Abstract: A processor of a remote crypto cluster (RCC) may receive a public key from a client device through at least one network. The processor of the RCC may obtain an encrypted specific key and a blinded project key from at least one data source through the at least one network. The processor of the RCC may derive a derived key in blind based on the encrypted specific key and the blinded project key. The processor of the RCC may send the derived key in blind to the client device.

Abstract: A processor of a remote crypto cluster (RCC) may receive a public key from a client device through at least one network. The processor of the RCC may obtain an encrypted specific key and a blinded project key from at least one data source through the at least one network. The processor of the RCC may derive a derived key in blind based on the encrypted specific key and the blinded project key.

Abstract: A processor of a remote crypto cluster (RCC) may obtain an encrypted specific key from at least one data source through at least one network. The processor of the RCC may derive intermediate data in blind based on the encrypted specific key. The intermediate data may include information from which a derived key is derived. The processor of the RCC may send the intermediate data in blind to a client device.

Abstract: A processor of a remote crypto cluster (RCC) may obtain an encrypted specific key from at least one data source through at least one network. The processor of the RCC may derive intermediate data in blind based on the encrypted specific key. The intermediate data may include information from which a derived key is derived. The processor of the RCC may send the intermediate data in blind to a client device.

Abstract: The present invention discloses methods and devices for securing keys when key-management processes are subverted by an adversary. Methods include the steps of: upon receiving a creation request in the computing-environment, creating a secure key in at least one location in a computing environment by repetitively computing respective secure-key contributions: in at least one location; and in a set of N computing resources in the computing environment, wherein N is a non-negative integer; and applying the respective secure-key contributions to change a secure-key value, wherein: the respective secure-key contributions cannot be omitted or modified by at least one location; and the secure key is never revealed to the computing resources; thereby enabling the computing resources in the computing environment to ensure that the secure key is truly random; wherein at least one location is a region of memory located in a computing resource operationally connected to the computing-environment.

Abstract: The present invention discloses methods and devices for securing keys when key-management processes are subverted by an adversary. Methods include the steps of: upon receiving a creation request in the computing-environment, creating a secure key in at least one location in a computing environment by repetitively computing respective secure-key contributions: in at least one location; and in a set of N computing resources in the computing environment, wherein N is a non-negative integer; and applying the respective secure-key contributions to change a secure-key value, wherein: the respective secure-key contributions cannot be omitted or modified by at least one location; and the secure key is never revealed to the computing resources; thereby enabling the computing resources in the computing environment to ensure that the secure key is truly random; wherein at least one location is a region of memory located in a computing resource operationally connected to the computing-environment.