The disclosed exemplary embodiments include computer-implemented systems, devices, and processes that securely manage transfers of digital assets between computing devices using permissioned distributed ledgers. By way of example, an apparatus may receive, from a first device, a request to transfer a digital asset to a second device and a first digital signature applied to the request. Based on a validation of the first digital signature, the apparatus may approve the request and apply a second digital signature to the request and the first digital signature indicative of the approval of the request by the apparatus. The apparatus may also transmit the request, the first digital signature, and the second digital signature to a computing system, which may validate the first and second digital signatures and perform operations that record the first public key and asset data identifying the digital asset within at least one element of a distributed ledger.

Various embodiments are generally directed to continuous authentication of a user to a digital service based on activity of a contactless card positioned proximate to a computing device on which the digital service operates. For example, a series of periodic status messages may be provided between a client device and the contactless card to verify whether the contactless card remains active, wherein authorization to access the digital service continues while the contactless card is active, and terminates when the contactless card is inactive.

Some embodiments are directed to a second cryptographic device (20) and a first cryptographic device (10). The first and second cryptographic devices may be configured to transfer a key seed. The key seed may be protected using a public key from one party and a private key from the other party. For example, a public key may be obtained from a private key through a noisy multiplication. At least one of the first and second cryptographic device may validate an obtained public key, e.g., to avoid leakage of the key seed or of a private key.

The present invention provides various aspects for processing multiple types of substrates within cleanspace fabricators or for processing multiple or single types of substrates in multiple types of cleanspace environments particularly to form hardware based encryption devices and hardware based encryption equipped communication devices and multi-chip modules such as chiplets. In some embodiments, a collocated composite cleanspace fabricator may be capable of processing semiconductor devices into integrated circuits and then performing assembly operations to result in product in packaged form. Customized smart devices, smart phones and touchscreen devices may be fabricated in examples of a cleanspace fabricator. The assembly processing may include steps to form hardware based encryption.

Generating a verifiable pairwise claim. Receiving a request for issuing a verifiable claim that is associated with a subject entity and is verifiable by one or more verifying entities. The request includes at least an encrypted portion using a particular type of encryptography. Verifying that the subject entity is associated with a subject of the verifiable claim based on decrypting the encrypted portion using the particular type of cryptography. In response to verifying that the subject entity is associated with the subject of the verifiable claim, issuing the verifiable claim that is structured to be verifiable only by the one or more verifying entities.

A communications device for managing an authentication event is provided, which is configured to generate location data indicative of a geolocation associated with the communications device, retrieve, from a key that is obfuscated and stored in the communications device, the key, sign the location data with the retrieved key, and transmit request data to a communications server apparatus for requesting the authentication event, the request data comprising the signed location data. A method and a communications system for managing an authentication event are also provided.

A Bluetooth device (702) is disclosed, the Bluetooth device being provisioned with a security credential (710) that is shared with an authentication server (706). The Bluetooth device comprises processing circuitry configured to use a Bluetooth pairing mechanism to establish a pairing with a Bluetooth gateway (704a-c) by establishing a shared secret key with the Bluetooth gateway and to perform an Extensible Authentication Protocol (EAP) authentication method towards the authentication server using the security credential, wherein performing the EAP authentication method comprises using the paired Bluetooth gateway to forward messages to and from the authentication server. The processing circuitry is further configured to bind the pairing established with the paired Bluetooth gateway to the performed EAP authentication method. Also disclosed are a Bluetooth gateway and methods performed by a Bluetooth device and a Bluetooth gateway.

A method for authentication between a control module and a lighting module for a motor vehicle, in which at least one of the two modules is a transmitter module, the other being a receiver module, the two modules comprising a unit for transmitting/receiving data and being linked by a data communication channel that enables the modules to exchange data. The method including transmitting of data describing at least one authentication factor from the transmitter module to the receiver module, verification of the authentication factor by means of a calculation unit, and abandoning communication, in the receiver module, with the transmitter module if the verification fails, or otherwise continuing communication.

A method of managing an overlay network overlaid on data-storage transactions of a blockchain, whereby data content of the overlay network is stored in payloads of the data-storage transactions and overlay-layer links are defined between the data-storage transactions. The method comprises identifying a graph structure of the overlay network, wherein nodes corresponds to different ones of the data-storage transactions and edges correspond to the links. Each node is associated with a respective first key for signing an input of a child data-storage transaction to authorise writing the child to the blockchain. The method further comprises using a child key derivation, CKD, function to determine a hierarchical set of second keys having the same graph structure as the overlay network, wherein the second keys enable an additional function other than signing inputs of the data-storage transactions.

In a digital communication system, using a symmetric key encryption protocol, the identifier of a transmitter included in a message transmitted to a receiver is encrypted. The identifier is divided into P parts, P being an integer number at least equal to two. The parts are ordered and associated, respectively, with ranks varying between one and P. For at least one part of rank greater than or equal to two, an encryption key is determined on the basis of the values of the parts of preceding rank and is encrypted with the encryption key thus determined. An encrypted identifier is then determined from the one or more encrypted parts thus obtained. The message to be transmitted is then formed from the encrypted identifier thus determined, and then transmitted to the receiver.