An encrypted communication method is applied in a first electronic device, which includes a first processor communicating through encrypted channel of first Bluetooth, and a second processor communicating through unencrypted channel of second Bluetooth. The method includes: receiving, by the first processor, a key transmitted from a second electronic device, and transmitting the key to the second processor, the key being transmitted from the second electronic device to the first processor through the encrypted channel of the first Bluetooth; receiving, by the second processor in response to the first electronic device being switched to a system run by the second processor, a first ciphertext transmitted from the second electronic device, the first ciphertext being transmitted from the second electronic device to the second processor through the unencrypted channel of the second Bluetooth; and decrypting, by the second processor, the first ciphertext with the key to obtain the first plaintext.

A method for provisioning an electronic device includes providing a semiconductor wafer on which multiple integrated circuit (IC) chips have been fabricated. Each chip includes a secure memory and programmable logic, which is configured to store at least two keys in the secure memory and to compute digital signatures over data using the at least two keys. A respective first key is provisioned into the secure memory of each of the chips via electrical probes applied to contact pads on the semiconductor wafer. After dicing of the wafer, a respective second key is provisioned into the secure memory of each of the chips via contact pins of the chips. A respective provisioning report is received from each of the chips with a digital signature computed by the logic using both of the respective first and second keys. The provisioning is verified based on the digital signature.

Computer-readable media, methods, and systems are disclosed for encrypting and decrypting data pages in connection with a database employing group-level encryption. A request to load a group-level encrypted logical data page into main memory is received, the data page being identified by a logical page number. A block of group-level encrypted data is loaded into the main memory of the database system from an address corresponding to the physical block number. A block of group-level encrypted data is loaded into the main memory of the database system. A header associated with the block of group-level encrypted data is decrypted using a data-volume encryption key, and an encryption-group identifier is accessed from the decrypted header. A group-level encryption key is retrieved from a key manager, and the remainder of the block of group-level encrypted data is decrypted using the group-level encryption key.

In general, the invention relates to a method for managing data. The method includes obtaining a data set from a local data system, identifying an audit tag associated with the data set, generating a table entry for a data registration table based on the data set and the audit tag, and storing the table entry in the data registration table, wherein the data registration table is stored in a data tracking service.

The disclosed embodiments relate to secure booting of memory device. The disclosed embodiments generate measurement data associated with a memory device. Next, the disclosed embodiments read a golden measurement from a secure location in the memory device, the golden measurement generated based on a version of the data associated with the memory device, and therefore it is unique to the device. The disclosed embodiments validate the golden measurement value using a public key and determine whether the golden measurement is equal to the measurement data. The golden measurement value can also be saved in a write protected area which can only be changed by a secure write command, therefore, it is imutable by others. Finally, the disclosed embodiments continue a boot process when the golden measurement is equal to the measurement data.

A request to search a database field in a database table for a query value may be received. The query value may be hashed with a designated hash function and a designated hash key to produce a designated keyed-hash value. A row in the database table may be identified based on the designated keyed-hash value. The identified row may include a keyed-hash field value that matches the designated keyed-hash value. The identified row may include an encrypted field value generated by encrypting an unencrypted field value matching the query value. One or more data values associated with the identified row may be transmitted in response to the request.

Examples associated with cryptographic key security are described. One example system includes a secure storage accessible to a basic input/output system (BIOS). A BIOS security module stores an authorization value in a fixed location in the secure storage. The authorization value is stored by the BIOS during a boot of the system. A cryptographic key module reads the authorization value from the fixed location, overwrites the authorization value in the fixed location, and obtains a cryptographic key using the authorization value.

In an approach, a process stores a matrix of multibit values for a computation in an analog multiply-accumulate unit including at least one crossbar array of binary analog memory cells connected between respective pairs of word- and bit-lines of the array, where: bits of each multibit value are stored in cells connected along a word-line, and corresponding bits of values in a column of the matrix are stored in cells connected along a bit-line. In each of one or more computation stages for a cryptographic element, the process supplies a set of polynomial coefficients of an element bitwise to respective word-lines of the unit to obtain analog accumulation signals on the respective bit-lines. The process converts the analog signals to digital. The process processes the digital signals obtained from successive bits of the polynomial coefficients in each of the stages to obtain a computation result for the cryptographic element.

An embodiment includes executing, by a hypervisor, a bootloader with access to a first logical partition of a non-volatile memory, the first logical partition storing a keystore. The embodiment also includes loading, by the bootloader, a kernel with access to the first logical partition of the non-volatile memory. The embodiment also includes receiving, by the bootloader, an encryption key from the keystore. The embodiment also includes performing, by the bootloader, a cryptographic algorithm using the encryption key on the kernel. The embodiment also includes executing, by the bootloader in an event that the performing of the cryptographic algorithm produces a first result, the kernel with access to the first logical partition of the non-volatile memory. The embodiment also includes halting, by the bootloader in an event that the performing of the cryptographic algorithm fails to produce the first result, booting of the kernel and generating an error message.

The present invention relates to the security of sensitive data executed by program files in a computing device. A first file comprising of a sequence of instructions that can be configured onto the memory and executed by a processor is stored in a storage device of the device. A suitable program comprising a sequence of instructions is configured on memory and coupled to an encrypted credential store only accessible to the program instance being executed by a processor. A encrypted data store coupled to above said program is provided on the device's storage device. The successful execution of said first file requires access to sensitive data such as but not limited to passwords, API keys or other sensitive parameters, which are provided at run-time by the program coupled to the encrypted credential store.