An elliptic curve random number generator avoids escrow keys by choosing a point Q on the elliptic curve as verifiably random. An arbitrary string is chosen and a hash of that string computed. The hash is then converted to a field element of the desired field, the field element regarded as the x-coordinate of a point Q on the elliptic curve and the x-coordinate is tested for validity on the desired elliptic curve. If valid, the x-coordinate is decompressed to the point Q, wherein the choice of which is the two points is also derived from the hash value. Intentional use of escrow keys can provide for back up functionality. The relationship between P and Q is used as an escrow key and stored by for a security domain. The administrator logs the output of the generator to reconstruct the random number with the escrow key.

This disclosure relates to systems and methods for performing cryptographic operations in connection with the management of electronic content using multiple license services. In some circumstances, a content service may not wish to share unencrypted content keys with a single license service for a variety of security reasons. Embodiments of the disclosed systems and methods may use multi-party cryptographic methods in connection with the management of protected content keys and/or associated licenses and/or the distribution of content keys and/or licenses to authorized users and/or devices. In various embodiments, a content service may split a content key into a plurality of key shares and may transmit the key shares to a plurality of different license services. The license services may coordinate operations to generate a protected content key without revealing unencrypted content key to any of the participating license services.

A system and method for providing compression and error correction coding (ECC) in a solid-state drive (SSD). A method is provided that includes: determining whether a data item is to be written to flash memory using a general-purpose mode or a zero-padding mode: in response to a determination that a data item is to be written into flash memory using the zero-padding mode: padding the data item with an all-zero tail to form an LBA data block of a predefined size; performing ECC coding on the LBA block to generate an ECC codeword; removing the all-zero tail from the ECC codeword to generate a shortened ECC codeword; and storing the shortened ECC codeword in flash memory.

Described herein are various methods of generating and using a digital signature, such as a polymorphic digital signature. One or more methods of creating a digital signature permit strings of characters, which may be simple or complex, to uniquely identify large numbers of people, things, and actions. Different people, things, and actions can use the same set of characters to identify themselves and yet still be uniquely identified.

Systems and methods are disclosed for securely communicating sensitive such as an identifier. A user device may receive a first message comprising a terminal type indicator. For certain values of the terminal type indicator, the user device may be configured to transmit a request message comprising a first identifier and an encrypted identifier. For other values of the terminal type indicator, the user device may be configured to generating an obfuscated identifier based at least in part on a first portion of a second identifier and a second portion of the encrypted identifier. The user device may then transmit a request message that includes the obfuscated identifier and the encrypted identifier.

According to an aspect of an embodiment, operations may include receiving an Ethernet signal. The operations may further include creating a bitstream from the Ethernet signal which may include a payload of client information and a set of padding bits. The operations may also include encrypting, using an encryption scheme with an encryption key for a set number of bits, a total payload wherein the total payload may include a combination of the payload of client information and at least one bit from the set of padding bits such that the total payload is divisible by the set number of bits. Further, the operations may include generating a frame from the bitstream which may include the total payload.

An embedded system includes hash message authentication code (HMAC) hardware. The HMAC hardware receives data in separate data transfers to compute a hash. The HMAC hardware receives data of unaligned lengths in at least one of the separate data transfers. The data of unaligned lengths includes fewer valid bytes than the transfer size. The HMAC hardware responds to a residue indication indicating valid bytes associated with the data transfer to fill in the residue from a subsequent data transfer. For each data transfer the HMAC hardware receives an indication of whether the data is final data or if more data will be transferred for computation of the hash. The embedded system loads a linear buffer directly from scatter buffers, which contain encrypted data from a network. Decrypted data in the linear buffer is sent to a host using a direct memory access (DMA) operation responsive to a host request.