Abstract: A method and Key Management Facility (KMF) for managing keys of a single user having a plurality of devices is provided. The KMF receives an Over-The-Air Rekeying (OTAR) message relating to a first device and including an interworking bit. If the interworking bit is set, the KMF retrieves a main source RSI and a Sub-RSI field from the OTAR message. If the main source RSI matches other main source RSIs from other devices, the KMF manages keys for all devices that have the same main source RSI in an identical manner.

Abstract: A network node (110) is provided configured for a cryptographic protocol based on a shared matrix. The network node is arranged to construct the shared matrix (A) in accordance with the selection data and a shared sequence of values. Multiple entries of the shared matrix are assigned to multiple values of the sequence of data as assigned by the selection data. The shared matrix is applied in the cryptographic protocol.

Abstract: Various systems and methods for using single pairing for multiple technologies are provided herein. A system comprises a transceiver; a communication controller to interface with the transceiver and cause the transceiver to: connect to a remote device using a first protocol, the first protocol including a long term key for use in successive connections between the system and the remote device with the first protocol; and receive, from the remote device, a set of technologies supported by the remote device; and a security manager to: determine a set of common technologies; receive from the remote device, a set of tuples for each technology in the set of common technologies, each tuple comprising an identifier associated with the remote device for each technology and a corresponding technology; and create long term keys for use in later connections with the remote device using a technology from the set of technologies.

Abstract: A computer-implemented method for escrowing secret data in a server of a client-server network, the client-server network comprising: a first client having at least one public and private client key pairs, at least one trusted client having at least one public and private trusted client key pairs, a server having a public and private server key pairs, a blockchain system comprising a plurality of nodes which are configured to store the public keys of the elements of the client-server network. It is also described a computer-implemented method for obtaining secret data of a server wherein the secret data is escrowed with the above computer-implemented method for escrowing secret data in a server. System, computer-readable mediums and computer programs, which are configured to implement or perform said computer-implemented methods, are also described.

Abstract: A hosted secrets management transport system and method for managing secrets at one or more offsite locations that facilitates secret flow, secret retrieval, and secret replication. The method includes defining boundaries for two or more sovereignties, each sovereignty having an independent master record and each sovereignty including two or more regions; defining a primary region within the two or more regions; accessing, within the primary region, a master record hardware security module that is a primary source of secrets; defining a second region; accessing, within the second region, a backup record hardware security module that is where data backups of the secrets from the master record hardware security module are created; and executing live replication from the master record hardware security module to the backup record hardware security module in which the live replication that supports multi-tenancy secret management of multiple distinct companies at the same time.

Abstract: Embodiments include a method for secure data storage including constructing an encryption key from a plurality of key elements, the constructing including distributing the plurality of key elements to a plurality of key maintenance entities, each of the plurality of key maintenance entities employing a plurality of independent safe guards for their respective key elements of the plurality of key elements; and requiring access to the plurality of key elements to construct the encryption key. The method includes receiving a subset of the plurality of key elements via a twice-encrypted communications channel; and regenerating the encryption key at the client node; and after encrypting data, deleting the subset of the plurality of key elements received over the twice-encrypted communications channel, retaining any of the plurality of key elements previously stored at the client node.

Abstract: Technologies for attestation techniques, systems, and methods to confirm the integrity of a device for service discovery and more specifically, for proving trustworthiness of particular service devices and/or mDNS controller/network elements with respect to DNS/mDNS service discovery. Such attestation techniques may implement canary stamps (e.g., tokens or metadata elements containing or reflecting security measures taken at the device).

Abstract: Transport Layer Security (TLS) connection establishment between a client and a server for a new session is enabled using an ephemeral (temporary) key pair. In response to a request, the server generates a temporary certificate by signing an ephemeral public key using the server's private key. A certificate chain comprising at least the temporary certificate that includes the ephemeral public key, together with a server certificate, is output to the client by the server, which acts as a subordinate Certificate Authority. The client validates the certificates, generates a session key and outputs the session key wrapped by the ephemeral public key. To complete the connection establishment, the server applies the ephemeral private key to recover the session key derived at the client for the new session. The client and server thereafter use the session key to encrypt and decrypt data over the link. The ephemeral key pair is not reused.

Abstract: Provided is a method for transferring data in a topic-based publish-subscribe system, including a key distribution server and a number of local client systems that can be coupled to the key distribution server, including: providing a group key by the key distribution server for a group selected from the local client systems, locally deriving a first-order sub-group key for a first-order subgroup of the group by key derivation parameters at least comprising the provided group key and a certain topic of the publish-subscribe system by means of the particular client system of the first-order sub-group, and transferring at least one message cryptographically protected by the derived first-order sub-group key between the client systems of the first-order sub-group. Differentiation within group communication according to topic by specific cryptographic keys is thereby enabled.

Abstract: A distributed data store may implement passive distribution encryption keys to enable access to encrypted data stored in the distributed data store. Keys to encrypt a data volume stored in the distributed data store may be encrypted according to a distribution key and provided to a client of the distributed data store. Storage nodes that maintain portions of the data volume may receive the encrypted key from a client to enable access to the data volume. The storage nodes may decrypt the key according to the distribution key and enable access to the data volume at the storage nodes. In some embodiments, a key hierarchy may be implemented to encrypt the keys that provide access to the encrypted data. The key hierarchy may include a user key.

Abstract: A method for fast access to a data resource in a blockchain network is provided. The method includes opening a dedicated socket in a server to receive a datum from a data source and authenticating a signature of the data source to verify that the data source is a reliable data source. The method also includes storing the data in a dedicated memory space in the server, allowing a blockchain application to access the data in the dedicated memory space using a function that has accessibility to the dedicated memory space, and writing the data in a blockchain block when a block producer reads the data from the blockchain application. A system and a non-transitory, computer-readable medium storing instructions to perform the above method are also provided.

Abstract: In one embodiment, a method comprises receiving a unique identifier from an item and sending a communication to an electronic device requesting that a user confirm a pending transaction, receiving input from the electronic device associated, and sending the received input to an authentication system for completing a transaction. In another embodiment, a system comprises a sensor, an authentication system, and a transaction processing system. The sensor is configured to emit energy and receive at least one first identifier, send at least one communication to an electronic device requesting a second identifier, receive at least one second identifier, and send the at least one first identifier and the at least one second identifier to the authentication system.

Abstract: The present invention relates to a method to counter DCA attacks of order 2 and higher order applied on an encoded table-based (TCabi,j) implementation of block-cipher of a cryptographic algorithm to be applied to a message (m), said method comprising the steps of: —translating a cryptographic algorithm block-cipher to be applied on a message (m) into a series of look-up tables (Tabi,j),—applying secret invertible encodings to get a series of look-up tables (TCi,j),—computing message-dependent masking values, comprising the computation of at least two shares of masking value (mmask1, mmask2) for the input of the table network based on at least two different message derivation functions (F1, F2),—re-randomizing the tables (TCi,j) using the computed message-dependent masking values (mmask1, mmask2),—computing rounds to be applied on the message (m) based on the randomized network of tables (TCi,j).

Abstract: A system for rendering a content, the rendering of which is subject to conditional access security conditions. The system includes a host device and a detachable security device, the security device configured to decrypt the encrypted content, re-encrypt it under a local key and to deliver the re-encrypted content to the host device while ensuring that the host device applies or otherwise enforces any conditions associated with the rendering of the content.

Abstract: A streaming one time Pad cipher using a One Time Pad (OTP) provides secure data storage and retrieval. The data that is encrypted using the one time pad is stored in a repository that is separate from the generation and/or storage for the one time pad.

Abstract: A method is disclosed. The method includes, in a client device, acquiring first and second asymmetric cryptographic key pairs for a user, where each key pair includes a public key and a corresponding private key, securing the private key of the second key pair in a cryptographic processor, and splitting the private key of the first key pair into plural private key fragments, so that a sum of the plural private key fragments equals the private key of the first key pair. The method further includes storing at least one of the plural private key fragments on the client device, and registering the user with an identity service not hosted on the client device. Registering the user includes providing to the identity service, for use in securely authenticating the user, the public keys of the first and second key pairs, and the plural private key fragment(s) excluding the at least one private key fragment secured on the client device.

Abstract: Techniques for seamless certificate replacement for endpoints in hyperconverged infrastructure are disclosed. In one example, a certificate replacement request for an endpoint may be received. Upon receiving the certificate replacement request, a new certificate may be placed in the endpoint such that the endpoint includes an old certificate and the new certificate. Further, dependent endpoints having communication with the endpoint using the old certificate may be discovered and monitored. Furthermore, the new certificate of the endpoint may be placed in the discovered dependent endpoints and existing communication between the endpoint and each of the discovered dependent endpoints using the old certificate may be maintained. Upon completion of the existing communication, next communication between the endpoint and each of the discovered dependent endpoints may be enabled using the new certificate. Then, the old certificate may be decommissioned from the endpoint and the discovered dependent endpoints.

Abstract: The present invention relates to a computer implemented method, software product and computer system for managing a cryptographic service. The computer implemented method comprises: establishing a pool of encryption materials; periodically updating the pool of encryption materials; and responsive to an encryption request from an encrypting application: selecting encryption materials from the pool; encrypting payload data included in the encryption request using the selected encryption materials; and returning encrypted payload data to the encrypting application.

Abstract: An application security authentication method, including: step 202, acquiring an application file to be downloaded and extracting signature information from the application file; step 204, acquiring public key information contained in a multilevel key hierarchy, and acquiring public key information of the currently highest priority according to a priority order of the public key information; step 206, authenticating the signature information with the acquired public key information of the currently highest priority; and step 208, allowing the application file to be downloaded if an authentication of the signature information is passed.

Abstract: A method of controlling access to data on a first electronic device, the method comprising steps of establishing a shared encryption key with a first software application instance running on a second electronic device, receiving a ‘begin session’ command sent by the first software application instance and responsive to the ‘begin session’ command, creating a storage location in a data store of the electronic device, obtaining a data encryption key, receiving data, encrypting the data using the data encryption key and storing the encrypted data in the storage location, receiving an ‘end session’ command sent by the first software application instance and responsive to the ‘end session’ command, discarding the shared encryption key, and deleting the encrypted data from the storage location.

Abstract: The disclosed computer-implemented method for crowd-storing encryption keys may include (i) sending, from a client computing device and to a server, a recovery request, (ii) creating a first public-private key pair, (iii) receiving a plurality of encrypted shares of an encryption key from the server in response to the recovery request, where the encrypted shares are encrypted with a first public key of the first public-private key pair, and (iv) performing a security action including (A) decrypting the plurality of encrypted shares of the encryption key with a first private key of the first public-private key pair and (B) recovering the encryption key from the decrypted plurality of shares of the encryption key. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A value comparison server holds a first secret key and a plurality of tags corresponding to values, each of the plurality of tags is a ciphertext obtained by encrypting each of the values with an additive-homomorphic encryption scheme by using secret keys including the first secret key and a first parameter, a plaintext space has remainder operation with a natural number as modulo in the encryption scheme, and the value comparison server generates a value used for comparing two values corresponding to two tags included in the plurality of tags from the first secret key and the two tags by using the additive homomorphism; and determines which of the two values is greater or equal, on the basis of whether a discrete logarithm of the generated value to the first parameter can be calculated within a value of a predetermined range.

Abstract: Encrypting and sharing one or more data objects stored or to be stored in a personal storage that is associated with a DID. First an encryption/decryption key is generated using a passphrase and an identifier of the personal storage that stores or is to store a data object in the personal storage. The data object stored or to be stored in the personal storage is then encrypted by the generated encryption/decryption key. The encrypted data object is then stored in the personal storage. The encrypted data object may then be accessed by a DID management module that is configured to manage the DID or be shared to another entity that is not associated with the DID.

Abstract: A server accesses a user identifier associated with a first user device and a reference image as a first image set, to be displayed. The server sends to a second user device an image, as a second image set, to be displayed, and a user request to select an image within the first image set. The second user device displays the second image set and the user request. The user of the first user device selects at least one displayed first image, the selected first image matching an image visually selected within the displayed second image set, according to a rule known to the user and the server. The first user device sends to the server the first user device identifier accompanied with data relating to the selected first image. If the data relating to the selected first image matches the data relating to the first reference image the server authenticates the user.

Abstract: There is provided a data sharing technique in which it is possible to update data stored in a server before to such data that is decryptable on the communication terminal side using an updated session key without the data being decrypted on the server side, and a deleted user cannot decrypt the decryptable data. There are included: a generation identifier generation step of a data sharing server generating a generation identifier showing a generation of a group; a session key encryption step of a communication terminal to perform encrypted session key update using the generation identifier received from the data sharing server and a public parameter and a session key recorded in a recording part to generate an encrypted session key, which is a session key encrypted; and an encrypted session key management step of the data sharing server recording the encrypted session key received from the communication terminal to perform encrypted session key update as a currently valid encrypted session key.

Abstract: In one embodiment, a discrepancy detection application automatically detects and addresses unauthorized activities associated with one or more authorization keys based on a request log and a provider log. The request log specifies activities that a client initiated, where the activities are associated with the authorization keys. The provider log specifies activities that a cloud provider performed, where the activities are associated with the authorization keys. In operation, the discrepancy detection application determines that one or more unauthorized activities have occurred based on comparing the request log to the provider log. The discrepancy detection application then performs an action that addresses the unauthorized activities.

Abstract: The present invention relates to an aircraft information system and a method for providing passenger information, such as flight information or entertainment information, to the passengers in an aircraft by making use of communication between at least one passenger device and the aircraft information system, the aircraft information system comprising: —storage means for storing information thereon, —one or more processing units for performing information processing, —energy providing means for providing energy to the aircraft information system, —data communication means, such as wireless communication means, for communication with the at least one passenger device, —wherein the aircraft information system is configured as autonomous unit for autonomous functioning, such as independently of further systems in the aircraft, and wherein the aircraft information system comprises: —receiving means for receiving source information relating to the aircraft for forming on the basis of the source information respecti

Abstract: Embodiments of a system, methods, and other techniques and configurations for automation of computing system maintenance activities such as reboots, software installations, re-configuration, or other actions are generally described herein. In an example, an automation tool set is designed to integrate with an organization Configuration Management Database (CMDB) and other orchestration or information technology (IT) management tools to perform such maintenance actions. The automation tool set may enable and manage various forms of a workflow for maintenance actions, including a workflow designed to validate all necessary pre- and post-reboot checks, perform logging, event tracking, exception handling, notifications, incidents creation, trend analysis, customized reporting dashboards, and system adaptation. In further examples, the automation tool set may expose user interfaces, reports, and other management interfaces for control and monitoring of the workflows.

Abstract: According to one embodiment, an integrated electronic circuit has a switching network configured to receive binary control states, one or more secret-carrying gates, wherein each secret-carrying gate represents Boolean secrets and is configured to receive binary input states and to output one or more Boolean secrets according to a state sequence of the binary input states, and one or more flip-flops configured to store binary output states output by the switching network and to supply binary input states to the one or more secret-carrying gates based on the stored binary output states. The switching network generates the binary output states by combining the binary control states and Boolean secrets output by the one or more secret-carrying gates. The integrated electronic circuit outputs Boolean secrets from the one or more secret-carrying gates and/or the binary output states from the switching network to another integrated electronic circuit.

Abstract: Techniques are provided for delayed processing for arm policy determination for content management system messaging, including, during a delayed processing window, receiving reward data for arm actions taken, where the arm actions were chosen based on a previous version of an arm choice policy, and the previous version of the arm choice policy was determined based on a previous set of reward data for a previous set of arm actions taken. When the delayed processing window has closed, a new arm choice policy is determined based at least in part on the action-reward data, and the previous set of reward data and/or the previous arm choice policy. After a request to choose an arm choice is received, a particular arm action to take is determined based on the new arm choice policy. This chosen arm is provided in response to the request.

Abstract: In some aspects, control circuitry receives, at a content provider server that is associated with a first subscription service, a first authentication key from a content aggregator server that is associated with a second subscription service, prior to the user subscribing to the first subscription service. The control circuitry generates and stores, at the content provider server, the first user account after comparing the first authentication key to acceptable authentication. In response to storing the first user account, the control circuitry receives a request from the content aggregator server to subscribe the user to the first subscription service, wherein the request includes a second authentication key.

Abstract: Extending the “SpaceFlip” cipher defined in the continued application (Ser. No. 16/855,517) to increase the lifespan of the shared secret key, and avoid the need for key replacement; applicable to Internet of Things devices where re-access is prohibitive, adding convenience to normal secure communication; extending the use of the SpaceFlip quantum safe cryptography. Applying key equivocation cryptography where several keys are interchangeable.

Abstract: A request to perform an operation with a cryptographic item may be received. A request for approval to perform the requested operation with the cryptographic item may be transmitted to a set of entities based on a policy associated with the cryptographic item. Indications of approval to perform the requested operation may be received from corresponding entities of the set of entities. A determination as to whether a number of the received indications of approval to perform the requested operation with the cryptographic item satisfies a threshold number may be made. In response to determining that the number of the received indications of approval from the corresponding entities of the set of entities satisfies the threshold number, the requested operation may be performed with the cryptographic item.

Abstract: A device can receive a first communication from a user device. The first communication can includes a request for content. The device can generate a record of content. The record of content includes a reference associated with the content and one or more encryption credentials associated with the content. The device can encrypt the record of content, to form an encrypted record of content, based on receiving the first communication. The device can provide the encrypted record of content to the user device based on receiving the first communication. The device can receive a second communication from the user device based on providing the encrypted record of content. The device can provide the content to the user device based on receiving the second communication.

Abstract: A data communication encrypted system including a first module coupled to a first network member and a second module coupled to a second network member. The first module and the second module are in communication with each other thereby allowing communication between the first network member and the second network member. The first module and the second module each operating with a key hopping encryption/decryption method that changes key sets at irregular intervals of time as determined by the modules.

Abstract: A system and method for a secure key exchange between two trains operating within a track network may include generating a first or second public key based on a secret random number, generating a shared secret key based on the first or second public key, authenticating one or more key exchange communications by a remote server based on a digital signature established with an on-board key associated with the first train, authenticating a communication by a remote server based on the digital signature of the second train signed with an on-board key associated with the second train, and establishing secure train-to-train communication between the two trains by generating a shared secret key based on a public key received from the other train, the secure key exchange protecting the two trains from a man-in-the-middle attack.

Abstract: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information in the form of parameters that are used to specialize keys. Keys and/or information derived from keys held by multiple authorities may be used to generate other keys such that signatures requiring such keys and/or information can be verified without access to the keys. Keys may also be derived to form a hierarchy of keys that are distributed such that a key holder's ability to decrypt data depends on the key's position in the hierarchy relative to the position of a key used to encrypt the data. Key hierarchies may also be used to distribute key sets to content processing devices to enable the devices to decrypt content such that sources or potential sources of unauthorized content are identifiable from the decrypted content.

Abstract: A semiconductor device for provisioning secure information of a demander includes a device key storage configured to store a device key provisioned by a supplier of the semiconductor device, a master key generator configured to generate, based on the device key and demander data provisioned by the demander, a master key of the demander by using a first operation shared with the supplier and a second operation shared with the demander, and a cryptographic engine configured to perform a cryptographic operation based on the master key.

Abstract: An information handling system includes a first node configured to generate a random alphanumeric string, to receive a cipher text and a key from an enterprise key management server, and to decrypt the cipher text using the key and an algorithm to generate a first decrypted value. The first node compares the random alphanumeric string with the first decrypted value to verify the key that is received at the first node. A second node receives the cipher text, the key, and the algorithm from the first node in response to the first decrypted value matching the random alphanumeric string. The second node decrypts the cipher text using the key and the algorithm to generate a second decrypted value, and the first node compares the second decrypted value with the random alphanumeric string to verify the key that is received at the second node.

Abstract: An embodiment involves receiving a request to write data to a memory unit. The memory unit is divided into one or more logical blocks, each subdivided into groups of sub-blocks encrypted in accordance with a stream cipher. The memory unit maintains a transaction journal that marks each sub-block as dirty or clean. The memory unit stores keycount values for each of the logical blocks. The embodiment also involves: determining that the request seeks to write a portion of the data to a particular sub-block marked as dirty in the transaction journal, decrypting the particular logical block in accordance with the stream cipher, writing the portion of the data to the particular sub-block, incrementing the keycount value of the particular logical block, encrypting the particular logical block using the stream cipher, a key, and the keycount value, and writing the particular logical block to the memory unit.

Abstract: Implementations describe providing secure encryption key management in trust domains. In one implementation, a processing device includes a key ownership table (KOT) that is protected against software access. The processing device further includes a processing core to execute a trust domain resource manager (TDRM) to create a trust domain (TD) and a randomly-generated encryption key corresponding to the TD, the randomly-generated encryption key identified by a guest key identifier (GKID) and protected against software access from at least one of the TDRM or other TDs, the TDRM is to reference the KOT to obtain at least one unassigned host key identifier (HKID) utilized to encrypt a TD memory, the TDRM is to assign the HKID to the TD by marking the HKID in the KOT as assigned, and configure the randomly-generated encryption key on the processing device by associating the randomly-generated encryption key with the HKID.

Abstract: Techniques are provided for communication-efficient device delegation. One method comprises, in response to a request for a new signing key of a given device, determining a number of new signing key requests received for the user of the given device; determining a new public verification key of the given device for an identity-based signature scheme by traversing a cryptographic hash chain backwards from a position of an initial selected value of the cryptographic hash chain; computing a new signing key based on public parameters and secret parameters of a backup component and the initial selected value; and providing the new public verification key and the new signing key to the given device. The given device authenticates to an authentication service using an identity-based signature computed using the new signing key. The request for the new signing key is submitted, for example, when the given device is lost, damaged, unavailable or stolen.

Abstract: A set of users who may authenticate is predefined and is associated, each, with a reference secret share. A first subset of users who has, each, to authenticate is predefined. The device defines a second subset of the users who has, each, to authenticate while further satisfying, each, to be physically proximate to the device and an authentication condition(s). The second user subset is comprised within the first user subset comprised within the user set. The device verifies whether each user of the second user subset satisfies to be physically proximate to the device and the authentication condition(s), if yes, requests, to each user device, the secret share and receives, from each user device relating to at least the first user subset, the secret share. The device reconstructs a secret with each received secret share, verifies whether the reconstructed matches the reference and, if yes, authenticates the user set.

Abstract: An encryption device generates a ciphertext ct including an encryption element C in which a plaintext ? is set, an encryption element Cx in which an attribute x is set, and an encryption element F that is not to be decrypted with a decryption key skf corresponding to a policy f satisfied by the attribute x and in which the plaintext ? is set. A homomorphic computation device converts the ciphertext ct into a ciphertext ct˜ by converting, with the encryption element F, the encryption element C included in the ciphertext ct into an encryption element C˜ that can be decrypted with the decryption key skF corresponding to a policy set F acquired by a policy acquisition unit. The homomorphic computation device performs homomorphic computation g on the ciphertext ct˜ to generate a ciphertext ct*.

Abstract: The present disclosure involves systems, software, and computer implemented methods for a communication-efficient secret shuffle protocol for encrypted data based on homomorphic encryption. A service provider and multiple clients participate in a secret shuffle protocol of randomly shuffling encrypted client-specific secret input values. The protocol includes generation and exchange of random numbers, random permutations and different blinding values. A last protocol step includes using homomorphism, for each client, to perform computations on intermediate encrypted data to homomorphically remove a first blinding value and a second blinding value, to generate a client-specific rerandomized encrypted secret input value. As a result, the client-specific rerandomized encrypted secret input values are generated in an order that is unmapped to an order of receipt, at the service provider, of the encrypted secret input values.

Abstract: The described embodiments set forth techniques for managing inactive (disabled) electronic subscriber identity modules (eSIMs) on secure elements, e.g., Universal Integrated Circuit Cards (UICCs) and/or embedded UICCs (eUICCs), of a wireless device, including retrieving information from an inactive eSIM, obtaining authentication tokens from an inactive eSIM, authenticating the inactive eSIM with a network-based Mobile Network Operator (MNO) server, retrieving status information for a subscription account associated with the inactive eSIM, and/or performing an account management operation on the inactive eSIM.

Abstract: The described cipher system includes a bits of some randomness (BOSR) reservoir; a first multiplexer circuit that receives a BOSR key, a functional key, and a first control signal for selection between the BOSR key and the functional key; a second multiplexer circuit that receives a BOSR state, a functional state, and a second control signal for selection between the BOSR state and the functional state; a block cipher logic circuit that receives the outputs from the first and second multiplexer circuits and a functional input. The block cipher outputs bits into either the BOSR reservoir or as a functional output according to a third control signal. The cipher system includes a control logic block that outputs the first control signal, second control signal, and third control signal and controls whether a clock cycle of the block cipher logic circuit is used for a BOSR operation or a functional operation.

Abstract: A computerized method supporting SSL-based or TLS-based communications with multiple cryptographically protected transmissions is described. Responsive to a first transmission including a first content encrypted with a public key of an intended recipient and a first digital signature for use in detect tampering to the first content, a second transmission is received. The second transmission includes a combined result including the first content and a second content, which is encrypted with a public key of the sender. Recovery of the first content verifies to the sender that the second transmission originated from the intended recipient. Thereafter, a third transmission is sent. The third transmission has data including at least the second content, being the remaining data after extraction of the first content from the combined result, which is encrypted with the public key of the intended recipient and a third digital signature for use in verifying non-tampering of the data.

Abstract: A method for processing data in a blockchain. It aims at securely storing data issued from devices and going through a service platform by ensuring integrity and authenticity of the data. To this end, a list of device identifiers may by associated with respective decryption means in a blockchain platform. Upon reception of a message comprising encrypted data and comprising a device identifier, the blockchain platform decrypts the first encrypted data using the decryption means that are associated with the device identifier. The decrypted data is then hashed and stored in the blockchain.

Abstract: Disclosed is a system for delegating access of sensitive information by a user device to a requestor device through a central server. A receiving module receives a first token Identification (ID) generated by the user device in an offline mode and a request, comprising a second token ID, from the requestor device. A validation module validates the request by comparing the first token ID and the second token ID. An identification module identifies a subset of the sensitive information based on a profile of the requestor, when the first token ID is matched with the second token ID. A watermarking module watermarks the subset of the sensitive information with a set of variables to generate watermarked sensitive information. Upon generating the watermarked sensitive information, the access delegation module delegates the access of the watermarked sensitive information to the requestor device.