A computing apparatus outputs .sub.1 and .sub.2 corresponding to a ciphertext x, a capability providing apparatus uses .sub.1 to correctly compute f(.sub.1) with a probability greater than a certain probability and sets the result of the computation as z.sub.1, uses .sub.2 to correctly compute f(.sub.2) with a probability greater than a certain probability and sets the result of the computation as z.sub.2, the computing apparatus generates a computation result u=f(x).sup.bx.sub.1 from z.sub.1, generates a computation result v=f(x).sup.ax.sub.2 from z.sub.2, and outputs u.sup.bv.sup.a if the computation results u and v satisfy a particular relation, where G and H are groups, f(x) is a function for obtaining an element of the group G for xH, X.sub.1 and X.sub.2 are random variables having values in the group G, x.sub.1 is a realization of the random variable X.sub.1, and x.sub.2 is a realization of the random variable X.sub.2.

Some embodiments are directed to a cryptographic device, including a non-volatile memory, a range of the memory storing data, a selector arranged to receive a selector signal configuring a memory read-out unit for a regular read-out mode or for a PUF read-out mode of the same memory, a control unit arranged to send the selector signal to the selector configuring the memory read-out unit in the regular read-out mode, and reading the memory range to obtain the data, and send the selector signal to the selector configuring the memory read-out unit for PUF read-out mode and obtaining a noisy bit string from the memory range.

Systems and methods for maintaining encryption keys are disclosed. An encrypted master key is determined by encrypting a master key based on an initial user password and discarding the master key. The encrypted master key is stored. A request for the master key including a present user password is received and verified based on comparison to the initial user password. Based on failure of verifying the present user password, a failed attempt counter that is maintained within a secure container is created. User password based access to the master key is locked out based on the failed attempt counter exceeding a defined value.

An alias key is generated for each person identification (ID) in a database table. The alias key us used to lookup the corresponding person ID in the database table. In addition, for each alias key, a temporary alias key is generated that is used to lookup the corresponding alias key in the database table. A plurality of queries are received from at least one remote client that each specify at least one of the temporary alias keys. Data is later transmitted to the at least one remote client that is responsive to the queries. Related apparatus, systems, techniques and articles are also described.

The present invention presents a device and method for managing the performance of a quantum noise-based random number generator, the device ensuring the performance stability of a random number generator on the basis of an output value for each pixel, which is outputted in correspondence to an optical strength value of an optical signal emitted from a light source and inputted into each pixel, so as to be capable of outputting, within a certain range regardless of devices, a value of an entropic signal outputted from an image sensor, thereby enabling sufficient randomness to be continuously maintained while minimizing deviation between pixels.

A technique includes performing a plurality of instances of retrieving components of a security key from a plurality of locations of an electronic device and constructing the security key from the components. The technique includes inhibiting electromagnetic field-based eavesdropping from being used to reveal the security key, where the inhibiting includes varying a protocol that is used to retrieve the components among the instances.

The present invention relates to methods and systems for distributing scrambled binaries, binary scrambling, and applications for cybersecurity technology aimed at preventing cyber-attacks.

The present invention is directed to a method for efficiently and individually encrypting control commands, which makes it possible to encrypt supplied applications and to transmit them to an end device not only in an efficient but also in a particularly secure way.

In transmission of command from a host device to a memory device, circuitry is configured to selectively switch between a first pattern and a second pattern. In the first pattern, an encrypted command is generated by encrypting a command with an S-box circuit of a first encryption unit, and the encrypted command is decrypted with an InvS-box circuit of a second decryption unit. In the second pattern, an encrypted command is generated by encrypting a command with an InvS-box circuit of a first decryption unit, and the encrypted command is decrypted with an S-box circuit of a second encryption unit.

Systems, and associated methods, involving both a trusted and an untrusted device where sensitive data or keys are shared between those devices are disclosed. A disclosed method includes storing a key in a secure memory on a first device, receiving sensitive data via a user interface on a second device, generating a set of white box encryption instructions based on the key using a white box encryption generator on the first device, generating a complete data representation of the set of white box encryption instructions using a secure processor on the first device, transmitting the complete data representation from the first device to the second device, and encrypting the sensitive data using the complete data representation on the second device. The complete data representation is not Turing complete and is not executable with respect to the second device.