Abstract: Embodiments are directed to a computer-implemented method and system for generating a transport key. A method can include generating, using a processor, a key agreement pair comprising a public agreement key and a private agreement key in a second element. Thereafter, generating, using the processor, a transport key based on the public agreement key in a first element. Then sending, using the processor, an information blob to the second element. Finally, independently generating, using the processor, the transport key in the second element using the information blob and the private agreement key. The transport key can thereafter be used to send information securely between the first and second elements.

Abstract: Customer content is securely loaded on a field programmable gate array (FPGA) located on a secure cryptography card. The customer content is loaded such that it may not be extracted. A customer obtains a secure cryptography card that includes a field programmable gate array and a master key generated by the secure cryptography card. The customer loads customer specific content on the field programmable gate array, wherein, based on the loading, the customer specific content is secure from extraction via the master key by at least entities other than the customer.

Abstract: Embodiments are directed to a computer-implemented method and system for generating a transport key. A method can include generating, using a processor, a key agreement pair comprising a public agreement key and a private agreement key in a second element. Thereafter, generating, using the processor, a transport key based on the public agreement key in a first element. Then sending, using the processor, an information blob to the second element. Finally, independently generating, using the processor, the transport key in the second element using the information blob and the private agreement key. The transport key can thereafter be used to send information securely between the first and second elements.

Abstract: Customer content is securely loaded on a field programmable gate array (FPGA) located on a secure cryptography card. The customer content is loaded such that it may not be extracted. A customer obtains a secure cryptography card that includes a field programmable gate array and a master key generated by the secure cryptography card. The customer loads customer specific content on the field programmable gate array, wherein, based on the loading, the customer specific content is secure from extraction via the master key by at least entities other than the customer.

Abstract: Customer content is securely loaded on a field programmable gate array (FPGA) located on a secure cryptography card. The customer content is loaded such that it may not be extracted. A customer obtains a secure cryptography card that includes a field programmable gate array and a master key generated by the secure cryptography card. The customer loads customer specific content on the field programmable gate array, wherein, based on the loading, the customer specific content is secure from extraction via the master key by at least entities other than the customer.

Abstract: In one embodiment, a computer-implemented method includes extracting first key derivation data from a first row of data to be stored in a database, where the database includes two or more rows of data. A first encryption subkey is generated, by a computer processor, by combining the first key derivation data with a static key. One or more sensitive fields in each row of the two or more rows of the database are encrypted using a unique corresponding encryption subkey for the row, and the first encryption subkey is unique to the first row among the two or more rows of the database. The one or more sensitive fields in the first row of data are encrypted with format-preserving encryption using the first encryption subkey. The first row of data, including the encrypted one or more sensitive fields, are stored in the database.

Abstract: In one embodiment, a computer-implemented method includes extracting first key derivation data from a first row of data to be stored in a database, where the database includes two or more rows of data. A first encryption subkey is generated, by a computer processor, by combining the first key derivation data with a static key. One or more sensitive fields in each row of the two or more rows of the database are encrypted using a unique corresponding encryption subkey for the row, and the first encryption subkey is unique to the first row among the two or more rows of the database. The one or more sensitive fields in the first row of data are encrypted with format-preserving encryption using the first encryption subkey. The first row of data, including the encrypted one or more sensitive fields, are stored in the database.

Abstract: An aspect of cipher text translation includes a memory configured to store predetermined conditions for performing an encryption operation, and a processor communicatively coupled to the memory. The processor is configured to execute computer readable instructions. The computer readable instructions include determining through analysis of an inbound key and an outbound key of the encryption operation that the encryption operation includes a translation from a first class of encryption to a second class of encryption. The second class of encryption is determined to be weaker than the first class of encryption. The instructions also include applying the predetermined conditions to the input key and the output key and authorizing the translation via the processor, based on the applying, when aspects of the predetermined conditions are satisfied.

Abstract: Customer content is securely loaded on a field programmable gate array (FPGA) located on a secure cryptography card. The customer content is loaded such that it may not be extracted. A customer obtains a secure cryptography card that includes a field programmable gate array and a master key generated by the secure cryptography card. The customer loads customer specific content on the field programmable gate array, wherein, based on the loading, the customer specific content is secure from extraction via the master key by at least entities other than the customer.

Abstract: Customer content is securely loaded on a field programmable gate array (FPGA) located on a secure cryptography card. The customer content is loaded such that it may not be extracted. A customer obtains a secure cryptography card that includes a field programmable gate array and a master key generated by the secure cryptography card. The customer loads customer specific content on the field programmable gate array, wherein, based on the loading, the customer specific content is secure from extraction via the master key by at least entities other than the customer.

Abstract: A session key is negotiated to secure a user session executed in a host computer. An electronic hardware security module (HSM) located in the host computer generates a first session key. A smart card generates a second session key that matches the first session key. An encrypted copy of the second session key is communicated to an electronic host application module installed in the host computer. The electronic host application module decrypts the encrypted session key to obtain a copy of the session key such that the first and second session keys possessed by the smart card, the host application module and the HSM match one another.

Abstract: A method, computer program product, and system for selecting and generating a key to perform a cryptographic operation are described. The method includes receiving one or more inputs representing criteria for the key, the one or more inputs excluding an explicit identification of the key and one of the one or more inputs specifying the cryptographic operation; retrieving, from a memory device, information corresponding with the one or more inputs; selecting and generating the key based on the one or more inputs and the information; and performing the cryptographic operation using the key.

Abstract: A method, computer program product, and system for selecting and generating a key to perform a cryptographic operation are described. The method includes receiving one or more inputs representing criteria for the key, the one or more inputs excluding an explicit identification of the key and one of the one or more inputs specifying the cryptographic operation; retrieving, from a memory device, information corresponding with the one or more inputs; selecting and generating the key based on the one or more inputs and the information; and performing the cryptographic operation using the key.

Abstract: A session key is negotiated to secure a user session executed in a host computer. An electronic hardware security module (HSM) located in the host computer generates a first session key. A smart card generates a second session key that matches the first session key. An encrypted copy of the second session key is communicated to an electronic host application module installed in the host computer. The electronic host application module decrypts the encrypted session key to obtain a copy of the session key such that the first and second session keys possessed by the smart card, the host application module and the HSM match one another.

Abstract: A method, computer program product, and system for selecting and generating a key to perform a cryptographic operation are described. The method includes receiving one or more inputs representing criteria for the key, the one or more inputs excluding an explicit identification of the key and one of the one or more inputs specifying the cryptographic operation; retrieving, from a memory device, information corresponding with the one or more inputs; selecting and generating the key based on the one or more inputs and the information; and performing the cryptographic operation using the key.

Abstract: Customer content is securely loaded on a field programmable gate array (FPGA) located on a secure cryptography card. The customer content is loaded such that it may not be extracted. A customer obtains a secure cryptography card that includes a field programmable gate array and a master key generated by the secure cryptography card. The customer loads customer specific content on the field programmable gate array, wherein, based on the loading, the customer specific content is secure from extraction via the master key by at least entities other than the customer.

Abstract: Embodiments relate to negotiating a session key to secure a user session executed in a host computer. An electronic hardware security module (HSM) located in the host computer generates a first session key. A smart card generates a second session key that matches the first session key. An encrypted copy of the second session key is communicated to an electronic host application module installed in the host computer. The electronic host application module decrypts the encrypted session key to obtain a copy of the session key such that the first and second session keys possessed by the smart card, the host application module and the HSM match one another.

Abstract: A method, computer program product, and system for selecting and generating a key to perform a cryptographic operation are described. The method includes receiving one or more inputs representing criteria for the key, the one or more inputs excluding an explicit identification of the key and one of the one or more inputs specifying the cryptographic operation; retrieving, from a memory device, information corresponding with the one or more inputs; selecting and generating the key based on the one or more inputs and the information; and performing the cryptographic operation using the key.

Abstract: Embodiments relate to negotiating a session key to secure a user session executed in a host computer. An electronic hardware security module (HSM) located in the host computer generates a first session key. A smart card generates a second session key that matches the first session key. An encrypted copy of the second session key is communicated to an electronic host application module installed in the host computer. The electronic host application module decrypts the encrypted session key to obtain a copy of the session key such that the first and second session keys possessed by the smart card, the host application module and the HSM match one another.

Abstract: In one embodiment, a computer-implemented method includes extracting first key derivation data from a first row of data to be stored in a database, where the database includes two or more rows of data. A first encryption subkey is generated, by a computer processor, by combining the first key derivation data with a static key. One or more sensitive fields in each row of the two or more rows of the database are encrypted using a unique corresponding encryption subkey for the row, and the first encryption subkey is unique to the first row among the two or more rows of the database. The one or more sensitive fields in the first row of data are encrypted with format-preserving encryption using the first encryption subkey. The first row of data, including the encrypted one or more sensitive fields, are stored in the database.