Abstract: A secure computing device includes a secure computing unit configured to execute secure computing on encrypted data obtained by encrypting plaintext represented in a prescribed expression format for stochastic computing in a homomorphic encryption scheme. The secure computing includes a process of acquiring a sum and a process of acquiring a product. The secure computing unit determines a value of each digit of a bit string representing the sum as one of a value of a corresponding digit of a bit string that represents first encrypted data and is represented in the expression format and a value of a corresponding digit of a bit string that represents second encrypted data and is represented in the expression format in the process of acquiring the sum that is a sum of the first encrypted data of the encrypted data and the second encrypted data of the encrypted data.

Abstract: A method for a key management server to manage encryption for data stored by a cloud provider server includes receiving, by the key management server from the cloud provider server, a request for a drop key. The request includes a hash drop identifier that uniquely identifies a cipher drop, and the cipher drop comprises a unit of data stored by the cloud provider server. The method further includes generating the drop key based on at least the hash drop and the drop identifier and encrypting the drop key. A response comprising the encrypted drop key is sent to the cloud provider server.

Abstract: Methods and systems are described for setting up, in one embodiment, a generic streaming media device as a set-top box for a multichannel content provider that provides a content delivery service. The set up process can be performed automatically and as background operations while a user manually sets up the device, in foreground operations, for use with an online streaming media store or source of content. The set up process can use a device token that was previously associated with the multichannel content provider for use with the device during the set up process. The device token can be stored by the developer of the device and sent by the developer to the multichannel content provider during a set up process of the device; the device token can be opaque to the developer but provides information used by the multichannel content provider to set up the device as a set top box.

Abstract: A method for transferring electronic evidence is provided. The law enforcement agencies can make efficient use of social media and other forms of public communications to make a public appeal for information on crimes and other investigations wherein the public appeals allow members of the public to easily submit information and/or media files from smartphones and other computers in a way that allows the submission to be linked to the public appeal (e.g. the specific case file or the attributes of the case file) so that the submission data can be found and accessed by law enforcement investigators.

Abstract: An apparatus comprises a processing device configured to control delivery of input-output operations from a host device to a storage system over selected ones of a plurality of paths through a network. The processing device is further configured to identify whether operational information of the host device corresponding to a given write input-output operation comprises one or more index nodes, and to analyze the one or more index nodes responsive to a positive identification. The processing device is also configured to determine whether one or more portions of data corresponding to the given write input-output operation comprise file data based on the analysis of the one or more index nodes, to encrypt at least part of the file data responsive to an affirmative determination, and to deliver the given write input-output operation comprising the encrypted file data to the storage system.

Abstract: Methods and systems are provided for bitrate adaptation of a video asset to be streamed to a client device for playback. The method includes selecting a representation from a manifest which expresses a set of representations available for each chunk of the video asset and generating a dynamic manifest for the video asset in which the representation selected for the at least one chunk is recommended for streaming to the client device. The selection of the representation recommended for the chunk may be based on at least one of historic viewing behavior of previous viewers of the chunk, content analysis information for the chunk, a level of available network bandwidth, a level of available network storage, and data rate utilization information of network resources including current, average, peak, and minimum data rate of network resources.

Abstract: Systems and methods are described for provisioning access credentials to a mobile device using device and authorization codes. Once provisioned, a mobile device can be used to conduct a transaction.

Abstract: In one embodiment, a sender node in a serial network identifies a message identifier for a packet to be sent by the sender node. The sender node selects a cyclical redundancy check (CRC) initialization vector associated with the message identifier. The sender node generates a CRC value for the packet, based on the selected initialization vector. The sender node sends the packet via the serial network. The sent packet includes the message identifier and the generated CRC value. In turn, a receiver node that receives the packet uses the generated CRC value to authenticate the sender node.

Abstract: Methods, systems and computer program products for improving performance of a cryptographic algorithm are described. First, data to be encrypted/decrypted is provided as input to the system. A primary key, or multiple keys (in case of asymmetric cryptography), is generated for the encryption/decryption process. The primary key consists of metadata as well as key blocks containing secondary keys. The metadata contains information explaining how the data will be handled from algorithmic structure to the base cryptographic scheme to be used. Further, the data is split and processed via relevant portions of the key blocks. Finally, the completed encrypted/decrypted data segments are combined in order to complete the process. The used process ensures higher performance as well as higher algorithmic entropy than comparable methods in literature or on the market.

Abstract: The described technology is generally directed towards generating shared authentication keys using network connection characteristics. According to an embodiment, a system can comprise a processor and a memory that can store executable instructions that, when executed by the processor, facilitate performance of operations. The operations can comprise generating a first authenticator based on a first authentication key generated based on a first connection characteristic of the first device and a second connection characteristic of a second device. The operations can further comprise incorporating the first authenticator into first content for authentication by the second device employing a second authentication key, generated by the second device based on the first connection characteristic and the second connection characteristic. The operations can further comprise establishing, based on the first content, a connection with the second device.

Abstract: Method, device and computer program product for managing a plurality of encryption keys using a keystore seed that defines a seed bit set. A key management process defines a key mapping between the seed bit set and the plurality of encryption keys. The key management process enables each encryption key to be generated from the seed bit set using a corresponding keying material value and the key mapping. The key mapping specifies that an encryption key is generated by partitioning the seed bit set into a plurality of seed bit partitions, determining a keying value from the keying material value, determining a key sequence using the plurality of seed bit partitions and the keying value, and determining the encryption key from the key sequence. Management of a large number of encryption keys can be simplified through indirect management via the keystore seed and the key management process.

Abstract: A method for securing communications for a given network topology is provided. The method comprises generating by a node N(i) of the network, security parameters for the node N(i); transmitting by the node N(i), said security parameters to a controller for the network; maintaining by the controller said security parameters for the node N(i); receiving by the controller a request from a node N(j) for the security parameters for the node N(i); retrieving by the controller the security parameters for the node N(i); and transmitting by the controller said security parameters to the node N(j).

Abstract: This numerical splitting device: acquires a numerical value w and a parameter p; generates a first random number r1 and a second random number r2; computes a third random number r3 based on the numerical value w, parameter p, first random number r1, and second random number r2 according to an expression, r3=w?r1-r2 mod p; computes first to third segments s1, s2, s3 based on the first to third random numbers r1, r2, r3 and the parameter p according to expressions, s1=r1+r2 mod p, s2=r2+r3 mod p, and s3=r3+r1 mod p; and transmits a pair of the first segment s1 and the second random number r2, a pair of the second segment s2 and the third random number r3, and a pair of the third segment s3 and the first random number r1 to first to third secure computation devices, respectively.

Abstract: Two different user spaces can be mapped to each other based on one or more categories of information that are common to both. The mapping is based on hash values generated by applying the same hash function to the same information of the categories of information that identifies users in each user space.

Abstract: A method for generating a random number, applied in a random number generator coupled to a flash memory is disclosed. the method comprises: selecting a plurality of cells from the flash memory; initializing the selecting cells of the flash memory; programming the selecting cells to obtain a plurality of first potential values of the selecting cells; re-initializing the selecting cells of the flash memory; re-programming the selecting cells to obtain a plurality of second potential values of the selecting cells; and processing the first potential values and the second potential values according to a predetermined algorithm to generating the random number.

Abstract: Method and devices for wirelessly transmitting data packets in a meter reading system, wherein the method comprises generating at the meter device, a first data packet including payload data and a first message authentication code computed based the payload data and associated meter data stored in a memory of the meter device, transmitting the first data packet from the meter device to the receiver, and performing a primary authentication check of the first data packet and verifying the associated meter data at the receiver by recalculating the first message authentication code using the received payload data and current associated meter data stored in a memory of the receiver, as input.

Abstract: A method and system that enables a data owner to write data in an encrypted manner to an immutable ledger, and yet still be able to grant read access to specific data elements, as they were written at particular moments in time, to a requesting party. Examples therefore provide a process for encryption of data onto an immutable ledger in a time indexed manner, together with a process by which a third party can request access to the data stored in the immutable ledger from the data owner, and the data owner can provide them with certain decryption keys that allow the third party to read the data directly from the immutable ledger, again based on time-indexed queries. The data the third party can read is restricted to specific elements only of the data written, and further restricted to within a time range or to a specific point in time.

Abstract: An electronic control apparatus includes: an obtaining unit configured to obtain data transmitted via a network in a system; and a judging unit configured to judge presence or absence of an anomaly in the data obtained by the obtaining unit, based on a transmission state of the data. The judging unit is configured to judge that an anomaly is present in the data, when the transmission state of the data is a transmission stopped state.

Abstract: A searchable symmetric encryption (SSE) system and method of processing inverted index is provided. The SSE system includes genKey, buildSecureIndex, genToken, and search operations. A compress X is integrated into at least one of the buildSecureIndex and search operations. The compress then X takes each entry of an encrypted index, compresses entry of the encrypted index into a compressed entry, and then processes the compressed entry with a function. The function comprises a linked list function and on array function. The search operation decompresses the processed entry and output the decompressed entry. The SSE comprises a client device and a server. The genKey, buildSecureIndex, and genToken operations are integrated into the client device and the search operation is integrated into the server.

Abstract: Methods and systems for implementing DevID enrollment for hardware redundant Trust Platform Modules (TPMs), are described. A system can include hardware redundancy for management modules, and for TPMs that correspond to each management module. Accordingly, a product can have a dual-TPM configuration, where both modules are associated with the same product. Further, a process that particularly considers the presence of dual-TPMs for creating, issuing, and enrolling DevID certificates is described. The process issues and maintains DevID certificates for each TPM by synchronizing dual sessions that correspond to each TPM. Also, the process accounts for duplicate identification data, for example allowing the certificate authority (CA) to sign certificates for dual-TPMs linked to the same chassis number. The process can include performing validation checks, rendezvous points, and locks to ensure that DevID certificates are successfully issued for each of the dual-TPMs, respectively.

Abstract: According to the chaotic communication method and system based on complex modified projective difference function synchronization provided in the present invention, when a chaotic signal has a relatively small amplitude, the amplitude of the chaotic signal can be adjusted by adjusting a proportional matrix, so as to mask plaintext better. Moreover, a robust controller is designed according to a filtered signal and a second coupling function, to ensure complex modified projective difference function synchronization, and such synchronization allows the bit error rate to be zero theoretically.

Abstract: Disclosed systems and methods implement a tracking system that tracks accesses to a TPM-secured key. In embodiments, the key may be encrypted using an encryption key, which is sealed using the TPM. A first value indicating an initial access state of the key is stored in a PCR of the TPM, and the encryption key is sealed against the PCR, so that it can be unsealed when contents of PCR match a next value derived from the first value. When the key is accessed, contents of the PCR is verified against an expected access state. If successfully verified, the PCR is extended hold the next value, the encryption key is unsealed, and the key decrypted. With each access, the encryption key is repeatedly resealed against the successive states stored in PCR. In this manner, the PCR may be used to track accesses and detect unauthorized accesses to the key.

Abstract: A vehicular system includes a first electronic control device that manages an encryption key, and a second electronic control device that uses the encryption key. The first electronic control device is configured to create the encryption key in response to that an owner of a vehicle has changed, and output the encryption key to the second electronic control device. The second electronic control device is configured to store a first encryption key and a third encryption key, receive a second encryption key, switch the encryption key being used, and update the first encryption key to the second encryption key.

Abstract: A method for generating payment credentials in a payment transaction includes: storing, in a memory, at least a single use key associated with a transaction account; receiving, by a receiving device, a personal identification number; identifying, by a processing device, a first session key; generating, by the processing device, a second session key based on at least the stored single use key and the received personal identification number; generating, by the processing device, a first application cryptogram based on at least the first session key; generating, by the processing device, a second application cryptogram based on at least the second session key; and transmitting, by a transmitting device, at least the first application cryptogram and second application cryptogram for use in a payment transaction.

Abstract: The present invention provides a method and a device for generating an HD wallet name card and a method and a device for generating an HD wallet trusted address. The method for generating the HD wallet name card comprises: first signature information is obtained by digitally signing first user information with a first private key; second signature information is obtained by digitally signing second user information with a first trusted private key; and the first user information, the second user information, the first signature information and the second signature information are integrated to generate the HD wallet name card. The present invention is advantageous in that the wallet information is digitally signed with the preset first trusted private key and the first private key, thus preventing the HD wallet name card from being forged, intercepted, and modified by a third party so as to ensure the security of transaction.

Abstract: Provided are a computer program product, system, and method embodiments for reverting from a new security association to a previous security association in response to an error during a rekey operation. The responder maintains a first security association with the initiator having a first key to use to encrypt and decrypt messages transmitted with the initiator. The responder receives a message from the initiator for a rekey operation to establish a second security association with the initiator using a second key. The responder queues Input/Output (I/O) for transmission using the second key after completing the rekey operation. After activating the second security association, the responder receives a revert message from the initiator to revert back to using the first security association and first key in response to a failure of the rekey operation.

Abstract: Systems and methods for performing cryptographic data processing operations employing non-linear share encoding for protecting from external monitoring attacks. An example method includes: receiving a plurality of shares representing a secret value employed in a cryptographic operation, such that the plurality of shares includes a first share represented by an un-encoded form and a second share represented by an encoded form; producing a transformed form of the second share; and performing the cryptographic operation using the transformed form of the second share.

Abstract: An approach is provided for a homomorphic cryptosystem for use in resource-constrained environments (e.g., vehicle-based use cases) or when computer resources are to be conserved. The approach involves, for example, generating a nonce at a first device (e.g., vehicle engine control unit (ECU)). The approach also involves performing a homomorphic operation on the nonce and a ciphertext to generate a resulting cipher. The ciphertext is provided by a second device (e.g., a data server). The approach further involves attaching the resulting cipher to a request payload (e.g., to request secure data from the data server). The approach further involves transmitting the request payload including the nonce to the second device (e.g., the server).

Abstract: The present invention relates to a method for securing against N-order side-channel attacks a cryptographic process using in a plurality of encryption rounds an initial Substitution box S0 comprising the steps of: —generating (E12) a first randomized substitution box S1 by masking said initial substitution box S0 such that S1(x XOR m1)=S0(x) XOR m2, with m1, m2 uniformly-distributed random values, for any input value x of the initial substitution box S0, —generating (E13) a first transrandomized Substitution box S(1,1) from the first randomized substitution box S1 and from masks m1,1, m?1,1 such that S(1, 1)[x]=S1[x xor (m1 xor m1,1)] xor (m2 xor m?1,1) for any input value x of the first transrandomized Substitution box S(1,1), —generating (E14) from the first transrandomized Substitution box S(1,1) a N?1th transrandomized Substitution box S(1, N?1) by performing iteratively N?2 times a step of generation of a ith transrandomized Substitution box S(1, i) from a i?1th transrandomized substitution box S(1, i?1)

Abstract: Provided are a computer program product, system, and method embodiments for reverting from a new security association to a previous security association in response to an error during a rekey operation. An initiator maintains a first security association with the responder having a first key to use to encrypt and decrypt data transmitted with the responder. The initiator initiates a rekey operation to establish a second security association with the responder using a second key. The initiator detects a failure of the rekey operation after the responder started using the second key for transmissions. A revert message is sent to the responder to revert back to using the first security association and first key in response to detecting the failure of the rekey operation.

Abstract: A method and system of protecting user sensitive information from an application program of a user device are provided. The application program to be installed is received on the user device. Permissions to resources of the user device for the application program are identified. For each permission, mapping the permission to one or more sections of a code of the application program. For each mapped section of the code, a recipient of user sensitive information facilitated by the permission is determined. For each recipient, it is determined whether the recipient should be restricted. Upon determining that the recipient should not be restricted, the user sensitive information facilitated by the permission is provided to the recipient. However, upon determining that the recipient should be restricted, alternate information to the recipient.

Abstract: In one example, a system is disclosed, which may include a network device, a new server connected to the network device, and a management server communicatively connected to a cloud-based service and the network device. The management server may include a server deployment engine to discover the new server in the system using the network device; obtain an encrypted data blob associated with the new server from the cloud-based service; establish a trust, via a secure protocol, with the new server using the encrypted data blob; and deploy the new server in the system upon establishing the trust with the new server.

Abstract: The invention comprises a method for filtering data. The method comprises receiving a network request from a client, determining, based on one or more filtering criteria, whether to forward the network request to a server, and based on the determining, forwarding the network request to the server, or preventing the network request from reaching the server and blocking future network requests from the client.

Abstract: The present disclosure relates to a block cipher apparatus and method for real-time data transmission and the block cipher apparatus according to an exemplary embodiment of the present disclosure includes: a block encryption unit which selects a key in accordance with an order of keys having different lengths to encrypt each plaintext block and generate a ciphertext block; and a message authentication unit which generates a message authentication code using a key selected at the time of encrypting a current plaintext block which is encrypted in the block encryption unit and a previous message authentication code generated by a plaintext block before the current plaintext block.

Abstract: A remote wipe message or notification may be sent from a server computer to one or more target client devices associated with a user. A managed container running on a target client device associated with the user and having a managed cache storing content managed by or through the server computer may, in response to the remote wipe message or notification, deleting the managed content or a portion thereof from its managed cache. The managed container may send back an acknowledgement or message to the server computer that it had completed the remote wipe. The remote wipe functionality can avoid having to deal with individual applications running on the client device and therefore can eliminate the complexity of having to deal with individual applications. Furthermore, the remote wipe can be done independently of the local operating system and without affecting non-managed information/applications on the client device.

Abstract: A system and method are described that enables mobile devices (e.g. including but not limited to a mobile phone or the like), to intercept and respond to contactless card authentication requests, allowing mobile devices to be used in place of contactless cards. Enabling mobile phone devices to emulate contactless cards decreases issues related to lost or damaged cards, enabling a single device to be used to provide tokens related to multiple different contactless cards, and leverages functionality of the mobile device to provide dual-factor authentication.

Abstract: Systems and methods provide for identification and remediation of IoT devices exhibiting anomalous behaviors. An IoT management system can identify IoT devices requiring remediation. The IoT management system may present a first interface including representations of the devices requiring remediation, where each representation can include identifying information for an IoT device, policies applied to the IoT device, and bandwidth/throughput information of the IoT device. The IoT management system can present a second remediation interface representing a detailed representation of a first IoT device. The detailed representation can include user interface elements representing actions to be performed relating to the first IoT device. The IoT management system can perform a first action corresponding to a selection of one of the user interface elements.

Abstract: Systems, methods, software and apparatus enable end-to-end encryption of group communications by implementing a pairwise encryption process between a pair of end user devices that are members of a communication group. One end user device in the pairwise encryption process shares a group key with the paired end user device by encrypting the group key using a message key established using the pairwise encryption process. The group key is shared among group members using the pairwise process. When a transmitting member of the group communicates with members, the transmitting member generates a stream key, encrypts stream data using the stream key, encrypts the stream key with the group key, then transmits the encrypted stream key and encrypted stream data to group members. The group key can be updated through the pairwise encryption process. A new stream key can be generated for each transmission of streaming data such as voice communications.

Abstract: Disclosed embodiments relate to securely facilitating decentralized management of identity data. Operations may include receiving, from an identity, encrypted data and an index associated with the encrypted data; receiving, from the identity, a first request including: the index, a first part of a first cryptographic key, and a target service cryptographic key; identifying, using the index, the encrypted data; encrypting a copy of the encrypted data using the target service cryptographic key to form a doubly encrypted data; sending a challenge token to the identity; receiving a second request, from a target service, the second request including: the index and a challenge response created based on the challenge token; and sending to the target service the doubly encrypted data and the first part of the first cryptographic key; wherein the target service is operable to decrypt the doubly encrypted data.

Abstract: Methods, systems, and devices for wireless communication are described. A managing device may create a group security configuration for each device of a group of devices managed by the managing device. The group security configuration may include a group security parameter associated with the group of devices and a device-specific security parameter associated with each device in the group of devices. The managing device may provide the group security configuration to one or more devices of the group of devices. The one or more devices may use the group security configuration to directly establish a secure connection for communications between the one or more devices, which may include an establishment of the secure connection without further communications with the managing device during the establishment.

Abstract: A secure memory device for secure data storage and related method are provided. The device may include an accessible data storage area configured to store data, a start location register that points to a start of the accessible data storage area, and a size-related register that allows a size of the accessible data storage area to be determined. A secret area comprises a device secret that is a value unique to the device, and that is not accessible from external to the device, and is accessible under at least one predefined conditions internal to the device, an access control element configured to prevent external access to the secret data. A generator generates a derived secret based on the storage data and the secret data that is usable to authenticate the storage data. The device may also include a memory bus over which the derived secret is communicated.

Abstract: Methods and systems are provided for bitrate adaptation of a video asset to be streamed to a client device for playback. The method includes selecting a representation from a manifest which expresses a set of representations available for each chunk of the video asset and generating a dynamic manifest for the video asset in which the representation selected for the at least one chunk is recommended for streaming to the client device. The selection of the representation recommended for the chunk may be based on at least one of historic viewing behavior of previous viewers of the chunk, content analysis information for the chunk, a level of available network bandwidth, a level of available network storage, and data rate utilization information of network resources including current, average, peak, and minimum data rate of network resources.

Abstract: Various embodiments are generally directed to NFC-based mobile currency transfers. A mobile payment may be programmatically initialized when at least two mobile devices come into NFC communications range. A payment card associated with an account used to fund the currency transfer may be tapped to one or more of the devices to allow a server to validate the currency transfer.

Abstract: The disclosure describes methods and systems for a storage device that includes one or more memory devices, where the memory devices store a second challenge question and a first response key. The system also includes an interface and a storage controller coupled to the interface and coupled to the memory devices. The storage controller generates an enable signal for enabling access to the memory devices. The system also includes a security module coupled to the storage controller and configured to send and receive challenge requests and challenge responses, where the security module includes a first challenge question and a second response key corresponding to each of the memory devices.

Abstract: A system for authenticating a user and his local device to a secured remote service with symmetrical keys, which utilizes a PIN from the user and a unique random value from the local device in such a way that prevents the remote service from ever learning the user's PIN, or a hash of that PIN. The system also provides mutual authentication, verifying to the user and local device that the correct remote service is being used. At the same time, the system protects against PIN guessing attacks by requiring communication with the said remote service in order to verify if the correct PIN is known. Also, the system works in such a way as to change the random value stored on the user's local device after each authentication session.

Abstract: Aspects of the disclosure relate to dynamic crypto key management for mobility in a cloud environment. A computing platform may receive a request to generate a new tenant master key and a new server recovery key. Subsequently, the computing platform may send to a cloud-based key vault server, the new tenant master key and the new server recovery key. The computing platform may send to a tenant database, the encrypted server recovery key. As a result, the computing platform may provision the enrollment servers with the encrypted server recovery key. In some embodiments, the enrollment servers are configured to manage enrollment of policy-managed devices in a policy enforcement scheme and to authenticate with the key update service based on the encrypted server recovery key.

Abstract: Various methods and systems are provided for autonomous orchestration of secrets renewal and distribution across scope boundaries. A cross-scope secrets management service (“SMS”) can be utilized to store, renew and distribute secrets across boundaries in a distributed computing environment such as regional boundaries. In some embodiments, locally scoped secrets management services subscribe to receive updates from the cross-scope secrets management service. As secrets are renewed, they are automatically propagated to a subscribing local scope and distributed by the local secrets management service. In various embodiments, SMS can autonomously rollover storage account keys, track delivery of updated secrets to secrets recipients, deliver secrets using a secure blob, and/or facilitate autonomous rollover using secrets staging. In some embodiments, a service is pinned to the path where the service's secrets are stored.

Abstract: A security system and method for improving the security of a file/data transmitted from a special purpose user computer to a recipient special purpose computer. A special purpose computer having an individualized encryption software application server that runs individualized encryption software is provided, along with an amino acid database generator having an amino acid database storing natural and/or synthetic amino data. The individualized encryption software applicant server sends a request to the secure amino acid database generator producing the mathematical characteristics of the natural and synthetic amino acids. This is used to construct an amino acid base layer. The amino acid base layer is folded into two or three dimensional shapes and have values assigned to them, and a secret key is provided such that the transmission cannot be opened by a recipient unless he or she has the key and the values associated with the folded amino acids.

Abstract: A communication method and a related apparatus are disclosed. The method is performed by an MME, including: receiving an attach request message from an eNB, where the attach request message is used to request to attach to a network, and the attach request message includes an identity of the UE; sending, to an HSS according to the attach request message, an authentication data request message including the identity of the UE; receiving an authentication data response message including an AV from the HSS, where the authentication data response message is used to indicate that the authorization on the UE succeeds; and determining, according to the authentication data response message, that the UE is allowed to perform a V2X service, and performing authentication on the UE according to the AV. The method can enable a network side to perform authentication on UE during V2V communication, thereby reducing an air-interface resource overhead.

Abstract: A data encryption device obtains at least one piece of data to be encrypted. The data encryption device calculates, for each particular piece of data of the at least one piece of data, a data-specific key corresponding to the particular piece of data, the data-specific key being calculated based on a prestored root key and a data identifier of the particular piece of data using a one-way function, where the one-way function is such that the root key is not uniquely derivable from the data-specific key using the one-way function. The data encryption device generates encrypted data corresponding to the particular piece of data by encrypting the particular piece of data using the data-specific key corresponding to the piece of data.