The disclosed embodiments relate to securely booting firmware images. In one embodiment, a method is disclosed comprising receiving, by a memory device, a firmware update; validating, by the memory device, a signature associated with the firmware update; copying, by the memory device, an existing firmware image to an archive location, the archive location storing a plurality of firmware images sorted by version identifiers; booting, by the memory device, and executing the firmware update; and replacing, by the memory device, the firmware update with the existing firmware image stored in the archive location upon detecting an error while booting the firmware update.

A technique for processing Bluetooth Mesh packets that comprise erroneous cyclic redundancy check (CRC) values. The disclosed mesh node receives packets, each of which comprising a Protocol Data Unit (PDU) and a cyclic redundancy check (CRC) field. The PDU comprises an AD Data field with multiple octets; the AD Data field itself comprises a Network Identifier (NID) field. After determining the value of the CRC field in a first packet to be invalid, and subject to further checks, the mesh node selects a selected set of one or more NID values, based on the validity of the value of the NID field in the first packet. The mesh node then processes at least some of the multiple octets in the AD Data field in the first packet in accordance with a set of network keys that hash to the one or more NID values in the selected set.

Embodiments of present disclosure relates to and systems to reduce propagation delays in hardware implementation of 3GPP confidentiality or standardized algorithm 128-EEA3 and 3GPP integrity algorithm 128-EIA3 using ZUC module. The reduction of the propagation delays is achieved by improving or optimizing secondary critical paths, which are subsequent to primary critical path, related to the 3GPP confidentiality or standardized algorithm 128-EEA3 and the 3GPP integrity algorithm 128-EIA3. Non-conventional modifications in the hardware implementation are proposed for the improvement or optimization.

Various embodiments of the present application set forth a computer-implemented method that includes generating, based on a resource file stored at an endpoint device, a credential data packet for authenticating with a first application executing in a first network, where the resource file includes a set of encryption keys associated with a plurality of applications including the first application, and where the credential data packet is encrypted with a device key signed by the endpoint device, and the credential data packet is signed by an endpoint device management (EDM) key extracted from the set of encryptions keys included in the resource file, sending, by the endpoint device, the credential data packet to the first application via a trusted communication channel, and receiving, by the endpoint device and in response to the credential data packet, an authorization packet from the first application via the trusted communication channel.

An example process includes breaking content into multiple fragments; and transmitting at least two of the multiple fragments over different physical channels in order to isolate the at least two fragments during transmission. The example process may include generating session keys; encrypting at least some of the fragments using different session keys; and associating, with each fragment, a session key used to encrypt a different fragment to produce fragment/session key pairs.

An example process includes breaking content into multiple fragments; and transmitting at least two of the multiple fragments over different physical channels in order to isolate the at least two fragments during transmission. The example process may include generating session keys; encrypting at least some of the fragments using different session keys; and associating, with each fragment, a session key used to encrypt a different fragment to produce fragment/session key pairs.

A method and system are provided for validating a promotional token redeemed at a Point-of-Sale (PoS) terminal, can include receiving, at the Point of Sale (PoS) terminal located at a physical retail location, a promotional token ID from a mobile device associated with a customer. The promotional token ID can be configured to uniquely identify a promotional token to promote a consumer packaged good (CPG) distributed on a social media platform. A CPG is entered at the PoS terminal to determine a CPG ID configured to uniquely identify the CPG. Next, a validation request is generated. The validation request comprises the promotional token ID and the CPG ID. The validation request is then transferred to a server having access to a private blockchain ledger. Upon completion, the PoS terminal will receive, from the server, the redemption status for the promotional token ID based on information stored in the private blockchain ledger responsive to the validation request.

A method may include obtaining, by a first entity, a verification key from a second entity to which an asset is to be transferred. The method may also include proving to an administrator of a blockchain that the first entity is a current owner of the asset, the blockchain hosting a token associated with the asset. The method may additionally include providing an updated randomness value and the token to the second entity. The method may also include sending an updated hash value of the token and the updated randomness, a signed indication of the transfer of the asset from the first entity to the second entity, and the verification key of the second entity to an administrator of the blockchain.

A device management service of a provider network maintain a device repository that is accessible to a remote managed network. The device management service assigns different service credentials for different edge devices indicated by the device repository. For a particular edge device, the device management service provides, based on the service credentials assigned for the edge device, secure transmission of a message between the device management service and a network manager of the managed network. The network manager of the managed network provides secure transmission of the message between the network manager and the edge device based on local credentials assigned for the edge device.

The present disclosure relates to generating a passphrase for an encrypted volume by at least cryptographically combing the first cryptographic key and the shared secret. Where the shared secret is split into a plurality of shares and a first number of the plurality of shares is greater than a second number of the plurality of shares and the second number of the plurality of shares is required to reconstruct the shared secret.