Abstract: The method provides an automated and scalable system for the generation, distribution, management of symmetric pre-shared keys (PSKs) to applications executing on headless and mobile devices. It helps achieve device protection, application security, and data protection with data authenticity and confidentiality in intra-device, inter-device, device-to-edge, and device-to-cloud communications. It helps Transport Layer Security (TLS) enabled applications dynamically acquire and renew PSKs and use identity hints for PSK based authentication ceremony during a TLS handshake. It helps client-server applications dynamically acquire and renew PSKs using keyed-hash message authentication code (HMAC) for data integrity and authenticity, content signing, and data encryption for confidentiality. It helps manage and distribute API shared secrets and API access tokens required for authenticated API requests and API security.

Abstract: Consumer Point-of-Sale (POS) systems are becoming a major target for financial data loss within the commerce ecosystem. Privileged information, such as account numbers, card information, and transaction data are the primary targets during these data breaches. This information, while resident on a point-of-sale system, can be in plain text and susceptible to theft. The intent of this document is to present a unique solution that reduces the attack surface for these types of “hacks”, and protects consumer data through specialized cryptographic operations including data level encryption with a cryptographic bitsplitting algorithm. This makes the data useless to those who would take the data unlawfully. The invention allows for the efficient and effective processing of financial data while converting the data to a useless state for those who would obtain it unlawfully.

Abstract: Systems, apparatuses, and methods related to security management for a ferroelectric memory device are described. An example method can include receiving, at a memory controller and from a host, a command and firmware data. The memory controller can manage a non-volatile memory device, such as a ferroelectric memory device, and the host and the memory controller can communicate using a compute express link (CXL) protocol. The command can be executed to update firmware stored on the non-volatile memory device. The method can further include accessing a first public key from the non-volatile memory device. The method can further include validating the first public key with a second public key within the firmware data. The method can further include validating the firmware data. The method can further include verifying a security version of the firmware data. The method can further include updating the non-volatile memory device with the firmware data.

Abstract: A first device may provide a request to establish a secure communication with a second device, and may hide public keys based on a commutative legacy compatible encryption process sharing a modulus and based on quasi-Carmichael numbers larger than the modulus with quadratic residuals. The first device may utilize variable extendable-output function hashing, based on the modulus, with bloom filtering to generate an output that prevents creation of classical rainbow tables, and may utilize a key derivation function to generate a symmetric key based on the output. The first device may establish the secure communication with the second device based on the symmetric key.

Abstract: The disclosed embodiments are generally directed to inline encryption of data at line speed at a chip interposed between two memory components. The inline encryption may be implemented at a System-on-Chip (“SOC” or “SOC”). The memory components may comprise Non-Volatile Memory express (NVMe) and a dynamic random access memory (DRAM). An exemplary device includes an SOC to communicate with a Non-Volatile Memory NVMe circuitry to provide direct memory access (DMA) to an external memory component. The SOC may include: a cryptographic controller circuitry; a cryptographic memory circuitry in communication with the cryptographic controller, the cryptographic memory circuitry configured to store instructions to encrypt or decrypt data transmitted through the SOC; and an encryption engine in communication with the crypto controller circuitry, the encryption engine configured to encrypt or decrypt data according to instructions stored at the crypto memory circuitry. Other embodiments are also disclosed and claimed.

Abstract: A trusted image recognition system and method are disclosed. A target vehicle includes a target vehicle controller configured to generate a first cryptographic key having a first sequence of bits, and a mechanical key display device configured to display a mechanical representation of the first sequence of bits. A host vehicle includes an image sensor configured to capture an image of the mechanical representation of the first sequence of bits, and a host vehicle controller configured to: recognize the mechanical representation of the first sequence of bits in the image; retrieve the first sequence of bits of the first cryptographic key from the image; generate a second cryptographic key having a second sequence of bits; compare the first sequence of bits to the second sequence of bits; and, responsive to the first sequence of bits matching the second sequence of bits, identify the target vehicle as an authenticated target vehicle.

Abstract: A dynamic path verification method based on reorganization of authentication fragments is proposed. The method includes: sending an initial expected path verification structure to a data packet sending end via a guarantee service node, and sending notification information to the respective routing nodes on an initial expected path; after updating the initial expected path to a new expected path, inserting the new expected path verification structure into a subsequent data packet to be sent, verifying the data packet by other nodes except a migration node, and sending the subsequent data packet to be sent to a next hop of routing node; performing the parsing verification on the received data packet by the migration node.

Abstract: A secure computing device includes a secure computing unit configured to execute secure computing on encrypted data obtained by encrypting plaintext represented in a prescribed expression format for stochastic computing in a homomorphic encryption scheme. The secure computing includes a process of acquiring a sum and a process of acquiring a product. The secure computing unit determines a value of each digit of a bit string representing the sum as one of a value of a corresponding digit of a bit string that represents first encrypted data and is represented in the expression format and a value of a corresponding digit of a bit string that represents second encrypted data and is represented in the expression format in the process of acquiring the sum that is a sum of the first encrypted data of the encrypted data and the second encrypted data of the encrypted data.

Abstract: A method for a key management server to manage encryption for data stored by a cloud provider server includes receiving, by the key management server from the cloud provider server, a request for a drop key. The request includes a hash drop identifier that uniquely identifies a cipher drop, and the cipher drop comprises a unit of data stored by the cloud provider server. The method further includes generating the drop key based on at least the hash drop and the drop identifier and encrypting the drop key. A response comprising the encrypted drop key is sent to the cloud provider server.

Abstract: Methods and systems are described for setting up, in one embodiment, a generic streaming media device as a set-top box for a multichannel content provider that provides a content delivery service. The set up process can be performed automatically and as background operations while a user manually sets up the device, in foreground operations, for use with an online streaming media store or source of content. The set up process can use a device token that was previously associated with the multichannel content provider for use with the device during the set up process. The device token can be stored by the developer of the device and sent by the developer to the multichannel content provider during a set up process of the device; the device token can be opaque to the developer but provides information used by the multichannel content provider to set up the device as a set top box.

Abstract: A method for transferring electronic evidence is provided. The law enforcement agencies can make efficient use of social media and other forms of public communications to make a public appeal for information on crimes and other investigations wherein the public appeals allow members of the public to easily submit information and/or media files from smartphones and other computers in a way that allows the submission to be linked to the public appeal (e.g. the specific case file or the attributes of the case file) so that the submission data can be found and accessed by law enforcement investigators.

Abstract: An apparatus comprises a processing device configured to control delivery of input-output operations from a host device to a storage system over selected ones of a plurality of paths through a network. The processing device is further configured to identify whether operational information of the host device corresponding to a given write input-output operation comprises one or more index nodes, and to analyze the one or more index nodes responsive to a positive identification. The processing device is also configured to determine whether one or more portions of data corresponding to the given write input-output operation comprise file data based on the analysis of the one or more index nodes, to encrypt at least part of the file data responsive to an affirmative determination, and to deliver the given write input-output operation comprising the encrypted file data to the storage system.

Abstract: Methods and systems are provided for bitrate adaptation of a video asset to be streamed to a client device for playback. The method includes selecting a representation from a manifest which expresses a set of representations available for each chunk of the video asset and generating a dynamic manifest for the video asset in which the representation selected for the at least one chunk is recommended for streaming to the client device. The selection of the representation recommended for the chunk may be based on at least one of historic viewing behavior of previous viewers of the chunk, content analysis information for the chunk, a level of available network bandwidth, a level of available network storage, and data rate utilization information of network resources including current, average, peak, and minimum data rate of network resources.

Abstract: Systems and methods are described for provisioning access credentials to a mobile device using device and authorization codes. Once provisioned, a mobile device can be used to conduct a transaction.

Abstract: In one embodiment, a sender node in a serial network identifies a message identifier for a packet to be sent by the sender node. The sender node selects a cyclical redundancy check (CRC) initialization vector associated with the message identifier. The sender node generates a CRC value for the packet, based on the selected initialization vector. The sender node sends the packet via the serial network. The sent packet includes the message identifier and the generated CRC value. In turn, a receiver node that receives the packet uses the generated CRC value to authenticate the sender node.

Abstract: Methods, systems and computer program products for improving performance of a cryptographic algorithm are described. First, data to be encrypted/decrypted is provided as input to the system. A primary key, or multiple keys (in case of asymmetric cryptography), is generated for the encryption/decryption process. The primary key consists of metadata as well as key blocks containing secondary keys. The metadata contains information explaining how the data will be handled from algorithmic structure to the base cryptographic scheme to be used. Further, the data is split and processed via relevant portions of the key blocks. Finally, the completed encrypted/decrypted data segments are combined in order to complete the process. The used process ensures higher performance as well as higher algorithmic entropy than comparable methods in literature or on the market.

Abstract: The described technology is generally directed towards generating shared authentication keys using network connection characteristics. According to an embodiment, a system can comprise a processor and a memory that can store executable instructions that, when executed by the processor, facilitate performance of operations. The operations can comprise generating a first authenticator based on a first authentication key generated based on a first connection characteristic of the first device and a second connection characteristic of a second device. The operations can further comprise incorporating the first authenticator into first content for authentication by the second device employing a second authentication key, generated by the second device based on the first connection characteristic and the second connection characteristic. The operations can further comprise establishing, based on the first content, a connection with the second device.

Abstract: Method, device and computer program product for managing a plurality of encryption keys using a keystore seed that defines a seed bit set. A key management process defines a key mapping between the seed bit set and the plurality of encryption keys. The key management process enables each encryption key to be generated from the seed bit set using a corresponding keying material value and the key mapping. The key mapping specifies that an encryption key is generated by partitioning the seed bit set into a plurality of seed bit partitions, determining a keying value from the keying material value, determining a key sequence using the plurality of seed bit partitions and the keying value, and determining the encryption key from the key sequence. Management of a large number of encryption keys can be simplified through indirect management via the keystore seed and the key management process.

Abstract: A method for securing communications for a given network topology is provided. The method comprises generating by a node N(i) of the network, security parameters for the node N(i); transmitting by the node N(i), said security parameters to a controller for the network; maintaining by the controller said security parameters for the node N(i); receiving by the controller a request from a node N(j) for the security parameters for the node N(i); retrieving by the controller the security parameters for the node N(i); and transmitting by the controller said security parameters to the node N(j).

Abstract: This numerical splitting device: acquires a numerical value w and a parameter p; generates a first random number r1 and a second random number r2; computes a third random number r3 based on the numerical value w, parameter p, first random number r1, and second random number r2 according to an expression, r3=w?r1-r2 mod p; computes first to third segments s1, s2, s3 based on the first to third random numbers r1, r2, r3 and the parameter p according to expressions, s1=r1+r2 mod p, s2=r2+r3 mod p, and s3=r3+r1 mod p; and transmits a pair of the first segment s1 and the second random number r2, a pair of the second segment s2 and the third random number r3, and a pair of the third segment s3 and the first random number r1 to first to third secure computation devices, respectively.

Abstract: Two different user spaces can be mapped to each other based on one or more categories of information that are common to both. The mapping is based on hash values generated by applying the same hash function to the same information of the categories of information that identifies users in each user space.

Abstract: A method for generating a random number, applied in a random number generator coupled to a flash memory is disclosed. the method comprises: selecting a plurality of cells from the flash memory; initializing the selecting cells of the flash memory; programming the selecting cells to obtain a plurality of first potential values of the selecting cells; re-initializing the selecting cells of the flash memory; re-programming the selecting cells to obtain a plurality of second potential values of the selecting cells; and processing the first potential values and the second potential values according to a predetermined algorithm to generating the random number.

Abstract: Method and devices for wirelessly transmitting data packets in a meter reading system, wherein the method comprises generating at the meter device, a first data packet including payload data and a first message authentication code computed based the payload data and associated meter data stored in a memory of the meter device, transmitting the first data packet from the meter device to the receiver, and performing a primary authentication check of the first data packet and verifying the associated meter data at the receiver by recalculating the first message authentication code using the received payload data and current associated meter data stored in a memory of the receiver, as input.

Abstract: A method and system that enables a data owner to write data in an encrypted manner to an immutable ledger, and yet still be able to grant read access to specific data elements, as they were written at particular moments in time, to a requesting party. Examples therefore provide a process for encryption of data onto an immutable ledger in a time indexed manner, together with a process by which a third party can request access to the data stored in the immutable ledger from the data owner, and the data owner can provide them with certain decryption keys that allow the third party to read the data directly from the immutable ledger, again based on time-indexed queries. The data the third party can read is restricted to specific elements only of the data written, and further restricted to within a time range or to a specific point in time.

Abstract: Methods and systems for implementing DevID enrollment for hardware redundant Trust Platform Modules (TPMs), are described. A system can include hardware redundancy for management modules, and for TPMs that correspond to each management module. Accordingly, a product can have a dual-TPM configuration, where both modules are associated with the same product. Further, a process that particularly considers the presence of dual-TPMs for creating, issuing, and enrolling DevID certificates is described. The process issues and maintains DevID certificates for each TPM by synchronizing dual sessions that correspond to each TPM. Also, the process accounts for duplicate identification data, for example allowing the certificate authority (CA) to sign certificates for dual-TPMs linked to the same chassis number. The process can include performing validation checks, rendezvous points, and locks to ensure that DevID certificates are successfully issued for each of the dual-TPMs, respectively.

Abstract: An electronic control apparatus includes: an obtaining unit configured to obtain data transmitted via a network in a system; and a judging unit configured to judge presence or absence of an anomaly in the data obtained by the obtaining unit, based on a transmission state of the data. The judging unit is configured to judge that an anomaly is present in the data, when the transmission state of the data is a transmission stopped state.

Abstract: A searchable symmetric encryption (SSE) system and method of processing inverted index is provided. The SSE system includes genKey, buildSecureIndex, genToken, and search operations. A compress X is integrated into at least one of the buildSecureIndex and search operations. The compress then X takes each entry of an encrypted index, compresses entry of the encrypted index into a compressed entry, and then processes the compressed entry with a function. The function comprises a linked list function and on array function. The search operation decompresses the processed entry and output the decompressed entry. The SSE comprises a client device and a server. The genKey, buildSecureIndex, and genToken operations are integrated into the client device and the search operation is integrated into the server.

Abstract: According to the chaotic communication method and system based on complex modified projective difference function synchronization provided in the present invention, when a chaotic signal has a relatively small amplitude, the amplitude of the chaotic signal can be adjusted by adjusting a proportional matrix, so as to mask plaintext better. Moreover, a robust controller is designed according to a filtered signal and a second coupling function, to ensure complex modified projective difference function synchronization, and such synchronization allows the bit error rate to be zero theoretically.

Abstract: A vehicular system includes a first electronic control device that manages an encryption key, and a second electronic control device that uses the encryption key. The first electronic control device is configured to create the encryption key in response to that an owner of a vehicle has changed, and output the encryption key to the second electronic control device. The second electronic control device is configured to store a first encryption key and a third encryption key, receive a second encryption key, switch the encryption key being used, and update the first encryption key to the second encryption key.

Abstract: Disclosed systems and methods implement a tracking system that tracks accesses to a TPM-secured key. In embodiments, the key may be encrypted using an encryption key, which is sealed using the TPM. A first value indicating an initial access state of the key is stored in a PCR of the TPM, and the encryption key is sealed against the PCR, so that it can be unsealed when contents of PCR match a next value derived from the first value. When the key is accessed, contents of the PCR is verified against an expected access state. If successfully verified, the PCR is extended hold the next value, the encryption key is unsealed, and the key decrypted. With each access, the encryption key is repeatedly resealed against the successive states stored in PCR. In this manner, the PCR may be used to track accesses and detect unauthorized accesses to the key.

Abstract: A method for generating payment credentials in a payment transaction includes: storing, in a memory, at least a single use key associated with a transaction account; receiving, by a receiving device, a personal identification number; identifying, by a processing device, a first session key; generating, by the processing device, a second session key based on at least the stored single use key and the received personal identification number; generating, by the processing device, a first application cryptogram based on at least the first session key; generating, by the processing device, a second application cryptogram based on at least the second session key; and transmitting, by a transmitting device, at least the first application cryptogram and second application cryptogram for use in a payment transaction.

Abstract: Provided are a computer program product, system, and method embodiments for reverting from a new security association to a previous security association in response to an error during a rekey operation. The responder maintains a first security association with the initiator having a first key to use to encrypt and decrypt messages transmitted with the initiator. The responder receives a message from the initiator for a rekey operation to establish a second security association with the initiator using a second key. The responder queues Input/Output (I/O) for transmission using the second key after completing the rekey operation. After activating the second security association, the responder receives a revert message from the initiator to revert back to using the first security association and first key in response to a failure of the rekey operation.

Abstract: Systems and methods for performing cryptographic data processing operations employing non-linear share encoding for protecting from external monitoring attacks. An example method includes: receiving a plurality of shares representing a secret value employed in a cryptographic operation, such that the plurality of shares includes a first share represented by an un-encoded form and a second share represented by an encoded form; producing a transformed form of the second share; and performing the cryptographic operation using the transformed form of the second share.

Abstract: The present invention provides a method and a device for generating an HD wallet name card and a method and a device for generating an HD wallet trusted address. The method for generating the HD wallet name card comprises: first signature information is obtained by digitally signing first user information with a first private key; second signature information is obtained by digitally signing second user information with a first trusted private key; and the first user information, the second user information, the first signature information and the second signature information are integrated to generate the HD wallet name card. The present invention is advantageous in that the wallet information is digitally signed with the preset first trusted private key and the first private key, thus preventing the HD wallet name card from being forged, intercepted, and modified by a third party so as to ensure the security of transaction.

Abstract: An approach is provided for a homomorphic cryptosystem for use in resource-constrained environments (e.g., vehicle-based use cases) or when computer resources are to be conserved. The approach involves, for example, generating a nonce at a first device (e.g., vehicle engine control unit (ECU)). The approach also involves performing a homomorphic operation on the nonce and a ciphertext to generate a resulting cipher. The ciphertext is provided by a second device (e.g., a data server). The approach further involves attaching the resulting cipher to a request payload (e.g., to request secure data from the data server). The approach further involves transmitting the request payload including the nonce to the second device (e.g., the server).

Abstract: The present invention relates to a method for securing against N-order side-channel attacks a cryptographic process using in a plurality of encryption rounds an initial Substitution box S0 comprising the steps of: —generating (E12) a first randomized substitution box S1 by masking said initial substitution box S0 such that S1(x XOR m1)=S0(x) XOR m2, with m1, m2 uniformly-distributed random values, for any input value x of the initial substitution box S0, —generating (E13) a first transrandomized Substitution box S(1,1) from the first randomized substitution box S1 and from masks m1,1, m?1,1 such that S(1, 1)[x]=S1[x xor (m1 xor m1,1)] xor (m2 xor m?1,1) for any input value x of the first transrandomized Substitution box S(1,1), —generating (E14) from the first transrandomized Substitution box S(1,1) a N?1th transrandomized Substitution box S(1, N?1) by performing iteratively N?2 times a step of generation of a ith transrandomized Substitution box S(1, i) from a i?1th transrandomized substitution box S(1, i?1)

Abstract: Provided are a computer program product, system, and method embodiments for reverting from a new security association to a previous security association in response to an error during a rekey operation. An initiator maintains a first security association with the responder having a first key to use to encrypt and decrypt data transmitted with the responder. The initiator initiates a rekey operation to establish a second security association with the responder using a second key. The initiator detects a failure of the rekey operation after the responder started using the second key for transmissions. A revert message is sent to the responder to revert back to using the first security association and first key in response to detecting the failure of the rekey operation.

Abstract: A method and system of protecting user sensitive information from an application program of a user device are provided. The application program to be installed is received on the user device. Permissions to resources of the user device for the application program are identified. For each permission, mapping the permission to one or more sections of a code of the application program. For each mapped section of the code, a recipient of user sensitive information facilitated by the permission is determined. For each recipient, it is determined whether the recipient should be restricted. Upon determining that the recipient should not be restricted, the user sensitive information facilitated by the permission is provided to the recipient. However, upon determining that the recipient should be restricted, alternate information to the recipient.

Abstract: In one example, a system is disclosed, which may include a network device, a new server connected to the network device, and a management server communicatively connected to a cloud-based service and the network device. The management server may include a server deployment engine to discover the new server in the system using the network device; obtain an encrypted data blob associated with the new server from the cloud-based service; establish a trust, via a secure protocol, with the new server using the encrypted data blob; and deploy the new server in the system upon establishing the trust with the new server.

Abstract: The invention comprises a method for filtering data. The method comprises receiving a network request from a client, determining, based on one or more filtering criteria, whether to forward the network request to a server, and based on the determining, forwarding the network request to the server, or preventing the network request from reaching the server and blocking future network requests from the client.

Abstract: The present disclosure relates to a block cipher apparatus and method for real-time data transmission and the block cipher apparatus according to an exemplary embodiment of the present disclosure includes: a block encryption unit which selects a key in accordance with an order of keys having different lengths to encrypt each plaintext block and generate a ciphertext block; and a message authentication unit which generates a message authentication code using a key selected at the time of encrypting a current plaintext block which is encrypted in the block encryption unit and a previous message authentication code generated by a plaintext block before the current plaintext block.

Abstract: A remote wipe message or notification may be sent from a server computer to one or more target client devices associated with a user. A managed container running on a target client device associated with the user and having a managed cache storing content managed by or through the server computer may, in response to the remote wipe message or notification, deleting the managed content or a portion thereof from its managed cache. The managed container may send back an acknowledgement or message to the server computer that it had completed the remote wipe. The remote wipe functionality can avoid having to deal with individual applications running on the client device and therefore can eliminate the complexity of having to deal with individual applications. Furthermore, the remote wipe can be done independently of the local operating system and without affecting non-managed information/applications on the client device.

Abstract: Systems and methods provide for identification and remediation of IoT devices exhibiting anomalous behaviors. An IoT management system can identify IoT devices requiring remediation. The IoT management system may present a first interface including representations of the devices requiring remediation, where each representation can include identifying information for an IoT device, policies applied to the IoT device, and bandwidth/throughput information of the IoT device. The IoT management system can present a second remediation interface representing a detailed representation of a first IoT device. The detailed representation can include user interface elements representing actions to be performed relating to the first IoT device. The IoT management system can perform a first action corresponding to a selection of one of the user interface elements.

Abstract: A system and method are described that enables mobile devices (e.g. including but not limited to a mobile phone or the like), to intercept and respond to contactless card authentication requests, allowing mobile devices to be used in place of contactless cards. Enabling mobile phone devices to emulate contactless cards decreases issues related to lost or damaged cards, enabling a single device to be used to provide tokens related to multiple different contactless cards, and leverages functionality of the mobile device to provide dual-factor authentication.

Abstract: Systems, methods, software and apparatus enable end-to-end encryption of group communications by implementing a pairwise encryption process between a pair of end user devices that are members of a communication group. One end user device in the pairwise encryption process shares a group key with the paired end user device by encrypting the group key using a message key established using the pairwise encryption process. The group key is shared among group members using the pairwise process. When a transmitting member of the group communicates with members, the transmitting member generates a stream key, encrypts stream data using the stream key, encrypts the stream key with the group key, then transmits the encrypted stream key and encrypted stream data to group members. The group key can be updated through the pairwise encryption process. A new stream key can be generated for each transmission of streaming data such as voice communications.

Abstract: Disclosed embodiments relate to securely facilitating decentralized management of identity data. Operations may include receiving, from an identity, encrypted data and an index associated with the encrypted data; receiving, from the identity, a first request including: the index, a first part of a first cryptographic key, and a target service cryptographic key; identifying, using the index, the encrypted data; encrypting a copy of the encrypted data using the target service cryptographic key to form a doubly encrypted data; sending a challenge token to the identity; receiving a second request, from a target service, the second request including: the index and a challenge response created based on the challenge token; and sending to the target service the doubly encrypted data and the first part of the first cryptographic key; wherein the target service is operable to decrypt the doubly encrypted data.

Abstract: Methods and systems are provided for bitrate adaptation of a video asset to be streamed to a client device for playback. The method includes selecting a representation from a manifest which expresses a set of representations available for each chunk of the video asset and generating a dynamic manifest for the video asset in which the representation selected for the at least one chunk is recommended for streaming to the client device. The selection of the representation recommended for the chunk may be based on at least one of historic viewing behavior of previous viewers of the chunk, content analysis information for the chunk, a level of available network bandwidth, a level of available network storage, and data rate utilization information of network resources including current, average, peak, and minimum data rate of network resources.

Abstract: Methods, systems, and devices for wireless communication are described. A managing device may create a group security configuration for each device of a group of devices managed by the managing device. The group security configuration may include a group security parameter associated with the group of devices and a device-specific security parameter associated with each device in the group of devices. The managing device may provide the group security configuration to one or more devices of the group of devices. The one or more devices may use the group security configuration to directly establish a secure connection for communications between the one or more devices, which may include an establishment of the secure connection without further communications with the managing device during the establishment.

Abstract: Various embodiments are generally directed to NFC-based mobile currency transfers. A mobile payment may be programmatically initialized when at least two mobile devices come into NFC communications range. A payment card associated with an account used to fund the currency transfer may be tapped to one or more of the devices to allow a server to validate the currency transfer.

Abstract: The disclosure describes methods and systems for a storage device that includes one or more memory devices, where the memory devices store a second challenge question and a first response key. The system also includes an interface and a storage controller coupled to the interface and coupled to the memory devices. The storage controller generates an enable signal for enabling access to the memory devices. The system also includes a security module coupled to the storage controller and configured to send and receive challenge requests and challenge responses, where the security module includes a first challenge question and a second response key corresponding to each of the memory devices.