Abstract: Methods, systems, and computer programs for generating cryptographic function parameters are described. In some examples, astronomical data from an observed astronomical event is obtained. A pseudorandom generator is seeded based on the astronomical data. After seeding the pseudorandom generator, an output from the pseudorandom generator is obtained. A parameter for a cryptographic function is generated by operation of one or more data processors. The parameter is generated from the output from the pseudorandom generator.

Abstract: A method for operating a pseudorandom generator is disclosed. The method may be implemented by a processor of a mobile computing device. The method includes: collecting raw sensor data from at least one sensor associated with the mobile computing device; selecting a subset of the raw sensor data; retrieving first representation representing accumulated entropy associated with one or more previously acquired raw sensor data sets for the at least one sensor; and generating a seed for a pseudorandom generator based on combining the first representation and the selected subset of raw sensor data.

Abstract: An elliptic curve random number generator avoids escrow keys by choosing a point Q on the elliptic curve as verifiably random. An arbitrary string is chosen and a hash of that string computed. The hash is then converted to a field element of the desired field, the field element regarded as the x-coordinate of a point Q on the elliptic curve and the x-coordinate is tested for validity on the desired elliptic curve. If valid, the x-coordinate is decompressed to the point Q, wherein the choice of which is the two points is also derived from the hash value. Intentional use of escrow keys can provide for back up functionality. The relationship between P and Q is used as an escrow key and stored by for a security domain. The administrator logs the output of the generator to reconstruct the random number with the escrow key.

Abstract: A method of communicating in a secure communication system, comprises the steps of assembling a message at a sender, then determining a frame type, and including an indication of the frame type in a header of the message. The message is then sent to a recipient and the frame type used to perform a policy check.

Abstract: Methods, systems, and computer programs for using an implicit certificate are disclosed. In some aspects, a message and an implicit certificate are accessed. The implicit certificate is associated with an entity. A modified message is generated by combining the message with a value based on the implicit certificate. A digital signature can be generated based on the modified message and transmitted to a recipient. In some aspects, a digital signature from an entity and a message to be verified based on the digital signature are accessed. An implicit certificate associated with the entity is accessed. A modified message is generated by combining the message with a value based on the implicit certificate. The message is verified based on the digital signature and the modified message.

Abstract: A method of communicating in a secure communication system, comprises the steps of assembling a message at a sender, then determining a security level, and including an indication of the security level in a header of the message. The message is then sent to a recipient.

Abstract: Methods, systems, and computer programs for generating cryptographic function parameters are described. In some examples, source code that defines seed information and a pseudorandom function is accessed. A parameter for a cryptographic function by operation of one or more data processors is generated. The parameter is generated from the seed information and the pseudorandom function. The parameter has a larger size in memory than the source code that defines the seed information and the pseudorandom function.

Abstract: Methods, systems, and computer programs for generating cryptographic function parameters are described. In some examples, astronomical data from an observed astronomical event is obtained. A pseudorandom generator is seeded based on the astronomical data. After seeding the pseudorandom generator, an output from the pseudorandom generator is obtained. A parameter for a cryptographic function is generated by operation of one or more data processors. The parameter is generated from the output from the pseudorandom generator.

Abstract: Trust between entities participating in an upgrade or enablement/disablement process is established and, to facilitate this remotely and securely, a highly tamper resistant point of trust in the system that is being produced is used. This point of trust enables a more efficient distribution system to be used. Through either a provisioning process or at later stages, i.e. subsequent to installation, manufacture, assembly, sale, etc.; the point of trust embodied as a feature controller on the device or system being modified is given a feature set (or updated feature set) that, when validated, is used to enable or disable entire features or to activate portions of the feature.

Abstract: An asset management system is provided which comprises one or more controllers, which operate as main servers and can be located at the headquarters of an electronic device manufacturer to remotely control their operations at any global location. The controller can communicate remotely over the Internet or other network to control one or more secondary or remote servers, herein referred to as appliances. The appliances can be situated at different manufacturing, testing or distribution sites. The controller and appliances comprise hardware security modules (HSMs) to perform sensitive and high trust computations, store sensitive information such as private keys, perform other cryptographic operations, and establish secure connections between components. The HSMs are used to create secure end-points between the controller and the appliance and between the appliance and the secure point of trust in an asset control core embedded in a device.

Abstract: Methods, systems, and computer programs for generating cryptographic function parameters are described. In some examples, source code that defines seed information and a pseudorandom function is accessed. A parameter for a cryptographic function by operation of one or more data processors is generated. The parameter is generated from the seed information and the pseudorandom function. The parameter has a larger size in memory than the source code that defines the seed information and the pseudorandom function.

Abstract: A method of processing a notification that is broadcast by a source server is disclosed. The method includes: receiving, at the computing device, the notification, the notification containing a first message; storing the first message in a message store; determining that the first message is a repeated message of a previous message that was received at the computing device prior to receiving the notification; and associating a message counter value of the first message with the previous message and a message counter value associated with the previous message in the message store.

Abstract: Methods, systems, and computer programs for generating cryptographic function parameters are described. In some examples, astronomical data from an observed astronomical event is obtained. A pseudorandom generator is seeded based on the astronomical data. After seeding the pseudorandom generator, an output from the pseudorandom generator is obtained. A parameter for a cryptographic function is generated by operation of one or more data processors. The parameter is generated from the output from the pseudorandom generator.

Abstract: A method for a Diffie Hellman key exchange, the method including selecting a field size p in the form p=hq+1, where q is a prime number that is one plus a factorial number b, such that q=(b!+1), and h is a cofactor, such that p=hq+1 is prime; selecting a generator integer g whose order modulo p is the prime q or is divisible by q; choosing a private key x; computing a public key gx mod p by raising said generator g to the power of said private key x, using arithmetic modulo said prime field size p; sending said public key gx mod p to a correspondent; receiving, from the correspondent, a second public key B comprising g raised to a second private key y selected by the correspondent, in the form gy; and creating a key Bx from the received second public key B, by raising said second public key B to the power of said private key x, using arithmetic modulo said prime field size p.

Abstract: A method of communicating in a secure communication system, comprises the steps of assembling a message at a sender, then determining a security level, and including an indication of the security level in a header of the message. The message is then sent to a recipient.

Abstract: An elliptic curve random number generator avoids escrow keys by choosing a point on the elliptic curve as verifiably random. An arbitrary string is chosen and a hash of that string computed. The hash is then converted to a field element of the desired field, the field element regarded as the x-coordinate of a point on the elliptic curve and the x-coordinate is tested for validity on the desired elliptic curve. If valid, the x-coordinate is decompressed to the point , wherein the choice of which is the two points is also derived from the hash value. Intentional use of escrow keys can provide for back up functionality. The relationship between P and is used as an escrow key and stored by for a security domain. The administrator logs the output of the generator to reconstruct the random number with the escrow key.

Abstract: Systems, methods, and software can be used to generate elliptic curve points. In some aspect, the method includes: selecting a field size of 8^91+5; selecting a curve equation that is compatible to the field size; using, by a hardware processor, the selected field size to generate an elliptic curve point; and using, by the hardware processor, the elliptic curve point in an Elliptic Curve Cryptography (ECC) operation.

Abstract: A method is presented for secure communication, the method including generating a signature using a private key, a nonce, and at least one of an identifier and a key component; and transmitting the signature, the nonce, a security parameter, and the at least one of the identifier and the key component, wherein the security parameter associates a user identity with a public key, the public key being associated with the private key.

Abstract: A system and method for securing communication across an in-vehicle bus, includes establishing a connection between a gateway in a vehicle and the in-vehicle bus; generating a session key at the gateway within the vehicle; transmitting a public key certificate and ephemeral key to the gateway and an electronic control unit of the vehicle; generating a shared secret at the gateway and the electronic control unit, respectively; encrypting the session key with the shared secret at the gateway; receiving the encrypted session key through the in-vehicle bus at the electronic control unit; and decrypting the encrypted session key based on the shared secret generated at the electronic control unit.

Abstract: There is provided a method for secure communications. The method includes a computing device receiving a notification comprising a message, a counter value, a signature signed by a signer and based on the message and the counter value, and an indication of the signer. The device obtains a current counter value based on an identity of the signer, checks the signature and compares the counter value with the current counter value; and, if the counter comparison and the signature checking is successful, accepting the message.