Abstract: Service layer and application triggering may be used in a machine-to-machine environment. In an embodiment, an existing service layer procedure, such as registration, may allow a device or gateway service layer or application to indicate to a machine-to-machine server what port is listened to for triggers. In another embodiment, triggering may be used to provide bootstrapping instructions, including temporary bootstrapping identifiers, in trigger requests. In another embodiment, triggering may be used to assist with event notification. Service layer or application instructions may be embedded inside of trigger payloads. A trigger payload format is defined.

Abstract: Techniques are described herein that are capable of registering a user device with a cloud-based management service using an intermediate cloud storage. For instance, the intermediate cloud storage may store an encrypted data blob including information that identifies the user device. The intermediate cloud storage or a registration system may decrypt the encrypted data blob so that the registration system may use the decrypted data blob to register the user device with the cloud-based management service. For instance, the registration system may retrieve the encrypted or decrypted data blob from the intermediate cloud storage by providing a requisite secret to the intermediate cloud storage. The requisite secret may be provided to the registration system by the user device (e.g., via a matrix barcode, such as a QR code).

Abstract: A method and apparatus for establishing a trust relationship between users is disclosed. The apparatus includes at least two user devices containing the Application, a service provider server (SPS) comprising an application programming interface (API), a network communicably coupling the sender device, the receiver device and the SPS, and an out-of-band (OOB) channel, separate from the network, communicably coupling the sender device and the receiver device. The method includes obtaining a receiver's Public Key provided by an Application Programming Interface (API) on an service provider server, encrypting a verification message with the Receiver's Public key and the Sender's Private Key, sending the encrypted verification message from the Sender's device to the Receiver's device through the out-of-band channel, decrypting the encrypted verification message using Receiver's Private Key and Sender's Public Key, and communicating decrypted verification message via out-of-band channel.

Abstract: A method for use in a hybrid network ecosystem comprising an enterprise network and a reconciliation network is presented. The method comprises generating, by at least one first computing node in the enterprise network or the reconciliation network, a first digital facilitator, wherein the first digital facilitator provides one or more parameters for accessing or distributing data on a distributed ledger in the enterprise network, and wherein a private key is used for performing a computing operation, based on the data, in the enterprise network. The method also comprises generating, by the at least one first computing node in the enterprise network or the reconciliation network or at least one second computing node in the enterprise network or the reconciliation network, a second digital facilitator, wherein the second digital facilitator provides the one or more parameters for accessing or distributing the data in the reconciliation network.

Abstract: Embodiments discussed herein refer to electric vehicle charging ports having integrated contactless communication units (CCUs). The electric vehicle charging ports include male and female connector assemblies that can be coupled together in a manner that enables consistent and reliable operation of contactless communications and power transfer. The connector integrates power and alignment such that when two connector assemblies are coupled together, power connections are made in combination with establishing contactless communications links between counterpart CCUs in both connector assemblies. The fixed alignment of the connector assemblies ensures that contactless communication channels, spanning between the connector assemblies, are aligned to enable consistent and reliable operation of contactless communications.

Abstract: An encrypted data processing system is provided including an encryption device and a server. The encryption device includes an encrypting section that encrypts first information based on a first encryption key and transmits the encrypted information for registration to the server, and encrypts second information based on a second encryption key and transmits the encrypted information to be compared to the server. The server includes a comparison section that employs a cipher comparison function for comparing encrypted information to compare the encrypted information for registration against the encrypted information to be compared, and transmits a comparison result to the encryption device. The encryption device further includes a comparison result decrypting section that employs a decryption function for decrypting the comparison result with the first encryption key and the second encryption key to find a degree of matching between the first information and the second information.

Abstract: The disclosed embodiments include a passwordless method for securing data-at-rest. The method includes encrypting and/or decrypting data with a cryptographic key. For example, the encrypted data can be stored on a non-transitory computer memory of a first device. The method can include generating key shards based on the cryptographic key, which can be reconstituted from the key shards, and distributing the key shards among devices such that the encrypted data is secured at the first device because the first device is incapable of decrypting the encrypted data due to an absence of the cryptographic key.

Abstract: The present invention is a distributed and autonomous digital data security agent that secures stored data and the storage device itself, from remote manipulation. The present system is an “agent” in that it acts independently in the accomplishment of its objects and is distributed in that its functionality is resides on firmware resident at disparate hardware locations. The agent is autonomous in that it cannot be remotely compromised. The system includes server having a dedicated Private link with a Chip Administrator, and a Data Link between a first-Chip, a second-Chip of said security agent. The first-Chip is resident and operable to control Write/Read calls and data transfers between the server and the second-Chips of the data storage. The Chip Administrator, first-Chip and second-Chip in combination with their associated Firmwares provide said distributed and autonomous data security agent.

Abstract: The disclosed embodiments include methods and systems for providing payment token transactions by a mobile device. The mobile device may be operable to obtain a payment token, where the payment token is associated with one or more payment token parameters and the mobile device may be configured to communicate with a financial service provider system over a first network when connectivity to the first network is available to the mobile device. The mobile device may provide the payment token to a contactless payment terminal (CPT) associated with a merchant, during a purchase transaction involving a product provided by the merchant, where the mobile device may communicate the payment token to the CPT over a local network that is different from the first network such that connectivity between the mobile device and the first network is not required.

Abstract: A network can operate a WiFi access point with credentials. An unconfigured device can (i) support a Device Provisioning Protocol (DPP), (ii) record responder bootstrap public and private keys, and (iii) be marked with a tag. The network can record initiator bootstrap public and private keys, as well as derived initiator ephemeral public and private keys. An initiator can (i) operate a DPP application, (ii) read the tag, (iii) establish a secure and mutually authenticated connection with the network, and (iv) send the network data within the tag. The network can record the responder bootstrap public key and derive an encryption key with the (i) recorded responder bootstrap public key and (ii) derived initiator ephemeral private key. The network can encrypt credentials using the derived encryption key and send the encrypted credentials to the initiator, which can forward the encrypted credentials to the device, thereby supporting a device configuration.

Abstract: (A) An individual one of two or more terminals prepares a set of a first public key and a first private key. (B) One of the two or more terminals creates a set of a second public key and a second private key and distributes the second public key and the second private key to the other terminal(s). (C) One of the two or more terminals creates a shared key by using the corresponding first private key prepared in the (A) and the second public key shared in the (B). (D) A different terminal(s) of the two or more terminals creates a shared key used to communicate with the one terminal by using the second private key shared in the (B) and the first public key of the one terminal prepared in the (A). (E) The set of terminals performs an encryption communication(s) by using the shared keys.

Abstract: A method for expiring tokens includes obtaining a list of valid key identifications (IDs) for at least one valid cryptographic key configured to sign authentication tokens. The method also includes receiving an authentication token from a client authenticating and authorizing the client to access a resource and comprising an ID of a cryptographic key used to sign the authentication token. The method also includes determining whether the cryptographic key used to sign the authentication token is valid based on the list of valid key IDs for the at least one valid cryptographic key. When the cryptographic key used to sign the authentication token is valid, the method includes allowing the client access to the resource.

Abstract: Systems, apparatuses, and methods for providing support or service to a customer, such as a user of a service or product. The support or service may include one or more of assistance with operation, registration, configuration, trouble shooting, account creation, installation of software, replacement, repair, payment for services, and obtaining coverage under a warranty. A bootstrap code or other form of data is generated by a customer support provider and is transferred to the customer and used to authenticate the customer and enable access to securely stored contextual information regarding the device and/or identification information regarding the customer. The code may be provided by the customer support provider to a company and then provided to the customer.

Abstract: The invention is related to a method for secure transferring of information through a network between an origin Virtual Asset Service Provider and a destination Virtual Asset Service Provider, in a hostile environment, where every entity (party member, network node) must proof its entitlement of the information being exchanged. Hostile environment means that neither any entity/network node nor the network as a whole can be trusted. The present method doesn't require other party member/network node or database to secure information transfer. Neither it requires any other trusted entity or server to guarantee or provide proof of ownership of exchange information. The present method for communicating securely between electronic devices uses asymmetric key encryption. The invention comprises also a computer program product comprising program code stored on a non-transitory computer readable medium, said program code comprising computer instructions for performing the inventive method.

Abstract: Embodiments described herein enable the generation of cryptographic material for ranging operations in a manner that reduces and obfuscates potential correlations between leaked and secret information. One embodiment provides for an apparatus including a ranging module having one or more ranging sensors. The ranging module is coupled to a secure processing system through a hardware interface to receive at least one encrypted ranging session key, the ranging module to decrypt the at least one encrypted ranging session key to generate a ranging session key, generate a sparse ranging input, derive a message session key based on the ranging session key, and derive a derived ranging key via a key derivation cascade applied to the message session key and the sparse ranging input, the derived ranging key to encrypt data transmitted during a ranging session.

Abstract: Aspects of the subject disclosure may include, for example, identifying, during a CPU's execution of a first program, a branching instruction of the first program that redirects execution to a second program. Responsive to the identifying of the branching instruction, a return address of a next instruction of the first program is encrypted. The encrypted return address is transferred to the second program without the CPU retaining a record of the return address. The encrypted return address is received from the second program responsive to its completion of execution. The received encrypted return address is decrypted to obtain the return address enabling a resumption of execution of the first program from the next instruction. Other embodiments are disclosed.

Abstract: Systems and methods for anonymous collection of malware-related data from client devices. The system comprising a network node configured to (i) receive a first data structure from a client device, wherein the first data structure contain an identifier of the client device and an encrypted data that includes an identifier of a user of the client device and/or personal data of the user, and wherein the encrypted data was encrypted by the client device with a public key of the client device, wherein the public key was provided to the client device by an independent certification authority, (ii) transform the received first data structure by replacing the identifier of the client device with an anonymized identifier, and (iii) transmit the transformed first data structure containing the anonymized identifier and the encrypted data to a server.

Abstract: Embodiments include methods performed by a key management node in a communication network. Such methods can include receiving, from an application function, a request for a security key specific to an application session for a particular user. The request can include a representation of the following information associated with the particular user: a first identifier of a non-application-specific anchor security key, and a second identifier related to a network subscription. Such methods can also include, based on the representation, determining an authentication server function that generated the non-application-specific anchor security key. Other embodiments include complementary methods performed by application functions, authentication server functions, and unified data management functions in the communication network. Other embodiments include network nodes configured to perform such methods.

Abstract: In order to ensure that a Subscription Concealed Identifier, SUCI, is calculated in the Universal Subscriber Identity Module, USIM, part of a User Equipment, UE, when intended, when a SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the USIM, a network node sets proprietary information, which is not known to a Mobile Equipment, ME, part of the UE, as required for calculation of the SUCI. The USIM facilitates calculation of the SUCI in the ME part of the UE only when the SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the ME. When the SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the USIM, the ME part deletes any locally stored information required for calculation of the SUCI.

Abstract: Embodiments of the invention relate to efficient methods for authenticated communication. In one embodiment, a first computing device can generate a key pair comprising a public key and a private key. The first computing device can generate a first shared secret using the private key and a static second device public key. The first computing device can encrypt request data using the first shared secret to obtain encrypted request data. The first computing device can send a request message including the encrypted request data and the public key to a server computer. Upon receiving a response message from the server computer, the first computing device can determine a second shared secret using the private key and the blinded static second device public key. The first computing device can then decrypt the encrypted response data from the response message to obtain response data.

Abstract: Techniques and systems described below relate to systems and methods to migrate a blockchain account. A blockchain migrate transaction can migrate an existing account from an old address to a new address. A blockchain account migration can be performed in response to a determination that a secret key associated with an address has or has potentially been exposed. Existing digital assets associated with a potentially compromised account may be carried over to a new account as part of a blockchain account migrate transaction.

Abstract: Implementations include actions of providing a first transaction hash including a digital representation of a digital record between a first peer and a second peer within a digital records platform, the platform provided by the first peer as a host peer, and the transaction hash being generated based on one or more documents underlying the digital record, receiving one or more edits to at least one document from the second peer, updating the first transaction hash to provide: a second transaction hash, and a transaction hash history including the first transaction hash and the second transaction hash, receiving approval of the digital record from each of the first peer and the second peer, and executing a consensus protocol by a notary service of a third node to update transaction objects across the first node and the second node, the updating indicating that the transaction objects are consistent.

Abstract: A secure communication network includes interconnected switches including a source switch, a destination switch, and an intermediate switch. Packets are transferred over the secure communication network from a start node to an end node. The source switch replaces an original payload of each packet with an encrypted payload that combines the original payload and a respective random pad for the packet. The source switch then discards the respective random pad. The source and intermediate switches forward each packet toward the destination switch. The destination switch replaces the encrypted payload of each packet with a decrypted payload, which combines the encrypted payload and the respective random pad so as to match the original payload, discards the respective random pad, and transmits the packet with the decrypted payload to the end node. A controller sends the respective random pad for each packet to the source and destination switches via secure management links.

Abstract: A method includes receiving an indication of a request from a client device. The request is for establishing an access session to perform one or more actions on data of a data processing platform. The method includes receiving data indicative of a context of the access session request and establishing a challenge session associated with the request that indicates one or more challenges required of a user associated with a client device to successfully respond to in order to establish the requested access session, a number or a type of the one or more challenges being determined based on the context, and establishing an access session to enable the user to perform the one or more actions on the data of the data processing platform if responses to all challenges in the challenge session are successful.

Abstract: Methods, systems, and media for protected near-field communications are provided. In some embodiments, the method comprises: receiving, from an NFC tag device, a request for an NFC reader device identifier (ID); transmitting the NFC reader device ID to the NFC tag device; receiving an NFC tag device ID; determining whether the NFC tag device ID matches an NFC tag device ID stored in memory of the NFC reader device; in response to determining that the NFC tag device ID matches the NFC tag device ID, transmitting a password to the NFC tag device; receiving, from the NFC tag device, a shared secret; determining whether the received shared secret matches a shared secret stored in the memory of the NFC reader device; and in response to determining that the received shared secret matches the shared secret, causing an action to be performed by a device associated with the NFC reader device.

Abstract: Systems, methods and computer program products are provided for layered quantum computing (QC) detection. An example system includes QC detection data generation circuitry that generates QC detection data via a first post-quantum cryptographic (PQC) technique. The system also includes cryptographic circuitry configured to generate a pair of asymmetric cryptographic keys including a public cryptographic key and a private cryptographic key via a second PQC technique, generate encrypted QC detection data based on the pair of asymmetric cryptographic keys, and destroy the private cryptographic key. The system further includes data monitoring circuitry configured to monitor a set of data environments for electronic information related to the encrypted QC detection data. In response to detection of the electronic information related to the encrypted QC detection data, the system may monitor a set of data environments for electronic information related to the QC detection data.

Abstract: A first copy of a True Random Number (TRN) pool comprising key data of truly random numbers in a pool of files may be stored on a sender and a second copy of the TRN pool is stored on a receiver. An apparent size of the TRN pool on each device is expanded using a randomizing process for selecting and re-using the key data from the files to produce transmit key data from the first copy and receive key data from the second copy.

Abstract: Systems and methods for dynamically establishing and managing tenancy using templates are disclosed herein. An example method includes receiving a collaboration room template, the collaboration room template including parameters that are used to establish and configure a collaboration room for an entity, establishing the collaboration room for the entity, configuring the collaboration room according to the parameters of the collaboration room template, generating a token for a user, the token specifying permissions for the user for the collaboration room, transmitting an invitation to a user related to the collaboration room, and providing data in the collaboration room for the user according to the permissions specified in the token.

Abstract: Object to be solved is to achieve novel information management. In order to solve the above circumstances, the present invention provides an information management system including: a blockchain stored in first and second nodes, in which the first or second node includes an authenticating means that executes an authentication process on a basis of feature data, the first node includes a first signing means that generates a first transaction signature and adds the first transaction signature to an unfinalized block in the blockchain, the second node includes a second signing means that generates a second transaction signature and adds the second transaction signature to the unfinalized block on a basis of a result of the authentication process and the first transaction signature, and the first node includes a chain updating means that hashes the unfinalized block and generates a block on a basis of the second transaction signature.

Abstract: An authentication system includes an authentication unit that performs an authentication process between a first communication device and a second communication device when the first communication device and the second communication device communicate. The authentication unit performs the authentication process by transmitting authentication information from one of the first communication device and the second communication device to the other one, calculating the authentication information with an encryption code in each of the first communication device and the second communication device, and evaluating a calculation result. During a processing series in the authentication process, the authentication unit performs a first authentication based on part of the calculation result transmitted between the first and second communication device, and a second authentication based on another part of the calculation result transmitted between the first and second communication device.

Abstract: Environment type validation can provide a tamper-resistant validation of the computing environment within which the environment type validation is being performed. Such information can then be utilized to perform policy management, which can include omitting verifications in order to facilitate the sharing of policy, such as application licenses, from a host computing environment into a container virtual computing environment. The environment type validation can perform multiple checks, including verification of the encryption infrastructure of the computing environment, verification of code integrity mechanisms of that computing environment, checks for the presence of functionality evidencing a hypervisor, checks for the presence or absence of predetermined system drivers, or other like operating system components or functionality, checks for the activation or deactivation of resource management stacks, and checks for the presence or absence of predetermined values in firmware.

Abstract: Embodiments herein relate to new and useful systems and methods for tokenization across code trust boundaries. An embodiment includes a method for securing data across execution contexts in a computing device. The method includes determining that first data is to be passed from a first code in a first execution context to a second code in a second execution context. The method further includes, based on determining that the first data is to be passed, tokenizing the first data to generate tokenized first data, wherein tokenizing the first data comprises substituting the first data with second data that is based on the first data to secure the first data from the second code, the second data being the tokenized first data. The method further includes passing the tokenized first data from the first code to the second code.

Abstract: Systems and methods for managing group encryption are described. In certain methods, a content asset may be encrypted with an asset key. An account key may be determined. Using the account key, an encrypted content asset package may be generated. The asset key may make up at least a portion of the encrypted content asset package. The encrypted content asset package is decryptable with the account key. The encrypted content asset package and an identifier associated with the account key may be transmitted, for example to a playback device.

Abstract: A system, method, and computer program product for self-identification of a device. The disclosure utilizes generation of a public/private key pair, within the device itself, and completes at least a portion of an authentication process within the device itself using a securely stored private key that never leaves the device. By not transferring the private key away from the device, potential vulnerabilities of known systems due to transfer of identification information during or after manufacturing is effectively eliminated.

Abstract: Systems and methods that may implement an Oracle-aided protocol for producing and using FHE encrypted data. The systems and methods may initially encrypt and store input data in one encrypted form that is not performed using FHE, which does not substantially increase the size of the data and storage resources required to store the encrypted data. In accordance with the Oracle-aided protocol, the encrypted data is re-encrypted as FHE encrypted data when FHE encrypted data is required.

Abstract: Technologies related to enhancing security of digital content are described. Linear error correction codes (LECCs) are employed for dual purposes: 1) to obfuscate digital content; and 2) to verify integrity of the digital content. A transmitter computing system obfuscates digital content based upon an obfuscation protocol, wherein the obfuscated digital content includes an LECC. A receiver computing system deobfuscates the digital content by performing the inverse of the obfuscation protocol.

Abstract: The present invention provides methods and apparatuses for verifying that a transaction is legitimate. The methods and apparatuses use protected memory space, such as kernel space of an operating system, or a separate memory space, such as is available on a SIM card of a cellular phone. The method of the invention proceeds by creating a transaction identification string (TID) and associating the TID with a transaction. The TID contains data relevant to or associated with the transaction and is typically readable by an end-user. The transaction is then interrupted until a user responds in the affirmative to allow completion of the transaction. Methods and devices used in the invention are particularly well suited to M-commerce, where transactions originating from a device are typically recognized by a merchant as coming from the owner of the device without further authentication.

Abstract: Disclosed is a method in an operator authentication server for authentication of a communication device associated with a communication device manager. The communication device manager being associated with a plurality of communication devices, wherein the operator authentication server has transmitted group subscriber identity module (SIM) information to the communication device manager, wherein the group SIM information is associated with an international mobile subscriber identity (IMSI) number and a shared secret K. The method comprises receiving from the communication device a request for authentication comprising a sub identifier associated with the communication device; determining whether the sub identifier is known.

Abstract: A computer-implemented method according to one embodiment includes obtaining, at an untrusted environment, encrypted data from a storage location, initiating, within the untrusted environment, a performance of one or more secure computations on the encrypted data, and providing, within the untrusted environment, results of performing the one or more secure computations on the encrypted data.

Abstract: A method and apparatus for determining a propagation delay and/or a distance between a plurality of transceivers, in particular between transceivers outside and/or as part of a motor vehicle, wherein the transceivers are each designed: to generate identical codes in a plurality of these transceivers, using a calculation method known to them, from at least one starting value transmitted, in particular, from one of the transceivers to the further transceivers, to transmit one or more messages from at least one of the transceivers to one or more further ones of the transceivers, which messages each contain at least one of the codes, to determine at least one propagation delay and/or at least one distance between at least two of the transceivers, in particular from the propagation delay and/or transmission times of the one or more messages.

Abstract: Systems and methods for secure enrollment of physical unclonable function devices include providing a device with an enrollment controller. The enrollment controller receives an enrollment request from an enrollment system and authenticates the request. If the request is authentic, the enrollment controller generates challenges in a pseudorandom order determined by a random seed that is shared with the enrollment system. The enrollment controller issues the challenges to interrogation circuitry coupled to a PUF array and records the responses. The responses are transmitted in encrypted form, and in the pseudorandom order, to the enrollment system. The responses are encrypted using a random number shared with the enrollment system. The enrollment system and the enrollment controller can independently generate the encryption key using the shared random number and/or other securely shared information.

Abstract: The provided invention is a unique method and system for generating and using a digital memorized secret, password or other form of digital user authentication by navigating a realistic virtual 3D environment with a keyboard, controller, mouse, virtual reality device or other form of virtual navigation device and selecting an ordered sequence of objects within the virtual 3D environment. The selected sequence of objects have associated character strings or other associated data which are cumulatively stored and used as the users method of user authentication in place of a traditional password, memorized secret or other form of digital user authentication. Encryption and decryption of any data within this system may be performed on both the client and server sides. Hashing and salting of the memorized secret, password or other form of digital user authentication may be performed on both the client and server sides.

Abstract: A method for determining a terminal ID from a message received from a terminal in a communication system avoids sending the terminal ID in the clear. In this system each terminal ID has an associated encryption key. A transmitted message comprises at least a Message Authentication Code (MAC), a n-bit hash, and encrypted message text. At least the terminal key and a nonce is used to generate the MAC, and neither the terminal ID or the terminal key are included in the transmitted message. An authentication broker stores the set of all (terminal ID, terminal key) pairs for the plurality of terminals in the communication system. The set of all terminal keys is grouped into at least two partitions, and on receipt of a message the authentication broker identifies the partition that includes the terminal key of the terminal that transmitted the received message using the n-bit hash (the search partition).

Abstract: Various examples described herein are directed to systems and methods for securing data. A security system may receive a first record comprising a plurality of record fields, where the plurality of record fields includes a first record field and the first record field includes a first record field data. The security system may access a source setup record corresponding to the first record from a source setup table and determine that the source setup record comprises data referencing the first record field. The security system may access first token data corresponding to the first record field data and replace the first record field data at the first record field with the first token data. The security system may store the first token data at a token table and writing the first token data to the first record field to replace the first record field data.

Abstract: A method for key agreement between a first party and a second party over a public communications channel, the method including selecting, by the first party, from a semigroup, a first value “a”; multiplying the first value “a” by a second value “b” to create a third value “d”, the second value “b” being selected from the semigroup; sending the third value “d” to the second party; receiving, from the second party, a fourth value “e”, the fourth value comprising the second value “b” multiplied by a fifth value “c” selected by the second party from the semigroup; and creating a shared secret by multiplying the first value “a” with the fourth value “e”, wherein the shared secret matches the third value “d” multiplied by the fifth value “c”.

Abstract: An encryption processing system includes: an encryption data generation device, an encryption processing device, and a processing result utilization device. A first processor of the encryption data generation device is configured to perform preprocessing by generating encrypted data of homomorphic encryption corresponding to data obtained by multiplying plaintext data as a target by a power of a predetermined number of two or more. A second processor of the encryption processing device is configured to perform acquiring the encrypted data, and executing a processing on the encrypted data in an encrypted state to obtain a processing result in the encrypted state. A third processor of the processing result utilization device is configured to perform acquiring the processing result, and postprocessing by decrypting data of the processing result in the encrypted state and by dividing the decrypted data by the power of the predetermined number of two or more.

Abstract: The present invention is generally related to client and computing platforms that may be used for conducting secure transactions.

Abstract: Encrypted multi-stage smart contracts are disclosed. A smart contract that is to be performed by a contract executor in a plurality of successive stages is generated. For each respective stage of at least some stages, a package of data is encrypted with at least one key to generate an encrypted package that corresponds to the respective stage, and an envelope that corresponds to the respective stage is generated. The envelope includes a condition precedent confirmable by an oracle, and an encrypted package-decryption key that is encrypted with a key of the contract executor. The encrypted package-decryption key, when decrypted, is configured to facilitate the decryption of the encrypted package that corresponds to the respective stage. For at least some of the stages, the encrypted package comprises an envelope and an encrypted package that corresponds to a next successive stage.

Abstract: The disclosure proposes a novel method for generating public polynomials. The method simplifies key exchange processes, reduces the time required for key exchange and reduces the bandwidth required for data transmission from a server to a client. Secondly, the method keeps the calculation processes at both sides synchronized through a novel data exchange solution, particularly through handshaking signals, to ensure that the server and the client are always in the same key exchange process. In addition, the method further reduces a transmission bandwidth by sending information of the client twice. A state synchronization mechanism of the client and the server is proposed in the disclosure to ensure that Trivium modules at both sides are in the same state at the beginning of each key exchange, thereby avoiding reinitializing the modules and improving the operation efficiency of the whole system.

Abstract: Cryptographic key management systems configured to provide key management services for the secure and decentralized control and storage of private cryptographic keys and other information. Asset private keys, seeds, passphrases, and other digitized information may be split into a plurality of subkeys and distributed to a group of people to allow the group to gain control of the asset private key if and when a specified condition has occurred. In some examples, the group of people receive less than a threshold number of the subkeys required to restore the asset private key and one or more of the subkeys required to restore the asset private key are defined as validator subkeys, the validator subkeys separately and securely stored. In some examples, the validator subkeys are encrypted and the encrypted validator subkeys stored on a blockchain platform.