Abstract: The present disclosure is directed to systems, methods, and non-transitory computer-readable media including providing an attribute certificate to a Key Receiving Device (KRD). The attribute certificate indicates that the KRD is bound to a Key Dsitribution Host (KDH) for key distribution. A whitelist is provided to the KDH. The whitelist includes a list of at least one KRD bound to the KDH.

Abstract: The present disclosure is directed to systems, methods, and non-transitory computer-readable media including adding first block to a blockchain in response to signing first code by a first system and adding second block to the blockchain in response to signing second code by second system, the second code is different from the first code. The first block includes a first time indicator. The second block includes a second time indicator.

Abstract: Various embodiments relate to a method performed by a processor of a computing system. An example method includes generating a symmetric content encryption key. Content is encrypted using the content encryption key to generate cipher text. A hash of the cipher text is generated. Each of the hash and the content encryption key is signcrypted using each of a signcrypting party public key, a signcrypting party private key and a recipient public key to generate a signcrypted envelope message. The cipher text is embedded in a component of the signcrypted envelope message. The signcrypted envelope message is transmitted to a recipient. The recipient can unsigncrypt the signcrypted envelope message using each of the recipient public key, a recipient private key, and the signcrypting party public key to retrieve the content encryption key and hash of the cipher text. The recipient can decrypt the cipher text using the content encryption key.

Abstract: In one arrangement, a method for a key management server to manage cryptographic key rotation comprises rotating, by the key management server, an initial symmetric key based on a first rotation schedule. Rotating the initial symmetric key comprises rotating bits of the initial symmetric key to create a rotated key, the rotated key being different from the initial symmetric key. The method further comprises enciphering, by the key management server using the rotated key, data sent to a first client server. In another arrangement, a method for a client server to manage cryptographic key rotation comprises rotating, by the client server, an initial symmetric key based on a schedule. The method further comprises deciphering, by the client server, data sent from a key management server using the rotated key and providing the deciphered data to a user.

Abstract: Various arrangements relate to a method performed by a processor of a computing system. An example method includes hashing a first salted value to generate a first hashed salted value. The first salted value includes a first salt value and a value. A first tuple is generated. The first tuple includes the first hashed salted value and a first token. The first token is associated with the value. A first BAT message is generated. The first BAT message includes the first salt value. The first BAT message is associated with the first tuple. A second salted value is hashed to generate a second hashed salted value. The second salted value includes a second salt value and a value. A second tuple is generated. The second tuple includes the second hashed salted value and a second token. The second token is associated with the value. A second BAT message is generated.

Abstract: In one arrangement, a non-transitory computer readable media having computer-executable instructions embodied therein that, when executed by at least one processor of a computing system, cause the computing system to process an electronic transaction using a schema. The schema includes a first unique entity object identifier identifying a sender, a second unique entity object identifier identifying a receiver, and a first transaction object identifier identifying the transaction. The first transaction object identifier is located at a top level of a hierarchy of a plurality of transaction object identifiers. The schema further includes transaction information comprising the first unique entity object identifier, the second unique entity object identifier, and the unique transaction object identifier.

Abstract: Systems and methods for securely sharing and authenticating a last secret can include generating, by a cryptographic module on a first network node, a seed configured for deriving or recovering a last secret, the last secret providing access to a secure entity and being a last cryptographic element controlling access to the secure entity, creating, by the cryptographic module, an envelope for the seed, enveloping the seed by the envelope, and transmitting, by the cryptographic module, the seed to a computing system on a second node different than the first node, the computing system being configured to decrypt the envelope of the enveloped seed to recover the seed, and obtain the last secret based on the seed, where the cryptographic module is prevented from deriving the last secret.

Abstract: An example method includes accessing a first block of a first blockchain, the first block comprising first block content; generating an intermediate first block, the intermediate first block comprising the first block of the first blockchain; accessing a second block of the first blockchain, the second block comprising a first backward link comprising a hash of the first block of the first blockchain, and second block content; generating a first forward link comprising a hash of the second block of the first blockchain; generating a first prime block, the first prime block comprising the intermediate first block, and the first forward link; and digitally signing the first block using SignedData cryptographic message syntax to generate a first SignedData message, wherein digitally signing comprises binding the first forward link to the first SignedData message via an attribute of the first SignedData message.

Abstract: Systems, methods, and apparatuses of creating a repair token for a distributed ledger are provided. A method includes identifying an error in the distributed ledger via a computing system. The error is associated with a first block on the distributed ledger. The method further includes creating the repair token having content of the first block and a correction to the error via the computing system.

Abstract: Methods and systems are described for enhanced-security database encryption via cryptographic software, where key management is carried out, without exporting or exposing cleartext keys, using an independent key manager coupled to a cryptographic hardware security module (HSM).

Abstract: A method of generating a trusted chain code (“TCC”) message, comprising: receiving a smart contract whose execution causes a transfer of value in response to at least one of an occurrence of an event or a fulfillment of a condition, wherein the smart contract is digitally signed by a first entity private key and a second entity private key; generating a chain code comprising a hash of a chain code of the smart contract, the chain code corresponding to at least one of an occurrence of an event or a fulfillment of a condition of the smart contract; and posting the TCC message to a distributed ledger, wherein an execution of a portion of the chain code in response to at least one of the occurrence of the event or the fulfillment of the condition is validated against corresponding chain code in the chain code manifest.

Abstract: Systems and methods for securely sharing and authenticating a last secret can include generating, by a cryptographic module on a first network node, a seed configured for deriving or recovering a last secret, the last secret providing access to a secure entity and being a last cryptographic element controlling access to the secure entity, creating, by the cryptographic module, an envelope for the seed, enveloping the seed by the envelope, and transmitting, by the cryptographic module, the seed to a computing system on a second node different than the first node, the computing system being configured to decrypt the envelope of the enveloped seed to recover the seed, and obtain the last secret based on the seed, where the cryptographic module is prevented from deriving the last secret.

Abstract: Various embodiments relate to a method performed by a processor of a computing system. An example method includes generating a symmetric content encryption key. Content is encrypted using the content encryption key to generate cipher text. A hash of the cipher text is generated. Each of the hash and the content encryption key is signcrypted using each of a signcrypting party public key, a signcrypting party private key and a recipient public key to generate a signcrypted envelope message. The cipher text is embedded in a component of the signcrypted envelope message. The signcrypted envelope message is transmitted to a recipient. The recipient can unsigncrypt the signcrypted envelope message using each of the recipient public key, a recipient private key, and the signcrypting party public key to retrieve the content encryption key and hash of the cipher text. The recipient can decrypt the cipher text using the content encryption key.

Abstract: Examples described herein relate to systems, apparatuses, methods, and non-transitory computer-readable medium for recovering a session object associated with a secure session established by a security protocol server, including receiving, by a recovery server, an encrypted session object from the security protocol server, wherein the encrypted session object is unique to the secure session, generating, by the recovery server, a recovery key based on a first initial key and a recovery key sequence number, wherein the recovery key sequence number corresponds to a number of times that secure sessions have been established since the first initial key is received by the security protocol server, and decrypting, by the recovery server, the encrypted session object using the recovery key to generate the session object associated with the secure session.

Abstract: Systems and methods in accordance with present implementations can include decrypting, by one or more processors, a data packet using a session key to recover a decrypted data packet, the data packet comprising a data element encrypted with a first content-specific key associated with a shared secret, the data packet encrypted with the session key, and decrypting, by the one or more processors, the data element of the decrypted data packet using a second content-specific key corresponding to a data type of the data element, to recover a decrypted data element.

Abstract: A biometric electronic signature authenticated key exchange (“BESAKE”) token processing system. The system includes a storage location having a plurality of biometric reference templates. The system further includes an authentication computing system having a processor and instructions. The instructions configured to cause the authentication computing system to receive a signing party identifier and the BESAKE token from a signing party. The BESAKE token having a biometric sample encrypted using an encryption key. The instructions further configured to generate a decryption key and decrypt the encrypted biometric sample from the BESAKE token. The instructions further configured to match the biometric sample with a biometric reference template and transmit to a biometric service provider computing system a match request. The instructions further configured to determine a signing party identity via a binary match value.

Abstract: Systems, methods, and apparatuses of creating a repair token for a distributed ledger are provided. A method includes identifying an error in the distributed ledger via a computing system. The error is associated with a first block on the distributed ledger. The method further includes creating the repair token having content of the first block and a correction to the error via the computing system.

Abstract: A method for gesture-based multi-factor authentication includes mapping a gesture password to a first substitution string, generating a cryptographic key using the first substitution string as an input to a password authenticated key exchange protocol, encrypting a challenge response with the cryptographic key to generate an encrypted challenge response, and transmitting, to a relying party computing system, a first authentication message comprising the encrypted challenge response and a user identifier identifying a user.

Abstract: A method includes receiving an update biometric reference sample and a user identifier by a computing system and retrieving a previous biometric reference template record in a storage location based on the user identifier by the computing system. The previous biometric reference template record includes a previous biometric reference template generated using a previous biometric reference sample. The method further includes comparing the update biometric reference sample to the previous biometric reference template by the computing system and, responsive to determining that a biometric data type of the update biometric reference sample is different than that of the previous biometric reference template, generating an update biometric reference template by the computing system. The method further includes generating an update biometric reference template record by the computing system.

Abstract: A unique transaction key (Tk) is established amongst multiple entities using a common hardware security module (HSM) with a common HMAC key (HK) and transaction scheme name (T). The transaction key (Tk) can be used for various cryptographic functions (e.g. encryption, MAC, HMAC, key management) with one or more messages at the transaction or session level.