Aspects and features of a cryptosystem and authentication for the cryptosystem, and a method or process for the cryptosystem, are described. In one example, a method for cryptographic communications includes storing a secret key, generating a system randomization number, and encrypting a plain data package into an encrypted data package by application of the plain data package, the secret key, and the system randomization number to a system of equations for encryption. The system of equations can be a system of linearly dependent equations in one example. Among other benefits, the cryptosystem relies upon the system of linearly dependent equations and the system randomization number to provide additional strength against known-plaintext attacks, chosen-plaintext attacks, and other types of attacks. The system is more semantically secure and offers ciphertext indistinguishability in a new approach using the system of linearly dependent equations.

A method for providing Cheon-resistance security for a static elliptic curve Diffie-Hellman cryptosystem (ECDH), the method including providing a system for message communication between a pair of correspondents, a message being exchanged in accordance with ECDH instructions executable on computer processors of the respective correspondents, the ECDH instructions using a curve selected from a plurality of curves, the selecting including choosing a range of curves; selecting, from the range of curves, curves matching a threshold efficiency; excluding, within the selected curves, curves which may include intentional vulnerabilities; and electing, from non-excluded selected curves, a curve with Cheon resistance, the electing comprising a curve from an additive group of order q, wherein q is prime, such that q−1=cr and q+1=ds, where r and s are primes and c and d are integer Cheon cofactors of the group, such that cd≤48.

Systems, and associated methods, involving both a trusted and an untrusted device where sensitive data or keys are shared between those devices are disclosed. A disclosed method includes storing a key in a secure memory on a first device, receiving sensitive data via a user interface on a second device, generating a set of white box encryption instructions based on the key using a white box encryption generator on the first device, generating a complete data representation of the set of white box encryption instructions using a secure processor on the first device, transmitting the complete data representation from the first device to the second device, and encrypting the sensitive data using the complete data representation on the second device. The complete data representation is not Turing complete and is not executable with respect to the second device.

The present invention relates generally to a system and method of querying an anonymized database. More particularly, the invention provides a method and system for querying an anonymized database without the need to decrypt queried data while it's processed. Even more specifically, the invention provides a method and system of anonymizing a database such that it may be queried efficiently in near real time while still retaining the ability to not decrypt requested data while it's being processed.

Ransomware detection and/or isolation and/or remediation of a ransomware-encryption device is performed in a Remote Monitoring and Management (RMM) system environment. The RMM system is operatively associated with monitoring and managing a plurality of devices and, according to an exemplary embodiment, the RMM system includes a RMM agent module locally installed on each device, a cloud-based RMM platform operatively communicating with each device RMM agent module, and a Ransomware Detection (RD)/Isolation module locally installed on each device. The RD/Isolation module locally detects a potential ransomware-encryption in one or more files received by the device and the RMM system isolates a ransomware affected device using a locally executed script provided by the cloud-based RMM platform.

A method for verifying a material data chain (MDC) that is maintained by a creator is disclosed. The method includes receiving an unverified portion of the MDC from the creator including a set of consecutive material data blocks (MDBs). Each respective MDB includes respective material data, respective metadata, and a creator verification value. The method includes modifying a genomic differentiation object assigned to the verification cohort based on first genomic regulation instructions (GRI) that were used by the creator to generate the creator verification value. For each MDB in the unverified portion, the method includes determining a verifier verification value based on the MDB, a preceding MDB in the MDC, and a genomic engagement factor (GEF) determined with respect to the MDB. The GEF corresponding to an MDB is determined by extracting a sequence from the metadata of a MDB and mapping the sequence into the modified genomic differentiation object.

A device, method, or computer program product for conducting a cryptographic operation in a vehicle is disclosed herein. The device is arranged to receive key data and input data, and to conduct a cryptographic computation of the input data to output data using the key data. The cryptographic computation is conducted with or without side channel attack counter measures, which are toggled based on the key data or based on a control input.

Techniques for determining whether a public encryption key is vulnerable as the result of deficiencies in pseudorandom number generation algorithms are provided. In some embodiments, a system may compile a database of cryptographic information received from a plurality of sources, including databases, and network traffic monitoring tools. RSA public keys extracted from the cryptographic information may be stored in an organized database in association with corresponding metadata. The system may construct a product tree from all unique collected RSA keys, and may then construct a remainder tree from the product tree, wherein each output remainder may be determined to be a greatest common divisor of one of the RSA keys against all other unique RSA keys in the database. The system may then use the greatest common divisors to factor one or more of the RSA keys and to determine that the factored keys are vulnerable to being compromised.

An industrial asset may have a plurality of monitoring nodes, each monitoring node generating a series of monitoring node values over time representing current operation of the industrial asset. An abnormality detection computer may determine that an abnormal monitoring node is currently being attacked or experiencing a fault. An autonomous, resilient estimator may continuously execute an adaptive learning process to create or update virtual sensor models for that monitoring node. Responsive to an indication that a monitoring node is currently being attacked or experiencing a fault, a level of neutralization may be automatically determined. The autonomous, resilient estimator may then be dynamically reconfigured to estimate a series of virtual node values based on information from normal monitoring nodes, appropriate virtual sensor models, and the determined level of neutralization. The series of monitoring node values from the abnormal monitoring node or nodes may then be replaced with the virtual node values.

Containers can be managed for cryptanalysis attack protection. For example, a computing system can receive, from a container, a description specifying a first hardware requirement for the container. The computing system can restrict access to hardware based on the first hardware requirement for the container. The computing system can perform, for a data object requested by the container, an encryption operation and a decryption operation using the hardware. A result of the encryption operation can be inaccessible to the container prior to the decryption operation.