Follow us on Twitter
twitter icon@FreshPatents


Crypto patents

      

This page is updated frequently with new Crypto-related patent applications.

Apparatuses and methods for wireless communication
One feature pertains to a method operational at a device. The method includes performing key agreement with a core network device, and generating an authentication session key based in part on a secret key shared with a home subscriber server (hss), where the authentication session key is known to the core network device.
Qualcomm Incorporated


Cryptographic network protocol escalation path
The systems and methods described herein can provide a protocol escalation path in response to a client system's request or in response to a triggering event. For example, the computing system can provide an indication to a client system that the client system can upgrade from a regular connection channel to an upgraded connection channel if the client system can solve a certain proof-of-work.
Highwinds Holdings, Inc.


Cryptographic operations in an isolated collection
Examples of the present disclosure describe systems and methods for performing cryptographic operations in an isolated collection. In an example, a user may have an associated user resource within the isolated collection, which may be associated with a cryptographic key.
Microsoft Technology Licensing, Llc


Host-storage authentication
Example implementations may relate to a host and a storage system that communicate by a block storage protocol. For example, the host may embed host credentials in a data packet of the block storage protocol, and the data packet of host credentials may be cryptographically signed by a certificate authority trusted by a user of the host to generate a signed credential packet.
Hewlett Packard Enterprise Development Lp


Method of authenticating communication of an authentication device and at least one authentication server using local factor
A method of authenticating the communication of an authentication device and at least one authentication server using a local factor with creation of secret information shared by the authentication device and the authentication server; the reference information is derived from the secret information shared by the authentication device and the authentication server, where the manner of derivation is the same on the authentication device and on the authentication server; furthermore, the authentication device creates transformed reference information by means of cryptographic transformation from the reference information, where the local factor chosen and entered by the user or obtained from a medium or from the surrounding environment is used as an input in this cryptographic transformation, and where only the transformed reference information is stored on the authentication device and only the reference information is stored on the authentication server.. .
Aducid S.r.o.


Homomorphic white box using same
A method for whitebox cryptography is provided for computing an algorithm (m,s) with input m and secret s, using one or more white-box encoded operations. The method includes accepting an encoded input c, where c=enc(p,m); accepting an encoded secret s′, where s′=enc(p,s); performing one or more operations on the encoded input c and the encoded secret s′ modulo n to obtain an encoded output c′; and decoding the encoded output c′ with the private key p to recover an output m′ according to m′=dec(p,c′), such that m′=(m,s)..
Arris Enterprises Llc


Strong resource identity in a cloud hosted system
Aspects of the present disclosure relate to systems and methods for providing strong resource identification. When a resource is created, saved, or re-based, a cryptographic key pay may be generated and associated with the resource.
Microsoft Technology Licensing, Llc


Partially encrypted conversations via keys on member change
Examples of the present disclosure describe systems and methods for partially encrypting conversations using different cryptographic keys. Messages communicated during a conversation session may be encrypted using a cryptographic key.
Microsoft Technology Licensing, Llc


Biometric security for cryptographic system
A method of storing data allowing a seed value for generating an encryption key to be retrieved is provided. The method comprises obtaining, for each of a plurality of biological data sources, a respective set of biometric data from an authorised user.
Pipa Solutons Ltd


Optical cryptography systems and methods
Systems and methods for restoring or recovering linear polarization state of an optical signal as it exits the far end of an optical fiber are disclosed. The optical signal may have an expected pattern of polarization states through a birefringent material of the optical fiber from a first node to a second node.
The Board Of Regents Of The University Of Oklahoma


Event attestation for an electronic device

A method for validating an electronic device 2 comprises receiving attestation information provided by the electronic device 2 attesting that the electronic device 2 has received a plurality of event attestations, each event attestation providing a cryptographically authenticated attestation to the occurrence of a respective event during a lifecycle of the electronic device, and determining a validation result indicating whether the attestation information is valid. By providing separate cryptographically authenticated attestations for respective events in the lifecycle of the device, this can simplify manufacturing of the devices in a multistage manufacture process compared to an approach using a single device-specific attestation attesting that the entire process is trusted..
Trustonic Limited

Lightweight mitigation against first-order probing side-channel attacks on block ciphers

Techniques for mitigating side-channel attacks on cryptographic algorithms are provided. An example method according to these techniques includes applying a block cipher algorithm to an input data to generate a cryptographic output, such that applying the block cipher to input data comprises modifying an output of a stage of the block cipher algorithm such that each output of the stage of the block cipher algorithm has a constant hamming weight, and outputting the cryptographic output..
Qualcomm Incorporated

Managing chain-of-ownership for art using cryptocurrency blockchain

A method of maintaining a chain-of-ownership for art pieces is disclosed. A first record is stored in a chain-of-ownership database which assigns a first art-piece cryptocurrency address to a first art piece, and the internet is used to transfer cryptocurrency from a first artist cryptocurrency address assigned to a first artist to the first art-piece cryptocurrency address.

Managing chain-of-ownership for art using cryptocurrency blockchain

A method of maintaining a chain-of-ownership for art pieces is disclosed. A first record is stored in a chain-of-ownership database which assigns a first item cryptocurrency address to a first item, and the internet is used to transfer cryptocurrency from a first originator cryptocurrency address assigned to a first originator to the first item cryptocurrency address.

Security certification hiding ultra-high frequency electronic tag identifier

A security certification method for hiding an ultra-high frequency electronic tag identifier. By encrypting the electronic tag identifier (tid) using a random number, and returning it in the cipher text, this certification method can effectively avoid an illegal reading/writing device from acquiring the tid information and from performing illegal tracking and identity recognition on an object identified by the electronic tag.
Traffic Management Research Institute Of The Ministry Of Public Security

System and generating and validating encapsulated cryptographic tokens based on multiple digital signatures

Functional data for use in one or more digital transactions are secured by using an encapsulated security token (est). In certain embodiments, the est is created by encapsulating digital data including the functional data using at least two cryptographic systems of two parties.
Institutional Cash Distributors Technology, Llc

Cryptographically-secure autonomous detection of spoofed gnss signals

Methods and systems for cryptographically-secure autonomous detection of spoofed gnss signals is provided. A method is provided that includes the steps of: generating a cryptographic code, controlling a motion of at least one antenna of a global navigation satellite system (gnss) receiver system according to the cryptographic code, detecting a plurality of satellite signals during the controlled motion of the at least one antenna, and determining, based on carrier phase variations of the detected plurality of satellite signals, whether the plurality of satellite signals originated from a spoofer transmitter..
Arbiter Systems, Incorporated

Fake base station short message identification

A method includes: extracting a data value of receiver address field from a short message; wherein the short message sent by the short message center includes receiver address field, and the data value of the receiver address field includes the receiver's msisdn; if the short message does not include the receiver address field or the data value is not local msisdn such as the msisdn of the receiver terminal, determining the short message as a fake base station short message. The msisdn used in the present disclosure is an existing feature of the sender terminal and the receiver terminal without requiring the user to perform additional operations.
Alibaba Group Holding Limited

Providing low risk exceptional access with verification of device possession

A method and system for providing unencrypted access to encrypted data that may be stored on a device, sent as a message, or sent as a real-time communications stream. The method may include using public key cryptography to securely enable accessing the encrypted data stored on a device or communicated by a device.

Techniques for multi-domain memory encryption

Various embodiments are generally directed to techniques for multi-domain memory encryption, such as with a plurality of cryptographically isolated domains, for instance. Some embodiments are particularly directed to a multi-domain encryption system that provides one or more of memory encryption, integrity, and replay protection services to a plurality of cryptographic domains.
Intel Corporation

Encryption filter

The invention relates to a method and an apparatus for encrypted communication between a client and a server, wherein the communication comprises request messages, each with request elements, and response messages, each with response elements. Request elements and response elements can comprise data.
Medisite Gmbh

Method and system for authentication

An authentication method is performed between a first party and a second party. The method includes: i) determining a challenge; ii) sending the challenge to the second party; receiving a response from the second party including a second cryptogram; computing a first cryptogram using the challenge and the key of the first party; determining if the first cryptogram matches the second cryptogram received from the second party.
Oberthur Technologies

Asynchronous crypto asset transfer and social aggregating, fractionally efficient transfer guidance, conditional triggered transaction, datastructures, apparatuses, methods and systems

The asynchronous crypto asset transfer and social aggregating, fractionally efficient transfer guidance, conditional triggered transaction, datastructures, apparatuses, methods and systems (“socoact”) transforms transfer of assets (toa) initiation request inputs via socoact components into toa confirmation outputs. A crypto asset transfer notification is sent to a first entity from a second entity.
Fmr Llc

High-speed autocompensation scheme of quantum key distribution

The invention relates to quantum cryptography, and includes a communication system for transmitting a cryptographic key between the ends of a channel, including a transmitting node (alice) comprising a beam splitter, an electro-optical attenuator, an amplitude modulator, a phase modulator, a storage line, a faraday mirror, a synchronization detector; a receiving node (bob) that includes avalanche photodiodes, a beam splitter, a circulator, a delay line, a phase modulator, a polarizing beam splitter, a mach-zehnder interferometer, and also a quantum channel for connecting these nodes. In this case, for the storage line is placed between the electro-optical phase modulator of the sender and the faraday mirror.
International Center For Quantum Optics & Quantum Technologies Llc

Accelerated encryption and decryption of files with shared secret and method therefor

A non-transitory computer-readable medium for sharing protected content, comprising instruction stored thereon. When executed on a processor, the instruction performs steps of deriving a shared secret, processing the shared secret using a secure hash algorithm 256 cryptographic hash to produce a primary encryption key, and encrypting a secondary encryption key using the primary encryption key.
Cyphre, Llc

Multiple pdn connections over untrusted wlan access

Embodiments of this invention relates to methods, and apparatus for establishing additional simultaneous packet data network, pdn, connections between a user equipment, ue, and the evolved packet core network, epc, over an untrusted wifi network. The ue is attached to the epc through a security gateway over a first pdn connection over which the ue is authenticated and has established an ike security association, sa and a first ipsec sa.
Telefonaktiebolaget Lm Ericsson (publ)

Apparatus and carrying out a computing process

A device for carrying out a computing process, in particular a cryptographic process, the device having a primary functional unit that is fashioned to carry out at least a part of the computing process, wherein the device has at least one secondary functional unit that is fashioned to influence, in a specifiable time range, one or more physical parameters of the device.. .
Robert Bosch Gmbh

Cryptographic currency for financial data management, digital and digitalized cross-asset identification and unique digital asset identifier generation, asset valuation and financial risk management

Present disclosure is directed to digital asset-class and digitalized cross asset-class product identification for onboarding processes in capital markets and front-to-back-office data management, valuation and risk management in financial markets and cryptocurrencies. Particular portions of the present disclosure are directed to a cryptographic currency protocol and to cryptocurrency that checks for identifiers and/or reference data, matches identifiers, reference data, price data, generates unique digital asset identifiers, valuations, risk exposures.
Validareum Inc.

Systems and methods

Devices, systems, and methods securely authenticate a user, article, and/or device using an online platform or application use a multi-part cryptographic keying system and an imaging platform/device. A peer-to-peer information sharing/privacy system includes controls in a content sharing network.
Generation Next Solutions, Llc

Cloud-based transactions with magnetic secure transmission

Techniques for enhancing the security of a communication device when conducting a transaction using the communication device may include using a limited-use key (luk) to generate a transaction cryptogram, and transmitting a token instead of a real account identifier and the transaction cryptogram to an access device to conduct the transaction. The token and the transaction cryptogram can be transmitted to a magnetic stripe reader by generating an emulated magnetic signal.

Data loss prevention

Techniques for providing data loss prevention, including data exfiltration prevention and crypto-ransomware prevention, are provided. In some embodiments, a slack-space file system is created by using a modified packing algorithm to increase and/or optimize an amount of slack space created by files stored in a standard file system.
Noblis, Inc.

Restricting access to sensitive data using tokenization

A method includes receiving a security profile comprising user-defined rules for processing sensitive data, and identifying a plurality of sensitive data components in a data file according to the security profile. The method further includes generating a respective format-preserving token for each of the identified plurality of sensitive data components.
Ca, Inc.

Advanced zero-knowledge document processing and synchronization

Techniques disclosed herein decouple a document's structure from its general content wherein the structure is retained in plaintext (both at a client device and in a server system) and the data is retained in cyphertext, and where the cloud-based server system is not tasked with the saving or management of the relevant cryptographic keys. Because the network- or cloud-based server system has “zero-knowledge” about the document's data content or the relevant cryptographic keys, an attack on the server system does not put the security of the document's data at risk.
Entefy Inc.

Advanced zero-knowledge document processing and synchronization

Techniques disclosed herein decouple a document's structure from its general content wherein the structure is retained in plaintext (both at a client device and in a server system) and the data is retained in cyphertext, and where the cloud-based server system is not tasked with the saving or management of the relevant cryptographic keys. Because the network- or cloud-based server system has “zero-knowledge” about the document's data content or the relevant cryptographic keys, an attack on the server system does not put the security of the document's data at risk.
Entefy Inc.

Power and performance-efficient cache design for a memory encryption engine

Apparatuses, systems, and methods for hardware-level data encryption having integrity and replay protection are described. An example electronic device includes a memory encryption engine (mee) having a mee cache configured to store a plurality of mee cache lines, each mee cache line comprising a plurality of cryptographic metadata blocks, where each metadata block is associated with each of a plurality of encrypted data lines stored in a memory, and each mee cache line includes a bit vector mapped to the plurality of metadata blocks, where a set bit in the bit vector indicates that the associated metadata block has been accessed by one or more processors, and mee circuitry configured to select a replacement candidate from the plurality of mee cache lines for eviction from the mee cache based on a number of accessed metadata blocks in the replacement candidate as indicated by the associated bit vector..
Intel Corporation

Secure ad hoc network access

This disclosure describes systems, methods, and apparatuses related to secure ad hoc network access. A device may identify a cryptographic key received from a second device.
Intel Ip Corporation

Key distribution in a distributed computing environment

A key distribution service operated by a signature authority distributes one-time-use cryptographic keys to one or more delegates that generate digital signatures on behalf of the signature authority. The key distribution service uses a root seed value to generate subordinate seeds.
Amazon Technologies, Inc.

Key revocation

A signature authority generates revocable one-time-use keys that are able to generate digital signatures. The signature authority generates a set of one-time-use keys, where each one-time-use key has a secret key and a public key derived from a hash of the secret key.
Amazon Technologies, Inc.

Detecting and mitigating forged authentication object attacks using an advanced cyber decision platform

A system for detecting and mitigating forged authentication object attacks is provided, comprising an authentication object inspector configured to observe a new authentication object generated by an identity provider, and retrieve the new authentication object; and a hashing engine configured to retrieve the new authentication object from the authentication object inspector, calculate a cryptographic hash for the new authentication object, and store the cryptographic hash for the new authentication object in a data store; wherein subsequent access requests accompanied by authentication objects are validated by comparing hashes for each authentication object to previous generated hashes.. .
Fractal Industries, Inc.

Method of securing authentication in electronic communication

A method of securing authentication in electronic communication between at least one user authentication mechanism and at least one server authentication mechanism, wherein primary authentication is performed in the first step, and during the primary authentication a secondary authentication secret is created and shared between the user authentication and the server authentication mechanisms and is valid only for the given authentication transaction, and the secondary authentication secret is subsequently used as an input for a cryptographic transformation performed by the user authentication mechanism separately on each authentication vector element while creating the first authentication vector product, wherein authentication vector (av) is an ordered set of authentication vector elements (ave)(i)), wherein the first authentication vector product is transferred from the user authentication mechanism to the server authentication mechanism and is evaluated by the server authentication mechanism using the secondary authentication secret.. .
Aducid S.r.o.

Secure communication of iot devices for vehicles

Method for establishing secure communication between a plurality of iot devices in one or more vehicles include: provisioning the plurality of iot devices by providing a unique identification, a digital identity token and a cryptographic key to each of the plurality of iot devices; establishing a secure communication line between the plurality of iot devices by authenticating respective communication lines between respective iot devices and issuing a digital certificate to the respective communication lines; grouping the plurality of iot devices into different groups based on a predetermined criteria; and including a group membership for a group of the different groups in an attribute certificate indicating group characterization.. .
T-central, Inc.

Remote attestation with hash-based signatures

An attestation protocol between a prover device (p), a verifier device (v), and a trusted third-party device (ttp). P and ttp have a first trust relationship represented by a first cryptographic representation based on a one-or-few-times, hash-based, signature key.

Signature delegation

A signature authority generates a master seed value that is used as the root of a seed tree of subordinate nodes. Each subordinate node of the seed tree is generated from the value of its parent node using a cryptographic hash or one-way function.
Amazon Technologies, Inc.

Generation of merkle trees as proof-of-work

A proof-of-work system where a first party (e.g., a client computer system) may request access to a computing resource. A second party (e.g., a service provider) may determine a challenge that may be provided to the first party.
Amazon Technologies, Inc.

Personal digital identity card device for fingerprint bound asymmetric crypto to access merchant cloud services

A personal digital id device provides a digital identifier to a service for a predetermined duration in response to user interaction. The user interaction may include a button press.
Tyfone, Inc.

Method for the security of an electronic operation with a chip card

A method for assisting in improving the security of an electronic operation carried out via a chip card. The method comprises comparing a cryptographic nonce received last by the chip card with at least one reference cryptographic nonce stored on the chip card, in order to quantify their degree of similarity by a last similarity data.
Oberthur Technologies

Location aware cryptography

A first entity may provide a request to transmit data from the first entity to a second entity. The first entity may receive a session key from the second entity in response to the request where the session key is encrypted by a second key that is based on a combination of a public key and a location associated with the second entity.
Cryptography Research, Inc.

Public key rollup for merkle tree signature scheme

An organizational signature authority delegates signature authority to one or more subordinate signature authorities by rolling up public keys from the subordinate signature authorities into a public key for the organization. A subordinate signature authority of the organizational signature authority generates cryptographic keys for use by the subordinate signature authority, and cryptographically derives a public key for the subordinate signature authority based at least in part on the cryptographic keys.
Amazon Technologies, Inc.

Assigning user identity awareness to a cryptographic key

Various systems and methods for performing cryptographic operations based on an authentication policy are discussed. In an example, an authentication policy for implementing a user authentication factor (or multiple factors) may be deployed at a client computing device to control generation and use of a cryptographic key.
Intel Corporation

Cryptographic system management

A method of refreshing key material is described for use in a trusted execution environment logically protected from a regular execution environment. The trusted execution environment further comprises a key identifier.
Mastercard International Incorporated

Efficient cryptographically secure control flow integrity protection

Embodiments include a computing processor control flow enforcement system including a processor, a block cipher encryption circuit, and an exclusive-or (xor) circuit. The control flow enforcement system uses a block cipher encryption to authenticate a return address when returning from a call or interrupt.
Intel Corporation

Ultra-lightweight cryptography accelerator system

A cryptography accelerator system includes a direct memory access (dma) controller circuit to read and write data directly to and from memory circuits and an on-the-fly hashing circuit to hash data read from a first memory circuit on-the-fly before writing the read data to a second memory circuit. The hashing circuit performs at least one of integrity protection and firmware/software (fw/sw) verification of the data prior to writing the data to the second memory circuit.
Intel Corporation

Cryptographic system management

A method is described for transferring secrets from a first cryptographic system installed on a computing device to a second cryptographic system installed on the computing device to enable the second cryptographic system to replace the first cryptographic system.. .
Mastercard International Incorporated

Encryption engine with an undetectable/tamper-proof private key in late node cmos technology

A private key of a public-private key pair with a corresponding identity is written to an integrated circuit including a processor, a non-volatile memory, and a cryptographic engine coupled to the processor and the non-volatile memory. The private key is written to the non-volatile memory.
International Business Machines Corporation

Host attestation

A service provider provides virtual computing services using a fleet of one or more host computer systems. Each of the host computer systems may be equipped with a trusted platform module (“tpm”).
Amazon Technologies, Inc.

Additive manufacturing validating additively manufactured components

Validating additively manufactured components is carried out by transmitting to a distributed validation network printing specification data for a component that is to be additively manufactured, validating the printing specification data, and adding the printing specification data, together with a cryptographically encoded checksum, to a print history log, transmitting the printing specification to a 3d printing device, and implementing a generative manufacturing process for the component that is to be additively manufactured in accordance with the transmitted printing specification data. While the generative manufacturing process is being carried out, in each case following specified manufacturing stages, a plurality of manufacturing parameters prevailing in the preceding manufacturing stage are transmitted to the distributed validation network.
Airbus Operations Gmbh

. .

Device, method, and computer program product for security data communication

The invention relates to devices, methods, and computer program products for secure data communication according to a network protocol having a plurality of communication layers layered into a protocol stack. Said device comprises a processor system, in which a processor, controlled by a task scheduler, executes a plurality of autonomous software modules, which each run a communication layer of the protocol stack.

Secure data ingestion for sensitive data across networks

A computing resource service provider may operate a secure proxy fleet responsible for directing network traffic to one or more backend services. The network traffic may be received over a cryptographically protected communications session at a secure proxy device.
Amazon Technologies, Inc.

Identity verification of wireless beacons based on chain-of-trust

The methodology described herein provides a process of interaction between a bluetooth beacon or other wireless beacon and a user-device. Embodiments of the method may allow the user-device to cryptographically verify the identity and provider of the beacon.
Andium Inc.

Method and public key encryption scheme rlce and ind-cca2 security

The main difference between the proposed cryptosystem and known variants of the mceliece cryptosystem consists in the way the private generator matrix is disguised into the public one by inserting and mixing random columns within the private generator matrix.. .

Secure initialization vector generation

A plaintext and cryptographic key are used to generate an initialization vector to be used in a cryptographic algorithm, such as an encryption algorithm. In some examples, the plaintext and cryptographic key are input into an effectively one-way function, such as a cryptographic hash function, the output of which is usable as an initialization vector.
Amazon Technologies, Inc.

Firmware extension for secure cryptocurrency key backup, restore, and transaction signing platform apparatuses, methods and systems

The firmware extension for secure cryptocurrency key backup, restore, and transaction signing platform apparatuses, methods and systems (“sftsp”) transforms transaction signing request, key backup request, key recovery request inputs via sftsp components into transaction signing response, key backup response, key recovery response outputs. A key backup request that includes an encrypted master key associated with a hosting hsm is received by a backup hsm from a backup utility.
Fmr Llc

Method and system for generation of cipher round keys by bit-mixers

System and methods for generating round keys for a cryptographic operation are disclosed. The systems and method can use logic circuits that are operable to: obtain first inputs and second inputs; perform a bit-mixer operation on each of the first inputs and the second inputs; and generate round keys based on the performing.
The Boeing Company

Key selection cryptographic data processing

Some embodiments relate to a data processing method comprising selecting a key from a plurality of previously stored keys, depending on at least on predefined criterion relating to at least one current value of at least one given repository. Other embodiments relate to a reception method comprising receiving second data obtained by applying, to first obtained data, a first cryptographic function using a key selected from a plurality of previously stored keys, depending on at least one predefined criterion relating to a current value of at least one given repository and for obtaining the first data by applying, to the second received data, a second cryptographic function using a second key associated with the selected key.
Orange

Method and cryptographic data processing

A mask is selected amongst a plurality of masks. A first masked random number is generated by converting a first random number using the selected mask, and a first key is generated from the first masked random number and a first biometric code generated from biometric information.
Fujitsu Limited

Composite security marking

The present disclosure relates to the field of anti-counterfeit protection of products. Specifically, the disclosure is directed to a composite security marking for a physical object, in particular to an anti-counterfeit product marking.
Merck Patent Gmbh

Composite security marking

The present invention relates to the field of anti-counterfeit protection of products. Specifically, the invention is directed to a composite security marking for a physical object, in particular to an anti-counterfeit product marking.
Merck Patent Gmbh

Reader device for reading a marking comprising a physical unclonable function

The present disclosure relates to the field of anti-counterfeit protection of products. Specifically, the disclosure is directed to a method of reading with a reader device a marking comprising a physical unclonable function, puf, and a corresponding reader device.
Merck Patent Gmbh

Reader device for reading a marking comprising a physical unclonable function

The present invention relates to the field of anti-counterfeit protection of products. Specifically, the invention is directed to a method of reading with a reader device a marking comprising a physical unclonable function, puf, and a corresponding reader device.
Merck Patent Gmbh

Secure group communication

A first plurality (201) of network nodes (120-123, 130-133) of a network (100) is associated with a first cryptographic keying material and the multicast ip address. A second plurality (202) of network nodes (120-123, 130-133) of the network (100) is associated with a second cryptographic keying material and the multicast ip address.
Arm Ltd

Controlling access to a locked space using cryptographic keys stored on a blockchain

A method for controlling access to a locked space, including generating an access code and a private key associated with the access code, hashing the access code to obtain a hashed access code, encrypting the hashed access code with a public key to create a digital signature, wherein the hashed access code and the digital signature are stored on the blockchain, authenticating a receiving device in response to a request from the receiving device to gain access to the locked space, transmitting the private key and the digital signature to an authenticated receiving device, instructing the authenticated receiving device to decrypt the digital signature using the private key to obtain the hashed access code, and transmit the hashed access code to the computing system, and unlocking the locked space in response to receiving the hashed access code from the receiving device.. .
Wal-mart Stores, Inc.

Revocable shredding of security credentials

Customers accessing resources and/or data in a multi-tenant environment can obtain assurance that a provider of that environment will honor only requests associated with the customer. A multi-tenant cryptographic service can be used to manage cryptographic key material and/or other security resources in the multi-tenant environment.
Amazon Technologies, Inc.

Offline protection of secrets

Examples of the present disclosure describe systems and methods relating to the offline protection of secrets. A secret may be encrypted using a public key provided by the client.
Microsoft Technology Licensing, Llc

Cryptographic mode programmability

A cryptographic device includes: a data input; a data output; a cipher circuit configured to perform a cipher algorithm on cipher-algorithm input data to produce cipher-algorithm output data; and a network coupled to the data input, the data output, and the cipher circuit, the network comprising a plurality of switches and a plurality of logical signal combiners that are configured to provide the cipher-algorithm input data to the cipher circuit and to provide device output data to the data output using the cipher-algorithm output data and that, in combination with the cipher circuit, are configured to implement a plurality of different cryptographic algorithms that each include the cipher algorithm that the cipher circuit is configured to perform.. .
Qualcomm Incorporated

Data loss prevention with key usage limit enforcement

In a distributed system, a computer system responsible, at least in part, for complying with a cryptographic key usage limit for a cryptographic key, obtains results of cryptographic operations generated based at least in part on the cryptographic key and transmits the obtained results over a network. The computer system digitally signs the results and provides the results with digital signatures of the results.
Amazon Technologies, Inc.

Network message authentication and verification

The present application relates to an apparatus and method of authenticating and verifying a message frame on a multi-master access bus with message broadcasting. Logic bus identifier, lid, are associated with each one of a several logical groups of nodes out of a plurality of nodes connected to the multi-master access bus.
Nxp B.v.

Determination of a device-specific private key for an asymmetrical cryptographic method on a device

Provided is a method and a security module for determining or providing a device-specific private key for an asymmetrical cryptographic process. A device-specific private primary seed is reproducibly formed from a device-specific secret piece of data, and the device-specific private key is determined from the device-specific private primary seed..
Siemens Aktiengesellschaft

Distributed cryptographic key insertion and key delivery

A method of producing a secure integrated circuit (ic), including: loading the ic with a unique identification number (uid); loading the ic with a key derivation data (kdd) that is based upon a secret value k and the uid; producing a secure application configured with a manufacturer configuration parameter (mcp) and the secret value k and configured to receive the uid from the ic; producing a manufacturer diversification parameter (mdp) based upon the mcp and the secret value k and loading the mdp into the ic; wherein secure ic is configured to calculate a device specific key (dsk) based upon the received mdp and the kdd, and wherein the secure application calculates the dsk based upon the mcp, k, and the received uid.. .
Nxp B.v.

Confidential authentication and provisioning

Some embodiments provide systems and methods for confidentially and securely provisioning data to an authenticated user device. A user device may register an authentication public key with an authentication server.
Visa International Service Association

Communication apparatus and cryptographic processing system

A cryptographic communication method using a dynamically-generated private key is provided. A signal generation unit outputs a second signal obtained by giving an error in a predetermined range to a signal obtained based on a first signal.
Rgnesas Electronics Corporation

Systems and methods for multi-region encryption/decryption redundancy

Methods and systems for encrypting and decrypting data comprising sending sensitive information to a first cryptographic processing system in a first cloud region for encryption with a first key encryption key generated by and stored by the first cryptographic processing system. The first encrypted sensitive information received from the first cryptographic processing system is stored in a first database.
Index Systems, Inc.

Secure distribution private keys for use by untrusted code

A secure key system is described that distributes a private key of a key server to an edge server for encryption on behalf of an owner of the private key when establishing a session with a client. To distribute the private key, the key server receives from the edge server a quote generated by a secure enclave of the edge server.
Microsoft Technology Licensing, Llc

System and methods for sharing and trading user data and preferences between computer programs and other entities while preserving user privacy

Systems and methods are provided which allow computer programs or other entities to share user data and information so that users may be authenticated and their preferences shared among entities in networked environments and machines. Cryptographic credentials are generated for these purposes.
Sensoriant, Inc.

Strong white-box cryptography

A method is provided for generating an output from an input according to a secret using a white-box implementation of a cryptographic function having a first operation, a second operation, and a third operation. The method applies the input to a first operation to generate a first intermediate result, applies the first intermediate result to a second operation to generate a second intermediate result, and applies the second intermediate result to a third operation to generate the output, wherein at least two of the first operation, the second operation, and the third operation is implemented by a plurality of interconnected logic elements, the interconnection of the plurality of logic elements being comprised of one of a non-algebraic interconnection of logic elements and an algebraic interconnection of logic elements having obfuscated boundaries between the at least one of the first operation, the second operation and the third operation..
Arris Enterprises Llc

Determining cryptographic operation masks for improving resistance to external monitoring attacks

Systems and methods for determining cryptographic operation masks for improving resistance to external monitoring attacks. An example method may comprise: selecting a first input mask value, a first output mask value, and one or more intermediate mask values; based on the first output mask value and the intermediate mask values, calculating a first transformation output mask value comprising two or more portions, wherein concatenation of all portions of the first transformation output mask value produces the first transformation output mask value, and wherein exclusive disjunction of all portions of the first transformation output mask value is equal to the first output mask value; and performing a first masked transformation based on the first transformation output mask value and the first input mask value..
Cryptography Research, Inc.

Managing a demand on an electrical grid using a publicly distributed transactions ledger

A method and system for managing a demand on an electrical grid is provided, including: receiving a capped total amount of cryptocurrency available to purchase units of energy from an energy provider, the capped amount of cryptocurrency being recorded in a publicly distributed transaction ledger, allocating a portion of the cryptocurrency of the capped total amount of cryptocurrency to each energy consumption device, wherein the portion of the cryptocurrency allocated to each energy consumption device is recorded in the ledger, receiving, a request from an energy consumption device of the plurality of energy consumption devices that the energy metering device purchase an energy unit, using the portion of cryptocurrency allocated to the first energy consumption device, accessing the publically distributed transaction ledger in response to receiving the request from the first energy consumption to verify that the first energy consumption device has a remaining amount of cryptocurrency.. .
Wal-mart Stores, Inc.

Multi-party encryption cube processing apparatuses, methods and systems

Computer-implemented systems and methods are disclosed herein for use within secure multi-party computation. A system and method are used for storing an operation preference and a cryptographic preference.

Systems and methods for stable physically unclonable functions

Various embodiments of the invention allow to take advantage of the natural statistical variation of physical properties in a semiconductor device in order to create truly random, repeatable, and hard to detect cryptographic bits. In certain embodiments, this is accomplished by recursively pairing mismatch values of puf elements so as to ensure that generated puf key bits remain insensitive to environmental errors, without affecting the utilization rate of available puf elements.
Maxim Integrated Products, Inc.

Unified management of cryptographic keys using virtual keys and referrals

A cryptography service allows for management of cryptographic keys in multiple environments. The service allows for specification of policies applicable to cryptographic keys, such as what cryptographic algorithms should be used in which contexts.
Amazon Technologies, Inc.

Method for safeguarding the information security of data transmitted via a data bus and data bus system

A method for saving the information security of data transmitted by a databus, in which the data to be transmitted via the databus from a transmitter (ecus) to at least one receiver (ecur) are divided into data blocks (m0 . .
Continental Teves Ag & Co. Ohg

Asynchronous cryptogram-based authentication processes

The disclosed embodiments include computer-implemented devices and processes that asynchronously authenticate data. For example, a network-connected device may obtain data identifying a product, and obtain cryptographic data from an executed application through a programmatic interface.
The Toronto-dominion Bank

Secure field-programmable gate array (fpga) architecture

Method and systems using stateful encryption for non-bypassable fpga configuration including receiving, at an fpga, fpga-configuration data comprising a cryptographic state to initialize a cryptographic state of the fpga, and decrypting, at the fpga, the fpga-configuration data, wherein decrypting the fpga-configuration data yields at least a second cryptographic state and decrypted fpga-configuration data. Embodiments can include receiving, at the fpga, a challenge message, processing, at the fpga, the challenge message to yield at least a third cryptographic state and a response, and transmitting the response from the fpga..
Raytheon Company

Automated manufacturing system with adapter security mechanism and manufacture thereof

A method of operation of an automated assembly system includes: detecting a socket adapter having an adapter identifier and an adapter cryptographic chip; calculating a primary key hash based on a primary key in a programming cryptographic chip; calculating an adapter hash based on the adapter identifier using the adapter cryptographic chip; matching the primary key hash to the adapter hash to update an authentication token with the adapter identifier for authenticating the socket adapter on the device programming system; and programming programmable devices in the socket adapter based on the authentication token.. .
Data I/o Corporation

Secure start system for an autonomous vehicle

A secure start system for an autonomous vehicle (av) can transmit credentials to an authentication system based on detecting startup of the autonomous vehicle. When the credentials are authenticated the system can receive a tunnel key from the authentication system, and establish, using the tunnel key, a private communications session with a backend vault of the authentication system.
Uber Technologies, Inc.

Image processing apparatus, notification of the number of ic card processes for the image processing apparatus, and recording medium

An image processing apparatus for a public key cryptography-based system using an ic card comprises: a job execution portion that executes a job given by a user; an ic card reader that accesses the ic card; a first calculator that estimates the number of ic card processes when the job execution portion executes the job, the ic card processes to be performed in the job, the ic card processes requiring the ic card reader to access the ic card; and a notification portion that provides to the user a notification that more than one ic card process is to be performed if the estimation by the first calculator results in more than one ic card process.. .
Konica Minolta, Inc.

Redundant key management

A data storage service redundantly stores data and keys used to encrypt the data. Data objects are encrypted with first cryptographic keys.
Amazon Technologies, Inc.

Hypervisor enforcement of cryptographic policy

Techniques for restricting the execution of algorithms contained in applications executing on virtual machines executing within a computer system are described herein. A first sampled set of computer executable instructions is gathered from a virtual machine by a controlling domain and compared against a reference set of computer executable instructions.
Amazon Technologies, Inc.

Method and system for byzantine fault-tolerance replicating of data on a plurality of servers

A method for byzantine fault-tolerant replication of data on a plurality of n servers by a client, wherein the n servers include one primary node (pn) and n−1 replica nodes (repn), wherein f servers may arbitrarily fail, and wherein all n servers include a trusted computing entity (tce), includes: performing a request procedure, performing a prepare procedure, performing a commit procedure, and performing a reply procedure. The request procedure includes providing a request message for requesting a certain operation, and transmitting the request message to all n servers.
Nec Europe Ltd.

Methods and systems for conveying encrypted data to a communication device

An apparatus includes an audio-sensor inhibitor configured to inhibit detection of sound by an audio sensor of a communication device, and a secure communication interface coupled to the audio-sensor inhibitor, the secure communication interface being configured to transmit encrypted audio data from the secure communication interface to the communication device, wherein the communication interface generates audio data using a secure-interface audio sensor, and generates the encrypted audio data by encrypting the audio data using a cryptographic module.. .
Nagravision S.a.

Optimizing diagnostics for galactofuranose containing antigens

Disclosed herein are methods of detecting microbial infection in mammalian subjects comprising treatment of a sample and detection of galactofuranose (galf)-containing antigenic components utilizing monoclonal antibodies. The methods disclosed provide for pretreatment of biological samples, such as urine samples, to maximize detection of galf antigens and improvement of sensitivity of galf antigen detection assays.
The Johns Hopkins University

Method for verifying authenticity, configuring network credentials and cryptographic keys for internet of things (iot) devices using near field communication (nfc)

A method to securely send, to the device the cryptographic key and the local wireless network credentials with an authenticity verification to ensure that the device is safe to be added to the local network. Those credentials are sent using a nfc enabled device to the internal eeprom with nfc interface embedded on the target connected device.
Samsung EletrÔnica Da AmazÔnia Ltda.

Cryptographic data

Examples set out herein provide a method comprising using first cryptographic key data specific to a computing device to verify a package of machine readable instructions to run on the computing device. The verified package may be executed to generate a random number using a true random number generator of the computing device, and to store the generated random number.
Hewlett Packard Enterprise Development Lp

Apparatus and the detection of attacks taking control of the single photon detectors of a quantum cryptography apparatus by randomly changing their efficiency

An apparatus and method for revealing both attack attempts performed on the single-photon detector(s) of a quantum cryptography system and trojan horse attack attempts performed on quantum cryptography apparatus containing at least one single photon detector. The attacks detection relies on both the random modification of the setting parameters of the said single-photon detector(s) and the comparison of the measured detection probability values for each setting parameter with the expected detection probability values.
Id Quantique Sa

Access control system

Provided is a method for access control, performed by an access control apparatus, including obtaining access authorisation information that is communicated to the access control apparatus having at least one access authorization parameter and first check information; using at least the communicated access authorisation parameters, the communicated first check information and a second key from a key pair, which second key is stored in the access control apparatus, to perform a first check on whether the communicated first check information has been produced by performing cryptographic operations by means of access authorisation parameters corresponding to the communicated access authorisation parameters using at least one first key from the key pair, and deciding whether access can be granted, based on the first check delivers a positive result and it is established that at least one predefined set of the communicated access authorisation parameters respectively provides access authorisation.. .
Deutsche Post Ag

Systems and methods for a cryptographic file system layer

The systems and methods disclosed herein transparently provide data security using a cryptographic file system layer that selectively intercepts and modifies (e.g., by encrypting) data to be stored in a designated director. The cryptographic file system layer can be used in combination with one or more cryptographic approaches to provide a server-based secure data solution that makes data more secure and accessible, while eliminating the need for multiple perimeter hardware and software technologies..
Security First Corp.

Scrambling of the operation of an integrated circuit

An integrated circuit includes functional circuitry such as a processing core, memory interfaces, cryptographic circuitry, etc. The integrated circuit also includes protection circuitry to protect the functional circuitry of the integrated circuit against attacks by hidden channels.
Proton World International N.v.

Medical appointment progress tracking

Provided are mechanisms and processes for medical appointment progress tracking. According to various examples, the system includes a location sensor that tracks when a medical professional begins an examination of a patient by detecting when the medical professional logs into a computer to access the first patient's medical file.

Generating memory dumps

A method for generating a dump comprising data generated by a virtual system in a computing environment is depicted. The method comprises: initiating a dump process for dumping data generated by the virtual system and stored in guest memory; sending a dump request for the data from the virtual machine monitor to the trusted component; in response to receiving the dump request, generating a symmetric dump generating key; reading the data from the guest memory; encrypting the data with the symmetric dump generating key; encrypting the symmetric dump generating key with the public cryptographic key of the client system; providing the encrypted dump data and the encrypted symmetric dump generating key to the virtual machine monitor; generating a dump comprising the encrypted dump data and the encrypted symmetric dump generating key; and providing the dump to the client system..
International Business Machines Corporation

Providing forward secrecy in a terminating tls connection proxy

An infrastructure delivery platform provides a rsa proxy service as an enhancement to the tls/ssl protocol to off-load, from an edge server to an external cryptographic server, the decryption of an encrypted pre-master secret. The technique provides forward secrecy in the event that the edge server is compromised, preferably through the use of a cryptographically strong hash function that is implemented separately at both the edge server and the cryptographic server.
Akamai Technologies, Inc.

Distributed data storage system using a common manifest for storing and accessing versions of an object

The present disclosure provides a system and method to perform access control authentication using a cryptographic hash of the encoding of access control rules. The compact cryptographic hash identifier of the access control rules is suitable for inclusion in a name indexing entry, whereas inclusion of the full encoding would result in a large name indexing entry, resulting in disadvantageously large storage requirements and bandwidth usage.
Nexenta Systems, Inc.

Protective apparatus and network cabling the protected transmission of data

Provided is a network cabling apparatus and protective apparatus for the protected transmission of data, comprising two protective devices which are assigned to one another and can each be connected to one end of a data transmission device, each protective device having: a first interface for connection to the data transmission apparatus; a second interface for connection to a device; and a crypto unit which has a cryptographic function that can be configured in an equivalent manner on each of the assigned protective devices and which cryptographically protects the data to be transmitted.. .
Siemens Aktiengesellschaft

System, providing trusted input/output communications

In one embodiment, an apparatus includes a wireless controller, which may include a byte stream parser to receive a stream of data from one or more wireless devices and parse the stream of data to identify a first data packet associated with a first channel identifier associated with a trusted application, and a cryptographic engine coupled to the byte stream parser to encrypt a payload portion of the first data packet in response to the identification of the first data packet associated with the first channel identifier. Other embodiments are described and claimed..

Cipher-information generation device, cipher-information generation method, storage medium, and collation system

The present invention provides a crypto-information creation device, etc., with which it is possible to create information that enables a safer collation process between information that is the subject of collation and information to be referenced. This crypto-information creation device 501 has: a range encryption unit 502 for calculating a first value included in a range based on a threshold value and encrypting the calculated first value in accordance with a homomorphic encryption scheme, thereby creating a first cryptogram in which the first value is encrypted; and a computation unit 503 for applying a computation according to the encryption scheme to the first cryptogram and to a second cryptogram in which a second value representing the degree of similarity is encrypted in accordance with the encryption scheme, thereby creating a third cryptogram in which a value obtained by adding together the first value and the second value is encrypted..
Nec Corporation

Secure crypto module including optical glass security layer

A method of fabricating a printed circuit board (pcb) is presented. The pcb includes a glass security layer.
International Business Machines Corporation

Secure crypto module including optical glass security layer

An optical electromagnetic radiation (em) emitter and receiver are located upon a printed circuit board (pcb) glass security layer. A predetermined reference flux or interference pattern, respectively, is an expected flux or reflection pattern of em emitted from the em emitter, transmitted by the glass security layer, and received by the em receiver.
International Business Machines Corporation

Protecting memory storage content

An apparatus includes memory storage and a protection system to protect content of the memory storage. The protection system includes a first key that is held by a process and is associated with application data to be stored in the memory storage; and a second key that is held by an operating system kernel.
Hewlett Packard Enterprise Development Lp

Cryptographic unit for public key infrastructure (pki) operations

A module such as an m2m device or a mobile phone can include a removable data storage unit. The removable data storage unit can include a nonvolatile memory, a noise amplifying memory, and a cryptographic unit.

Industrial security agent platform

Systems, methods, and apparatus, including computer programs encoded on computer storage media, for facilitating communication in an industrial control network. A system includes an industrial control network, one or more controller devices, one or more emulators, and an encryption relay processor.
Accenture Global Services Limited

Composite field scaled affine transforms-based hardware accelerator

A cryptographic hardware accelerator identifies a mapped input bit sequence by applying a mapping transformation to an input bit sequence retrieved from memory and represented by a first element of a finite-prime field. The mapped input bit sequence is represented by a first element of a composite field.
Intel Corporation

System for multiplexing and demultiplexing blockchain ledgers via a cryptographic hash

Embodiments of the present invention provide a system for multiplexing and demultiplexing blockchain ledgers via a cryptographic hash. In particular, the invention uses cryptographic keys and hashes to combine and dissociate blockchain records from the private blockchains two or more entities.
Bank Of America Corporation

Systems and methods for cryptography having asymmetric to symmetric key agreement

A system and method for generating data for use in cryptography or secure modulation is provided. The method may include randomly generating a public code using a secret key, wherein the public code includes an interior matrix and a summing matrix, both having a predetermined dimension of rows and columns.

Apparatus and method to perform secure data sharing in a distributed network by using a blockchain

An apparatus serves as a node device included in a distributed data sharing network, and shares, by using a blockchain, a piece of event information related to an event generated in a terminal, among node devices included in the distributed data sharing network, where the blockchain is a continuously growing list of blocks which are linked and secured using cryptography. The apparatus generates a piece of event data including the piece of event information related to the event, and causes the generated piece of event data to be stored in one of the node devices included in the distributed data sharing network..
Fujitsu Limited

Protein based cryptography

This invention is directed to a method of providing extra levels of encryption to a message by imposing a mask on top of an already encrypted message, wherein the mask sits on top of a protein folding of a sequence of amino acids.. .

Cryptographic key control based on debasing condition likelihood estimation

In representative embodiments, systems and methods to calculate the likelihood that presented cryptographic key material is untrustworthy are disclosed. A predictive model based on a debasing condition and a dataset is created by evaluating the dataset relative to the debasing condition.
Venafi, Inc.

Data encryption apparatus and method, and data decryption apparatus and method

Provided are a data encryption apparatus and method, and a data decryption apparatus and method. A data encryption apparatus according to an embodiment of the present embodiments includes a divider configured to divide data into a plurality of plaintext blocks, an encryptor configured to encrypt at least one among some blocks of the plurality of plaintext blocks and an initial value for encrypting the data using an cryptographic key-based block encryption scheme, and an encoder configured to encode remaining plaintext blocks, which are not encrypted by the block encryption scheme, using a non-cryptographic key-based encoding scheme..
Samsung Sds Co., Ltd.

Protecting cryptographic systems from cold boot and other side channel attacks

An electrical signal indicative of an intrusion is detected at an application executing in a cryptographic data processing system. In response to the detection, an instruction is constructed in the application for the cryptographic data processing system.
International Business Machines Corporation

Secure real-time health record exchange

A method, an apparatus, and a computer program product for accessing electronic medical records are provided in which a portable computing device uniquely associated with a user authenticates an identification of the user and automatically retrieves information corresponding to the user from electronic healthcare records systems using the identification. The retrieved information may be combined with other information and electronically delivered to a healthcare provider or patient.
Humetrix.com, Inc.

System for authenticating an electronic device by means of an authentication server

A system for authenticating an electronic device by means of an authentication server in order to authenticate a user of said electronic device. The system is adapted to perform an authentication based on a fictive payment transaction and includes the authentication server which is adapted to execute a fictive payment transaction with a predetermined transaction amount with said electronic device and during said execution to receive a first cryptogram from said electronic device; send said first cryptogram to a banking server; and receive from said banking server an acknowledgment if said first cryptogram is valid; when said fictive payment transaction has been executed, compute an authentication identification based on said electronic device's data; said electronic device which is a payment electronic device and which is adapted to execute said fictive payment transaction with said authentication server and during said execution to send said first cryptogram to said authentication server..
Gemalto Sa

Programming on-chip non-volatile memory in a secure processor using a sequence number

A method may be executed by a secure processor having secure cryptography hardware implemented thereon. The method may be executed in a security kernel of a secure on-chip non-volatile (nv) memory coupled to the secure processor.
Acer Cloud Technology, Inc.

Encryption for xip and mmio external memories

Techniques for multiplexing between an execute-in-place (xip) mode and a memory-mapped input/output (mmio) mode for access to external memory devices are described herein. In an example embodiment, an ic device comprises a serial interface and a controller that is configured to communicate with external memory devices over the serial interface.
Cypress Semiconductor Corporation

System and implementing cryptography in a storage system

A method for performing cryptography operations on data blocks within a volume of data is disclosed. The method involves generating a volume master key, generating a user key, generating a volume initialization vector, generating an intermediate key, generating a user volume key, and performing cryptography operations on data blocks within an individual volume of data using the volume master key, the user key, the volume initialization vector, the intermediate key, and the user volume key..
Storageos Limited

Cryptographic-based initialization of memory content

A technique includes receiving a request to initialize a region of a memory. Content that is stored in the region is encrypted based at least in part on a stored nonce value and a key.
Hewlett Packard Enterprise Development Lp

Method of pushing passwords, and pushing system

A method of pushing passwords, and a pushing system are provided. The method includes establishing a sharing cryptographic library which stores a plurality of application program identification codes, account names and passwords, receiving first biological characteristic information of a user, and simultaneously receiving a push request including second biological characteristic information and a current application program identification code.
Guangdong Oppo Mobile Telecommunications Corp., Ltd.

Configuration based cryptographic key generation

In some examples, a programmable device may load configuration data into a configuration storage to configure programmable logic of the programmable device. The programmable device may include a key generation logic that may read at least a portion of the configuration data from the configuration storage.
Honeywell International Inc.

Devices and methods for client device authentication

An access point receives from a client a first nonce and a first cryptographic hash for the first nonce, the first cryptographic hash calculated using a first key derived from a second key, the second key input on the client or derived from a passphrase input on the client, derives first keys from each of a stored primary input and at least one stored secondary input valid at the deriving, the stored primary input and the at least one stored secondary input each being one of a second key and a passphrase, verifies the cryptographic hash using each derived first key to find a derived first key that checks the first cryptographic hash, generates a third key and a second cryptographic hash using the derived first key that checks the first cryptographic hash, and sends the third key and the second cryptographic hash to the client.. .
Thomson Licensing

Secure database featuring separate operating system user

Embodiments manage access to cryptography keys for database data, within a secure key store of a local key server owned by a new (security) operating system (os) user separate from an original default os user. Existing principles governing distinct os user access privileges engrained within the os itself, are leveraged to preclude the default os user from accessing files of the new security os user.
Sap Se

Use of error information to generate encryption keys

The embodiments provide cryptography keys for communicating devices that are based on information known only to the devices. Each device determines the information without communicating key information related to the key with the other.
Microsoft Technology Licensing, Llc

Extended blockchains for event tracking and management

Blockchain-based systems and methods incorporate secure wallets; enhanced, randomized, secure identifiers for uniquely identifying discrete items; and cryptographically secure time-stamped blockchains. Role-based secure wallets include private cryptographic keys for digitally signing transactions for recording in a blockchain.
Ledgerdomain, Llc

Extended blockchains for event tracking and management

Blockchain-based systems and methods incorporate secure wallets; enhanced, randomized, secure identifiers for uniquely identifying discrete items; and cryptographically secure time-stamped blockchains. Role-based secure wallets include private cryptographic keys for digitally signing transactions for recording in a blockchain.
Ledgerdomain, Llc

Techniques for leveraging multiple cryptographic algorithms for authenticating data

Techniques for authenticating data on a computing device are provided. An example method according to these techniques includes generating a first cryptographic output by applying a first cryptographic algorithm to each block of a first subset of the plurality of blocks of data to be authenticated, combining a last block of the first cryptographic output with a second subset of the plurality of blocks of data to generate an intermediate result, and generating an authentication output by applying a second cryptographic algorithm to the intermediate result, the second cryptographic algorithm being different than the first cryptographic algorithm..
Qualcomm Incorporated

Protection of the ue identity during 802.1x carrier hotspot and wi-fi calling authentication

This disclosure relates to techniques for performing wi-fi authentication in a wireless communication system. Public key cryptography may be used to enhance the confidentiality of the user's permanent identity in transit.
Apple Inc.

Facilitating encrypted persistent storage in browsers

Disclosed are some implementations of systems, apparatus, methods and computer program products for encrypting and securely storing session data during a browser session using a session-based cryptographic key. The session data may be decrypted during the browser session or other browser sessions using the session-based cryptographic key or other backwards compatible session-based cryptographic keys.
Salesforce.com, Inc.

Apparatus and generating a key in a programmable hardware module

A method for generating a key in a programmable hardware module is provided, wherein the programmable hardware module has a bitstream containing configuration settings of the programmable hardware module. The device has a readout unit for reading at least one part of the bit stream, a generating unit for generating a key based on a cryptographic function and the at least one part of the bit stream, and a memory unit for storing the generated key.
Siemens Aktiengesellschaft

Apparatus and encryption

Disclosed are an apparatus and method for encryption. The encryption apparatus includes a key table generator configured to generate at least one encryption key table from random values obtained from a seed value and generate at least one decryption key table from the at least one encryption key table; an algorithm generator configured to generate an encryption algorithm having a misty structure that has a round function to which the at least one encryption key table is applied and a decryption algorithm having a misty structure that has a round function to which the at least one decryption key table is applied; an encryptor configured to encrypt plaintext data with the encryption algorithm; and a decryptor configured to decrypt encrypted data with the decryption algorithm..
Samsung Sds Co., Ltd.

System and protecting a cryptographic device against fault attacks while performing cryptographic non-linear operations using linear error correcting codes

A system, method and computer-readable storage medium with instructions for protecting an electronic device against fault attack. Given a data represented as an input codeword of a systematic linear error correcting code, the technology provides the secure computation of the output codeword corresponding to the result of the non-linear function applied to this data.
Gemalto Sa

Lightweight cryptographic engine

One embodiment provides an apparatus. The apparatus includes a lightweight cryptographic engine (lce), the lce is optimized and has an associated throughput greater than or equal to a target throughput..
Intel Corporation

Method and system for net settlement by use of cryptographic promissory notes issued on a blockchain

A method for generating a cryptographic promissory note for posting to a blockchain includes: receiving an authorization request for a payment transaction, the authorization request being a transaction message formatted based on one or more standards that includes a plurality of data elements including a first data element configured to store a blockchain address and a second data element configured to store a transaction amount; generating a promissory note including the transaction amount; digitally signing the generated promissory note with a private key; encrypting the signed promissory note with a symmetric key; wrapping the symmetric key with a public key corresponding to the private key and a public key associated with an acquirer involved in the payment transaction; and electronically transmitting a blockchain transaction to a blockchain network that includes the encrypted promissory note, each symmetric key, and the blockchain address.. .
Mastercard International Incorporated

Automated payments using a cryptocurrency address embedded in a passive radio-frequency identification (rfid) device

A mechanism is provided for automatically making payments using a cryptocurrency address embedded in a passive radio-frequency identification (rfid) device. Responsive to receiving an indication, from a first user, of a payment to be made to a second user, cryptocurrency information is retrieved from a second user device associated with the second user.
International Business Machines Corporation

Power charger authorization for a user equipment via a cryptographic handshake

Embodiments for using power charge management authorization for a user equipment (ue) by a processor. A power charging session is authorized by firmware of the ue for charging the ue using a cryptographic handshake between the ue and a power charging station..
International Business Machines Corporation

Terminal device and computer program

As a saving target file is specified, a controller (110) executes a file management program to divide the saving target file, encrypt a divided file using a cryptographic key corresponding to the logical address of the divided file, save the divided file at a storing destination corresponding to the logical address, and create a table associating the logical address, the cryptographic key, and the saving destination physical address. As a reading target file is specified, the controller (110) identifies the corresponding divided file from the logical address, identifies the saving destination physical address of the divided file and the cryptographic key with reference to the table, reads the divided file from the identified physical address, and decrypts the divided file using the identified cryptographic key..

Data processing device and cryptographic processing of data

According to an embodiment, a data processing device is described comprising a deformer configured to deform a first data block in accordance with a first seed, a seed generator configured to generate a sequence of second seeds, wherein the sequence of second seeds comprises the first seed, a cryptographic processor configured to receive the deformed first data block and, for each second seed, to deform the deformed first data block in accordance with the second seed, to generate a sequence of second data blocks and to cryptographically process each second data block of the sequence of second data blocks to generate a sequence of processed data blocks and an extractor configured to extract a result of the cryptographic processing of the first data block from the sequence of processed data blocks.. .
Infineon Technologies Ag

Location verification and secure no-fly logic for unmanned aerial vehicles

Apparatus, methods and systems to associate a flight plan of an unmanned aerial vehicle (e.g., a drone) with a cryptographic signature are disclosed herein. Some disclosed examples include one or more non-transitory computer-readable media including computer-executable instructions.
Mcafee, Llc

Replaceable item authentication

A replaceable item for a host device includes a non-volatile memory and logic. The non-volatile memory stores passwords or authentication values, and/or a cryptographic key.
Hewlett-packard Development Company, L.p.

Automatic provisioning of iot devices

The disclosed technology is generally directed to iot communications. For example, such technology is usable in provisioning iot devices in an automatic manner with no manual steps.
Microsoft Technology Licensing, Llc

Distributed denial of service attack protection for internet of things devices

Presented herein are techniques for remediating a distributed denial of service attack. A methodology includes, at a network device, such as a constrained resource internet of things (iot) device, receiving from an authorization server cryptographic material sufficient to validate and decrypt tokens carried in packets, detecting a denial of service attack that employs packets containing invalid tokens, and in response to detecting the denial of service attack, signaling a remediation server for assistance to remediate the denial of service attack, and sending to the remediation server the cryptographic material over a secure communication channel such that the remediation server enables validation and decryption of tokens carried in packets, subsequent to detection of the denial of service attack, that are destined for the network device..
Cisco Technology, Inc.

Systems and methods for data management and the use of salts and keys in data encryption/decryption

Methods and systems for encrypting sensitive information are disclosed comprising hashing sensitive information by a hash function and selecting a salt or key salt based, at least in part, on the hashed sensitive information. If a salt is selected, the selected salt is combined with the hashed sensitive information to yield combined sensitive information, which is encrypted and stored.
Index Systems, Inc.

System and associated software for providing advanced data protections in a defense-in-depth system by integrating multi-factor authentication with cryptographic offloading

The advanced data protection system is implemented by distributing data encryption across multiple isolated computing systems and using multi-factor authentication to access remote, protected decryption material. Architectural components include: client application software reading/writing from/to a client data store executing on a client host computer, client application plug-ins communicating with external authentication devices, server application software reading/write data from/to a server data store executing on a host computer which is physically or virtually isolated from the client host computer, authentication devices, components, or systems integrated with or connected to the client computer and exposing programmatic interfaces to client application software, and secure networking components executing on both hosts that provide secure data exchange.
Definitive Data Security, Inc.

Transaction authentication based on contextual data presentation

Methods, devices, and systems are provided for approving a transaction through an exchange of presented user contextual approval information and approval decryption. The user contextual approval information is generated by a user during a transaction, cryptographically signed, and provided to a transaction server.
Assa Abloy Ab

Replaceable item authentication

A replaceable item for a host device includes a non-volatile memory and logic. The non-volatile memory stores passwords or authentication values, and/or a cryptographic key.
Hewlett-packard Development Company, L.p.

Utilizing data reduction in steganographic and cryptographic systems

The present invention relates to methods for protecting a data signal using the following techniques: applying a data reduction technique to reduce the data signal into a reduced data signal; subtracting the reduced data signal from the data signal to produce a remainder signal; embedding a first watermark into the reduced data signal to produce a watermarked, reduced data signal; and adding the watermarked, reduced data signal to the remainder signal to produce an output signal. A second watermark may be embedded into the remainder signal before the final addition step.
Wistaria Trading Ltd

Using everyday objects as cryptographic keys

This disclosure involves the notion of using physical objects to generate public key-based authenticators and, in particular, to use “everyday” physical objects to create a generator seed for a key generator that will use that seed to generate a key pair comprising a public key, and its associated private key. In a preferred approach, the physical object is used to create a digital representation (of the physical object) that, together with some uniqueness associated to the user, gives rise to a key generator seed value.
International Business Machines Corporation

Method and system for supplying a token in a host card emulation system comprising first and second devices

The invention relates to a method and system for supplying a token in a host card emulation system comprising first and second devices and a secure payment platform, the method comprises the steps of transfer by the second device to the first device an identifier of the second device, reception by the second device of a first token and an identifier of the second device, the first token being a symmetrical derivation of a second token of the first device with the identifier of the second device, transfer by the second device of a message comprising a cryptogram signed with the first token, the identifier of the first device and predetermined information indicating that the first token has been transferred by a third party.. .
Idemia Identity & Security France

Direct memory access authorization in a processing system

A processor employs a hardware encryption module in the memory access path between an input/out device and memory to cryptographically isolate secure information. In some embodiments, the encryption module is located at a memory controller of the processor, and each memory access request provided to the memory controller includes vm tag value identifying the source of the memory access request.
Ati Technologies Ulc

Automated data authentication and service authorization via cryptographic keys in a private blockchain

Embodiments of the present invention provide a system for authenticating records belonging to an individual or entity and providing authorized access of said records to service providers. Embodiments of the invention utilize a private blockchain to store various types of records to be conveyed to the service providers.
Bank Of America Corporation

Authorization of computing devices using cryptographic action tokens

Methods and apparatuses are described for authorization of computing devices using cryptographic action tokens. Delegation request data, including an identification certificate, an identifier for a second computing device, and action constraints, are received by a delegation system from a first computing device.
Fmr Llc

Systems and methods for executing cryptographic operations across different types of processing hardware

The present disclosure is directed towards systems and methods for executing cryptographic operations across different types of processing hardware. An intermediary device may identify a cryptographic function to be performed at the device, according to a message from a client or a server.
Citrix Systems, Inc.

User and device authentication for web applications

A computing device, supporting a web browser and one or more biometric sensors for recognizing a device user by capturing biometric characteristics such as the user's face, iris, or fingerprints, is configured to enable web applications to authenticate the user using password-less or two-factor scenarios to enhance online security while reducing password risks such as password guessing, phishing, and keylogging attacks. The present user and device authentication enables online activities having high potential risks, such as online purchases, to be completed securely and conveniently by providing strong cryptographic proof of both the user and a computing device that is trusted by the user..
Microsoft Technology Licensing, Llc

Customer load of field programmable gate arrays

Customer content is securely loaded on a field programmable gate array (fpga) located on a secure cryptography card. The customer content is loaded such that it may not be extracted.
International Business Machines Corporation

Cryptographic pointer address encoding

A computing device includes technologies for securing indirect addresses (e.g., pointers) that are used by a processor to perform memory access (e.g., read/write/execute) operations. The computing device encodes the indirect address using metadata and a cryptographic algorithm.
Intel Corporation

Unknown

The invention relates to a cryptographic processing method comprising multiplication of a point p of an elliptic curve on a galois field by a scalar k, the multiplication comprising steps of: storing, in a first register, a zero point of the galois field, executing a loop comprising at least one iteration comprising steps of: selecting a window of w bits in the non-signed binary representation of the scalar k, w being a predetermined integer independent of the scalar k and strictly greater than 1, calculating multiple points of p being each associated with a bit of the window and of the form ±2ip, adding or not in the first register of multiple points stored, depending of the value of the bit of the window with which the multiple points are associated, wherein the loop ends once each bit of the non-signed binary representation of the scalar k has been selected, returning a value stored in the first register. If all the bits of the window selected during an iteration of the loop are zero, the iteration comprises at least one dummy execution of the addition function, and/or if all the bits of the window during an iteration of the loop are non-zero, the multiple points to be added in the first register during the step are determined from a non-adjacent form associated with the window..
Idemia Identity & Security France

Topical drug for treating breast cancer and preparation method thereof

Disclosed is a topical drug for treating breast cancer and preparation method thereof. The topical drug comprises the following ingredients in parts by weight: 5-10 parts of astragalus, 3-5 parts of oldenlandia diffusa, 3-5 parts of dandelion, 5-10 parts of lycoris radiate, 5-8 parts of carapax trionycis, 3-5 parts of pinellia pedatisecta, 2-3 parts of acorus calamus, 3-5 parts of ferula sinkiangensis, 3-5 parts of doubleteeth pubescent angelica root, 4-6 parts of cryptotaenia japonica hassk, 3-5 parts of whitmania pigra whitman, 5-8 parts of wedelia chinensis, 6-8 parts of echinacea purpurea, 4-6 parts of folium eriobotryae, 3-5 parts of sedum sarmentosum, 5-10 parts of angelicae sinensis, 2-5 parts of asparagus, 2-3 parts of scorpio, 5-8 parts of rubia cordifolia l., 2-3 parts of alfalfa extract, 3-5 parts of extract of jew's ear from mulberry trees, 5-7 parts of myrrh, 3-6 parts of nutgrass galingale rhizome and 3-5 parts of pericarpium citri reticulatae viride..

System and secure pairing of bluetooth devices

A mobile device includes a bluetooth transceiver, the bluetooth transceiver being in an idle power state when not securely paired to a second bluetooth transceiver of a peripheral device. The mobile device further includes an audio interface, the audio interface coupled to the bluetooth transceiver, the audio interface configured to connect to a second audio interface of the peripheral device.
Bbpos Limited

Method, system and device for generating, storing, using, and validating nfc tags and data

A smart tag and methods of interacting with and authenticating interactions with the same are provided. The smart tag is enabled to generate a tag authentication cryptogram (tac) and include the tac in response to a read request.
Assa Abloy Ab

Cryptographic security verification of incoming messages

Systems and methods for cryptographic security verification include receiving, using a dedicated short range communications system, a message from a remote vehicle or an infrastructure system. A processor determines whether a current number of attempted message verifications per second is less than a predetermined threshold.
Denso Corporation

Methods and providing blockchain participant identity binding

A method and apparatus provides a blockchain that includes one or more blocks that contain a cryptographic binding of a signature-verification public key and/or a data encryption public key to the identity of the holder of the corresponding private key. The binding is performed by one or more key binding entities, referred to herein as a blockchain identity binder.
Entrust, Inc.

Secure account access control

Various systems and methods for providing secure account access controls for executors are described herein. A system for secure account access control includes a communication circuit to receive, from a client computer associated with a human client: an encrypted payload, the encrypted payload encrypted with a representative key associated with a human representative, the human representative having an in-person relationship with the human client; and configuration data including a list of recipients, the list including the human representative; and a cryptographic circuit to encrypt the encrypted payload with a platform key, to produce a doubly-encrypted payload; where the communication circuit is to transmit the doubly-encrypted payload to those on the list of recipients..
Intel Corporation

Parallel computation techniques for accelerated cryptographic capabilities

Computing devices and techniques for performing modular exponentiation for a data encryption process are described. In one embodiment, for example, an apparatus may include at least one memory logic for an encryption unit to perform encryption according to rsa encryption using a parallel reduction multiplier (prm) mm process, at least a portion of the logic comprised in hardware coupled to the at least one memory and the at least one wireless transmitter, the logic to precompute a reduction coefficient, determine an operand product and a reduction product in parallel, the reduction product based on the reduction coefficient, and generate a mm result for the prm mm process based on the operand product and the reduction product.
Intel Corporation

Systems and methods for distributing and securing data

A robust computational secret sharing scheme that provides for the efficient distribution and subsequent recovery of a private data is disclosed. A cryptographic key may be randomly generated and then shared using a secret sharing algorithm to generate a collection of key shares.
Security First Corp.

Encryption device and memory device

A noise generation module generates power consumption noise to conceal the power consumption characteristics of a cryptographic module. The cryptographic module performs first non-linear transformation on received data, and the noise generation module performs second non-linear transformation on received data during the operational period of the first non-linear transformation..
Megachips Corporation

Hardware based cryptographic side-channel attack prevention

A method of controlling transistors includes receiving a control signal, and controlling the top and bottom gate biases of the transistors according to the control signal to normalize or randomize power drawn as observed outside of a core. A device for controlling transistors includes a core performing computational instructions, and a bias circuit receiving a control signal, the bias circuit controlling the top and bottom gate biases of the transistors according to the control signal to normalize or randomize power drawn as observed outside of the core..
International Business Machines Corporation

Systems and methods for an online marketplace providing direct to consumer sales

A system and method of controlling an online marketplace is disclosed. Embodiments use block chain technology to track alternative currency balances for consumers to use in a direct to consumer sales portal.

Semiconductor integrated circuit and system

To raise confidentiality of the value stored in the rom, in an ic having a built-in or an externally-attached rom storing a value (program and/or data) encrypted using a predetermined cryptographic key. The ic includes the rom storing the encrypted value (program and/or data), a unique code generating unit, and a decrypting unit.
Renesas Electronics Corporation

Immutable cryptographically secured ledger-backed databases

A database table, such as may be implemented by a non-relational database, is provided to present information and states associated with that information as memorialized in a cryptographically secured ledger. The semantics of the database table elements, as well as the relationships between various objects therein, may be defined and/or enforced by a schema, a database engine, and/or an application layer.
Amazon Technologies, Inc.

Physical location scrambler for hashed data de-duplicating content-addressable redundant data storage clusters

Data de-duplication uses a hash of a scrambled data block as an address where the data block is stored to. The data storage system has multiple replication nodes, each storing only one copy of the data.
Cubistolabs, Inc.

Multi-crypto-color-group vm/enclave memory integrity method and apparatus

Embodiments of apparatus, method, and storage medium associated with mccg memory integrity for securing/protecting memory content/data of vm or enclave are described herein. In some embodiments, an apparatus may include one or more encryption engines to encrypt a unit of data to be stored in a memory in response to a write operation from a vm or an enclave of an application, prior to storing the unit of data into the memory in an encrypted form; wherein to encrypt the unit of data, the one or more encryption engines are to encrypt the unit of data using at least a key domain selector associated with the vm or enclave, and a tweak based on a color within a color group associated with the vm or enclave.
Intel Corporation

Method for access management of a vehicle

A method for access management of the vehicle providing a vehicle and authenticating a user in relation to the vehicle by a proof of identity of the user. The method includes providing a cryptographically secured authorization file for the vehicle containing information relating to usage rights of the authenticated user to the vehicle to increase security in the entity-related enabling of vehicle functions..
Volkswagen Ag

Techniques for tls / ipsec acceleration in data centers

Techniques for establishing one or more end-to-end secure channels in a data center are provided. A method according to these techniques includes obtaining, at a secure module (sm) associated with a virtual machine (vm) operating on a node of the data center, a vm-specific signature key for the vm from a hardware security module (hsm), and performing a cryptographic signing operation at the sm associated with establishing an end-to-end secure channel between the vm and another networked entity using the vm-specific signature key responsive to a request from the vm..
Qualcomm Incorporated

Secure element installation and provisioning

A device binding system includes generating and storing at the device a unique identifier based on device characteristics and a cryptographic function. The unique identifier is then registered with an authority.

Method for in-line tls/ssl cleartext encryption and authentication

We describe a method, device and system for communicating to a peer via a network. A segment is received formatted according to a first network protocol, the received segment having clear-text payload data in a payload portion of the received segment.
Chelsio Communications, Inc.

Embedding protected memory access into a rfid authentication process based on a challenge-response mechanism

A rfid tag (501), reader (502) and protocol allow a protected read operation in a two-step tag authentication with cipher-block cryptography. A challenge-response mechanism using a shared secret symmetric key (638) for tag authentication includes a challenge and information to read data from a tag's memory (637).
Centro De Pesquisas Avançadas Wernher Von Braun

Apparatuses and methods for trusted module execution

A computer system including a processor and a memory is provided. The processor includes a microcode executing unit and a programmable fuse which stores trusted information which is pre-generated using china commercial cryptography algorithms.
Via Alliance Semiconductor Co., Ltd.

Cryptographic system memory management

In one example, a system for managing encrypted memory comprises a processor to store a first mac based on data stored in system memory in response to a write operation to the system memory. The processor can also detect a read operation corresponding to the data stored in the system memory, calculate a second mac based on the data retrieved from the system memory, determine that the second mac does not match the first mac, and recalculate the second mac with a correction operation, wherein the correction operation comprises an xor operation based on the data retrieved from the system memory and a replacement value for a device of the system memory.

Crytographic processing

A cryptographic method comprising sequentially performing a number of rounds, each round comprising performing a respective round function on respective input data for that round to generate respective output data for that round, wherein for each of the second and subsequent rounds, the input data for that round is the output data of the preceding round, wherein for each round the respective round function comprises: applying a respective bijective operation to a first amount of data to produce a first result, the bijective operation corresponding to at least part of a cryptographic key; and processing a second amount of data by applying a plurality of processing operations to produce a second result, wherein at least one of the processing operations is the bijective operation; wherein the first amount of data and the second amount of data are based on the input for said round and wherein the output data for said round is based on the first result and the second result; wherein one or both of the following apply: (a) for each of one or more of the processing operations, that processing operation comprises functionality that is dependent on a respective part of the first result; and (b) for each of one or more of the processing operations, a number of times that processing operation is applied when processing the second amount of data is dependent on a respective part of the first result.. .
Irdeto B.v.

Cryptocurrency transactions using debit and credit values

An embodiment of a computer implemented method for transferring cryptocurrency amounts includes receiving, by a processing device, a request to transfer an amount of a cryptocurrency from a first storage location. The method also includes, in response to the request, automatically generating a credit value and a debit value as a related pair, each of the credit value and the debit value having an identifier that relates the credit value and the debit value to the amount of the cryptocurrency, one of the credit value and the debit value being a positive value and another of the credit value and the debit value being a negative value, and transferring the amount of the cryptocurrency by the transaction module from a wallet connected to the transaction module to a second storage location..
International Business Machines Corporation

Low cost cryptographic accelerator

A low-cost cryptographic accelerator is disclosed that accelerates inner loops of a cryptographic process. The cryptographic accelerator performs operations on cryptographic data provided by a central processing unit (cpu) running a software cryptographic process to create a combined hardware and software cryptographic process, resulting in a lower cost secure communication solution than software-only or hardware-only cryptographic processes.
Atmel Corporation

Return address encryption

Disclosed in some examples are methods, systems, and machine readable media for encrypting return addresses with a cryptographic key. The call and return operations may be changed to incorporate an xor operation on the return address with the cryptographic key.

Return material authorization fulfillment system for network devices with specific cryptographic credentials

A method for removing credentials from a smart grid device includes: receiving, by a receiving device, a removal request, wherein the removal request includes a device identifier associated with a smart grid device and is signed by an entity associated with a set of security credentials stored in a memory of the smart grid device, the set of security credentials restricting access to one or more components or operations of the smart grid device; extracting, by a processing device, the device identifier included in the received removal request; generating, by the processing device, a permit configured to remove the set of credentials from the smart grid device, wherein the generated permit includes the extracted device identifier; and transmitting, by a transmitting device, the generated permit to the smart grid device for removal of the set of credentials from the memory of the smart grid device.. .
Silver Spring Networks, Inc.

Device-driven auto-recovery using multiple recovery sources

Updating computer program(s) installed on a programmable device using a distributed ledger that is based on cryptography and blockchain technology is described. A distributed ledger logic/module can commit, to the distributed ledger, a first configuration of a computer program installed on a device.
Mcafee, Inc.

System and announcing cryptographic keys on a blockchain

A method and apparatus is presented for announcing the existence of cryptographic key pairs within a distributed ledger system in which no central trusted authority is available, consisting of sending a key announcement message by a network connected device to other network connected devices over a peer-to-peer network for inclusion in the distributed ledger. Once a valid key announcement message for a public key is included in the ledger, any future transactions that reference an address associated with the public key or other messages concerning said public key are accepted by other network connected devices on the peer-to-peer network and are included in the distributed ledger.

Digital identity

A system for providing a user with access to different services of at least one service provider in a network considering privacy and security via a user-related unique digital identifier (d-id). The system includes: a d-id middleware; and a d-id-agent.
Deutsche Telekom Ag

Stateless server-based encryption associated with a distribution list

An example method of decrypting electronic messages includes receiving, by an authentication module of a decryptor device, authentication requests from a plurality of destination clients. The method also includes receiving, by a decryption module of the decryptor device, encrypted electronic messages from the plurality of destination clients.
Red Hat Israel, Ltd.

Systems and devices for hardened remote storage of private cryptography keys used for authentication

The invention provides for systems and devices for hardened remote storage of private cryptography keys used for authentication. The storage device is tamper-responsive, such that receipt of a signal that indicates physical or non-physical tampering with the storage device or its components results in deletion of the private cryptography key(s) from the memory.
Bank Of America Corporation

Session negotiations

A plurality of devices are each operable to provide information that is usable for to prove authorization with any of the other devices. The devices may have common access to a cryptographic key.
Amazon Technologies, Inc.

Secure communications using organically derived synchronized processes

This disclosure provides a system and method for secure communications. The method can enable secure machine-to-machine communications within discrete security groups having two or more communication nodes using a zero knowledge authentication process and related cryptography.
Olympus Sky Technologies, S.a.

Gtld domain name registries rdap architecture

Provided is a method for providing registration data access protocol (“rdap”) responses. The method includes obtaining, at a rdap client over a network, a rdap query for rdap data from a user; providing, by the rdap client, the rdap query and a cryptographic credential to a rdap server, wherein the rdap server communicates with one or more thick rdap servers to provide respective thick rdap answers to the rdap query, wherein at least one the respective thick rdap answers are encrypted using a symmetric or asymmetric cryptographic key associated with the cryptographic credential of the rdap client; obtaining a consolidated thick rdap answer to the rdap query from the rdap server; decrypting the consolidated thick rdap answer using a symmetric or asymmetric cryptographic key associated with the cryptographic credential; and providing the thick rdap answer that is decrypted to the user..
Verisign, Inc.

Binding data to a network in the presence of an entity with revocation capabilities

Implementations of the disclosure provide for binding data to a network in the presence of an entity with revocation capabilities. A cryptographic system is provided that includes a memory to store revocation information comprising a plurality of identifiers and a processing device operatively coupled to the memory.
Red Hat, Inc.

Cryptocurrency lock for online accounts

A method of managing an online account is disclosed comprising receiving a public cryptocurrency address using a network of computers, checking a balance associated with the public cryptocurrency address using the internet, and when the checked balance of the public cryptocurrency address has been reduced from a non-zero value, enabling access to at least part of the online account. Any suitable cryptocurrency may be employed, such as bitcoin or ethereum..

Autolocking an online account based on a public cryptocurrency address

A method of configuring an online account of a user is disclosed. A network of computers is used to receive a public cryptocurrency address from a user computer, and a balance associated with the public cryptocurrency address is checked using an internet.

Configuring an online account based on a public cryptocurrency key

A method of configuring an online account is disclosed comprising using a network of computers to receive a public cryptocurrency address, configuring the online account based on the public cryptocurrency address, and using the network of computers to transmit the public cryptocurrency address to a user computer. Any suitable cryptocurrency may be employed, such as bitcoin or ethereum..

Multi-tenancy architecture

A system includes a security device, configured for cryptographic processing, coupled to receive incoming data from a plurality of data sources (e.g., data from different customers), wherein the incoming data includes first data from a first data source; a controller (e.g., an external key manager) configured to select a first set of keys from a plurality of key sets, each of the key sets corresponding to one of the plurality of data sources, wherein the first set of keys is used by the security device to encrypt the first data; and a common encrypted data storage, coupled to receive the encrypted first data from the security device.. .
Secturion Systems, Inc.

File execution

Methods and systems are described herein to restrict execution of files stored on a computing device. In an example a request to execute a file is intercepted by a security agent on the computing device.
1e Limited

Generating memory dumps

A method for generating a dump comprising data generated by a virtual system in a computing environment is depicted. The method comprises: initiating a dump process for dumping data generated by the virtual system and stored in guest memory; sending a dump request for the data from the virtual machine monitor to the trusted component; in response to receiving the dump request, generating a symmetric dump generating key; reading the data from the guest memory; encrypting the data with the symmetric dump generating key; encrypting the symmetric dump generating key with the public cryptographic key of the client system; providing the encrypted dump data and the encrypted symmetric dump generating key to the virtual machine monitor; generating a dump comprising the encrypted dump data and the encrypted symmetric dump generating key; and providing the dump to the client system..
International Business Machines Corporation

Cryptophycin-based antibody-drug conjugates with novel self-immolative linkers

The present invention relates to antibody- or peptide-drug conjugate compounds where one or more cryptophycin derivatives (macrocyclic depsipeptide) are covalently attached by a self-immolative linker which binds to one or more tumor-associated antigens or cell-surface receptors. The linker contains a cleavage site for proteases and a dipeptide unit able to form a diketopiperazine.
Exiris S.r.l.

Transparent bridge for monitoring crypto-partitioned wide-area network

This disclosure is directed to monitoring a crypto-partitioned, or cipher-text, wide-area network (wan). A first computing device may be situated in a plain-text portion of a first enclave behind a first inline network encryptor (ine).
Architecture Technology Corporation

Privately performing application security analysis

Systems and methods for analyzing applications on a mobile device for risk so as to maintain the privacy of the application user are provided. In the example method, the process receives a request from a mobile device.
Proofpoint, Inc.

Subscriber identification system

A subscriber identification system for identifying a subscriber in a communications network includes: a first circuit module in which at least a subscriber id is stored, wherein the first circuit module comprises a first communications interface configured to receive a request signal for the subscriber id and to transmit the subscriber id in response to receiving the request signal; and a second circuit module in which at least a cryptographic key is stored, wherein the second circuit module comprises a second communications interface configured to receive an input parameter, wherein the second circuit module is configured to link the input parameter with the cryptographic key to obtain an output parameter, and wherein the second communications interface is configured to transmit the output parameter.. .
Deutsche Telekom Ag

Vehicle communication system, onboard apparatus, and key issuing apparatus

A vehicle communication system includes an onboard apparatus, a mobile device, and a key issuing apparatus provided outside the vehicle for issuing a key for cryptographic communication between the mobile device and the onboard apparatus. The mobile device and the onboard apparatus store the key, and perform the cryptographic communication using the key.
Denso Corporation

Network without abuse of a private key

A network includes a logical network and a physical network. The logical network includes a plurality of logical nodes.

System and generating a server-assisted strong password from a weak secret

Disclosed herein is a method for generating a high entropy password using a low entropy password and low-entropy login data comprising supplying the low entropy password to a system comprising a generating client and/or a recovery client; and at least n servers; submitting request data derived, at least in part, from the user's low entropy password, where the request data includes authentication data; engaging in a distributed protocol with at least t servers to generate high-entropy values based on stored cryptographic information and a set of authentication information stored on the at least n servers which is checked against the authentication data provided by the user and/or the generating client and/or a recovery client; and generating the high entropy password.. .
International Business Machines Corporation

Secure communications using organically derived synchronized processes

This disclosure provides a system and method for secure communications. The method can enable secure machine-to-machine communications within discrete security groups having two or more communication nodes using a zero knowledge authentication process and related cryptography.
Olympus Sky Technologies, S.a.

Secure key management and peer-to-peer transmission system with a controlled, double-tier cryptographic key structure and corresponding method thereof

Aspects of the disclosure provides a secure key management and data transmission system that includes a transmission system, a data consumer network device, a user network device, and a data transmission network. The transmission management system is configured to receive user-specific data from the user network device via the data transmission network and receive a request for a service corresponding to processing the user-specific data according to a proprietary process provided by the data consumer network device.
Swiss Reinsurance Company Ltd.

Systems and methods for recovering information from a recording device

A recording device may record information continuously. Particular events which occur during recording may be of interest for review (e.g.
Axon Enterprise, Inc.

Online payer authentication service

A payment authentication service authenticates the identity of a payer during online transactions. The authentication service of the present invention allows a card issuer to verify a cardholder's identity using a variety of authentication methods, such as the use of passwords.

Secure data handling in a breath alcohol calibration station

A breath alcohol device calibration system includes a computerized calibration module operable to calibrate a breath alcohol device, and an interface operable to couple the breath alcohol device to a remote server. The interface uses a connection employing a cryptographic function such that data stored on the breath alcohol device can be securely transferred from the breath alcohol device to the remote server using the calibration system.
Consumer Safety Technology, Llc

Carbazole-containing sulfonamides as cryptochrome modulators

The subject matter herein is directed to carbazole-containing sulfonamide derivatives and pharmaceutically acceptable salts or hydrates thereof of structural formula i wherein the variable r1, r2, r3, r4, r5, r6, r7, a, b, c′, d, e, f, g, h′, a, and b are accordingly described. Also provided are pharmaceutical compositions comprising the compounds of formula i to treat a cry-mediated disease or disorder, such as diabetes, obesity, metabolic syndrome, cushing's syndrome, and glaucoma..
Reset Therapeutics, Inc.

Data transmission using dynamically rendered message content prestidigitation

A communication method and system according to the present invention generates a unique cryptographically secure uri in response to receiving a user post. The user post and uri are stored temporarily.
Blink.cloud Llc

Secure data destruction in a distributed environment using key protection mechanisms

Organizations maintain and generate large amounts of sensitive information using computer hardware resources and services of a service provider. Furthermore, there is a need to be able to delete large amounts of data securely and quickly by encrypting the data with a key and destroying the key.
Amazon Technologies, Inc.

Binding data to a network in the presence of an entity

Implementations of the disclosure provide for binding data to a network in the presence of an entity. In one implementation, a cryptographic system is provided.
Red Hat, Inc.

Computer-implemented cryptographic improving a computer network, and terminal, system and computer-readable medium for the same

A method at a terminal in a multiple-node digital communications network, comprising any one or more of: generating at least one symmetric first key(s), across all participating nodes in the multiple-node digital communications network and securely distributing the at least one first key(s) in encrypted form to multiple participating nodes of the multiple-node digital communications network, using at least one asymmetrically established second key(s), the participating nodes including at least one message-transmitting node(s) and at least one message-receiving node(s); generating at least one symmetric third key(s) for one or more communication session that includes one or more communications from the at least one message-transmitting node(s) to the message-receiving node(s); encrypting at least one payload message using the at least one third key(s) at the at least one message-transmitting node(s), sending the encrypted at least one payload message, and receiving the encrypted at least one payload message at the at least one message-receiving node(s); encrypting the at least one third key(s) using the at least one first key(s), sending the encrypted at least one third key(s), and receiving the encrypted at least one third key(s) at the at least one message-receiving node(s); decrypting the at least one third key(s) using the securely distributed at least one first key(s), at the at least one message-receiving node(s); and decrypting the at least one encrypted payload message using the decrypted at least one third key(s), at the at least one message-receiving node(s). A terminal, system, and computer readable medium are also disclosed..
Trillium Incorporated

Secure delivery and storage of content

A content item service enables users to upload media for content items to be given to others. The content item service performs operations on uploaded media content, such as transcoding.
Amazon Technologies, Inc.

Future constraints for hierarchical chain of trust

A method of configuring a target domain providing a cryptographic identity for authenticating commands to be executed by an electronic device comprises receiving a domain configuration command, and authenticating the command based on a cryptographic identity provided by an authenticating domain which is an ancestor of the target domain in a hierarchical chain of trust. When authenticated, at least one target domain constraint specified by the command is combined with at least one future constraint specified by the authenticating domain to generate a combined constraint set to be satisfied by commands to be authenticated by the target domain.
Trustonic Limited

Generating cryptographic checksums

A method (400) of generating a cryptographic checksum for a message m(x) is provided. The method is performed by a communication device, such as a sender or a receiver, and comprises calculating (405) the cryptographic checksum as a first function g of a division of a second function of m(x), f(m(x)), modulo a generator polynomial p(x) of degree n, g(f(m(x)) mod p(x)).
Telefonaktiebolaget Lm Ericsson (publ)

Cryptographic hash generation system

A first module divides a string into a number of blocks. A second module associates the blocks with monoid elements in a list of first monoid elements to produce second monoid elements.
Securerf Corporation

Secure data transfer

The disclosure relates to a system, devices and methods for distributing and using a communication scheme to enable secure communication between communication nodes in a network. A method comprises determining, in the network node, a set of available ip addresses and a set of ports, dividing, in the network node, a time frame in time slots, associating, in the network node, each time slot with an ip address, with a port associated with the ip address and with a unique cryptographic key, distributing, from the network node, the communication scheme to the communication node, receiving, in the communication node, the communication scheme and communicating, in the communication node, with another communication node in possession of a corresponding communication scheme by hopping between the ip addresses and ports according to the communication scheme and encrypting the communication using the unique cryptographic key..
Saab Ab

Method and restoring access to digital assets

A method and apparatus may include receiving a request to restore access to digital assets of a digital wallet. The digital assets are accessed via m-number of cryptographic keys.
Conio Inc.

Software protection against differential fault analysis

An encryption module and method for performing an encryption/decryption process executes two cryptographic operations in parallel in multiple stages. The two cryptographic operations are executed such that different rounds of the two cryptographic operations are performed in parallel by the same instruction or the same finite state machine (fsm) state for hardware implementation..
Nxp B.v.

Cryptographic side channel resistance using permutation networks

A method (and structure) includes receiving a challenge for an authentication, in a chip having stored in a memory device therein a secret to be used in an authentication attempt of the chip by an external agent. The chip includes a hardware processing circuit to sequentially perform a processing related to the secret.
International Business Machines Corporation

Shape actuation encapsulant of a cryptographic module

To provide for a physical security mechanism that forms a complete envelope of protection around the cryptographic module to detect and respond to an unauthorized attempt at physical access, a tamper sensing encapsulant generally encapsulates the cryptographic module. The tamper sensing encapsulant includes a first shape actuation layer associated with an electrically conductive first trace element and a second shape actuation layer associated with an electrically conductive second trace element.
International Business Machines Corporation

Methods for treating cryptosporidiosis using triazolopyridazines

Methods for treating or prophylaxis of a cryptosporidium infection using compositions comprising a structure disclosed herein. Also provided are pharmaceutical compositions and kits for alleviating the symptoms of, for treating, or for preventing the occurrence of cryptosporidium infection.
University Of Vermont And State Agricultural College

Systems and methods to authenticate using vehicle

In one aspect, a vehicle includes an engine, a drive train and chassis, a battery, a wireless transceiver, and a vehicle computing system that controls the engine, drive train, chassis, battery, and wireless transceiver. The vehicle computing system includes a cryptographic processor that has program instructions to communicate with a device separate from the vehicle to provide authentication information to the device via the wireless transceiver..
Lenovo (singapore) Pte. Ltd.

Cryptographic evidence of persisted capabilities

Example implementations relate to cryptographic evidence of persisted capabilities. In an example implementation, in response to a request to access a persisted capability stored in a globally shared memory, a system may decide whether to trust the persisted capability by verification of cryptographic evidence accompanying the persisted capability.
Hewlett Packard Enterprise Development Lp

Secure cryptoprocessor for authorizing connected device requests

A computing device described herein utilizes a secure cryptoprocessor of the computing device to compute a response to a request for authorization received from another local or remote device. The secure cryptoprocessor computes the response based on protected authorization credentials stored by the secure cryptoprocessor for one or more devices.
Microsoft Technology Licensing, Llc

Merged video streaming, authorization, and metadata requests

Implementations disclose merged video streaming, authorization, and metadata request. A method includes receiving, by a streaming server, a first request to view a media item from a client device via a connection between the client device and the streaming server, and sending a second request to an authorization server to verify that the client device is authorized to play the media item.
Google Inc.

Thread ownership of keys for hardware-accelerated cryptography

An embedded processor with a cryptographic co-processor operating in a multithreading environment, with inter-thread security for cryptography operations. A secure memory block accessible by the co-processor stores a plurality of key entries, each key entry storing data corresponding to a cryptography key, and a thread owner field that identifies an execution thread is associated with that key.
Texas Instruments Incorporated

Vehicle network interface tool

A vehicle network interface tool electrically connects a computing device to an electronic control unit of a motor vehicle. The vehicle network interface tool includes a vehicle communications port to receive vehicle network data from the electronic control unit of the motor vehicle.

Using dispersal techniques to securely store cryptographic resources and respond to attacks

A dispersed storage network (dsn) includes a dsn memory, which in turn employs multiple distributed storage (ds) units to store encrypted secret material that can be decrypted using an unlock key. The unlock key is stored external to the ds unit, in some cases using multiple data slices dispersed throughout the dsn.
International Business Machines Corporation

Methods and systems for pki-based authentication

Methods, systems, and devices are provided for authenticating api messages using pki-based authentication techniques. A client system can generate a private/public key pair associated with the client system and sign an api message using the private key of the private/public key pair and a pki-based cryptographic algorithm, before sending the signed api message to a server system.

Systems and methods for secure collaboration with precision access management

Systems and methods for secure collaboration enable precise access management. Collaborator permissions are modified in the same manner as a collaborative document.

The event ledger

The present disclosure provides a globally accessible, un-forgeable, and permanent repository of published events in the form of an event ledger. A method according to the present disclosure includes receiving a request from a publisher to publish to an event ledger an event including a name of the publisher, a date and time at which the event occurred, a description of the event, and a cryptographic signature of the event signed using a private key of the publisher, receiving a certificate from the publisher including a public key of the publisher, validating the cryptographic signature of the event using the received certificate, and publishing the event to the event ledger..
International Business Machines Corporation

Systems and methods for operating secure elliptic curve cryptosystems

Various embodiments of the invention implement countermeasures designed to withstand attacks by potential intruders who seek partial or full retrieval of elliptic curve secrets by using known methods that exploit system vulnerabilities, including elliptic operation differentiation, dummy operation detection, lattice attacks, and first real operation detection. Various embodiments of the invention provide resistance against side-channel attacks, such as sample power analysis, caused by the detectability of scalar values from information leaked during regular operation flow that would otherwise compromise system security.
Maxim Integrated Products, Inc.

Secure elliptic curve cryptography instructions

A processor of an aspect includes a decode unit to decode an elliptic curve cryptography (ecc) point-multiplication with obfuscated input information instruction. The ecc point-multiplication with obfuscated input information instruction is to indicate a plurality of source operands that are to store input information for an ecc point-multiplication operation.
Intel Corporation

Chip-based quantum key distribution

There is provided an integrated-optic transmitter for transmitting light pulses to a further optical apparatus for generating a quantum cryptographic key according to at least one quantum cryptography technique. There is also provided an integrated-optic receiver for generating a quantum cryptographic key from light pulses received from a further optical apparatus.
The University Of Bristol

Communication device, communication system, and communication method

According to an embodiment, a communication device includes a storage, a receiver, a storage controller, an allocator, and an encryption processor. The storage has a predetermined number of storage areas capable of storing one or more shared keys shared with a destination device.
Kabushiki Kaisha Toshiba

Massively scalable blockchain ledger

A massively scalable blockchain ledger without scalability issue on each blockchain node and the blockchain ledger itself by partitioning the full value range of the cryptographic hash of the blockchain blocks into a configurable but large number of block buckets and auto-assign and auto-adjust these buckets roughly evenly amongst reliable blockchain mining nodes.. .

System and providing mobile voice, data, and text services to subscribers using cryptocurrency

Implementations of a cryptocurrency mobile services system and method for offering a global roaming and payment procedure is provided. In some implementations, a computer-implemented method for offering these mobile services comprise receiving over a network a plurality of competing offers for mobile services from a plurality of mobile services providers computing devices, respectively.

Protecting application programs from malicious software or malware

A computer system, includes a crypto mechanism that decrypts and integrity-checks secure object information as the secure object information moves into the computer system from an external storage and encrypts and updates an integrity value for secure object information as the secure object information moves out of the computer system to the external storage.. .
International Business Machines Corporation

Policies for secrets in trusted execution environments

A computing device executes one or more trusted execution environment (tee) processes in a tee of a processor. The one or more tee processes cryptographically protect a secret and a policy.
Google Llc

Apparatus and associated authenticating firmware

A firmware authentication element configured to, based on received firmware and predetermined cryptographic authentication information, provide for cryptographic based authentication of the received firmware to control execution of the received firmware by any one of a plurality of processors.. .

Data retention management in databases

An identifying data set is defined including semi-identifying attributes with semi-identifying attribute values corresponding to an entity. Descriptive records corresponding to the semi-identifying attributes are created.
Sap Se

Call center audio redaction process and system

The redaction process/system operates on temporarily captured/saved audio file during an agent-customer-call center (cc) call. Voice-based audio data is captured and processed by monitoring data input from cc-agent into a defined data field (field in a cc-agent-presented form).
Authority Software Llc

Secure node-to-multinode communication

The present disclosure relates to communication sessions between a first node and a plurality of other nodes. Two cryptographic keys are generated.
Kelisec Ab

Secure electronic mail system

An e-mail system is disclosed that overcomes many deficiencies of, but is backward compatible with, existing e-mail systems. Embodiments of the system may include various features, including but not limited to: (1) secure transfer of e-mail messages, without the need for users to replace existing e-mail clients or to change e-mail addresses; (2) tracking of all actions performed in connection with an e-mail transmission; (3) the ability for a recipient to view information about an e-mail message, optionally including information about how other addressees have responded to it, before deciding whether to retrieve the e-mail message; (4) the aggregation of entire e-mail conversations into a single threaded view; (5) the ability to include both private and public messages in a single e-mail communication; (6) sender control over downstream actions performed in connection with an e-mail message; (7) flexible control over cryptographic methods used to encrypt emails messages for storage..
Cirius Messaging Inc.

Multiple secrets in quorum based data processing

Methods are described for constructing a secret key by multiple participants such that any quorum combination of participants can generate a fixed number of key components that can be combined by a recipient to generate the secret key. The methods permit an identical secret key to be generated by a different sized quorum from different participants if required.
Pq Solutions Limited

Method and system for secure fido development kit with embedded hardware

A method for registration of a biometric template in a computing device includes: storing, in a first memory of a computing device, a biometric module; receiving, by an input device of the computing device, biometric data of a user; generating, by the biometric module of the computing device, a template based on the biometric data; generating, by a generation module of the computing device, a cryptographic key pair comprised of a private key and a corresponding public key using an encryption algorithm; encrypting, by an encryption module of the computing device, the generated template using the private key; storing, in a second memory of the computing device, the private key, wherein the second memory is a trusted execution environment; and storing, in the computing device, the encrypted template.. .
Mastercard International Incorporated

Authenticating nonces prior to encrypting and decrypting cryptographic keys

Data security is enhanced by receiving a request that identifies an encrypted data key, an authentication tag, and additional authenticated data that includes at least a nonce. In some cases, the authentication tag is cryptographically derivable from the encrypted data key and the additional authenticated data.
Amazon Technologies, Inc.

Secure authentication of devices without server assistance or pre-shared credentials

Systems and methods for establishing secure communication between electronic devices. In some aspects, at least two computing devices physically interact with each other multiple times, and sensors in each device detect and record the times of the physical interactions.
Idevices, Llc

Communication device, communication method, and communication system

A communication device includes a providing unit, a flow control unit, and a cryptography processing unit. The providing unit provides a cryptographic key generated using quantum key distribution technology.
Kabushiki Kaisha Toshiba

Dynamic cryptocurrency aliasing

Described herein is a system in which temporary aliases may be associated with, and maintained with respect to, cryptocurrency addresses. In some embodiments, the system enables a temporary alias to be used by a mobile application (e.g., a wallet application) in a cryptocurrency transaction.

Processing of financial transactions using debit networks

Methods and systems are disclosed for executing financial transactions between customers and merchants. An identifier of a financial account is received from the customer at a merchant system.
First Data Corporation

Format preserving encryption

Encrypting data without losing their format is important in computing systems, because many parties using confidential data rely on systems that require specific formatting for data. Information security depends on the systems and methods used to store and transmit data as well as the keys used to encrypt and decrypt those data.
Experian Health, Inc.

Systems and methods for dual-ported cryptoprocessor for host system and management controller shared cryptoprocessor resources

In accordance with these and other embodiments of the disclosure, an information handling system may include a host system comprising a host system processor, a management controller communicatively coupled to the host system processor and configured to provide management of the information handling system via management traffic communicated between the management controller and a dedicated management network external to the information handling system, and a cryptoprocessor having a first communications interface to the host system and a second communications interface to the management controller and configured to carry out cryptographic operations on data communicated to the cryptoprocessor from the host system and the management controller such that the cryptoprocessor is accessible to the host system and the management controller.. .
Dell Products L.p.

Network partition handling in fault-tolerant key management system

A method, system, and computer-program product for handling network partitions in a network is provided. For example, a method can include providing a first compute node and a second compute node on the network.
Quintessencelabs Pty Ltd.

Fault-tolerant key management system

A configuration for a key management system is provided for managing cryptographic keys in cryptosystems. The configuration includes the use of database replication to improve the reliability, accessibility, and partition tolerance of the key management system.
Quintessencelabs Pty Ltd.

Precursory client configuration for network access

Methods, systems, and devices for wireless communication are described for precursory client configuration for network access. A configurator station (sta) may receive, from a key management device, an identity key of a client sta and may receive, from the client sta, a network configuration probe that includes a first cryptographic value based at least in part on the identity key and a request for network access.
Qualcomm Incorporated

System and cryptographically signing web applications

Embodiments disclosed herein provide a method that includes receiving, at a client-side web browser, a minimal bootstrap payload from an application server; storing, by a client-side processor, the minimal bootstrap payload in a client-side local cache, where the locally cached minimal bootstrap payload is executed by the client-side processor before executing an application from the application server; the minimal bootstrap payload includes at least one public key and at least one uniform resource location (url) address of an application code payload.. .
Cyph, Inc.

Apparatus, system, and methods for a blockchain identity translator

Blockchain applications can generate public/private key pairs without knowing the true identity of the owner of the private key. Many applications, such as in healthcare or corporate banking, require known identities for legal or regulatory reasons.
Peer Ledger Inc.

Method of retaining transaction context

Methods of transaction authentication are provided. In one such method, at least one first transaction has been conducted, the or each first transaction generating data including first data comprising authentication data and second data identifying the or each first transaction, wherein a given first transaction is between a merchant and a card holder.
Visa Europe Limited

System for rapid tracking of genetic and biomedical information using a distributed cryptographic hash ledger

A hardware device and/or software system providing a method of timestamping, indexing, securing, and transmitting biomedical information (such as dna sequences, patient chart notes, lab tests, diagnoses, radiology results, and similar information) along with metadata associated with this information (such as date, time, author); using a public or private distributed cryptographic hash ledger method to create a stable, tamperproof index that permits auditing and tracing information transit over an or several electronic networks/transmission methods; optionally compressing and/or encrypting information using secure encryption methods such as quantum-safe/quantum-secure/quantum-resilient methods that secures the key and the payload independently, and then storing the information on a local electronic device or computer, such as a dna sequencing machine, or transmitting the information over an electronic network or storing it on a removable device.. .
Novus Paradigm Technologies Corporation

Safran Identity & Security

. .

. .

. .

Method and system for enhanced validation of cryptograms in cloud-based systems

A method for enhanced validation of cryptograms for varying account number lengths includes: storing one or more primary account numbers and a plurality of formatting templates, each template being associated with an account number length; receiving a selection indicating a specific primary account number; identifying a specific formatting template where the associated account number length corresponds to a length of the specific primary account number; receiving an unpredictable number from a point of sale device; generating a cryptogram based on at least the unpredictable number and one or more algorithms; generating a data string, wherein the data string includes at least the generated cryptogram, the specific primary account number, and the unpredictable number, and wherein the data string is formatted based on the identified specific formatting template; and electronically transmitting the generated data string to the point of sale device.. .
Mastercard International Incorporated

Systems and methods for delegated cryptography

In some embodiments, an authentication method comprises receiving a request for a digital signature of data from a delegate computer over a secure channel using cryptography to provide authentication, wherein the secure channel comprises at least one wireless communications link; displaying information derived from the data; prompting a user for approval of the request with information derived from the data; in response to receiving approval from the user, creating the digital signature of the data using one or more private keys stored in a key enclave; and sending the digital signature to the delegate computer over the secure channel.. .
Kryptco, Inc.

Resource locators with keys

Requests are pre-generated to include a cryptographic key to be used in fulfilling the requests. The requests may be encoded in uniform resource locators and may include authentication information to enable a service provider to whom the requests are submitted to determine whether the requests are authorized.
Amazon Technologies, Inc.

Dynamic cryptographic polymorphism (dcp) system and method

Described herein is a method of enhancing the security of an internet transaction which includes the transmission of structurally formatted information, the method including the steps of: transmitting a request for the structurally formatted information across a network environment; receiving the request and sending a formulated response requiring calculation and decoding to determine the nature and content of the structurally formatted information; and receiving the structurally formatted information.. .
Kasada Pty Ltd

Systems and methods for storing administrator secrets in management controller-owned cryptoprocessor

A method may include storing a first set of secrets associated with an information handling system in a credential vault of a management controller configured to be coupled to a processor of a host system of the information handling system in order to provide management of the information handling system via management traffic communicated between the management controller and an external management network such that the first set of secrets are accessible responsive to a verified boot of the management controller and storing a second set of secrets associated with the information handling system in a storage of a cryptoprocessor owned by the management controller such that access to the second set of secrets may be granted in response to an administrator's provision of authorization to the cryptoprocessor, and such that access to the second set of secrets is prevented during runtime of the host system in absence of authorization.. .
Dell Products L.p.

Providing user authentication

In particular embodiments, a computing device accesses a device identifier that is encoded in the hardware of the computing device. The device identifier is used to generate a device key that will uniquely identify the particular computing device.
Facebook, Inc.

. .

Systems and methods for preventing transmitted cryptographic parameters from compromising privacy

A method for secure cryptographic communication comprises transmitting information that identifies a group key from a first device to a second device. The method further comprises, in the first device, using the group key to encrypt an input vector, transmitting the encrypted input vector, encrypting privacy-sensitive information using a device key, an encryption algorithm, and the input vector, and transmitting the encrypted privacy-sensitive information to the second device..
Neology, Inc.

Apparatus and cryptographic operations using enhanced knowledge factor credentials

Provided is a process that includes: authenticating a user based on a sequence of transactions that specify a knowledge factor credential where the knowledge-factor credential is lower entropy than the sequence of user-entered transactions, such that possession of the fully entered knowledge-factor credential, without possession of the sequence of user-entered transactions, does not reveal all of the user-entered transactions by which the fully entered knowledge-factor credential was specified by the user.. .
Univaultage Llc

Method of pushing passwords, pushing system and terminal device

A method of pushing passwords, a pushing system and a terminal device are provided. The method includes establishing a sharing cryptographic library which stores a plurality of application program identification codes, account names and passwords, receiving first biological characteristic information of a user, and simultaneously receiving a push request including second biological characteristic information and a current application program identification code.
Guangdong Oppo Mobile Telecommunications Corp., Ltd.

Security processing engines, circuits and systems and adaptive processes and other processes

An electronic circuit (200) includes one or more programmable control-plane engines (410, 460) operable to process packet header information and form at least one command, one or more programmable data-plane engines (310, 320, 370) selectively operable for at least one of a plurality of cryptographic processes selectable in response to the at least one command, and a programmable host processor (100) coupled to such a data-plane engine (310) and such a control-plane engine (410). Other processors, circuits, devices and systems and processes for their operation and manufacture are disclosed..
Texas Instruments Incorporated

Secure exchange of cryptographically signed records

Systems and methods for securely exchanging cryptographically signed records are disclosed. In one aspect, after receiving a content request, a sender device can send a record to a receiver device (e.g., an agent device) making the request.
Magic Leap, Inc.

System and providing secure collaborative software as a service (saas) attestation service for authentication in cloud computing

An architecture and a method are disclosed for providing secure, scalable, and dynamic user configuration in the distributed network for the cloud computing to provide authentication and authorization for the plurality of the users to use the saas service. The system includes a hierarchical tree structure that configures the cloud-computing model by using the certificate less identity-based cryptography to establish the hierarchical relationship between the participating entities.
Institute For Development And Research In Banking Technology (idrbt)

Cryptographic material sharing among entities with no direct trust relationship or connectivity

A mechanism to share cryptographic material across entities that may not have a direct trust relationship between or among each other, or no network connectivity, or some combination thereof, but where participating entities do share a trust relationship (or trusted connection(s)) with a common entity, sometimes referred to herein as a “conduit” entity. This technique enables such entities to leverage their trust relationship with a common “conduit” entity to share cryptographic material between or among themselves..
Akamai Technologies, Inc.

Protecting polynomial hash functions from external monitoring attacks

Systems and methods for protecting from external monitoring attacks cryptographic data processing operations involving computation of a universal polynomial hash function, such as ghash function. An example method may comprise: receiving an input data block, an iteration result value, and a mask value; performing a non-linear operation to produce a masked result value, wherein a first operand of the non-linear operation is represented by a combination of the iteration result value and the input data block, and the second operand of the non-linear operation is represented by a secret hash value, and wherein one of the first operand or the second operand is masked using a mask value; determining, based on the mask value, a mask correction value; and producing a new iteration result value by applying the mask correction value to the masked result value..
Cryptography Research, Inc.

System and providing transaction verification

A transaction verification process performed by a transaction network operator in communication with a client computing device and a third party provider. A computing device may be equipped with an integrity verification module for verifying the system integrity of the computing device, and a cryptographic module for digitally signing transaction requests.
Google Llc

Adaptive system profile

An approach to generating and regenerating a profile value from features of a system (e.g., a computer system), allows for certain changes of features of the system over time. The system may correspond to a client computer or a particular component of the client computer or a user of a client computer, and may also correspond to a combination of the user (i.e., a biometric characterization of the user) and the client computer or a component of the computer.
Fondazione Universitaria Inuit-"tor Vergata"

Secure elastic storage in a dispersed storage network

A method for execution by a dispersed storage and task (dst) processing unit includes: generating an encoded data slice from a dispersed storage encoding of a data object and determining when the encoded data slice will not be stored in local dispersed storage. When the encoded data slice will not be stored in the local dispersed storage, the encoded data slice is stored via at least one elastic slice in an elastic dispersed storage, cryptographic material and an elastic storage pointer indicating a location of the elastic slice in the elastic dispersed storage are generated, and the cryptographic material and the elastic storage pointer are stored in the local dispersed storage..
International Business Machines Corporation

University Of Washington Through Its Center For Commercialization

. .

Method for remote subscription management of an euicc, corresponding terminal

Remote subscription management of an euicc comprising a private key and a public certificate, the public certificate comprising information allowing a subscription manager server to decide if it can agree to manage the euicc. The method includes: establishing a secure channel between the terminal and the subscription manager server by using the public certificate and dedicated cryptographic services of the euicc; sendingto the subscription manager server a subscription management request; verifying, based on the information in the public certificate in the subscription manager server, whether the euicc is entitled to be managed by the subscription manager server and, if yes: performing a key establishment procedure between the subscription manager server and the euicc by using the euicc public certificate; establishing between the subscription manager server and the euicc a secure channel with the established keys; and, executing by the subscription manager server the subscription management request on the euicc..
Gemalto Sa

Enhanced authentication based on secondary device interactions

Enhance authentication techniques may include receiving credential data of a secondary device by a primary device, generating a cryptogram using the credential data of the secondary device, and transmitting the cryptogram to an access device to request for authorization to use an account associated with a user of the primary device. The authorization can be granted based on verification of the cryptogram and an interaction activity pattern of interactions between the primary device and a set of communication devices including the secondary device..
Visa International Service Association

Encryption on computing device

A first component of a cryptographic key is received from a user via a user interface of a user computing device. A second component of the cryptographic key is received via a short-range communication interface that communicatively couples the user computing device to a physically separate storage device.
Data Guard Solutions, Inc.

Leveraging transport-layer cryptographic material

A client application cryptographically protects application data using an application-layer cryptographic key. The application-layer cryptographic key is derived from cryptographic material provided by a cryptographically protected network connection.
Amazon Technologies, Inc.

Binding digitally signed requests to sessions

A client establishes an cryptographically protected communications session and determines information usable to distinguish the session from other sessions. The client digitally signs the information using a cryptographic key that is independent of the session to enable a server to check whether the information matches the session that it established and whether the digital signature is correct.
Amazon Technologies, Inc.

Rfid secure authentication

Authentication systems and methods for a population of devices each associated with an rfid tag are described. For each device, a secret key is combined cryptographically with a publicly-readable unique identifier (uid) of an rfid tag to obtain a unique authorization signature.
Covidien Lp

Methods for secure cryptogram generation

Embodiments of the invention introduce efficient methods for securely generating a cryptogram by a user device, and validating the cryptogram by a server computer. A secure communication can be conducted whereby a user device provides a cryptogram without requiring the user device to persistently store an encryption key or other sensitive data used to generate the cryptogram.

Modular exponentiation with transparent side channel attack countermeasures

A method of implementing security in a modular exponentiation function for cryptographic operations is provided. A key is obtained as a parameter when the modular exponentiation function is invoked.
Qualcomm Incorporated

System and managing cryptocurrency payments via the payment request api

Disclosed is an approach for processing cryptocurrency payments via a payment request application programming interface. A method includes receiving, from a site, at a browser and via the payment request application programming interface, a request associated with a potential purchase, wherein the request includes an identification of a cryptocurrency payment method accepted by the site and transmitting, to the site, from the browser and via the api, data indicating that a user of the browser can pay for the potential purchase via the cryptocurrency payment method accepted by the site.
Monticello Enterprises Llc

Management of authenticated variables

An embodiment includes an apparatus comprising: an out-of-band cryptoprocessor coupled to secure non-volatile storage; and at least one storage medium having firmware instructions stored thereon for causing, during runtime and after an operating system for the apparatus has booted, the cryptoprocessor to (a) store a key within the secure non-volatile storage, (b) sign an object with the key, while the key is within the cryptoprocessor, to produce a signature, and (c) verify the signature. Other embodiments are described herein..
Intel Corporation

Booting computer from user trusted device with an operating system loader stored thereon

In an approach to allowing a computer to boot from a user trusted device (utd), the computer comprises a data storage device storing operating system (os) services, and a version of an os loader. The utd is connectable to the computer and stores a boot loader, detectable by a firmware executing at the computer, and an os loader, and wherein the utd prevents an unauthenticated user to modify the boot loader and the os loader stored thereon.
International Business Machines Corporation

Booting a computer from a user trusted device with an operating system loader stored thereon

In an approach to allowing a computer to boot from a user trusted device (utd), the computer comprises a data storage device storing operating system (os) services, and a version of an os loader. The utd is connectable to the computer and stores a boot loader, detectable by a firmware executing at the computer, and an os loader, and wherein the utd prevents an unauthenticated user to modify the boot loader and the os loader stored thereon.
International Business Machines Corporation

Compositions and methods for treating toxoplasmosis, cryptosporidiosis, and other apicomplexan protozoan related diseases

Wherein the variables x, y, z, l, r1, and r3 are defined herein.. .

Cryptographic block identification apparatus, cryptographic block identification method, and non-transitory computer readable recording medium storing cryptographic block identification program

The present invention relates to a cryptographic block identification apparatus which, in order to analyze encryption logic used by malware to conceal communication, identifies a cryptographic block where encryption logic is stored within a program of the malware. The cryptographic block identification apparatus includes a block candidate extraction part and a cryptographic block identification part.
Mitsubishi Electric Corporation

System and cryptographically provable zero knowledge social networking

A social networking system, computer program product, and methods with a personal avatar executing on a first server node and a zero knowledge arbiter executing on a second server node in a network of the social networking system. The personal avatar communicates social networking system messages in a communication session using a zero knowledge protocol with the zero knowledge arbiter executing on the second server node operating in zero knowledge and using zero knowledge verifiable computing to enforce usage conditions on social networking system messages communicated in a communication session with the zero knowledge arbiter.
International Business Machines Corporation

Method and storing context information in a mobile device

A method and apparatus for storing and using context information in a wireless communication network are provided. Context information is encrypted and transmitted to a mobile device for storage.
Huawei Technologies Co., Ltd.

Virtual point of sale

A portable device includes a communication interface to communicate with a consumer endpoint device, and a reader to receive a payment credential of a payment card detected by the portable device, to support a virtual point-of-sale (pos), card present online transaction between the consumer endpoint device and a merchant server. The portable device can establish a secure session with a host system using a cryptographic key, and send an authorization request comprising the payment credential in the secure session with the host system, the authorization request seeking authorization of payment for the online transaction..
Ent. Services Development Corporation Lp

Animated two-dimensional barcode checks

Systems and methods are disclosed to provide an animated 2d barcode check that is used to securely and efficiently transmit financial information between mobile devices. The financial information includes a check written by a payer and transmitted to a merchant.
Paypal, Inc.

Validation and authentication of digital documents issued by an architect

A method and system for authenticating and validating electronic architectural documents. A document approved by a licensed architect has the architects digital seal and signature associated with or inserted into the document file.
Hks, Inc.

Cryptographic key exchange over an electrostatic channel

Various embodiments relating to exchanging a cryptographic key between a display device and an input device via electrostatic communication are disclosed. In one embodiment, an interactive communication device includes one or more electrodes and a radio transceiver.
Microsoft Technology Licensing, Llc

Information processing apparatus, controlling the same, and storage medium

The information processing apparatus stores a cryptographic module and a key that the cryptographic module generated. The information processing apparatus determines whether or not the stored key is a key that a cryptographic module for which integrity is not verified generated.
Canon Kabushiki Kaisha

Password manipulation for secure account creation and verification through third-party servers

A method and system for deterring attacks at potential breach points between servers and an account and login server for creating and subsequent verification of accounts. Various cryptographic primitives are used to manipulate passwords to generate verifiers.
Airbnb, Inc.

Method for secure communication using asymmetric & symmetric encryption over insecure communications

Data may be protected using a combination of symmetric and asymmetric cryptography. A symmetric key may be generated and the data may be encrypted with the symmetric key.
Sony Interactive Entertainment Inc.

Multiple cryptographic key generation for two-way communication

The embodiments provide a cryptography key for two communicating devices that is based on information known only to the devices. Each of the communicating devices determines the information without communicating key information related to the encryption key with the other.
Microsoft Technology Licensing, Llc

Cryptography method

The embodiments provide cryptography that is performed in each of two communicating devices and is based on information known only to the devices. The information is determined in each of the devices at the time of communications.
Microsoft Technology Licensing, Llc

Cryptography using rf power measurement

The embodiments provide a cryptography key for two communicating devices that is based on information known only to the devices. The information may only be determined by the devices.
Microsoft Technology Licensing, Llc

Optimizing use of hardware security modules

Use of cryptographic key-store hardware security modules is optimized in a system having a first scarce high-security key storage device and a second more plentiful low-security key storage device comprising securing a cryptographic key to the higher security level by initially storing the key in the first storage device, then responsive to an event, evaluating the stored key against one or more rules, and subsequent to the evaluation, reclassifying the stored key for relocation, encrypting the reclassified key using a key-encryption key; relocating the reclassified key into the second, lower-security storage device, and storing the key-encryption key in the first storage device.. .
International Business Machines Corporation

Computation of historical data

Secure computation of enterprise data in a cloud is provided, by a third party, such that values and data manipulation processes are encrypted through use cryptographic processes that are secure. A method can comprise performing operations including receiving security data representing an attribute included in a log file, generating encoded attribute data as a function of the attribute, a hash function, or salt data representing an alphanumeric string, and sending the encoded attribute data to a second device..
At&t Intellectual Property I, L.p.

System and processing an online transaction request

A computer server includes a transaction processor that is configured to receive from a pos terminal an incoming authorization request that includes an original numeric value, a token cryptogram and an identification number identifying an identity token; confirm that the token cryptogram was generated from the original numeric value and a cryptographic key associated with the token; determine primary and secondary numeric values from the original numeric value and a user profile associated with the identification number; confirm that the secondary numeric value is not greater than the balance in a loyalty points account associated with the identification number; transmit to an authorization server a revised authorization request that includes the identification number and the primary numeric value; and receive from the authorization server a confirmation message confirming that the primary numeric value is not greater than the balance in a payment account associated with the identification number.. .
The Toronto-dominion Bank

Automated schedule systems and methods

Automated matching, notification, and acceptance/rejection of appointment or opening in a calendar/schedule via network-based systems and methods, including application over social networks and website based connection between users and service providers. Notifications include offers of rewards and/or incentives, which are in the form of discounts, promotions, and/or a currency such as a cryptocurrency..

Secure operation apparatuses and methods therefor

As may be implemented in accordance with one or more embodiments, and apparatus and/or method may involve a first circuit that initiates secure operations by interfacing with a user and providing operation trigger data that is signed cryptographically and secured from alteration, based on the interfacing. A second circuit, including a secure element, stores data secured from access by the first circuit, and executes secure operations separately from operations executed by the first circuit based on one or more commands provided by the first circuit.
Nxp B.v.

Application code hiding apparatus by modifying code in memory and hiding application code using the same

An application code hiding apparatus includes a secret code dividing part, a secret code caller generating part, a code analyzing part, a dummy code generating part, a code encrypting part, a code disposing part, a code decryptor generating part, a disposed code importer generating part, a code loader generating part, a memory inner code modifier generating part and a decrypted code caller generating part.. .
Soongsil University Research Consortium Techno-park

Application-driven storage systems for a computing system

Systems and methods that allow secure application-driven arbitrary compute in storage devices in a cloud-based computing system are provided. A computing system including a compute controller configured to: (1) provide access to host compute resources, and (2) operate in at least one of a first mode or a second mode is provided.
Microsoft Technology Licensing, Llc

Method for key rotation

A method for key rotation includes initiating key rotation for a user account of a multi-factor authentication platform enabling one-time password authentication using a first symmetric cryptographic key; generating, at an authenticating device, a second symmetric cryptographic key; transmitting, at the authenticating device, the second symmetric cryptographic key to the multi-factor authentication platform; configuring the multi-factor authentication platform and the authenticating device to disable authentication that uses the first symmetric cryptographic key; and configuring the multi-factor authentication platform and the authenticating device to enable authentication that uses the second symmetric cryptographic key.. .
Duo Security, Inc.

Secure transfer and use of secret material in a shared environment

Aspects related to the secure transfer and use of secret material are described. In one embodiment, an encrypted secret key and encrypted revocation data are imported into a trusted execution environment and decrypted with private provider and vendor keys.
Amazon Technologies, Inc.

Perimeter encryption

Encryption keys for an enterprise are stored at a perimeter device such as a gateway, and rules are applied at the network perimeter to control whether and how these keys are used for cryptographic processing of communications passing through the perimeter device. The encrypted status of communications, e.g.
Sophos Limited

Pufs from sensors and their calibration

Several methods may be used to exploit the natural physical variations of sensors, to generate cryptographic physically unclonable functions (puf) that may strengthen the cybersecurity of microelectronic systems. One method comprises extracting a stream of bits from the calibration table of each sensor to generate reference patterns, called puf challenges, which can be stored in secure servers.
Arizona Board Of Regents Acting For And On Behalf Of Northern Arizona University

Secure communication of iot devices for vehicles

Method for establishing secure communication between a plurality of iot devices in one or more vehicles include: provisioning the plurality of iot devices by providing a unique identification, a digital identity token and a cryptographic key to each of the plurality of iot devices; establishing a secure communication line between the plurality of iot devices by authenticating respective communication lines between respective iot devices and issuing a digital certificate to the respective communication lines; grouping the plurality of iot devices into different groups based on a predetermined criteria; and including a group membership for a group of the different groups in an attribute certificate indicating group characterization.. .
T-central, Inc.

Numeric pattern normalization for cryptographic signatures

A system for numeric pattern normalization for cryptographic signatures is provided. The system includes a resolving client, and an at least one signature server.
Centurylink Intellectual Property Llc

Multi-hop secure content routing based on cryptographic partial blind signatures and embedded terms

At a transmitter node, a commitment value c is obtained as a function of a message m. The commitment value c and transmitter terms of use ta for the message m are then sent to a receiver node without disclosing the message m.
Qualcomm Incorporated

Token and cryptogram using transaction specific information

Systems and methods for token processing are disclosed. An access device can provide access device data to a mobile communication device.
Visa International Service Association

Controlling verification of key-value stores

Deferred verification of the integrity of data operations over a set of data that is hosted at an untrusted module (um) is controlled. The controlling includes generating a request for a data operation on the set of data.
Microsoft Technology Licensing, Llc

Cryptographic key production from a physical unclonable function

Some embodiments are directed to an electronic cryptographic device configured to determine a cryptographic key. The cryptographic device has a physically unclonable function, a debiasing unit, and a key reconstruction unit.
Intrinsic Id B.v.

System and methods for opportunistic cryptographic key management on an electronic device

A system and method for opportunistic cryptographic key management includes generating a security capability assessment on a first electronic device based on security capabilities of the device, selecting a key management mode based on the security capability assessment, generating a cryptographic key based on the key management mode, and storing the cryptographic key based on the key management mode.. .
Duo Security, Inc.

Method and system for group-oriented encryption and decryption with selection and exclusion functions

A method and system for group-oriented encryption and decryption that supports the implementation of the designation and revocation functions of decryption users in a large-scale group. During the encryption, the system acquires a corresponding aggregate function according to an encryption mode; acquires any selected subset s and public parameters, and outputs an aggregate value of the subset s; generates a ciphertext of to-be-transmitted information according to the public parameters, a to-be-transmitted message and the aggregate value; acquires the encryption mode and the subset s comprised in the received ciphertext, operates the subset s and an identity of a current decryptor according to the encryption mode, and outputs a new subset s′; acquires an aggregate function corresponding to the encryption mode during the decryption; outputs an aggregate value of the new subset s′; and decrypts the received ciphertext according to the public parameters and the aggregate value, so as to obtain the to-be-transmitted information..
University Of Science And Technology Beijing

Dual-mode processing of cryptographic operations

Systems and methods for dual mode hardware acceleration for cryptographic operations are provided. According to one embodiment, data upon which a cryptographic operation is to be performed is receive by a computer system that includes a host cpu and a cryptographic hardware accelerator.
Fortinet, Inc.

Clock computing machines

A new computational machine is invented, called a clock machine, that is a novel alternative to computing machines (digital computers) based on logic gates. In an embodiment, computation is performed with one or more clock machines that use time.

Electronic voting system

A method is described that involves creating a private key and a public key cryptographic key pair, generating a unique and random identifier for a voter's vote and accepting an election vote from said voter. The vote and identifier are electronically signed with the private key to create a digital signature.

Provisioning account numbers and cryptographic tokens

Disclosed herein are systems and methods for real-time provisioning of new card numbers to users of a consumer computing system. A consumer computing system (“ccs”) may have servers and databases situated within a banking infrastructure in order to provide various features to users via a software application executed by a client device.
Square, Inc.

Method for encrypting transactions at a dynamic transaction card

One variation of a method for controlling a dynamic transaction card includes: at a first time, accessing a first cryptogram; at a second time, establishing a wireless connection with a mobile computing device; in response to establishing the wireless connection with the mobile computing device, accessing a first token associated with the first cryptogram from the mobile computing device via the wireless connection; generating a first magnetic stripe sequence command representing the first cryptogram and the first token; and in response to detecting a magnetic stripe card reader proximal a magnetic stripe emulator integrated into the dynamic transaction card at a third time succeeding the second time, driving the magnetic stripe emulator according to the first magnetic stripe sequence command.. .
Cardlab Aps.

System and forming, storing, managing, and executing contracts

A system and method for computable contracts that includes a contract management system accessible by involved parties, managing a formation stage of a contract document by obtaining object components, assembling a contract object graph from the object components, and committing the contract object graph to post formation execution; and in an execution environment during a post-formation stage, executing the contract object graph where instances of execution include receiving a contract state update, and appending at least one update object component to the contract object graph in accordance with the contract state update. Variations of the system and method may apply peer-to-peer negotiation and execution, use a cryptographic directed acyclic contract object graph, and/or interface with distributed ledgers..
Clause, Inc.

Secure crypto module including security layers

An electromagnetic radiation (emr) receiver is located upon a printed circuit board (pcb) glass security layer. Emr flux is transmitted by the glass security layer and received by the emr receiver.
International Business Machines Corporation

Parallel and hierarchical password protection on specific document sections

The present disclosure involves systems and computer implemented methods for protecting portions of electronic documents. An example method includes receiving a request for access to an electronic file having sections, at least one section encrypted using a first key based on a first password.
Sap Se

Method and system of using a local hosted cache and cryptographic hash functions to reduce network traffic

The described method and system enables a client at a branch office to retrieve data from a local hosted cache instead of an application server over a wan to improve latency and reduce overall wan traffic. A server at the data center may be adapted to provide either a list of hashes or the requested data based on whether a hosted cache system is enabled.
Microsoft Technology Licensing, Llc

Systems and methods for tracking controlled items

According to the present disclosure, a method for tracking a controlled item can include transforming a genetic code with a cryptographic hash function into a core code. The core code can be associated with a label code and a weight.

Heating device utilizing computational or processing components

A heating unit and a heating system are provided that utilize computational and/or processing components to generate and deliver varying levels of heat. The disclosed heating unit/system beneficially captures heat that is a byproduct of other activities, e.g., computing activities, for heating purposes.