A method and system for group-oriented encryption and decryption that supports the implementation of the designation and revocation functions of decryption users in a large-scale group. During the encryption, the system acquires a corresponding aggregate function according to an encryption mode; acquires any selected subset S and public parameters, and outputs an aggregate value of the subset S; generates a ciphertext of to-be-transmitted information according to the public parameters, a to-be-transmitted message and the aggregate value; acquires the encryption mode and the subset S comprised in the received ciphertext, operates the subset S and an identity of a current decryptor according to the encryption mode, and outputs a new subset S′; acquires an aggregate function corresponding to the encryption mode during the decryption; outputs an aggregate value of the new subset S′; and decrypts the received ciphertext according to the public parameters and the aggregate value, so as to obtain the to-be-transmitted information.

Secret application and maintenance policy data is generated for different classes of data. The class of data to be protected is determined and the secret application and maintenance policy data for the determined class of the data to be protected is identified and obtained. Required secrets data representing one or more secrets to be applied to the data to be protected is obtained and then automatically scheduled for application to the data to be protected in accordance with the secret application and maintenance policy data for the determined class of the data to be protected. Maintenance of the one or more secrets is also automatically scheduled in accordance with the secret application and maintenance policy data for the determined class of the data to be protected.

A method, computer-readable storage device and apparatus for encrypting a broadcast message of a base station are disclosed. For example, the method selects an encryption key for the broadcast message and encrypts the broadcast message using the encryption key to create an encrypted broadcast message. The method then transmits an identifier of the encryption key and transmits the encrypted broadcast message over a broadcast channel. A method for decrypting a broadcast message that is encrypted is also disclosed.

Aspects related to the secure transfer and use of secret material are described. In one embodiment, an encrypted secret key and encrypted revocation data are imported into a trusted execution environment and decrypted with private provider and vendor keys. In this manner, a provider of cryptographic processes is not exposed to the secret key or revocation data of a customer, as the secret key and revocation data are decrypted and stored within the trusted execution environment but not accessed in an unencrypted form. In turn, the provider can receive various instructions to perform cryptographic operations on behalf of the customer. Based on the outcome of a revocation check using the revocation data, the instructions can be performed by the trusted execution environment.

Some embodiments are directed to an electronic cryptographic device configured to determine a cryptographic key. The cryptographic device has a physically unclonable function, a debiasing unit, and a key reconstruction unit. The PUF is configured to produce a first noisy bit string during an enrollment phase and a second noisy bit string during a reconstruction phase. The debiasing unit (120) is configured to determine debiasing data from the first noisy bit string during the enrollment phase. The debiasing data marks bits in the first noisy bit string as retained or discarded. The key reconstruction unit is configured to determine the cryptographic key from bits in the second noisy bit string marked as retained by the debiasing data, the cryptographic key being independent from bits in the second noisy bit string marked as discarded by the debiasing data.

An encryption method for data includes acquiring data to be encrypted and user information set relevant to the encryption, sending a key acquisition instruction to a terminal corresponding to the user information, receiving a key returned from the terminal corresponding to the user information, encrypting the data to be encrypted by using the key, and transmitting encrypted data to the terminal corresponding to the user information.

A communication system and a comparison method for securing a communication path for a legitimate user via a terminal apparatus (“TA”). A vehicle-mounted communication device (“VMCD”) transmits a device ID identifying the VMCD to a TA, acquires a terminal ID from the TA, and transmits the device ID and the terminal ID acquired from the TA to a central apparatus. The TA transmits a terminal ID identifying the TA to the VMCD, acquires a device ID from the VMCD, and transmits the terminal ID and the device ID acquired from the VMCD to the central apparatus. The central apparatus receives a device ID and a terminal ID transmitted from the VMCD and a device ID and a terminal ID transmitted from the TA, and compares the device ID and the terminal ID received from the VMCD with the device ID and the terminal ID received from the TA.

A transaction authorization apparatus includes a processor in communication with a communications interface. The processor is configured to receive a request for a transaction requested by a user with whom a plurality of user devices are associated, to obtain respective transaction measurements from at least some available devices from among the plurality of user devices, and to confirm approval of the request for the transaction in response to confirmation that the transaction measurements satisfy a multi-device authorization policy associated with the transaction.

The present technology relates to an information processing apparatus, a method, and a program that can improve anonymity. An acquisition unit acquires a user identification ID that identifies a user and user data regarding the user. A derived ID generation unit carries out an operation using a one-way function, for data obtained from the user identification ID according to an increase in the number of the user data recorded in a recording unit, to generate a derived ID. A recording control unit causes the recording unit to record the generated derived ID and the acquired user data in association with each other to. In this way, the derived ID is generated according to the increase in the number of recorded user data, and the user data is recorded in association with the derived ID. Therefore, K-anonymity of the user data can be improved. The present technology can be applied to a server.

In one implementation, a system for a session key repository includes a monitor engine to monitor communication between a first computing device and a second computing device that is encrypted with a private key, an identification engine to determine a number of session keys and session IDs that correspond to the encrypted communication, a rules engine to determine a number of rules for storing and sharing the number of corresponding session keys and session IDs, a repository engine to send a portion of the number of session keys and session IDs to a network tool based on the number of rules and identification of the network tool.