Abstract: A block cipher encryption device for encrypting a data unit plaintext into blocks of ciphertexts, the data unit plaintext being assigned a tweak value and being divided into one or more plaintext blocks. The block cipher encryption device comprises: a combinatorial function unit associated with each plaintext block, the combinatorial function unit being configured to determine a tweak block value by applying a combinatorial function between a value derived from the tweak value and a function of a block index assigned to the plaintext block, a first masking unit in association with each plaintext block, the first masking unit being configured to determine a masked value by applying a data masking algorithm to the tweak block value determined by the combinatorial function unit associated with the plaintext block.

Abstract: Methods and systems for managing cryptographic keys in on-premises and cloud computing environments and performing multi-party cryptography are disclosed. A cryptographic key can be retrieved from a hardware security module by a key management computer. The key management computer can generate key shares from the cryptographic key, and securely distribute the key shares to computer nodes or key share databases. The computer nodes can use the key shares in order to perform secure multi-party cryptography.

Abstract: A sensor module includes at least one sensor configured to generate sensor information and processing circuitry configured to generate a sensor signal based on the sensor information. The sensor signal includes a sync frame, including two sync signal edges defining the sync frame and indicating a pre-determined synchronization time interval, and the sensor signal further includes a plurality of data signal portions, including at least one data signal portion transmitted within the sync frame. The at least one data signal portion is provided within the sync frame located between the two sync signal edges, wherein each of the at least one data signal portion is defined by at least one data signal edge interposed in the sensor signal between the two sync signal edges.

Abstract: A control method implemented by a computer which is configured to be operated as a terminal apparatus, the control method including: transmitting, from the terminal apparatus to a first management server, a first request for transmission of a certificate of a first server, the first server being one of a plurality of servers, the first management server being configured to manage certificates for the plurality of servers; in response to the transmitting of the first request, receiving the certificate of the first server from the first management server; in response to the receiving of the certificate, determining a certificate authority by using information included in the received certificate, the certificate authority being a server from which the received certificate has been issued; and transmitting, from the terminal apparatus to the determined certificate authority, a second request for transmission of first address information on the first server.

Abstract: Systems and methods are provided for managing the order of data written to a transaction log in a distributed storage system. In a system with multiple nodes, if sequencers are naively generated without taking into consideration inconsistencies among the different nodes generating the sequencers, then the sequencers may not increase for each data transaction. To alleviate this problem, the node committing the transaction to the transaction log may perform a consistent read and verifies that the sequencer advances. If the sequencer does not advance, the node can perform a context-dependent operation such as adjusting the sequencer, acknowledging the write without committing it to the transaction log, or rejecting the write altogether.

Abstract: A method for enrolling a node in a network including steps of: providing a hub having a network communications element, established ownership, an owner, a private key and a public key; providing a first node having a network communications element, established ownership status, a network location status, a private key and a public key; scanning an environment to identify active hub devices; selecting a most likely hub device from among identified hub devices; receiving a hub public key from the selected hub; encrypting a string using the received public key; sending the encrypted string; receiving a decrypted copy of the string; validating the hub; sending an authentication request through the hub, the request including the public key of the first node; receiving an encrypted string; decrypting the string using the node's private key; sending the decrypted string through the hub; and updating the network location status of the node.

Abstract: A solution for controlling access to a resource such as a digital wallet implemented using a blockchain. Use of the invention during set-up of the wallet can enable subsequent operations to be handled in a secure manner over an insecure channel. An example method comprises splitting a verification element into multiple shares; determining a common secret at multiple nodes in a network; and using the common secret to transmit a share of the verification element between nodes. The shares can be split such that no share is sufficient to determine the verification element and can be stored at separate locations. Upon share unavailability, the share can be retrieved a location accessibility. For safe transmission of the share(s), the common secret is generated at two different nodes independently and used to generate an encryption key for encrypting at least one share of the verification element to be transmitted securely.

Abstract: Systems, methods, and computer-readable media are disclosed for systems and methods for sending and receiving anonymized signals or beacons. Example methods may include determining an authentication code and sending a signal associated with the authentication code from an electronic device to a server via a connected device. Example methods may include determining an authentication code by a server or a second electronic device and requesting signal information from the server corresponding to the signal associated with the authentication code.

Abstract: Systems, methods, and computing device readable media for implementing fast oblivious transfer between two computing devices may improve data security and computational efficiency. The various aspects may use random oracles with or without key agreements to improve the security of oblivious transfer key exchanges. Some techniques may include public/private key strategies for oblivious transfer, while other techniques may use key agreements to achieve simultaneous and efficient cryptographic key exchange.

Abstract: Embodiments of the present invention provide a system for generating duplicate layered electronic data logs for monitored events on a network. The system is configured for identifying one or more entity resources associated with an entity, continuously monitoring the one or more entity resources, identifying at least a first event and a second event associated with at least one entity resource of the one or more entity resources, storing the first event and the second event in at least a first log and a second log, and generating at least one other log to record activities associated with at least one of the first log and second log.

Abstract: A random number generator according to one embodiment includes a write circuit, a read circuit, and a signal output circuit. The write circuit inverts magnetization of a magnetic layer of a magnetic tunnel junction element stochastically by supplying current to the magnetic layer. The read circuit reads the magnetization. The signal output circuit generates a random number on the basis of the magnetization read by the read circuit. The random number generator includes a sequence control circuit that controls the write circuit and the read circuit. The sequence control circuit regulates the write circuit to supply the current to the write circuit in a first period, and causes the read circuit to read the magnetization after the first period is finished and then a second period longer than the first period is elapsed.

Abstract: A method and system. An instruction to encrypt plaintext to generate encrypted data from the plaintext is received. The encrypted data is to be stored in a database device in response to a first request received from a client terminal to store the plaintext in the database device. The first request includes the plaintext. Ciphertext is generated by applying both an initialization vector and an encryption key directly to the plaintext. An embedding rule used to generate the encrypted data is selected from a sequence of embedding rules. The encrypted data is stored in the database device, A second request to receive the plaintext data is received from the client terminal. The plaintext is obtained from the encrypted data, by separating the encrypted data into the ciphertext and the initialization vector; and generating the plaintext by decrypting the ciphertext that was separated from the encrypted data.

Abstract: Methods, systems, and apparatuses associated with hardware mechanisms for link encryption are disclosed. In various embodiments, an interconnect interface is coupled to a processor core to interconnect a peripheral device to the processor core via a link established between the peripheral device and the interconnect interface. The interconnect interface is to select a cryptographic engine of a plurality of cryptographic engines instantiated in the interconnect interface for the link. The cryptographic engine is to symmetrically encrypt data to be transmitted through the link. In more specific embodiments, each of the plurality of cryptographic engines is instantiated for one of a request type on the link, a virtual channel on the link, or a request type within a virtual channel on the link.

Abstract: A first-transceiver for communicating with a second-transceiver is disclosed. The first and second-transceivers are vehicle-access-system transceivers. The transceivers include a cipher-module configured to generate a cipher-code using a cipher key and an input value, an encryption-module configured to generate encrypted-payload-data from payload-data using the cipher-code, a hashing-module configured to hash the payload-data to generate hashed-payload-data using the cipher-code, and a transmitter configured to transmit the encrypted-payload-data and the hashed-payload-data to the second-transceiver. A vehicle including the first-transceiver is also disclosed. Access to one or more systems of the vehicle are controlled in accordance with a validation state.

Abstract: Systems and methods of generating a security key for an integrated circuit device include generating a plurality of key bits with a physically unclonable function (PUF) device. The PUF can include a random number generator that can create random bits. The random bits may be stored in a nonvolatile memory. The number of random bits stored in the nonvolatile memory allows for a plurality of challenge and response interactions to obtain a plurality of security keys from the PUF.

Abstract: An electronic device having a one-time-programmable (OTP) memory and a method for writing and reading an OTP memory are provided. The electronic device is adapted to perform the method for writing and reading an OTP memory. The electronic device includes an OTP memory, an internal memory, and a processor. The processor is configured to write an original value into the OTP memory as a burnt code and read the burnt code from the OTP memory. When the burnt code is not identical to the original value, the processor obtains a checksum according to the original value, the burnt code, and a check operation process, and stores the checksum into the internal memory. Upon receipt of a reading request, the processor executes a recovery operation process according to the burnt code and the checksum to generate the original value.

Abstract: Systems and methods for enhanced hash transforms are disclosed. In particular embodiments, biometric data is concatenated with non-biometric data for generating a fixed-sized vector, and furthermore performing various permutations and projections on the vector. The resulting vector may be stored in a registry, and a corresponding key may be generated and provided to the user associated with the biometric data. The hash transformation may be a lossy process, such that the resulting hash includes less bytes than the initial biometric data, and a hash reversal fails to generate an exact copy of the original biometric data.

Abstract: An electronic device such as a hardware security module device comprises a first cryptographic processing circuit configured to receive input data packets and apply thereto a first cryptographic processing to provide output data packets. A second cryptographic processing circuit is provided in the device, configured to receive the output data packets, apply thereto a second cryptographic processing inverse to the first cryptographic processing, and provide comparison data packets as a result of applying the second cryptographic processing to the output data packets received. A comparison processing circuit in the device is configured to compare the input data packets with the comparison data packets, and to produce an error signal as a result of the input data packets being different from the comparison data packets.

Abstract: A key agreement system, method, and apparatus are provided. The method includes: generating, by a first device, a private-public key pair, sending a public key in the private-public key pair to a second device, and receiving a ciphertext and a commitment value; obtaining, by the first device, a first result, obtaining an original key based on a private key in the private-public key pair and the ciphertext, determining a second bit string based on some bits in the original key, calculating a second result based on the second bit string and the first result, and sending the second result to the second device; and receiving, by the first device, an opening value, performing authentication on the second device based on the opening value and the commitment value to obtain an authentication result, and generating a session key used to communicate with the second device.

Abstract: Systems on a chip (SoCs) include security logic configured to increase resistance to fault injection attacks (FIAs). The security logic includes a monitoring circuit and a cascaded series of substitution-boxes (S-Boxes) having a circuit delay that is designed to match (or most closely match) the computing device critical path length. The monitoring circuit monitors the number of iterations required for the cascaded series of S-Boxes to return to an initial value and generates an error signal if the monitored loop length is different from the expected loop length. In some examples, the error signal is received by a mitigation processor that executes one or more processes aimed at mitigating the attack.

Abstract: A transformation key generation apparatus has key generation means for receiving a decryption key sks of a first public key encryption scheme ?s and a public key pkd of a second public key encryption scheme ?d, and generating a transformation key utks?d for transforming first ciphertext cts of the first public key encryption scheme ?s into second ciphertext tct of the second public key encryption scheme ?d by using a probabilistic circuit or function secret sharing.

Abstract: A method is presented for execution by a processing system of a dispersed storage and task (DST) processing unit that includes a processor. The method includes: receiving, at the processor, a data access request having a consistency indicator; identifying, via the processor, a set of two or more storage targets associated with the data access request; selecting, via the processor, a threshold number of storage targets of the set of two or more storage targets, based on the consistency indicator; accessing, via the processor, the selected threshold number of storage targets based on the data access request; and generating a data access response, via the processor, based on the accessing of the selected threshold number of storage targets.

Abstract: An encryption and decryption system includes a first electronic device and a second electronic device. The first electronic device includes a memory device and an encryption device. The memory device can store plaintext data. The encryption device can generate first pseudo data and first pseudo key. The encryption device encrypts first pseudo data by the first pseudo key and encrypt the plaintext data by a key, and outputs the ciphertext data generated by encrypting plaintext data by the key. The second electronic device includes a decryption device for generating second pseudo data and the second pseudo key. The decryption device decrypts the second pseudo data by the second pseudo key, and decrypts the ciphertext data by the key, and outputs the plaintext data, which is generated by decrypting the ciphertext data by the key.

Abstract: A method for performing a copyback procedure is described. The method includes determining to move first encoded data from a first location in a memory die to a second location. In response to determining to move the first encoded data from the first location to the second location, a starting seed, which is associated with the first location, is combined with a destination seed, which is associated with the second location, to produce a combined seed. Based on the combined seed, the method determines a pseudorandom sequence based on the combined seed and a pseudorandom sequence table, wherein the pseudorandom sequence table maps seed values to pseudorandom sequences and the determined pseudorandom sequence maps to the combined seed in the pseudorandom sequence table. The method further combines the first encoded data with the pseudorandom sequence to produce second encoded data for storage in the second location.

Abstract: A device includes a substrate, an array of metal pads on a first surface of the substrate, a carbon polymer composite covering the array of metal pads, the composite having variations that result in random resistance values between the metal pads usable as a random code. A method of manufacturing a secure device, including forming an array of metal pads on a dielet substrate, the dielet substrate containing at least one memory in which is stored an encryption key, and an RF communication section, covering the array of metal pads with a carbon polymer composite such that variations in the carbon concentration in the polymer forms a unique pattern of resistance, attaching the dielet substrate to a host component, receiving a request from a security server for a unique code determined by the unique pattern of resistance, and using the encryption key, encrypting and providing the unique code to the security server.

Abstract: An apparatus generates truly random numbers. The apparatus includes a container that is at least partially filled with a fluid (e.g., water or air). The apparatus also includes objects (e.g., dice) suspended freely in the fluid. The apparatus includes agitators configured to agitate the fluid, and cameras configured to capture images of the objects. When the agitators agitate the fluid, the objects move freely (e.g., move with the created currents) in the fluid in the container. The apparatus also includes a random number generation circuit coupled to the cameras. The random number generation circuit is configured to generate random numbers based on the images captured by the cameras. In some embodiments, the agitators are one or more motor-driven propellers that stir the fluid. Some embodiments use a hydraulic pump to agitate the fluid (e.g., circulating the fluid using both a push action and a pull action).

Abstract: A working method of an NFC dynamic token, comprising the following steps: after detecting that a preset press key is triggered, the NFC dynamic token activates NFC communication and builds connection with a mobile device via NFC channel; when the NFC dynamic token receives a second instruction from the mobile device, the NFC dynamic token obtains a seed key from the second instruction, stores the seed key and sends a message that writing is successful to the mobile device; when the NFC dynamic token receives a third instruction from the mobile device, the NFC uses self-stored seed data to generate a dynamic password and sends the dynamic password to the mobile device via the NFC channel. According to the present invention, the seed key is written into the NFC dynamic token via the NFC channel, which improves security and flexibility of the dynamic token.

Abstract: This invention relates to an anti-tamper assembly for a circuit board comprising one or more electronic components, the assembly comprising: a container having side walls, a first, closed end and a second, opposing, open end, the container being configured to be mounted on said circuit board at said open end, over at least one of said electrical components, to form, in use, a sealed cavity around said at least one of said electrical components; a source of radioactive particles mounted within said container; an image sensor for capturing image frames within said sealed cavity, in use, wherein said image sensor comprises a detector region defining an array of pixels; and a processor for receiving said captured image frames, monitoring said image frames for changes in the statistical distribution of active pixels and, in the event that statistical distribution of active pixels indicates the presence of a feature in an image frame, generating a tamper alert.

Abstract: There is provided a method and system for selection of response message(s), comprising: receiving from an initiator client terminal a function message including an unencrypted target value and a public key, receiving respective response messages to the function message from responding client terminals, each respective response comprising an unencrypted partial value of the target value and a parameter encrypted with the pubic key, receiving, from the initiator client terminal, a selection of response message(s) according to a ranking of the encrypted parameters, wherein a sum of the unencrypted partial values of the selected response message(s) is according to a requirement of the target value, and receiving a validation for the selected response message(s) from corresponding responding client terminals, wherein each of the corresponding responding client terminals is provided with all partial values and all unencrypted parameters associated with all of the selected response message(s).

Abstract: A computer system is provided. The computer system includes a memory and at least one processor coupled to the memory and configured to measure one or more environmental factors; convert the one or more environmental factors to entropy values by truncation or rounding of the one or more environmental factors to a selected number of bits; and combine the entropy values to generate an encryption key. The one or more environmental factors may include a location of the computer system, a current date and time, parameters of a network environment to which the computer system is connected, or an identification of a server to which the computer system is connected. The at least one processor is further configured to encrypt and/or decrypt at least a portion of a data file and/or at least a portion of a binary executable application using the encryption key.

Abstract: A method of response signal processing applied in traction power networks, comprising establishing an data transmission channel between a target and a backend terminal through a relay router in a power distribution room; delivering a temperature-humidity information to the backend terminal by the target through the data transmission channel, and a response signal being delivered to the relay router; the relay router determining a second signal to noise ratio (SNR) according to a first SNR of the data transmission channel responded from the target when a noise ratio (NR) adjusting requirement is satisfied; the relay router determining a first identification of encryption algorithm based on the second SNR, and transmitting the first identification of encryption algorithm to the target. The present invention avoids the needs for retransmitting encrypted response signals for several times during transmission between the backend terminal and the charging controller.

Abstract: A key acquisition unit (411) acquires a decryption key ski in a pair of a conversion source and a public key pkj in a pair of a conversion target, out of a plurality of pairs of a decryption key and a public key. A conversion key generation unit (412) encrypts the decryption key ski acquired by the key acquisition unit (411) with the public key pkj, so as to generate a conversion key rki?j for converting a ciphertext encrypted with a public key pki in the pair of the conversion source into a converted ciphertext that can be decrypted with a decryption key skj in the pair of the conversion target. An output unit (413) outputs the conversion key rki?j generated by the conversion key generation unit (412).

Abstract: Technologies are generally described for methods and devices for generating a final signature. The methods may comprise receiving a message by a processor. The methods may comprise generating a random number by a random number generator. The methods may comprise forwarding, by the processor, the random number to a cloaking element generator. The methods may comprise forwarding, by the processor, a private key to the cloaking element generator. The methods may comprise forwarding, by the processor, a group to the cloaking element generator. The methods may comprise forwarding, by the processor, a homomorphism to the cloaking element generator. The methods may comprise processing, by the cloaking element generator, the random number, the group, the private key, and the homomorphism to produce a cloaking element. The methods may comprise applying the cloaking element to transform the message into the final signature.

Abstract: A system that incorporates the subject disclosure may include, for example, instructions which when executed cause a device processor to perform operations comprising sending a service request to a remote management server; receiving from the management server an authentication management function and an encryption key generator for execution by a secure element and an encryption engine for execution by a secure device processor, sending a request to establish a communication session with a remote device; and communicating with the remote device via a channel established using an application server. The secure element and the secure device processor authenticate each other using a mutual authentication keyset. The secure element, the secure device processor and the device processor each have a security level associated therewith; the security level associated with the secure device processor is intermediate between that of the secure element and that of the device processor. Other embodiments are disclosed.

Abstract: A method of authenticated encryption and decryption includes generating a first digital signature with an encryption circuit of a first processor component. Concatenating the first digital signature to a plaintext message to generate a concatenated message. Encrypting the concatenated message into a ciphertext. Transmitting the ciphertext via a communications channel to a second processor component. Decrypting the ciphertext into a decrypted first digital signature and a decrypted plaintext message with a decryption circuit in the second processor component. Comparing, with the decryption circuit, the decrypted first digital signature with a second digital signature, thereby authenticating the decrypted plaintext message.

Abstract: Quantum optical device authentication technologies are described herein. A first device includes an optical transmitter transmits a plurality of pulses to an optical receiver included on a second device. The optical pulses each have one of two non-orthogonal optical states. The optical receiver measures each of the pulses and the second device records a measured value of the optical state of each pulse. Subsequently, the second device transmits the measured values of the optical states of the pulses to the first device. The first device outputs an indication of whether the second device is authenticated based upon the measured values received from the second device and the optical states of the pulses transmitted by the optical transmitter.

Abstract: The disclosure generally provides methods, systems and apparatus for an improved a Physically Unclonable Function (PUF). In one embodiment, the disclosure relates to a method to provide data from a Physically Unclonable Function (PUF) circuit array. The method includes storing a plurality of first data bits into a respective ones of a plurality of first bitcells of the PUF array to form a first dataset; storing a plurality of second data bits into a respective ones of a plurality of second bitcells of the PUF array, the plurality of second data bits defining a helper dataset; reading the first dataset from the plurality of first bitcells to provide a first read dataset; applying an error correction factor to the first read data dataset to form a security key dataset; and outputting the security key dataset from the PUF circuit array.

Abstract: A method, cryptographic device, and computer readable memory with instructions, for generating a cryptographic key from at least one prime number, by performing during runtime of the cryptographic device by obtaining from memory a challenge and at least one associated increment number, generating a seed by applying a Physically Unclonable function to said obtained challenge, generating at least one prime number from said generated seed by performing said cryptographic prime numbers generation algorithm and by performing therein as many incrementation steps as said obtained at least one increment number, and generating the cryptographic key from the generated prime number.

Abstract: Provided is a data processing system in which data are uploaded from a user terminal A to data storage server, and data are accessed from a user terminal B. User terminal A and B have a key KA and KB, respectively. Data storage server has a replacement key KA?B. User terminal A generates an authenticator tag with data M and temporary key R, generated by user terminal A, and generates a key k with temporary key R and key KA. User terminal A transmits data M, key k, and authenticator tag to the data storage server. Data storage server generates a key k? from key k and replacement key KA?B, and transmits data M, key k?, and the message authenticator tag to user terminal B. User terminal B generates temporary key R with key k? and key KB and generates an authenticator tag? to compare with the received authenticator tag.

Abstract: Embodiments of a secure multi-party computation method are provided. The method can include: dynamically converting a multi-party computation program segment into a first garbled circuit by using a multi-party computation operator of a first main body, and executing garbled gates of the first garbled circuit in sequence through an execution engine of the first main body, to encrypt data of the first main body; transmitting to a second main body the encrypted data of the first main body and identifiers for garbled gates of the first garbled circuit; performing a second encryption on the encrypted data of the first main body by the second main body in sequence according to the received identifiers for the garbled gates of the first garbled circuit, and returning to the first main body a result of the second encryption on the encrypted data of the first main body.

Abstract: Methods for secure data monitoring utilizing secure private set intersections are disclosed. In embodiments, a computer-implemented method includes: generating a garbled circuit program compiled into a first and second half; sending the second half of the garbled circuit program to a client server of a client; receiving social network data from a social network provider; and generating search results, utilizing the first half of the garbled circuit program in cooperation with the second half of the garbled circuit program, based on client data input at the second half of the garbled circuit program. The client data is private with respect to the social network provider and the social network data is private with respect to the client.

Abstract: A hash function is computed for each item of a partial string obtained by dividing a message received according to a group testing matrix representing combinatorial group testing relating to the message, and an authentication tag for the partial string is generated using a value obtained by a combining operation of individual hash values by a combiner, wherein the combiner performs the combining operation of the individual hash values, by using a hash value of an item of an empty string as an identity element of the operation.

Abstract: Methods, systems, and devices, including computer programs encoded on computer storage media, for establishing a question and answer (QA) system are provided. One of the methods includes: determining QA pair data according to an extraction template and a target data source; adjusting the extraction template according to anomaly information corresponding to the QA pair data; updating the QA pair data according to the target data source and the adjusted extraction template; and determining a QA index according to the updated QA pair data to establish a QA system.

Abstract: In a post-quantum asymmetric key generation method and system, a processing unit generates, based on a prime and an arithmetic function or a classical string, a prime vector which has an infinite number of components; generates a prime array based on the prime vector; generates an associated matrix based on the prime array; obtains, based on the associated matrix and a first reference prime, a first reference inverse prime array that serves as a private key; and obtains a public key that is paired with the private key based on a second reference inverse prime array. The second reference inverse prime array is obtained based on the associated matrix, the first reference prime, a second reference prime, and a randomization array.

Abstract: Technologies are disclosed herein for running a long-term on-demand service for executing actively-secure computations. A function circuit may be represented as a stream of buckets, in which each bucket represents a logical AND gate. A pool having a plurality of garbled AND gates is generated. Garbled AND gates are randomly selected from the pool for placement in one of the buckets. An output for the bucket is determined by an evaluation of the selected garbled AND gates. The output represents an execution of the logical AND gate. The determined output is applied as a parameter in a secure protocol.

Abstract: A method for execution by a distributed storage (DS) unit of a dispersed storage network (DSN), includes receiving a set of write slice requests that includes a set of slice names that are not utilized to store encoded data slices (EDSs), where each write slice request from the set of slice names that are not utilized to store encoded data slices includes a trap slice. The method continues with an access slice request that includes a requested slice name being received from a second DSN client, and then continues by determining whether the requested slice name corresponds to a trap slice stored by the DS unit. When the requested slice name corresponds to a trap slice, an action is determined for the access slice request based on an anomaly processing scheme.

Abstract: Systems, methods, and computing device readable media for implementing fast oblivious transfer between two computing devices may improve data security and computational efficiency. The various aspects may use random oracles with or without key agreements to improve the security of oblivious transfer key exchanges. Some techniques may include public/private key strategies for oblivious transfer, while other techniques may use key agreements to achieve simultaneous and efficient cryptographic key exchange.

Abstract: A system on a chip (SoC) includes memory, a processor coupled to the memory, and link protection circuitry coupled to the memory and the processor. The link protection circuitry includes an SoC encryption engine to receive first data from the memory and a first key, generate, by an SoC encryption counter of the SoC encryption engine, an SoC encryption counter value, encrypt the first data using the SoC encryption counter value and the first key to generate first encrypted data, and cause the first encrypted data to be transmitted to a device including a device decryption counter synchronized with the SoC encryption counter.

Abstract: A Material eXchange Format (MXF) digital file generated by a digital electronic processor is disclosed that includes a generic container for a media file. The MXF file also includes a SDTI-CP (Serial Data Transport Interface-Content Package) compatible system item. The SDTI-CP compatible system item has a media file metadata and a blockchain hash digest information formed from the media file. The blockchain hash digest information of the media file may be a blockchain hash digest used to error check the media file. Alternatively, the blockchain hash digest information of the media file may be a link to a cloud-based blockchain hash digest used to error check the media file.

Abstract: A computing system receives encrypted data that can be decrypted by a first secret to obtain data, wherein the first secret is securely stored by the system, determines that the data encodes a second secret and executable code usable to perform cryptographic operations, and run the executable code to perform the cryptographic operations. The first secret may be a one-time pad.