A processing unit and a method of operating a processing unit. In an embodiment, the processing unit comprises a SIMON block cipher for transforming plaintext data into encrypted data. A key expansion module generates and outputs one or more encryption keys; and the key expansion module includes a first series of adiabatic registers for holding key generation data values, and for using adiabatic switching to transmit the key generation data values through the first series of adiabatic registers. A round function module receives the plaintext data and the one or more encryption keys, encrypts the plaintext data to generate the encrypted data, and outputs the encrypted data; and the round function module includes a second series of adiabatic registers for holding encryption data, and for using adiabatic switching to transmit the encryption data through the second series of adiabatic registers.

In one embodiment, a method for secured communication between a medical sensor and a computing device includes receiving, by the medical sensor, an authentication request from the computing device. The method includes generating, based on values provided in the authentication request, a challenge-response message for the computing device. The method includes receiving, from the computing device, a responsive challenge-response message. The method includes verifying that the responsive challenge-response message includes an expected value and corresponds to an expected format. The method includes, in response to verifying the responsive challenge-response message, sending a sensor secret value to the computing device.

In one arrangement, a method for a key management server to manage cryptographic key rotation comprises rotating, by the key management server, an initial symmetric key based on a first rotation schedule. Rotating the initial symmetric key comprises rotating bits of the initial symmetric key to create a rotated key, the rotated key being different from the initial symmetric key. The method further comprises enciphering, by the key management server using the rotated key, data sent to a first client server. In another arrangement, a method for a client server to manage cryptographic key rotation comprises rotating, by the client server, an initial symmetric key based on a schedule. The method further comprises deciphering, by the client server, data sent from a key management server using the rotated key and providing the deciphered data to a user.

A personal digital ID device provides a digital identifier to a service for a predetermined duration in response to user interaction. The user interaction may include a button press. The personal digital ID device may be in the form of a bracelet, a key fob, or other form factor. The service may be provided by a mobile device, in the cloud, or elsewhere.

A digital security bubble encapsulation is disclosed. A public key and a device identifier of at least one recipient is requested from a first server. A message containing one or more components is encrypted using a symmetric key. The symmetric key is encrypted with a public key received in response to the request. The encrypted message, the encrypted symmetric key, and the device identifier are encapsulated in a digital security bubble encapsulation. The digital security bubble encapsulation is transmitted to a second server.

A system includes a processor and logic integrated with the processor, executable by the processor, or integrated with and executable by the processor, or integrated with and executable by the processor. The logic is configured to receive a request to store data on media and obtain a data key. The logic is configured to generate an encryption encapsulated data key using the data key and generate a session encrypted data key using the data key. The logic is further configured to provide the session encrypted data key to a machine configured to write encrypted data to the data storage media for use by the machine in writing encrypted data to the data storage media. The logic is configured to provide the encryption encapsulated data key to the machine for enabling the machine to store the encryption encapsulated data key with the data on the data storage media.

A method in a User Equipment (UE) of an Evolved Packet System (EPS) establishes a security key (K_eNB) for protecting Radio Resource Control/User Plane (RRC/UP) traffic exchanged with a serving eNodeB. The method comprises sending a Non-Access Stratum (NAS) Service Request to a Mobility Management Entity (MME), the request indicating a NAS uplink sequence number (NAS_U_SEQ). The method further comprises receiving an indication of the NAS_U_SEQ of the NAS Service Request sent to the MME, back from the MME via the eNodeB. The method further comprises deriving the K_eNB from at least the received indication of the NAS_U_SEQ and from a stored Access Security Management Entity-key (K_ASME) shared with said MME.

The disclosed embodiments include computerized systems and methods that generate secured blockchain-based ledger structures that facilitate event-based control of tracked assets. In one embodiment, an apparatus associated with a rules authority of the secured blockchain-based ledger may obtain data indicative of an initiated transfer of funds between parties, and may access and decrypt a set of restrictions imposed on the initiated transfer and a set of rules associated with the restrictions, which may hashed into the secured blockchain-based ledger using a confidentially-held master cryptographic key. The apparatus may determine that the initiated transfer violates at least one of the restrictions, and may perform operations consistent with at least one of the rules associated with the at least one violated restriction.

A parent cryptographic key associated with a blockchain object is obtained. A number of parties (N) to share control over the blockchain object is obtained. N child cryptographic keys are generated based on the parent cryptographic key by applying a predetermined algorithm to the parent cryptographic key, wherein N is an integer greater than or equal to 2, and wherein the N child cryptographic keys are collectively configured to enable reconstruction of the parent cryptographic key.

A communication system is described in which user plane communication and control plane communication for a particular mobile communication device can be split between a base station that operates a small cell and a macro base station. Appropriate security for the user plane and control plane communications is safeguarded by ensuring that each base station is able to obtain or derive the correct security parameters for protecting the user plane or control plane communication for which it is responsible.