Abstract: There is provided a method for secure communications. The method includes a computing device receiving a notification comprising a message, a counter value, a signature signed by a signer and based on the message and the counter value, and an indication of the signer. The device obtains a current counter value based on an identity of the signer, checks the signature and compares the counter value with the current counter value; and, if the counter comparison and the signature checking is successful, accepting the message.

Abstract: A method is presented for secure communication, the method including generating a signature using a private key, a nonce, and at least one of an identifier and a key component; and transmitting the signature, the nonce, a security parameter, and the at least one of the identifier and the key component, wherein the security parameter associates a user identity with a public key, the public key being associated with the private key.

Abstract: There is provided a method for secure communications. The method includes a computing device receiving a notification comprising a message, a counter value, a signature signed by a signer and based on the message and the counter value, and an indication of the signer. The device obtains a current counter value based on an identity of the signer, checks the signature and compares the counter value with the current counter value; and, if the counter comparison and the signature checking is successful, accepting the message.

Abstract: There is provided a method for secure communications. The method includes a computing device receiving a notification comprising a message, a counter value, a signature signed by a signer and based on the message and the counter value, and an indication of the signer. The device obtains a current counter value based on an identity of the signer, checks the signature and compares the counter value with the current counter value; and, if the counter comparison and the signature checking is successful, accepting the message.

Abstract: Methods, systems, and computer programs for performing key agreement operations in a communication system are described. In some aspects, a wireless network operator accesses a secret key associated with a mobile device. A key derivation function (KDF) is evaluated based on the secret key to produce a key derivation key, and the KDF is evaluated based on the key derivation key to produce an output value. A session key and a challenge value are obtained based on the output value. In some aspects, the mobile device receives the challenge value and accesses a secret key. A KDF is evaluated based on the secret key to produce a key derivation key, and the KDF is evaluated based on the key derivation key to produce an output value. A response value and a session key are obtained based on the output value. The response value is transmitted to the wireless network operator.

Abstract: Methods, systems, and computer programs for performing key agreement operations in a communication system are described. In some aspects, a wireless network operator receives a mobile device identifier and accesses a secret key associated with the mobile device. A message authentication code function is evaluated based on the secret key to produce an output value. A session key and a challenge value are obtained based on the output value. In some aspects, a mobile device accesses a secret key in response to receiving the challenge value from the wireless network operator. A message authentication code function is evaluated based on the secret key to produce an output value. A response value and a session key are obtained based on the output value. The response value is transmitted to the wireless network operator.

Abstract: Methods, systems, and computer programs for performing key agreement operations in a communication system are described. In some aspects, a wireless network operator receives a mobile device identifier and accesses a secret key associated with the mobile device. A message authentication code function is evaluated based on the secret key to produce an output value. A session key and a challenge value are obtained based on the output value. In some aspects, a mobile device accesses a secret key in response to receiving the challenge value from the wireless network operator. A message authentication code function is evaluated based on the secret key to produce an output value. A response value and a session key are obtained based on the output value. The response value is transmitted to the wireless network operator.

Abstract: A shielding article is provided, for shielding a device enabled for proximity-based communications, for example, NFC-enabled devices. The shielding article comprises a shielding component configured to prevent operation of an antenna of the device used for conducting proximity-based communications, without preventing operation of at least one other antenna of the device when the shielding component is aligned with the antenna used for conducting proximity-based communications. The shielding article may be separate from, or included in an accessory or carrying article and may be fixed or detachably coupled thereto.

Abstract: A method is presented for secure communication, the method including generating a signature using a private key, a nonce, and at least one of an identifier and a key component; and transmitting the signature, the nonce, a security parameter, and the at least one of the identifier and the key component, wherein the security parameter associates a user identity with a public key, the public key being associated with the private key.

Abstract: A shielding article is provided, for shielding a device enabled for proximity-based communications, for example, NFC-enabled devices. The shielding article comprises a shielding component configured to prevent operation of an antenna of the device used for conducting proximity-based communications, without preventing operation of at least one other antenna of the device when the shielding component is aligned with the antenna used for conducting proximity-based communications. The shielding article may be separate from, or included in an accessory or carrying article and may be fixed or detachably coupled thereto.

Abstract: An efficient implementation of SHA-512, and similarly SHA-384, on an ARM processor. The implementation maximizes reuse of the register values between iterations so as to minimize the need to load these values from memory. This is achieved by categorizing the iterations into even and odd ones such that the sequence of computation in the even iteration is reversed in the odd iteration and the register values at the end of one iteration are consumed at the beginning of the following one.

Abstract: Execution of the Elliptic Curve Digital Signature Algorithm (ECDSA) requires determination of a signature, which determination involves arithmetic operations. Some of the arithmetic operations employ a long term cryptographic key. It is the execution of these arithmetic operations that can make the execution of the ECDSA vulnerable to a power analysis attack. In particular, an attacker using a power analysis attack may determine the long term cryptographic key. By modifying the sequence of operations involved in the determination of the signature and the inputs to those operations, power analysis attacks may no longer be applied to determine the long term cryptographic key.

Abstract: Execution of the ECMQV key agreement algorithm requires determination of an implicit signature, which determination involves arithmetic operations. Some of the arithmetic operations employ a long-term cryptographic key. It is the execution of these arithmetic operations that can make the execution of the ECMQV key agreement algorithm vulnerable to a power analysis attack. In particular, an attacker using a power analysis attack may determine the long-term cryptographic key. By modifying the sequence of operations involved in the determination of the implicit signature and the inputs to those operations, power analysis attacks may no longer be applied to determine the long-term cryptographic key.

Abstract: Methods, systems, and computer programs for performing key agreement operations in a communication system are described. In some aspects, a wireless network operator receives a mobile device identifier and accesses a secret key associated with the mobile device. A message authentication code function is evaluated based on the secret key to produce an output value. A session key and a challenge value are obtained based on the output value. In some aspects, a mobile device accesses a secret key in response to receiving the challenge value from the wireless network operator. A message authentication code function is evaluated based on the secret key to produce an output value. A response value and a session key are obtained based on the output value. The response value is transmitted to the wireless network operator.

Abstract: Methods, systems, and computer programs for performing key agreement operations in a communication system are described. In some aspects, a wireless network operator accesses a secret key associated with a mobile device. A key derivation function (KDF) is evaluated based on the secret key to produce a key derivation key, and the KDF is evaluated based on the key derivation key to produce an output value. A session key and a challenge value are obtained based on the output value. In some aspects, the mobile device receives the challenge value and accesses a secret key. A KDF is evaluated based on the secret key to produce a key derivation key, and the KDF is evaluated based on the key derivation key to produce an output value. A response value and a session key are obtained based on the output value. The response value is transmitted to the wireless network operator.

Abstract: When multiplicative splitting is used to hide a scalar in an Elliptic Curve scalar Multiplication ECSM operation, the associated modular division operation employs the known Almost Montgomery Inversion algorithm. By including dummy operations in some of the branches of the main iteration loop of the Almost Montgomery Inversion algorithm, all branches of the algorithm may be viewed, from the perspective of a Power Analysis-based attack, as equivalent and, accordingly, devoid of information useful in determining the value of the scalar, which may be a cryptographic private key.

Abstract: There are disclosed systems and methods for computing an exponentiatied message. In one embodiment blinding is maintained during the application of a Chinese Remainder Theorem (CRT) algorithm and then removed subsequent to the completion of the CRT algorithm. In another embodiment, fault injection attacks, such as the gcd attack, can be inhibited by applying and retaining blinding during the application of the CRT algorithm to yield a blinded exponentiation value, and then subsequently removing the blinding in a manner that causes an error injected into the CRT computation to cascade into the exponent of the value used to unblind the blinded exponentiated value.

Abstract: An Elliptic Curve scalar multiplication product involving a scalar and a base point is determined in a manner that acts as a countermeasure to side channel attacks. A key splitting strategy called Additive Splitting Using Division involves selecting a random integer and determining an integer quotient and a remainder by dividing the scalar by the random integer. The product may then be expressed as a sum of scalar multiplications, which may be evaluated using a combination of a fixed-sequence window method with the known Interleaving method. When the integer quotient and remainder are odd, major collisions may be avoided when determining the product. Accordingly, the random integer that determines whether the integer quotient and remainder are odd may be subject to some control.

Abstract: For an Elliptic Curve Scalar Multiplication (ECSM) operation to be performed on a scalar and a base point, a given previous set of parameters that was used to split the scalar for a previous ECSM operation and a selected random integer are used to determine a new set of parameters for splitting the scalar. By basing the new set of parameters on the previous set of parameters, repeated use of the scalar to determine key-splitting parameters is avoided and susceptibility to a Differential Power Analysis Side Channel attack is minimized.

Abstract: A public key for an Elliptic Curve Cryptosystem is generated in a manner that acts as a countermeasure to power analysis attacks. In particular, a known scalar multiplication method is enhanced by, in one aspect, performing a right shift on the private key. The fixed-sequence window method includes creation and handling of a translated private key. Conveniently, as a result of the right shift, the handling of the translated private key is made easier and more efficient.