An electronic device for managing secured data containers, the electronic device comprising at least one network interface, at least one memory storing executable instructions, and at least one processor coupled to the at least one network interface and the at least one memory. Execution of the executable instructions by the at least one processor causes the electronic device to receive a request for data container creation, retrieve data related to the request for data container creation, retrieve one or more parameters constraining use of the data, encrypt the data using a public encryption key, encode the encrypted data into a data storage area of a data container, encode the one or more parameters constraining use of the data into a machine readable parameter storage area of the data container, and assign a UUID to the data container.

According to various embodiments, an integrated circuit is described comprising a plurality of subcircuits having different signal transfer reaction times, a control circuit configured to form two competing paths from the plurality of subcircuits in response to a control signal, an input circuit configured to supply an input signal to the two competing paths and an output circuit configured to generate an output value depending on which of the competing paths has transferred the input signal with shorter reaction time.

Systems, apparatuses, methods, and computer program products are disclosed for hardware-level encryption. An example method includes receiving an instance of information/data by processing circuitry; and disassembling, by the processing circuitry, the instance of information/data into a plurality of sections. The processing circuitry assigns each section of the plurality of sections a location in an allocated portion of memory. The locations are determined based at least in part on a quantum obfuscation map (QOM). The QOM is generated based on one or more quantum obfuscation elements (QOEs) corresponding to a quantum state of a quantum particle. The processing circuitry then causes each of the plurality of sections to be stored at the corresponding assigned location in the allocated portion of the memory.

Provided is a method for securely performing a public key algorithm comprising cryptographic computations using a private key. It includes selecting (S1), by a server device, a set of mutually coprime integers (p1,...,pn) as a base of a Residue Number System (RNS-base B), with n an integer; computing (S2), by said server device, a RNS representation of said private key, said RNS representation of an integer x in [0, P-1], with P the product of every elements of the base, being the list (x1, ...xn) with xi = x mod pi, i being an integer in [1,n]; sending (S3), by said server device, the computed RNS representation to a client device; and performing (S4), by said client device, the cryptographic computations of the public key algorithm in said RNS base using said sent RNS representation.

A method for performing a secure function in a data processing system is provided. In accordance with one embodiment, the method includes generating and encoding an encryption key. The encoded encryption key may be encrypted in a key store in a trusted execution environment (TEE) of the data processing system. The encrypted encryption key may encrypted, stored, and decrypted in the key store in the TEE, but used in a white-box implementation to perform a secure function. The secure function may include encrypting a value in the white-box implementation for securing a monetary value on, for example, a smart card. In one embodiment, each time an encryption key or decryption key is used, it is changed to a new key. The method makes code lifting and rollback attacks more difficult for an attacker because the key is stored separately from, for example, a white-box implementation in secure storage.

An encryption apparatus comprises a memory configured to store a predetermined program on a general domain and a security domain; and a processor configured to perform an encryption process based on the program, wherein the program is configured to: generate encoding data by encoding input data on the security domain, generate encryption data by performing encryption for the encoding data through a whitebox encryption module on the general domain, and generate output data by encoding the encryption data on the security domain.

A method is provided for generating an output from an input according to a secret using a white-box implementation of a cryptographic function having a first operation, a second operation, and a third operation. The method applies the input to a first operation to generate a first intermediate result, applies the first intermediate result to a second operation to generate a second intermediate result, and applies the second intermediate result to a third operation to generate the output, wherein at least two of the first operation, the second operation, and the third operation is implemented by a plurality of interconnected logic elements, the interconnection of the plurality of logic elements being comprised of one of a non-algebraic interconnection of logic elements and an algebraic interconnection of logic elements having obfuscated boundaries between the at least one of the first operation, the second operation and the third operation.

Embodiments are provided for initializing a sealed network. A sealed network does not require administrators and may run on hardware and software that has been stripped of privileged capabilities. In one embodiment, an obfuscator generates a root, which is the first instance of a sealed network, and the root presents a control panel allowing an authorized operator to further guide the network. In one embodiment, a new instance is added to a sealed network via the control panel. In one embodiment, a unique identifier is found in a network.

Obfuscation transforms original code into an obfuscated code that is less intelligible, but behaves like the original. In one embodiment, a data sequence describing an obfuscator is processed by a reader who outputs an obfuscator. The data sequence may be stored or transmitted and the obfuscator may be used for code obfuscation. In one embodiment, additional readers are used to create objects associated with the obfuscated code. In one embodiment, a generator produces encrypted files and obfuscated code that can decrypt and encrypt the files.

A client communications device and method for generating a user message comprising an assertion for verification by a remote server device is described. Payload data for the user message as generated by a secure application resident on the communications device is received. Biometric authentication of the user is performed as a first level security mechanism. If biometric authentication of the user is successful, a digital signature is generated based on the message payload as a second level security mechanism. The digital signature is generated using a private signature key stored in a secure element of the client device. A third level security mechanism is applied by authenticating the user message using a secure application-specific key. In implementations, the digital signature is generated in a secure environment of the client device which has sole access to the secure element after successful biometric authentication. The user message comprising the message payload and the digital signature is generated for sending to the remote server device. The verification may be required during a financial transaction. A corresponding server communications device and method is also described.