Secure cryptography operations on a white-box cryptography device. Receiving a first message. Receiving a cryptographic key encrypted using a homomorphic encryption scheme. Performing a cryptographic operation, e.g., decryption or digital signature, using the encrypted cryptographic key. Performing a homorphically encrypted tracer calculation that traces the performance of the cryptography operations on the white-box cryptography device thereby allowing verification that all steps of the cryptography operation has been performed without external manipulation. Performing a key-exchange operation. Decrypting the key-exchange output using an alternate cryptographic key stored on the cryptographic device.

A Physical Unclonable Function (PUF) based true random number generator (TRNG), a method for generating true random numbers, and an associated electronic device are provided. The PUF based TRNG may include a first obfuscation circuit, a cryptography circuit coupled to the first obfuscation circuit, and a second obfuscation circuit coupled to the cryptography circuit. The first obfuscation circuit obtains a first PUF value from a PUF pool of the electronic device, and performs a first obfuscation function on a preliminary seed based on the first PUF value to generate a final seed. The cryptography circuit utilizes the final seed as a key of a cryptography function to generate preliminary random numbers. The second obfuscation circuit obtains a second PUF value from the PUF pool, and performs a second obfuscation function on the preliminary random numbers based on the second PUF value to generate final random numbers.

Systems and methods are described that use cryptographic techniques to improve the security of applications executing in a potentially untrusted environment associated with a software application. Embodiments of the disclosed systems and methods may, among other things, facilitate cryptographic operations within an execution environment associated with browser software of a client system while maintaining security of cryptographic keys imported into the environment. As the security of keys is maintained in an execution environment implementing embodiments of the disclosed systems and methods, users and/or systems may be more willing to consign their keys for use in connection with cryptographic operations performed in such environments.

A method of obtaining digitally signed data is disclosed. The method comprises sending first data (e.sub.2) from at least one of a plurality of first participants to at least one second participant, wherein the first data is based on second data (e) accessible to at least one said first participant, and the second data is inaccessible to the or each said second participant. A digital signature (s.sub.1) of the first data is received from at least one said second participant, and the digital signature of the first data is processed, by a plurality of the first participants, to provide shares of a digital signature (s) of the second data, wherein the digital signature of said second data is accessible by means of a threshold number of said shares and is inaccessible to less than said threshold number of shares.

Disclosed techniques relate to storing a key cache within a secure enclave. In some embodiments, a computing system receives, from an application, a request to access a database, where the request is associated with a particular account. The computing system then accesses, using an identifier associated with the particular account, a key cache stored in a secure enclave of a memory of the computing system to determine at least one private key associated with the request, where the key cache stores private keys of a key management system (KMS) for a plurality of accounts. The computing system performs a cryptographic operation for accessing the database within the secure enclave using the at least one private key. In various embodiments, disclosed techniques may improve the security of cryptographic private keys cached for a plurality of tenants.

The technology disclosed herein enables a computing device to use a trusted execution environment to retrieve protected content from mutually-untrusted devices. An example method may include: establishing, by a processor, a trusted execution environment in a computing device, wherein the trusted execution environment uses memory encryption and comprises executable code; providing, by the processor, attestation data to a set of computing devices, the attestation data representing the executable code in the trusted execution environment; receiving, by the processor, cryptographic key data from the set of computing devices; and causing, by the processor, the executable code to execute in the trusted execution environment and to initiate an operation using the cryptographic key data.

An electronic device for managing secured data containers, the electronic device comprising at least one network interface, at least one memory storing executable instructions, and at least one processor coupled to the at least one network interface and the at least one memory. Execution of the executable instructions by the at least one processor causes the electronic device to receive a request for data container creation, retrieve data related to the request for data container creation, retrieve one or more parameters constraining use of the data, encrypt the data using a public encryption key, encode the encrypted data into a data storage area of a data container, encode the one or more parameters constraining use of the data into a machine readable parameter storage area of the data container, and assign a UUID to the data container.

A cryptographic device (100) arranged to compute a target block cipher (B.sub.t) on an input message (110), the device comprising a first and second block cipher unit (121, 122) arranged to compute the target block cipher (B.sub.t) on the input message, and a first control unit (130) arranged to take the first block cipher result and the second block cipher result as input, and to produces the first block cipher result only if the block cipher results are equal.

This disclosure relates to systems and methods for managing protected electronic content using proxy reencryption techniques. Rights management architectures are described that may, among other things, provide end-to-end protection of content keys from their point of origination at a content creator and/or content service to end user devices. Proxy reencryption techniques consistent with aspects of the disclosed embodiments may enable transformation of a ciphertext under one public key to a ciphertext containing the same plaintext under another public key. Consistent with embodiments disclosed herein, proxy reencryption processes may be implemented using indistinguishability obfuscation and puncturable public-key encryption schemes, functional encryption, and/or white box obfuscation techniques.

A microprocessor device comprising an implementation of a cryptographic operation constructed to process parameters and generate an output, wherein at least some of the parameters are obfuscated such that the cryptographic operation processes the obfuscated parameters, wherein the parameters which are obfuscated are obfuscated in that they are encrypted according to an additive homomorphic cryptographic system.