ticket, and displaying the ticket on a display of the mobile device to show only the public information of the ticket. A related method entails displaying an electronic ticket, receiving input to provide payment credentials in relation to the electronic ticket, and transmitting the payment credentials via a short-range transceiver on the mobile device.

Abstract: A client application, when executed by a processor, is operative to create a HyperText Transfer Protocol (HTTP) request containing a target header that includes a confidential value. The HTTP request is to be sent over a Secure Sockets Layer (SSL) 3.0 connection or a Transport Layer Security (TLS) 1.0 connection to a web server. The client application implements at its HTTP layer a countermeasure to a blockwise chosen-boundary attack. The client application generates an additional header having a header name that is not recognizable by the web server and inserts the additional header into the HTTP request ahead of the target header, thus creating a modified HTTP request. The modified HTTP request is to be sent, instead of the unmodified HTTP request, over the SSL 3.0 connection or the TLS 1.0 connection to the web server.