Abstract: A method is presented for secure communication, the method including generating a signature using a private key, a nonce, and at least one of an identifier and a key component; and transmitting the signature, the nonce, a security parameter, and the at least one of the identifier and the key component, wherein the security parameter associates a user identity with a public key, the public key being associated with the private key.

Abstract: A method for operating a pseudorandom generator is disclosed. The method may be implemented by a processor of a mobile computing device. The method includes: collecting raw sensor data from at least one sensor associated with the mobile computing device; selecting a subset of the raw sensor data; retrieving first representation representing accumulated entropy associated with one or more previously acquired raw sensor data sets for the at least one sensor; and generating a seed for a pseudorandom generator based on combining the first representation and the selected subset of raw sensor data.

Abstract: A method is presented for secure communication, the method including generating a signature using a private key, a nonce, and at least one of an identifier and a key component; and transmitting the signature, the nonce, a security parameter, and the at least one of the identifier and the key component, wherein the security parameter associates a user identity with a public key, the public key being associated with the private key.

Abstract: A method is presented for secure communication, the method including generating a signature using a private key, a nonce, and at least one of an identifier and a key component; and transmitting the signature, the nonce, a security parameter, and the at least one of the identifier and the key component, wherein the security parameter associates a user identity with a public key, the public key being associated with the private key.

Abstract: A method for operating a pseudorandom generator is disclosed. The method may be implemented by a processor of a mobile computing device. The method includes: collecting raw sensor data from at least one sensor associated with the mobile computing device; selecting a subset of the raw sensor data; retrieving first representation representing accumulated entropy associated with one or more previously acquired raw sensor data sets for the at least one sensor; and generating a seed for a pseudorandom generator based on combining the first representation and the selected subset of raw sensor data.

Abstract: A method of processing a notification that is broadcast by a source server is disclosed. The method includes: receiving, at the computing device, the notification, the notification containing a first message; storing the first message in a message store; determining that the first message is a repeated message of a previous message that was received at the computing device prior to receiving the notification; and associating a message counter value of the first message with the previous message and a message counter value associated with the previous message in the message store.

Abstract: A system and method are provided for enabling a password reset mechanism for a secured device that verifies a digital signature on a password reset message. The password reset message has been generated by a password reset service for an authorized administrator associated with the secured device. The password reset mechanism allows the authorized administrator to make a request to the password reset service for a password reset, and receive the password reset message such that a password reset can be performed at the secured device. In this way, the secured device's password can be reset absent a connection to a command and control center or other service.

Abstract: A method is presented for secure communication, the method including generating a signature using a private key, a nonce, and at least one of an identifier and a key component; and transmitting the signature, the nonce, a security parameter, and the at least one of the identifier and the key component, wherein the security parameter associates a user identity with a public key, the public key being associated with the private key.

Abstract: A communication system involving an access point, a vehicle and a user is provided. The vehicle and user possess a registration code, the user possesses a public and private key pair, and the access point and vehicle possess certificates and associated private keys. The access point issues a certificate to the user associated with the user's public and private keys, and the certificate of the access point is known and trusted by the vehicle. The access point signs a message granting ownership of the vehicle to the user, and the identity of the user indicates the user's certificate. The vehicle conditionally accepts the ownership registration request of the user.

Abstract: A method of processing a notification that is broadcast by a source server is disclosed. The method includes: receiving, at the computing device, the notification, the notification containing a first message; storing the first message in a message store; determining that the first message is a repeated message of a previous message that was received at the computing device prior to receiving the notification; and associating a message counter value of the first message with the previous message and a message counter value associated with the previous message in the message store.

Abstract: A system and method are provided for enabling a password reset mechanism for a secured device that verifies a digital signature on a password reset message. The password reset message has been generated by a password reset service for an authorized administrator associated with the secured device. The password reset mechanism allows the authorized administrator to make a request to the password reset service for a password reset, and receive the password reset message such that a password reset can be performed at the secured device. In this way, the secured device's password can be reset absent a connection to a command and control center or other service.

Abstract: A method is presented for secure communication, the method including generating a signature using a private key, a nonce, and at least one of an identifier and a key component; and transmitting the signature, the nonce, a security parameter, and the at least one of the identifier and the key component, wherein the security parameter associates a user identity with a public key, the public key being associated with the private key.

Abstract: A system and method are provided for enabling a password reset mechanism for a secured device that verifies a digital signature on a password reset message. The password reset message has been generated by a password reset service for an authorized administrator associated with the secured device. The password reset mechanism allows the authorized administrator to make a request to the password reset service for a password reset, and receive the password reset message such that a password reset can be performed at the secured device. In this way, the secured device's password can be reset absent a connection to a command and control center or other service.

Abstract: There is provided a method for secure communications. The method includes a computing device receiving a notification comprising a message, a counter value, a signature signed by a signer and based on the message and the counter value, and an indication of the signer. The device obtains a current counter value based on an identity of the signer, checks the signature and compares the counter value with the current counter value; and, if the counter comparison and the signature checking is successful, accepting the message.

Abstract: Accelerated computation of combinations of group operations in a finite field is provided by arranging for at least one of the operands to have a relatively small bit length. In a elliptic curve group, verification that a value representative of a point R corresponds the sum of two other points uG and vG is obtained by deriving integers w,z of reduced bit length and that v=w/z. The verification equality R=uG+vQ may then be computed as ?zR+(uz mod n)G+wQ=O with z and w of reduced bit length. This is beneficial in digital signature verification where increased verification can be attained.

Abstract: There is provided a method for secure communications. The method includes a computing device receiving a notification comprising a message, a counter value, a signature signed by a signer and based on the message and the counter value, and an indication of the signer. The device obtains a current counter value based on an identity of the signer, checks the signature and compares the counter value with the current counter value; and, if the counter comparison and the signature checking is successful, accepting the message.

Abstract: There is provided a method for secure communications. The method includes a computing device receiving a notification comprising a message, a counter value, a signature signed by a signer and based on the message and the counter value, and an indication of the signer. The device obtains a current counter value based on an identity of the signer, checks the signature and compares the counter value with the current counter value; and, if the counter comparison and the signature checking is successful, accepting the message.

Abstract: In some aspects, an encryption method comprises encrypting a first portion of a message using a first secret key. The first secret key is generated based on the public key of an entity. A one-way function is used to generate a second secret key from the first secret key, and the first secret key is subsequently discarded. A second portion of the message is encrypted using the second secret key. The encrypted first portion of the message and the encrypted second portion of the message are provided to the entity.

Abstract: A system and method are provided for having a device in a communication system update an operational policy for the device by encoding a policy update in a virtual machine language used by a virtual machine on the device, having the policy update signed by a trusted entity, and sending a message comprising the signed policy update to the device to enable the device to implement the policy update using the virtual machine on the device. A system and method are also provided for updating an operational policy on a device in a communication system by receiving, at the device, a message comprising a signed policy update that has been signed by a trusted entity, the policy update being encoded in a virtual machine language used by a virtual machine on the device, verifying the signed policy update, and implementing the policy update using the virtual machine on the device when the policy update is verified.

Abstract: Challenge-response authentication protocols are disclosed herein, including systems and methods for a first device to authenticate a second device. In one embodiment, the following operations are performed by the first device: (a) sending to the second device: (i) a challenge value corresponding to an expected response value known by the first device, and (ii) a hiding value; (b) receiving from the second device a masked response value; (c) obtaining an expected masked response value from the expected response value and the hiding value; and (d) determining whether the expected masked response value matches the masked response value received from the second device. The operations from the perspective of the second device are also disclosed, which in some embodiments include computing the masked response value using the challenge value, the hiding value, and secret information known to the second device.