Methods in a cloud object store facilitate strong data encryption, customer-management of object (encryption) keys, reductions in latency, globally-distributed object storage, and handling of streamed uploads. A method for encrypting objects stored in a cloud includes encrypting each object with a unique encryption (object) key. The plaintext object keys are generated in advance of uploads. The plaintext object keys can be stored in an object database in the cloud. Alternatively, the plaintext object keys can be provided to a customer's HSM, encrypted, and returned to the cloud, such that encrypted object keys, encrypted by the customer, are stored in the cloud. The cloud can alternatively encrypt the customer's object keys with a master key for the customer, which is then encrypted by the customer's HSM before being stored in the cloud. Proxies are also deployed for efficiently communicating with customer security modules.

Provided are a random number generation device and the like capable of calculating a high precision random number using a memory capacity selected irrespective of the precision of the random number. A random number calculation device is configured to generate first random numbers based on given number and specify, for the given number of second random numbers in a target numeric extent, bin range depending on the first random numbers based on frequency information representing cumulative frequency regarding a frequency of numeric extent including respective second random numbers among given numeric extents, the numeric extent being determined in accordance with a desirable precision.

Techniques are disclosed for securely distributing entropy in a distributed environment. The entropy that is distributed may be quantum entropy that is generated by a quantum entropy generator or source. The true random entropy generated by a trusted entropy generator can be communicated securely among computer systems or hosts using secure communication channels that are set up using a portion of the entropy. The distribution techniques enable computer systems and hosts, which would otherwise not have access to such entropy generated by the trusted entropy source, to have access to the entropy.

A method performs cryptographic operations on data in a processing device. An iterative operation between a first operand formed by a given number of words and a second operand using a secret key is performed. The iterative operation includes, for each bit of the secret key, applying one of a first set operations and a second set of operations to the first operand and to the second operand depending on of the bit, and conditionally swapping words of the first and the second operand based on a control bit value obtained by applying a logic XOR function to a random bit.

This disclosure relates to a data storage device. A data port transmits data between a host computer system and the data storage device over a data channel. The device repeatedly broadcasts advertising packets over a wireless communication channel different from the data channel. Each advertising packet comprises a random value and a message authentication code calculated based on the random value and an identity key. The identity key is readable by a device to be connected and in proximity of the data storage device out of band of the data channel and the communication channel. The identity key enables the device to be connected to verify the message authentication code based on the random value and the identity key to thereby authenticate the data storage device.

A system and method for sharing user preferences pertaining to one or more products, without having the user reveal their identity, is described herein. The system is configured for registering a user by receiving a set of biometric samples of the user, processing the set of biometric samples to compute a Secret-Key (S1) corresponding to the user, generating a Unique-Number (N1) using a random number generation algorithm, applying a Function (F1) to the Secret-Key (S1) and the Unique-Number (N1), to compute a Public-Key (P1). Once the user is registered, the system is configured to receive a biometric sample from the user in real-time and compute the Secret-Key (S2) for authenticating the user. Once the user is authenticated, the system may recommend to the user, a candidate product from a product catalog, based on the user's preferences.

Systems and methods are described for providing secure storage of data sets while enabling efficient deduplication of data. Each data set can be divided into fixed-length blocks. The plaintext of each block can be convergently encrypted, such as by using a hash of the plaintext as an encryption key, to result in block-level ciphertext that can be stored. If two data sets share blocks, the resulting block-level ciphertext can be expected to overlap, and thus duplicative block-level ciphertexts need not be stored. A manifest can be created to facilitate re-creation of the data set, which manifest identifies the block-level ciphertexts of the data set and a key by which each block-level ciphertext was encrypted. By use of block-level encryption, nearly identical data sets can be largely deduplicated, even if they are not perfectly identical.

[Object] The object is to present a technical solution for a bank to disclose information on a deposit account directly to a third party. [Solution Means] The owner of a virtual currency address or real-currency deposit account provides a disclosure key to a disclosee (third party). The third party accesses a disclosure server 6 by operating a disclosee terminal 7, and transmits a disclosure request with the disclosure key. The disclosure server 6 accesses to an opener bank server 1, 8, acquires the virtual currency address owner information or the instant real-currency deposit account balance information, transmits it to the disclosee terminal 7, and make it browsable on the disclosee terminal 7.

[Object] The object is to present a technical solution for a bank to disclose information on a deposit account directly to a third party. [Solution Means] The owner of a virtual currency address or real-currency deposit account provides a disclosure key to a disclosee (third party). The third party accesses a disclosure server 6 by operating a disclosee terminal 7, and transmits a disclosure request with the disclosure key. The disclosure server 6 accesses to an opener bank server 1, 8, acquires the virtual currency address owner information or the instant real-currency deposit account balance information, transmits it to the disclosee terminal 7, and make it browsable on the disclosee terminal 7.

Techniques are described for securely managing computing resources in a computing environment comprising a computing service provider and a remote computing network. The remote computing network includes computing and network devices configured to extend computing resources of the computing service provider to remote users of the computing service provider. The network devices include a trusted network device that includes a root of trust. The trusted network device detects that a new device is communicatively coupled to a port on the trusted network device. The trusted network device determines that the new device is not authorized to access computing resources at the remote computing network. The port is isolated at the trusted network device.