Abstract: The arrangements of the present disclosure relate to systems, apparatuses, methods, and non-transitory computer-readable media for authenticating a participant associated with a first device by a second device, including generating, by the second device, a random number, determining, by the second device, a first Random Identifier (RID) using an ID of the first participant associated with the first device, the random number, and a key, sending, by the second device to the first device, the random number in response to a request received by the second device from the first device, receiving, by the second device from the first device, a second RID, and at least one of identifying or authenticating, by the second device, the first participant using the second RID for the request.

Abstract: The arrangements disclosed herein relate to systems, apparatus, methods, and non-transitory computer readable media for determining to erase a plurality of ciphertext blocks stored in a memory device, in response to determining to erase the plurality of ciphertext blocks, performing a cryptographic erasure of the plurality of ciphertext blocks. The cryptographic erasure includes encrypting each of the plurality of ciphertext blocks with a random key and destroying the random key in response to encrypting each of the plurality of ciphertext blocks.

Abstract: The arrangements disclosed herein relate to systems, apparatus, methods, and non-transitory computer readable media for splitting Application Security Parameters (ASP) of an application into a first number of splits, the first number of splits is identified by an Application Identifier (AID) of the application, storing each of the first number of splits and the AID in a respective one of a plurality of secure storages, retrieving a second number of splits from the plurality of secure storages using the AID, and determining the ASP by reassembling the second number of splits, wherein the application is configured to be launched or updated using the ASP.

Abstract: The present disclosure is directed to systems, methods, and non-transitory computer-readable media for generating a first signature on a first certificate of the plurality of certificates using a first digital signature generation algorithm based on a first private key. The first signature is validated by a relying party device using a first public key in certificate chain validation. The first public key and the first private key form a first public/private key pair. A second signature is generated on a second certificate of the plurality of certificates using a second digital signature generation algorithm based on a second private key. The second signature is validated by the relying party device using a second public key in the certificate chain validation. The second public key and the second private key form a second public/private key pair. The relying party device uses a third public key in the second certificate to verify a third signature on signed data.

Abstract: The arrangements disclosed herein relate to systems, apparatus, methods, and non-transitory computer readable media for recovering a first key by decrypting encrypted key using a master key, determining a first seed using the first key and a first Identifier (ID) identifying a first device, determining a second seed using the first key and a second ID identifying a second device; and distributing the first seed and the second seed to each of the first device or the second device. Each of the first device or the second device generates a data key using a key derivation function based on the first seed and the second seed. Each of the first device or the second device encrypts or decrypts data using the data key.

Abstract: The arrangements disclosed herein relate to systems, apparatus, methods, and non-transitory computer readable media for a network of plurality of roving cryptography devices. Each of the plurality of roving cryptography devices includes a locomotion system configured to move each of the plurality of roving cryptography devices to a respective one of a plurality of locations of the plurality of roving cryptography devices, a network interface circuit configured to provide wireless communication services to a user device of a plurality of user devices through a network of the plurality of roving cryptography devices, and a cryptography service system configured to provide cryptographic material to the user device. The plurality of roving cryptography devices at the plurality of locations form the network for providing the wireless communication services and the cryptographic materials to the plurality of user devices.

Abstract: Systems and methods for protecting user data received by, stored on, and/or requested by third-party computing devices include a data entry computing system on a first network node. A data entry computing system can include a processing circuit that can identify user-entered data as sensitive user data, generate a content encryption key (CEK), generate encrypted user data by encrypting the sensitive user data with the CEK, tag the encrypted user data and the CEK with a tag readable by a database server on a network node different than the data entry computing system, the tag comprising information indicative of the encrypted user data, and transmit the encrypted user data to the database server, wherein the database server excludes a private key of a key manager on a network node different than the data entry computing system.

Abstract: A biometric electronic signature authenticated key exchange (“BESAKE”) token processing system. The system includes a storage location having a plurality of biometric reference templates. The system further includes an authentication computing system having a processor and instructions. The instructions configured to cause the authentication computing system to receive a signing party identifier and the BESAKE token from a signing party. The BESAKE token having a biometric sample encrypted using an encryption key. The instructions further configured to generate a decryption key and decrypt the encrypted biometric sample from the BESAKE token. The instructions further configured to match the biometric sample with a biometric reference template and transmit to a biometric service provider computing system a match request. The instructions further configured to determine a signing party identity via a binary match value.

Abstract: The arrangements disclosed herein relate to generating, by a first device, an authentication code for each of portions of a first message by running each of the portions of the first message through a cryptographic function with a cryptographic key. The first device generates a plurality of valid chunks, each including one of the plurality of portions of the first message and the corresponding authentication code. The first device generates using a Quantum Random Number Generator (QRNG) a random number for each portion of a second message. The first device generates invalid chunks, each invalid chunk includes one of the portions of the second message and the corresponding random number. The first device sends to the second device chaff including the invalid chunks interleaved with the valid chunks.

Abstract: The arrangements disclosed herein relate to systems, apparatus, methods, and non-transitory computer readable media for determining, based on at least one cryptographic attribute, that information on a site is a first cryptographic key, and sending an alert that at least one of the first cryptographic key or a second cryptographic key corresponding to the first cryptographic key is compromised.

Abstract: The arrangements disclosed herein relate to systems, apparatus, methods, and non-transitory computer readable media for receiving, by a server from a first device via a quantum channel, first verification information associated with a user of the first device. The server determines that the first verification information fails to verify against second verification information. In response to determining that the first verification information fails to verify against second verification information, the server stores the first verification information. In response to receiving, by the server from a second device, the first verification information and device information of the second device, the server flags the device information of the second device as a potential origin of fraud.

Abstract: The arrangements of the present disclosure relate to systems, methods, and non-transitory computer-readable media for receiving, from a first computing system, coefficient information comprising coefficients of a polynomial series determined based on an analytical function, wherein the analytical function represents a cryptographic material, determining the analytical function using the coefficient information, determining the cryptographic material using the analytical function, and performing a cryptographic operation using the cryptographic material.

Abstract: The present disclosure is directed to systems, methods, and non-transitory computer-readable media for adding a first Public Itemization of Public Key Infrastructure Nodes (PIPKIN) object to a blockchain, the first PIPKIN object comprises first hierarchy information of at least one first certificate chain of a first Public Key Infrastructure (PKI), and adding a second PIPKIN object to the blockchain, the second PIPKIN object comprises second hierarchy information of at least one second certificate chain of a second PKI.

Abstract: The methods and system allow for the generation of a signcrypted biometric electronic signature token using a subsequent biometric sample after an enrollment of a biometric reference value in a biometric system. The signcrypted biometric electronic signature token involves simultaneous encryption and digital signature to protect the confidentiality. The system as described herein provides data integrity, origin authentication, and efficiency by performing encryption and digital signature simultaneously. The process allows a signcrypting party to enroll in a biometric service, sign a piece of data or content using a public key, that may be tied to a trusted anchor certificate authority, and submit a biometric sample. Subsequently, the relying party may validate the information on that piece of data or content to confirm the identity of the signcrypting party.

Abstract: The arrangements disclosed herein relate to systems, apparatus, methods, and non-transitory computer readable media for determining to erase a plurality of ciphertext blocks stored in a memory device, in response to determining to erase the plurality of ciphertext blocks, performing a cryptographic erasure of the plurality of ciphertext blocks. The cryptographic erasure includes encrypting each of the plurality of ciphertext blocks with a random key and destroying the random key in response to encrypting each of the plurality of ciphertext blocks.

Abstract: In a system, computer-readable media and methods for secure ledger assurance tokenization (SLAT), a block content of a first blockchain is audited, which includes accessing, by a request circuit of a SLAT computing system, a retrievably stored cross-reference content and generating an audit result. Generating an audit result includes evaluating, by a SLAT circuit of the SLAT computing system, the cross-reference content such that the audit result is informed at least by the cross-reference content. The audit result is included in a secure ledger assurance token generated by a SLAT generation circuit of the SLAT computing system and stored relationally to the block content of the first blockchain.

Abstract: A method includes receiving a first user request to access or modify a first application, the first user request including a first object identifier (OID), the first OID identifying a first role of the first user. The method further includes determining whether the first OID is equivalent to a first application-specific role, and in response to determining that the first OID is equivalent to the first application-specific role, authorizing the first user request.

Abstract: A method includes receiving an event, the event associated with a digital signature in a first time-based message comprising a first trusted time stamp token generated using a first hash of digitally signed content from a trusted timing authority; generating a first block on a distributed ledger; generating a second hash of the first trusted time stamp token; receiving a second trusted time stamp token from the trusted timing authority in response to transmitting the second hash to the trusted timing authority; and generating a second block on the distributed ledger; wherein verification of data integrity of the digitally signed content is provided via the first hash of the digitally signed content and second hash of the first trusted time stamp token and via the hash of the first block and a hash of the second block.

Abstract: The arrangements disclosed herein relate to systems, apparatus, methods, and non-transitory computer readable media for determining, by a browser, data cipher by encrypting data using a first encryption key, the first encryption key is generated using a first random number, a second random number, and a third random number. The browser sends to a server, the data cipher. The browser determines a key cipher by encrypting the third random number using a certificate of the server. The browser sends to the server the key cipher.

Abstract: In one arrangement, a method for a key management server to manage cryptographic key rotation comprises rotating, by the key management server, an initial symmetric key based on a first rotation schedule. Rotating the initial symmetric key comprises rotating bits of the initial symmetric key to create a rotated key, the rotated key being different from the initial symmetric key. The method further comprises enciphering, by the key management server using the rotated key, data sent to a first client server. In another arrangement, a method for a client server to manage cryptographic key rotation comprises rotating, by the client server, an initial symmetric key based on a schedule. The method further comprises deciphering, by the client server, data sent from a key management server using the rotated key and providing the deciphered data to a user.