Abstract: A processor comprises a first register to store an encoded pointer to a memory location. First context information is stored in first bits of the encoded pointer and a slice of a linear address of the memory location is stored in second bits of the encoded pointer. The processor also includes circuitry to execute a memory access instruction to obtain a physical address of the memory location, access encrypted data at the memory location, derive a first tweak based at least in part on the encoded pointer, and generate a keystream based on the first tweak and a key. The circuitry is to further execute the memory access instruction to store state information associated with memory access instruction in a first buffer, and to decrypt the encrypted data based on the keystream. The keystream is to be generated at least partly in parallel with accessing the encrypted data.

Abstract: A privileged node holds a secret key (SKEY), and normal nodes each hold a public key (PKEY). The normal nodes each include a transaction inputting unit that receives transaction data (TDATA), a transaction transmitting unit that transmits the TDATA, a transaction managing unit that manages a transaction history in a form of blockchain, and a block receiving unit that receives blocks from the privileged node. The privileged node includes a transaction receiving unit that receives TDATA from each of the normal nodes, a block generating unit that generates a signature value (SIG) on the basis of a SKEY, and generates a block containing TDATA and the SIG, and a block transmitting unit that transmits blocks. The transaction managing unit adds a block to the blockchain on condition that the authenticity of the SIG in the block is confirmed by using the PKEY.

Abstract: An integrated circuit includes: one or more protected circuits; a license control circuit configured to request, from a license issuer, a license for activating the one or more protected circuits, the license request having a seed value; and a cryptographic circuit configured to verify the authenticity of a license received from the license issuer based on the seed value, wherein the license control circuit is configured to impose a validity limit on the received license, and to request a new license from the license issuer before the validity limit of the received license.

Abstract: There is disclosed a circuit for monitoring the security of a processor, wherein the circuit is configured to access a memory configured to store execution context data of a software program executed by the processor; to determine one or more signatures from said execution context data; and to compare said signatures with predefined signatures to monitor the security of the processor (110). Developments describe that context data can comprise control flow data, that a signature can comprise a hash value or a similarity signature, or that the integrity of signatures can be verified for example by using a secret key (e.g. obtained by random, or by using a physically unclonable function). Further developments describe various controls or retroactions on the processor, as well as various countermeasures if cyber attacks are determined.

Abstract: A server includes a processor core including system memory, and a cryptographic engine storing a key data structure. The data structure is to store multiple keys for multiple secure domains. The core receives a request to program a first secure domain into the cryptographic engine. The request includes first domain information within a first wrapped binary large object (blob). In response a determination that there is no available entry in the data structure, the core selects a second secure domain within the data structure to de-schedule and issues a read key command to read second domain information from a target entry of the data structure. The core encrypts the second domain information to generate a second wrapped blob and stores the second wrapped blob in a determined region of the system memory, which frees up the target entry for use to program the first secure domain.

Abstract: Examples described herein relate to systems, apparatuses, methods, and non-transitory computer-readable medium for maintaining, by an authoritative server, a plurality of pinned certificates. The authoritative server sends a certificate pinning list (CPL) to a client system. The CPL is a list of the plurality of pinned certificates each of the plurality of pinned certificates is associated with a corresponding one of host systems different from the authoritative server. The client system uses the plurality of pinned certificates in cryptographic processes involving the host systems.

Abstract: Methods and systems for securing customer data in a multi-tenant database environment are described. A key identifier received from a security server may be stored by an application server. The key identifier may be associated with a private key that is accessible by the security server and not accessible by the application server. A request to derive a symmetric key may be transmitted from the application server to the security server, the request including a public key generated by the application server, a salt value, and the key identifier. The symmetric key may then be derived based on the transmitted public key and the private key using a key derivation function. The application server may then receive and store the symmetric key in an in-memory cache, and be used to securely encrypt data received by the application server from client devices.

Abstract: Embodiments herein relate to a method performed by a network node 110 of a wireless communication network 100 for communicating at an unlicensed frequency spectrum with a wireless device 121 having a device identity. The network node 110 sends an access grant to the wireless device according to the device identity, granting the wireless device access to an uplink communication channel of the unlicensed frequency spectrum. The network node also receives data from the wireless device 121, on the granted uplink communication channel, the data comprising information on the identity of the wireless device 121, thus enabling the network node 110 to detect whether the wireless device that was granted access on the uplink communication channel is the same wireless device as the wireless device from which the data comprising the information on the uplink communication channel was subsequently received. Embodiments of the network node 110 are also described.

Abstract: Techniques for computer security, and more specifically timestamp-based key generation techniques, are described. Some implementations provide a table of key generation processes that is shared as a secret between a first computing system and a second computing system, both of which have synchronized clocks. Both computing systems use the same technique for selecting a key generation process from the table, such as based on a random number generator seeded with a timestamp. Since the computing systems have synchronized clocks, they both select and use the same key generation process, thereby generating the same encryption key without the need to communicate the key from one system to another. Furthermore, both computing systems may synchronize their clocks to a private time server that maintains a clock that runs faster or slower than standard time.

Abstract: A message management service allows a user to access and manage messages from various message services. The user can access the message management service using a message management client application executing on a client device and can draft messages using the message management client application and send the messages through the different message services. The message management service can add information to messages sent using the message management client application that can be used to identify and organize the messages. A secure sent-message identifier can be added to messages sent by the message management service to reliably indicate that the messages were sent by the message management service.

Abstract: A method including determining, by a user device, an assigned key pair including an assigned public key and an associated assigned private key; determining, for content to be encrypted, an access key pair including an access public key and an associated access private key; encrypting the access private key by utilizing the assigned public key; encrypting a randomly generated key by utilizing the access public key; and encrypting content utilizing the randomly generated key. Various other aspects are contemplated.

Abstract: A mobile device securely communicates with an electronic device within an automobile. The mobile device transmits encrypted spatial state information and the electronic device provides commands to the automobile in response. Spatial state information may include location, motion, or the like. Commands to the automobile may include door unlock commands, remote start commands, horn honk commands, or the like.

Abstract: Systems and techniques for securing vehicle privacy in a driving infrastructure are described herein. A vehicle may contact a group identification (ID) issuer to register itself. A group ID may be received from the group ID issuer to indicate acceptance as a member. The vehicle may then contact the driving infrastructure to attach to the driving infrastructure using the group ID to identify the vehicle. In response, the vehicle receives an attachment ID from the driving infrastructure. Here, the attachment ID is used to secure communications between the vehicle and the driving infrastructure.

Abstract: Technologies for providing secure utilization of tenant keys include a compute device. The compute device includes circuitry configured to obtain a tenant key. The circuitry is also configured to receive encrypted data associated with a tenant. The encrypted data defines an encrypted image that is executable by the compute device to perform a workload on behalf of the tenant in a virtualized environment. Further, the circuitry is configured to utilize the tenant key to decrypt the encrypted data and execute the workload without exposing the tenant key to a memory that is accessible to another workload associated with another tenant.

Abstract: A computing device (e.g., an FPGA or integrated circuit) processes an incoming packet comprising data to compute a Galois hash. The computing device includes a plurality of circuits, each circuit providing a respective result used to determine the Galois hash, and each circuit including: a first multiplier configured to receive a portion of the data; a first exclusive-OR gate configured to receive an output of the first multiplier as a first input, and to provide the respective result; and a second multiplier configured to receive an output of the first exclusive-OR gate, wherein the first exclusive-OR gate is further configured to receive an output of the second multiplier as a second input. In one embodiment, the computing device further comprises a second exclusive-OR gate configured to output the Galois hash, wherein each respective result is provided as an input to the second exclusive-OR gate.

Abstract: Encryption is enabled at a low load in a storage system. An encryption processing device 20 uses, as an expectation value for key validation, a value that is uniquely identified from a storage location address of encrypted text data in a storage drive. The encryption processing device 20 encrypts the expectation value and plain text data, respectively, using a same encryption key, substitutes a DIF according to the encrypted text data obtained by encrypting the plain text data, and stores the encrypted expectation value in the substituted DIF. Upon receiving a read request of the encrypted text data, the encryption processing device 20 decrypts the encrypted expectation value stored in the substituted DIF using a decryption key, and validates whether the encryption key and the decryption key are properly corresponding by comparing the decrypted expectation value and the expectation value identified from the address at the time of reading.

Abstract: The disclosed embodiments are related to securely updating a semiconductor device and in particular to a key management system. In one embodiment, a method is disclosed comprising storing a plurality of activation codes, each of the activation codes associated with a respective unique identifier (UID) of semiconductor device; receiving, over a network, a request to generate a new storage root key (SRK), the request including a response code and a requested UID; identifying a selected activation code from the plurality of activation codes based on the requested UID; generating the SHRSRK value using the response code and the selected activation code; associating the SHRSRK value with the requested UID and storing the SHRSRK value; and returning an acknowledgement in response to the request.

Abstract: Random number generators include a thermal optical source and detector configured to produce random numbers based on quantum-optical intensity fluctuations. An optical flux is detected, and signals proportional to optical intensity and a delayed optical intensity are combined. The combined signals can be electrical signals or optical signals, and the optical source is selected so as to have low coherence over a predetermined range of delay times. Balanced optical detectors can be used to reduce common mode noise, and in some examples, the optical flux is directed to only one of a pair of balanced detectors.

Abstract: Methods, apparatus, systems and articles of manufacture manage credentials in hyper-converged infrastructure s are disclosed. An example method includes establishing, by executing an instruction with at least one processor, a communication between a software defined data center manager of the hyper-converged infrastructure and a component of the hyper-converged infrastructure using first credentials included in a known hosts file. The example method also includes generating, by executing an instruction with the at least one processor, second credentials at the component in response to a power-on event detected by the software defined data center manager. The example method also includes recording, by executing an instruction with the at least one processor, the second credentials at the known host file.

Abstract: Techniques for computer security, and more specifically timestamp-based key generation techniques, are described. Some implementations provide a table of key generation processes that is shared as a secret between a first computing system and a second computing system, both of which have two clocks. The first clock is a real-time clock and the second clock is a variable-time clock. The variable time clocks are synchronized and run at the same rate, faster or slower than real time. Both computing systems use the same technique for selecting a key generation process from the table, such as based on a random number generator seeded with a timestamp obtained from their variable time clocks. Since the computing systems have synchronized variable-time clocks, they both select and use the same key generation process, thereby generating the same encryption key without the need to communicate the key from one system to another.

Abstract: Systems and methods are disclosed for preventing tampering of a programmable integrated circuit device. Generally, programmable devices, such as FPGAs, have two stages of operation; a configuration stage and a user mode stage. To prevent tampering and/or reverse engineering of a programmable device, various anti-tampering techniques may be employed during either stage of operation to disable the device and/or erase sensitive information stored on the device once tampering is suspected. One type of tampering involves bombarding the device with a number of false configuration attempts in order to decipher encrypted data. By utilizing a dirty bit and a sticky error counter, the device can keep track of the number of failed configuration attempts that have occurred and initiate anti-tampering operations when tampering is suspected while the device is still in the configuration stage of operation.

Abstract: There is provided an encryption device to ensure strong security without using a random number in a white-box model. The encryption device includes: an encryption part configured to encrypt an input value using a black-box model in which input/output values are able to be recognized from the outside and an intermediate value is not able to be recognized from the outside; and a key generation part configured to encrypt the input value to the encryption part to generate a cryptographic key of the encryption part using a white-box model in which the input/output value and the intermediate value are able to be recognized from the outside.

Abstract: Methods and apparatus for protecting a physical unclonable function (PUF) generator are disclosed. In one example, a PUF generator is disclosed. The PUF generator includes a PUF cell array, a PUF control circuit and a reset circuit. The PUF cell array comprises a plurality of bit cells. Each of the plurality of bit cells is configurable into at least two different stable states. The PUF control circuit is coupled to the PUF cell array and is configured to access each of the plurality of bit cells to determine one of the at least two different stable states upon a power-up of the plurality of bit cells, and generate a PUF signature based on the determined stable states of the plurality of bit cells. The reset circuit is coupled to the PUF cell array and is configured to set the plurality of bit cells to represent their initialization data based on an indication of a voltage tempering event of a supply voltage of the PUF cell array.

Abstract: A device for compressing subject data. the device comprises a communication link, the communication link capable of receiving a set of subject data; a compression module, the compression module configured to apply a compression algorithm to the set of subject data, the compression algorithm compressing the set of subject data using a reference string of subject data; and a transmission module, the transmission module configured to transmit the compressed subject data. The device further comprising an encryption module for encrypting the subject data.

Abstract: A method for auditing an advertisement impression in which a first advertisement was presented in conjunction with first media content is disclosed. The method generally comprises transmitting to a plurality of second computing devices a plurality of randomly generated first cryptographic proofs; receiving, a first message from a second computing device indicating that the first advertisement was presented in conjunction with the first media content; and evaluating the first targeting model for the first advertisement based on the at least one media content classifier.

Abstract: A request is received for specific information that can be determined using data in a database on a first computer system. Either at least some of the data is encrypted or the request is encrypted. The first computer system does not have a decryption key to decrypt the encrypted data or request. The first computer system performs compressible HE operations on the data to determine compressed ciphertext(s) that correspond to the specific information. The operations include using a first uncompressed HE scheme and a second compressed HE scheme. The first HE scheme is used on the data to create other multiple ciphertexts and the second HE scheme is used on the other multiple ciphertexts to pack the other multiple ciphertexts into fewer ciphertexts that are compressed. Both the HE schemes use a same secret key. The first computer system sends a response including compressed ciphertext(s) corresponding to the specific information.

Abstract: The disclosed technology relates to broadcasting encrypted data to multiple receiver devices, where some receiver devices have long-term access to the encrypted data and some receiver devices have a temporary access to the encrypted data. Receivers having long-term access are part of a “member group” because these member group devices have a master key and the master key enables the member group devices to derive the necessary information to decrypt the encrypted broadcast. In contrast, devices with temporary access possess only a guest key and not master key, without a master key the devices need to receive the guest key from another device to decrypt the broadcast. Access to the encrypted stream can also be based on broadcasting multiple or single diversifiers, where a diversifier can include group identification information to assist in restricting access to the encrypted stream.

Abstract: Systems, apparatuses, methods, and computer-readable media are provided for reducing or eliminating cryptographic waste for link protection in computer buses. In various embodiments, data packets are encrypted/decrypted in accordance with advanced encryption standard (AES) Galois counter mode (GCM) encryption/decryption. Monotonically increased counter values are used as initialization vectors; and/or accumulated MAC is practiced to reduce or eliminate cryptographic waste. Other related aspects are also described and/or claimed.

Abstract: This application relates to the field of space communications technologies, and provides an acquisition, pointing, and tracking (APT) subsystem and a spacecraft communications system. The APT subsystem includes a first controller, a first terahertz transceiver, and a terahertz antenna array that are sequentially connected, where the first terahertz transceiver is configured to modulate and demodulate a terahertz wave; the terahertz antenna array is configured to send and receive the terahertz wave; and the first controller is configured to control the first terahertz transceiver to acquire, point, and track another APT subsystem by using the terahertz antenna array.

Abstract: Sorting an array consisting of large number of elements. The present invention provides an apparatus for executing a multiway merging process which generates one output sequence from N input sequences on an array consisting of a large number of elements. The apparatus includes: an execution unit configured to execute the multiway merging process on N input sequences without rearranging the elements based on a plurality of input sequences; and a generation unit configured to rearrange the elements constituting the input sequences according to an output sequence that has been generated by the multiway merging process in the execution unit so as to generate a sorted array of elements.

Abstract: The physically unclonable function device (DIS) comprises a set of MOS transistors (TR1i, TR2j) mounted in diodes having a random distribution of respective threshold voltages, and comprising N first transistors and at least one second transistor. At least one output node of the function is capable of delivering a signal, the level of which depends on the comparison between a current obtained using a current circulating in the at least one second transistor and a current obtained using a reference current that is equal or substantially equal to the average of the currents circulating in the N first transistors. A first means (FM1i) is configured to impose on each first transistor a respective fixed gate voltage regardless of the value of the current circulating in the first transistor, and a second means (SM2j) is configured to impose a respective fixed gate voltage on each second transistor regardless of the value of the current circulating in the second transistor.

Abstract: According to an example aspect of the present invention, there is provided an apparatus comprising at least one processing core, at least one memory including computer program code, the at least one memory and the computer program code being configured to, with the at least one processing core, cause the apparatus at least to receive from a pressure sensor matrix data describing a time-varying pressure interaction of the pressure sensor matrix with a second pressure sensor matrix, process the data to obtain a bit sequence, and use the bit sequence as a shared secret in a cryptographic procedure with a device.

Abstract: A secure cartridge-based storage system includes a set of read/write control electronics on a control board adapted to removably couple with each of a plurality of storage cartridges. For each individual storage cartridge, the read/write electronics are adapted to retrieve a unique device identifier from the storage cartridge; retrieve an encryption key stored on the control board in association with the unique device identifier; and utilize the encryption key to encrypt or decrypt data that is in transit to or from a target storage location on the storage media.

Abstract: A control circuit configured to associate a plurality of memory with an error correction scheme. The control circuit including an internal operation circuit configured to generate an internal command based on an access unit of the plurality of memory. The control circuit including a storage circuit configured to store information on the access unit of the plurality of memory.

Abstract: A system and method for the generation of composite private keys are provided. First and second bitstreams are retrieved from an addressable cryptographic table by deriving addresses in the addressable cryptographic table from an initial instruction, accessing first and second bit values stored at addresses belonging to the derived addresses in the addressable cryptographic table, and outputting the first bit values as the first bitstream and the second bit values as the second bitstream. The first bitstream is concatenated with data from the first bitstream to form a data stream having a desired length and the second bitstream is concatenated with data from the second bitstream to form a selector stream having the desired length. A first composite encryption key having a length longer than the first and second bitstreams is formed by selecting values of the data stream identified by corresponding bit values of the selector stream.

Abstract: A security test logic system can include a non-transitory memory configured to store measurements from a measurement apparatus, the measurement outputs comprising indications of presence or absence of coincidences where particles are detected at more than one detector at substantially the same time, the detectors being at the end of different channels from a particle source and having substantially the same length. The system can include a processor configured to compute a test statistic from the stored measurements. The test statistic may express a Bell inequality, and the system can compare the test statistic with a threshold. The processor can be configured to generate and output a certificate certifying that the measurements are from a quantum system if the value of the computed test statistic passes the threshold.

Abstract: A fuzzy extractor includes an initial key generating part including a true random number generator, and a key regenerating part. The true random number generator generates a true random number using a read-out signal read from the reading part or a pixel signal read from the pixels of the pixel part in a true random number generation mode. The initial key generating part generates helper data and an initial key based on the true random number generated by the true random number generator and variation information acquired as a response when the initial key is generated. The key regenerating part generates, when a key is regenerated, a unique key based on helper data acquired when the initial key is generated and variation information acquired as a response including an error when the key is regenerated.

Abstract: A method for controlling access to a chip includes obtaining first values of a first physically unclonable function of the chip, obtaining second values that correspond to at least one challenge word, performing a simulation based on the first values and the second values, and generating an authentication result for the chip based on results of the simulation. The simulation may generate responses to logical operations corresponding to combinatorial logic in the chip, and the logical operations may be performed based on a predetermined sequence of the first values and the second values. The chip may be authenticated based on a match between the responses generated by the simulation and a second physically unclonable function of the chip.

Abstract: System, methods, and other embodiments described herein relate to improving security of protected values in a memory. In one embodiment, a method includes, in response to receiving a write request indicating at least an item and a write value to write into the memory, determining whether a protected items list (PIL) indicates that the item is protected. The method includes replacing the write value of the write request with a protected value from the PIL that corresponds with the item when the item is listed in the PIL as being protected. The method further includes executing the write request to the memory.

Abstract: A method for operating a first vehicle-side terminal is provided, wherein the first vehicle-side terminal determines at least one symmetric group key that is assigned to the group of terminals, encrypts the at least one symmetric group key with a public asymmetric individual key that is assigned to a second vehicle-side terminal or with a symmetric pair key that is assigned to the second vehicle-side terminal, transmits the encrypted symmetric group key in the direction of the second vehicle-side terminal, receives an encrypted message from the second vehicle-side terminal, and decrypts the encrypted message depending on the symmetric group key.

Abstract: A system may include a traffic interception module configured to intercept network traffic of a host device. A traffic virtualization module may be configured to generate a virtual file on the host device containing the intercepted network traffic. A security system interface module may be configured to provide the virtual file to a secure digital security system over a virtualized file interface coupling the host device to the secure digital security system, and to receive instructions to allow or to deny the network traffic from the secure digital security system over the virtualized file interface. A traffic access management module may be configured to allow or to deny the network traffic based on the instructions.

Abstract: The present disclosure provides a fluid-optical encryption system and a method thereof. The fluid-optical encryption system uses a fluid surface that changes topology over time to modulate the wave front of an electromagnetic signal in an encryption, decryption, authentication or other communication system. The electromagnetic signal can be pulsed or continuous, coherent or non-coherent, and can be optical or in another wavelength range such as micrometer or infrared. The information carrying signal is either transmitted through the fluid system or reflected off the surface of the fluid system. The fluid system time dependent change can be induced by mechanical vibration in the fluid container, distorting the fluid container, acoustic waves through the fluid, or by surface tension changes at the boundary of the fluid cause by electrowetting or electrostatic effects. The fluid surface can exhibit patterns that oscillate or change periodically, or change in a chaotic manner.

Abstract: An example intermediary system allows an owner computer system to securely identify and communicate with an end device. The end device uses master secret and time data shared with the owner computer system to generate and advertise a time-dependent device identifier and potentially an encrypted device message. The intermediary system augments the received device data with a message (e.g., an estimate of the device's location) encrypted using the time-dependent device identifier as an encryption key. Furthermore, it hashes the time-dependent device identifier for additional security. The augmented data is forwarded to a server for retrieval and processing by the owner computer system. The owner uses the shared master secret, time data and hash function to generate a hashed time-dependent device identifier used to retrieve matching augmented data from the server. The retrieved message data is decrypted using the reverse of the encryption operations.

Abstract: Embodiments of content management systems that utilize encryption are disclosed. An object management module of a content management system is adapted to encrypt an object using a data key that is generated based on the content. The data key is encrypted using a tenant key associated with a tenant of the system. The encrypted object is stored in an object store, and a storage record for the stored encrypted object is stored in a data store, along with the encrypted data key and a tenant key identifier.

Abstract: Measurement of entangled photon quantum wavefunction properties is vital for studying the fundamentals of entanglement and for future applications in quantum communications, quantum metrology, quantum sensing and imaging. Despite its importance, measuring the wavefunction is difficult, particularly in pulsed and other systems with system features and wavefunctions changing in space and time. This invention uses ghost imaging techniques to directly measure the entangled photon wavefunction of pulsed origin temporal and polarization entangled photons. The invention may be used to improve wavefunction quality after propagation through turbulent or scattering media.

Abstract: Concepts and technologies are described herein for sharing encrypted data with enhanced security. In some configurations, an encryption key is generated from a password by the use of a password-based key generation technology. In addition, input data is encrypted using the encryption key. The encrypted data and the generated key may be then shared with a remote computer, such as a server. The encrypted data can then be decrypted at the remote computer by the use of the key. By the use of the technologies described herein, the contents of an encrypted file may be accessed at a remote computer without requiring a user to share the actual password.

Abstract: Disclosed are an electronic apparatus, a server, and a method of controlling the same, the server including: a communicator configured to connect with an electronic apparatus and an external server; and a processor configured to: generate first encrypted information by encrypting first decryption information received from the electronic apparatus, the first decryption information for reproducing content, control the communicator to transmit, to the external server, the generated first encrypted information, generate second decryption information by decrypting second encrypted information received from the external server, the second encrypted information generated based on the first decryption information, and control the communicator transmit the generated second decryption information to the electronic apparatus to scramble the content by a scrambler of the electronic apparatus.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed for efficient media indexing. An example method disclosed herein includes selecting a first hash seed value based on a first entropy value calculated for a first bucket distribution resulting from use of the first hash seed value to store data in a first hash table, selecting a second hash seed value to be used in combination with the first hash seed value based on a second entropy value calculated on a second bucket distribution resulting from use of the first hash seed value in combination with the second hash seed value, and storing data in the first hash table based on the first hash seed value and a second hash table based on the second hash seed value.

Abstract: The present invention provides methods and apparatuses for computer system security. According to certain aspects, embodiments of the invention comprise a portable storage device that, when attached, “unlocks” a computer system, such as a desktop, laptop, tablet computer running a conventional operating system such as Windows, thereby creating added security. More particularly, embodiments of the invention use a standard USB memory stick as an “ignition key” to unlock and operate a PC, tablet or other computer system. The ignition key can be required to boot the computer, utilize peripheral devices, ports, network connections, a keyboard and/or a mouse of the computer system, and limit access to certain parts of computer. According to further aspects, in these and other embodiments, the invention is implemented using a modified BIOS that prevents a computer from fully booting into an operational state until verifying the presence of, and information stored on the “ignition key” connected to the computer.

Abstract: A computing device includes an array of addressable elements. Each addressable element is a hardware element that generates a substantially consistent response when interrogated. The device includes a processor coupled to the array of addressable elements and configured to communicate using a communication network. The processor receives a public key, and processes the public key to produce at least a set of addresses. Each address in the set of addresses identifies one or more hardware elements in the array of addressable elements. The processor generates a set of responses by interrogating the one or more hardware elements in the array of addressable elements identified by the set of addresses according to a set of reading instructions, appends the responses in the set of responses to generate a private key, receives an encrypted message and decrypts the encrypted message using the private key to generate an unencrypted message.