Abstract: An example non-transitory computer-readable medium includes instructions that, when executed by a processor, cause the processor to receive a request for data. The instructions also cause the processor to determine a region containing the data based on the metadata. The instructions cause the processor to traverse a tree in the metadata to determine key generation information relating a decryption key for the region to a root key.

Abstract: Example embodiments relate to combining hashes of data blocks. The examples disclosed herein calculate a hash value for each data block in a sequence of data blocks. The hash values are combined into a combined value, where the combined value has the same sequence as the sequence of data blocks. A master hash value is then calculated for the combined value.

Abstract: Example implementations relate to attestation. For example, in an implementation, a target device attestation request is transmitted to a target device, where the target device attestation request includes an identity-based encryption (IBE) ciphertext and a retrieval index. The ciphertext is a nonce encrypted using a trusted platform module (TPM) public key together with an IBE public key. The TPM public key is retrieved from a TPM of the target device, and the IBE public key is an expected value presumed to be stored at the TPM.

Abstract: In one example in accordance with the present disclosure, a method may receiving a plaintext to be encrypted. The plaintext may include a first block, a second block and a third block. The method may include generating a preliminary ciphertext based on the first block and the second block and generating, using an encryption key, a first ciphertext using an encryption operation receiving the third block and the preliminary ciphertext as inputs. The method may also include generating, using the encryption key, a first finalized ciphertext using the encryption operation receiving the first block and the first ciphertext as inputs and generating, using the encryption key, a second finalized ciphertext using the encryption operation receiving the second block and the first finalized ciphertext as inputs.

Abstract: A blockchain includes blocks that each store a hash value computed using a hash function from data of the block. Another hash value is computed for each block using a different hash function, and added to the block within the blockchain. New blocks subsequently added to the blockchain have hash values computed using just the different hash function.

Abstract: An electronic device for management of cryptographic keys, and a corresponding method implemented in a computing device comprising a physical processor, transmit feature data of the device to a key generation module, wherein the feature data comprises information corresponding to an identifier or an attribute of the device, and receive, by the device from the key generation module, a digital signature of the transmitted feature data. The device installs the received digital signature as a cryptographic private key for communication, and performs a cryptographic operation using the installed digital signature as the cryptographic private key.

Abstract: There is provided an example memory system comprising a plurality of memory modules, each memory module comprising a persistent memory to store root key information and encrypted primary data; a volatile memory to store a working key for encrypting data, the encrypted primary data stored in the persistent memory being encrypted using the working key; and a control unit to provide load and store access to the primary data. The memory system further comprises a working key recovery mechanism to retrieve first root key information from a first module and second root key information from a second module; and compute the working key for a given module based on the retrieved first root key information and the retrieved second root key information.

Abstract: Examples set out herein provide a method comprising using first cryptographic key data specific to a computing device to verify a package of machine readable instructions to run on the computing device. The verified package may be executed to generate a random number using a true random number generator of the computing device, and to store the generated random number. Second cryptographic key data may be generated by a pseudorandom number generator of the computing device based on a seed comprising a combination of the random number as a first seed portion and a second seed portion. A portion of the second cryptographic key data may be sent to a certifying authority. The method may further comprising receiving a certification value based on the sent portion of the second cryptographic key data from the certifying authority and storing the certification value.

Abstract: The present disclosure relates to generating an identifier, an encrypted value that is an original value encrypted, and a Message Authentication Code (MAC) at a server device, and to generating a message including a message header and a message body, said message header including the identifier and the MAC, and said message body including the encrypted value, and said that the MAC key used to compute the message authentication code is included in the original value to be encrypted, and further relates to transmitting the message to a client device.

Abstract: A message to be signed and a base name point derived from a direct anonymous attestation (DAA) credential may be provided to a device. A signed version of the message and a public key value associated with the base name point may be received in response. Thereafter, the DAA credential may be determined to be valid based on the signed version of the message.

Abstract: An example method for managing data in accordance with aspects of the present disclosure includes receiving from a user in the computer network environment a policy about how a piece of data should be treated, an encryption of the piece of data, a signature of a cryptographic hash of the policy and a cryptographic key, requesting from a trust authority the cryptographic key to access the piece of data, transmitting an encryption of at least one share to the trust authority, wherein the at least one share is created by and received from the trust authority, receiving from the trust authority the cryptographic key, wherein the cryptographic key is recreated by a combiner using a subset of the at least one share, shares associated with the trust authority and shares associated with the combiner, and decrypting the encryption of the piece of data using the recreated cryptographic key.

Abstract: In an example, memory address encryption is facilitated for transactions between electronic circuits in a memory fabric. An electronic circuit may obtain a transaction integrity key and a transaction encryption key. The electronic circuit may encrypt an address using the transaction encryption key and a compute a truncated message authentication code (MAC) using the transaction integrity key.

Abstract: In some examples, a non-transitory machine readable storage medium has machine readable instructions to cause a computer processor to segment a datastream into a plurality of equal length blocks each of which has a fixed length, separately encrypt each equal length block using a first encryption key, swap a subset of bits of a first encrypted equal length block with a subset of bits of a second encrypted equal length block such that both of the blocks each have a length equal to the fixed length, and separately encrypt each block using a second encryption key.

Abstract: Implementations are directed, for example, to a method that includes receiving, at a data storage system from a client, a key search token that has not been used to encrypt data records or keywords associated with the data records. The key search token is independent of an encryption key used to encrypt the data records associated with the key search token. The method further includes determining an encrypted data record associated with the key search token, and transmitting the determined encrypted data record to the client. Implementations of the client are also provided.

Abstract: Utilizing error correction (ECC) for secure secret sharing includes computing an encrypted key using a key and a number of random values, computing, based on a first ECC scheme, a key ECC for the encrypted key and the random values, and storing a number of key fragments on a number of storage servers, the number of key fragments includes the encrypted key, the random values, and the key ECC.

Abstract: According to an example, key splitting may include utilizing a masked version of a master key that is masked by using a mask.

Abstract: In an example, transactions are secured between electronic circuits in a memory fabric. An electronic circuit may receive a transaction integrity key. The electronic circuit may compute a truncated message authentication code (MAC) using the received transaction integrity key and attach the truncated MAC to a security message header (SMH) of the transaction.

Abstract: Illumination system for a lithographic projection exposure step-and-scan apparatus comprising a light source, a pupil shaping unit, a field defining unit, a first lens array, a first slit array, a second lens array, a third lens array, a second slit array, a fourth lens array, a condenser lens, and a scanning drive unit sequentially arranged along the light beam propagation direction. The illumination system reduces requirements on lens processing, slit scanning speed, and slit scanning precision, therefore may be implemented more easily.

Abstract: Detecting a workflow termination. An object with embedded access control is sent to a next participant in a workflow, wherein the embedded access control is provided and enforced by placing a subset of access keys for individual content-parts into a unique key-map entry for each participant, wherein the object is a Publicly Posted Composite Document. A workflow termination is detected after failure to receive a confirmation token from the next participant after a specified condition is not met.

Abstract: Compliance to a policy about how to treat data in a computer network environment is ensured by checking that conditions in the policy are satisfied by the entity before access to the data is provided.