The disclosure provides an approach for cryptographic agility. Embodiments include receiving a request from an application for a cryptographic operation, wherein the request is associated with a computing device. Embodiments include determining one or more resource constraints related to the computing device. Embodiments include selecting, based on the one or more resource constraints, a cryptographic technique from a plurality of cryptographic techniques associated with indications of resource requirements. Embodiments include performing the cryptographic operation using the cryptographic technique. Embodiments include providing a response to the application based on performing the cryptographic operation.

The disclosure provides an approach for cryptographic agility. Embodiments include receiving a request from an application for a cryptographic operation, wherein the request is associated with a computing device. Embodiments include determining one or more resource constraints related to the computing device. Embodiments include selecting, based on the one or more resource constraints, a cryptographic technique from a plurality of cryptographic techniques associated with indications of resource requirements. Embodiments include performing the cryptographic operation using the cryptographic technique. Embodiments include providing a response to the application based on performing the cryptographic operation.

Encryption and decryption techniques based on one or more transposition vectors. A secret key is used to generate vectors that describe permutation (or repositioning) of characters within a segment length equal to a length of the transposition vector. The transposition vector is then inherited by the encryption process, which shifts characters and encrypts those characters using a variety of encryption processes, all completely reversible. In one embodiment, one or more auxiliary keys, transmitted as clear text header values, are used as initial values to vary the transposition vectors generated from the secret key, e.g., from encryption-to-encryption. Any number of rounds of encryption can be applied, each having associated headers used to “detokenize” encryption data and perform rounds to decryption to recover the original data (or parent token information). Format preserving encryption (FPE) techniques are also provided with application to, e.g., payment processing.

Encryption and decryption techniques based on one or more transposition vectors. A secret key is used to generate vectors that describe permutation (or repositioning) of characters within a segment length equal to a length of the transposition vector. The transposition vector is then inherited by the encryption process, which shifts characters and encrypts those characters using a variety of encryption processes, all completely reversible. In one embodiment, one or more auxiliary keys, transmitted as clear text header values, are used as initial values to vary the transposition vectors generated from the secret key, e.g., from encryption-to-encryption. Any number of rounds of encryption can be applied, each having associated headers used to “detokenize” encryption data and perform rounds to decryption to recover the original data (or parent token information). Format preserving encryption (FPE) techniques are also provided with application to, e.g., payment processing.

A processor of an aspect is to perform a Single Instruction Multiple Data (SIMD) instruction. The SIMD instruction is to indicate a source register storing input data to be processed by a round of AES and is to indicate a source of a round key to be used for the round of AES. The processor is to perform the SIMD instruction to perform the round of AES on the input data using the round key and store a result of the round of AES in a destination. In one aspect, the SIMD instruction is to provide a parameter to specify whether or not a round of AES to be performed is a last round. Other instructions, processors, methods, and systems are described.

A processor of an aspect is to perform a Single Instruction Multiple Data (SIMD) instruction. The SIMD instruction is to indicate a source register storing input data to be processed by a round of AES and is to indicate a source of a round key to be used for the round of AES. The processor is to perform the SIMD instruction to perform the round of AES on the input data using the round key and store a result of the round of AES in a destination. In one aspect, the SIMD instruction is to provide a parameter to specify whether or not a round of AES to be performed is a last round. Other instructions, processors, methods, and systems are described.

According to an example, key splitting may include utilizing a masked version of a master key that is masked by using a mask.

According to an example, key splitting may include utilizing a masked version of a master key that is masked by using a mask.

A method and system for encrypted messaging includes first and second client devices and a quantum key device having a quantum random number generator. The generator provides a first quantum random signal, and the key device provides a symmetric first master key from the first quantum random signal. The master key is transmitted to the first client device and stored. The key device uses the master key to generate an encrypted package by encrypting one of a plurality of keys. The key device generates a second encrypted package. The first pairing key is provided to the first client device by decrypting the first encrypted package using the first master key and providing the first pairing key in the second client device by decrypting the second encrypted package using the second master key to establish an encrypted connection between the first and second client devices.

This application provides an RRC connection resume method and apparatus. In the method, when a terminal moves to a target base station, the target base station may reselect, based on a capability and a requirement of the target base station, a first encryption algorithm and a first integrity protection algorithm that are used when the target base station communicates with the terminal, and send the first encryption algorithm and the first integrity protection algorithm to the terminal. On one hand, a security algorithm used for communication between the terminal and the target base station is flexibly selected. On the other hand, because the base station connected to the terminal changes, communication security can be improved by using a new encryption algorithm and integrity protection algorithm.