A cryptographic accelerator (processor) retrieves data blocks for processing from a memory. These data blocks arrive and are stored in an input buffer in the order they were stored in memory (or other known order)typically sequentially according to memory address (i.e., in-order.) The processor waits until a certain number of data blocks are available in the input buffer and then randomly selects blocks from the input buffer for processing. This randomizes the processing order of the data blocks. The processing order of data blocks may be randomized within sets of data blocks associated with a single read transaction, or across sets of data blocks associated with multiple read transactions.

A mask is selected amongst a plurality of masks. A first masked random number is generated by converting a first random number using the selected mask, and a first key is generated from the first masked random number and a first biometric code generated from biometric information. In addition, mask information indicating the selected mask is stored. A second masked random number is generated by converting a second random number using the selected mask or a different mask having a predetermined relationship with the selected mask, and a second key is generated from the second masked random number and a second biometric code. A ciphertext is generated using one of the first key and the second key and an error-correction encoding method.

Systems, devices, and methods are provided for generating and transmitting a stream of random numbers such that the transmitted stream of random numbers is based at least in part on two or more streams of received random numbers. A randomness beacon can include a processor, a transmitter, and a memory with instructions thereon to cause the beacon to receive the two or more streams of received random numbers, generate a new stream of random numbers based at least in part on the received streams, and transmit the new stream via the transmitter to a public network. A system can include the randomness beacon and two or more random number generators that are generating the two or more random number streams received by the beacon.

An example of the instant solution comprises at least one of receiving a plurality of disparate sensor readings from a device, determining a plurality of noise signals based on the plurality of disparate sensor readings, correlating the plurality of noise signals, generating a preliminary string of integers based on the correlated noise signals, sampling the preliminary string of integers, testing the sampled preliminary string of integers for randomness, randomizing the tested preliminary string of integers, utilizing outputs from the device, if the tested preliminary string of integers are not random and validating a string of random integers based on the tested preliminary string of integers.

An example of the instant solution comprises at least one of receiving an encrypted data and an encryption key, generating a randomized matrix, dispersing the encrypted data based on the randomized matrix resulting in a fragmented encrypted data and dispersing the encryption key based on the randomized matrix and the fragmented encrypted data.

Systems and methods are for confidentially and securely provisioning data to an authenticated user device. A user device may register an authentication public key with an authentication server. The authentication public key may be signed by an attestation private key maintained by the user device. Once the user device is registered, a provisioning server may send an authentication request message including a challenge to the user device. The user device may sign the challenge using an authentication private key corresponding to the registered authentication public key, and may return the signed challenge to the provisioning server. In response, the provisioning server may provide provisioning data to the user device. The registration, authentication, and provisioning process may use public key cryptography while maintaining confidentiality of the user device, the provisioning server, and then authentication server.

The invention provides a solution for secure authentication of an individual. The invention comprises methods and apparatus for secure input of a user's identifier e.g. PIN. An image of a keypad is superimposed over a scrambled, operable keypad within a display zone of a screen associated with an electronic device. The keypad image depicts a non-scrambled keypad, in that the keys depicted in the image are in an expected or standardised formal or order. The difference in positions of the keys depicted in the image, and those in the operable keypad, provides a mapping which enables an encoded form of the identifier to be generated, such that the un-encoded version is never stored in the device's memory. Preferably, the image depicts a keypad which is standard for the device which it is being shown on. The device may be a mobile phone, a tablet computer, laptop, PC, payment terminal or any other electronic computing device with a screen. The underlying keypad, which is at least partially obscured from the user's view by the image, may be generated at run time by a procedure call. Preferably, this procedure is native to the device ie part of a library which is provided as standard with the device.

Data can be protected in a centralized tokenization environment. A security value is received by a central server from a client device. The central server accesses a token table corresponding to the client device and generates a reshuffled static token table from the accessed token table based on the received security value. When the client device subsequently provides data to be protected to the central server, the central server tokenizes the provided data using the reshuffled static token table and stores the tokenized data in a multi-tenant database. By reshuffling token tables using security values unique to client devices, the central server can protect and store data for each of multiple tenants such that if the data of one tenant is compromised, the data of each other tenant is not compromised.

A method and computer-readable storage medium for a computer system to perform an encryption scheme is disclosed that is capable of encrypting big data that includes complex data, including image data, sensor data, and text data, and supporting both symmetric and asymmetric-key handling. The encryption scheme uses double hashing using two different consecutively-applied hash functions. With double hashing, the encryption scheme eliminates the threat of known cryptanalysis attacks and provides a highly secure ciphering scheme. Also, the ciphertext header generated in the encryption scheme enables efficient cloud data sharing. A user can share the encrypted data later by re-encrypting the seed and sharing a new ciphertext header without the need of re-encrypting the data or changing the secret or private key. Thus, the encrypted data stays as is in the cloud, and only the seed is encrypted and shared as needed.

A randomizer includes a first pseudorandom number generator, a second pseudorandom number generator, and a first logic circuit configured to output a pseudorandom sequence by carrying out an operation on a pseudorandom sequence generated by the first pseudorandom number generator and a pseudorandom sequence generated by the second pseudorandom number generator, and a second logic circuit configured to randomize a data string input to the randomizer based on the pseudorandom sequence output by the first logic circuit.