Disclosed are an apparatus and method for data encryption and an apparatus and method for data decryption. The data encryption apparatus includes a key exchanger configured to generate a session key using a key exchange protocol, a cipher key generator configured to generate at least one of a cipher key and a key table from the session key, and an encryptor configured to encrypt data with the at least one of the cipher key and the key table generated from the session key.

A method for generating a public key for an electronic device is provided, wherein the method comprises generating a public key 103 based on a private key and a unique identifier associated with the electronic device 200.

Instructions and logic provide for a Single Instruction Multiple Data (SIMD) SM4 round slice operation. Embodiments of an instruction specify a first and a second source data operand set, and substitution function indicators, e.g. in an immediate operand. Embodiments of a processor may include encryption units, responsive to the first instruction, to: perform a slice of SM4-round exchanges on a portion of the first source data operand set with a corresponding keys from the second source data operand set in response to a substitution function indicator that indicates a first substitution function, perform a slice of SM4 key generations using another portion of the first source data operand set with corresponding constants from the second source data operand set in response to a substitution function indicator that indicates a second substitution function, and store a set of result elements of the first instruction in a SIMD destination register.

A method and apparatus are provided for performing information-theoretically secure cryptography using joint randomness not shared by others. Two valid communicating entities independently generate samples of a shared source that is not available to an illegitimate entity. The shared source may be a satellite signal, and each legitimate entity may generate uniformly distributed samples from a binary phase-shift keying signal received on an independent channel. Alternatively, the shared source may be a channel between the two legitimate entities, such that each legitimate entity generates samples of unknown distribution based on the channel impulse response of the channel. One legitimate entity generates an encryption key, a quantization error, and a syndrome from its samples. The quantization error and the syndrome are reported to the other legitimate entity. The other legitimate entity generates a matching encryption key using its samples, the quantization error, and the syndrome.

Disclosed is a key downloading management method, comprising: a device end authorizing the validity of an RKS server by checking a digital signature of a work certificate public key of the RKS server, and the RKS server generating an authentication token (AT); encrypting by using an identity authentication secondary key DK2 of the device end, and sending the ciphertext to the device end; the device end decrypting the ciphertext by using the identity authentication secondary key DK2 saved thereby, encrypting the ciphertext by using the work certificate public key and then returning same to the RKS server; the RKS server decrypting same by using a work certificate private key thereof and then comparing whether the authentication token (AT) is the same as the generated authentication token (AT) or not, and if so, it is indicated that the device end is valid, thereby achieving bidirectional identity authentication.

The embodiments relate to a method and a digital circuit area for securely providing a key using a request unit and a provision unit. In this case, a key is derived from parameters, at least one of which is used for the key derivation in a non-predefinable manner by the request unit. In this case, the key derivation is carried out in a digital circuit area in which the request unit and the provision unit are implemented.

A device unlock application on a user device may interact with a server to automatically carrier unlock the user device. The server may receive a carrier unlock request for a user device. The server may determine one or more verifications to be performed based at least on a unlock scenario requested by the carrier unlock request. The server may perform the one or more verifications to determine whether the user device is eligible for a carrier unlock. The server may send a unlock command to the user device in response to determining that the user device is eligible for the carrier unlock. The unlock command may disable a comparison of a device carrier code of the user device to a subscriber identity module (SIM) carrier code stored in a SIM card of the user device.

An approach to generating and regenerating a profile value from features of a system (e.g., a computer system), allows for certain changes of features of the system over time. The system may correspond to a client computer or a particular component of the client computer or a user of a client computer, and may also correspond to a combination of the user (i.e., a biometric characterization of the user) and the client computer or a component of the computer. The profile value may be used, for example, for purposes including identification, authentication, key generation, and other cryptographic functions involving the system.

A flexible aes instruction for a general purpose processor is provided that performs aes encryption or decryption using n rounds, where n includes the standard aes set of rounds {10, 12, 14}. A parameter is provided to allow the type of aes round to be selected, that is, whether it is a “last round”. In addition to standard aes, the flexible aes instruction allows an AES-like cipher with 20 rounds to be specified or a “one round” pass.

Embodiments of an invention for cryptographic key generation using a stored input value and a stored count value have been described. In one embodiment, a processor includes non-volatile storage storing an input value and a count value, and logic to generate a cryptographic key based on the stored input value and the stored count value.