A device configured to obtain a first graphical code that represents a public encryption key for an organization and to extract the public encryption key for the organization from the first graphical code. The device is further configured to obtain a second graphical code that represents a digital document comprising data and a digital signature that was signed using a private encryption key for the organization. The device is further configured to extract the digital document from the second graphical code and to validate the second graphical code using the public encryption key for the organization. The device is further configured to determine the second graphical code passes validation using the public encryption key for the organization and to store the digital document in a digital document repository.

A first party uses a secret key to encrypt information, which is then sent through an untrusted connection to a second party. The second party, however, cannot decrypt the information on its own, and it relays the encrypted information through a secure network. The secure network includes one or more nodes linking the first and second parties through one or more trusted connections (“hops”); each hop features uses of a shared secret key unique to that hop. The first party's connection to the network (domain) receives the information relayed through the secure network by the second party, it decrypts that information according to the secret key of the first party, and it then retransmits the decrypted information to the second party using the secure hops. Techniques are provided for sharing a private session key, federated credentials, and private information.

A first party uses a secret key to encrypt information, which is then sent through an untrusted connection to a second party. The second party, however, cannot decrypt the information on its own, and it relays the encrypted information through a secure network. The secure network includes one or more nodes linking the first and second parties through one or more trusted connections (“hops”); each hop features uses of a shared secret key unique to that hop. The first party's connection to the network (domain) receives the information relayed through the secure network by the second party, it decrypts that information according to the secret key of the first party, and it then retransmits the decrypted information to the second party using the secure hops. Techniques are provided for sharing a private session key, federated credentials, and private information.

A routing plane includes an authentication packaging system that receives client authentication information, as part of a request from a requesting client that is to be routed to a target service. The authentication packaging system combines the authentication information with assertion information indicative of an assertion as to the identity of the routing plane, using an entropy, such as a signing key. The authentication package is attached to the request and is sent to the target service. The target service validates the authentication package based on the entropy and authenticates the routing plane based on the assertion information and performs authentication processing based on the authentication information.

Embodiments include a method of adding first and second binary numbers having C bits and divided into D words to provide a third binary number in E successive adding operations, C, D and E being plural positive integers, the method comprising: a first group of D adding operations adding together respective words of the first and second binary numbers to provide D sum and carry outputs ranging from a least significant to a most significant sum and carry output; one or more subsequent groups of adding operations adding together sum and carry outputs from an immediately preceding group of adding operations, a final group of the one or more subsequent groups resulting in the third binary number consisting of the sum outputs from the final group and a carry from the most significant carry output of the final group, wherein E is less than D.

Embodiments include a method of adding first and second binary numbers having C bits and divided into D words to provide a third binary number in E successive adding operations, C, D and E being plural positive integers, the method comprising: a first group of D adding operations adding together respective words of the first and second binary numbers to provide D sum and carry outputs ranging from a least significant to a most significant sum and carry output; one or more subsequent groups of adding operations adding together sum and carry outputs from an immediately preceding group of adding operations, a final group of the one or more subsequent groups resulting in the third binary number consisting of the sum outputs from the final group and a carry from the most significant carry output of the final group, wherein E is less than D.

A method for key rotation includes initiating key rotation for a user account of a multi-factor authentication platform enabling one-time password authentication using a first symmetric cryptographic key; generating, at an authenticating device, a second symmetric cryptographic key; transmitting, at the authenticating device, the second symmetric cryptographic key to the multi-factor authentication platform; configuring the multi-factor authentication platform and the authenticating device to disable authentication that uses the first symmetric cryptographic key; and configuring the multi-factor authentication platform and the authenticating device to enable authentication that uses the second symmetric cryptographic key.

A method for key rotation includes initiating key rotation for a user account of a multi-factor authentication platform enabling one-time password authentication using a first symmetric cryptographic key; generating, at an authenticating device, a second symmetric cryptographic key; transmitting, at the authenticating device, the second symmetric cryptographic key to the multi-factor authentication platform; configuring the multi-factor authentication platform and the authenticating device to disable authentication that uses the first symmetric cryptographic key; and configuring the multi-factor authentication platform and the authenticating device to enable authentication that uses the second symmetric cryptographic key.

The present disclosure relates to the field of computer technologies and it discloses a method for encrypting a picture performed at a sending device, the method including: obtaining, by a sending device raw data of a to-be-encrypted picture, a first key, a second key, and location information that is used for adding disturbance data to the raw data; generating the disturbance data, and adding the disturbance data to the raw data according to the location information, to obtain first data; encrypting the first data by using the first key, to obtain the second data, and encrypting the first key and the length of the disturbance data by using the second key, to obtain first encrypted data; and sending the second data, the first encrypted data, and the second key to a receiving device.

The present disclosure relates to the field of computer technologies and it discloses a method for encrypting a picture performed at a sending device, the method including: obtaining, by a sending device raw data of a to-be-encrypted picture, a first key, a second key, and location information that is used for adding disturbance data to the raw data; generating the disturbance data, and adding the disturbance data to the raw data according to the location information, to obtain first data; encrypting the first data by using the first key, to obtain the second data, and encrypting the first key and the length of the disturbance data by using the second key, to obtain first encrypted data; and sending the second data, the first encrypted data, and the second key to a receiving device.