An elliptic curve random number generator avoids escrow keys by choosing a point Q on the elliptic curve as verifiably random. An arbitrary string is chosen and a hash of that string computed. The hash is then converted to a field element of the desired field, the field element regarded as the x-coordinate of a point Q on the elliptic curve and the x-coordinate is tested for validity on the desired elliptic curve. If valid, the x-coordinate is decompressed to the point Q, wherein the choice of which is the two points is also derived from the hash value. Intentional use of escrow keys can provide for back up functionality. The relationship between P and Q is used as an escrow key and stored by for a security domain. The administrator logs the output of the generator to reconstruct the random number with the escrow key.

In a general aspect, a GHASH semiconductor intellectual property (IP) core can include circuitry for calculating a GHASH function. The IP core can be configured to calculate the GHASH function by calculating the following quantities:

[00001]$X_0=0;$

[00002]$X_{i+1}=H^k{X}_i+{\displaystyle {.Math.}_{j=0}^{k-1}{\displaystyle {.Math.}_{n=0}^{m-1}{C}_{ki+j}{h}_{ijn},\text{where for any}i\text{and}j;\text{and}}}$

[00003]${\displaystyle {.Math.}_{n=0}^{m-1}{h}_{ijn}=H^j,\text{where}k>1\text{and}m>1.}$

A virtual environment system for validating executable data using authorized hash outputs is provided. In particular, the system may generate a virtual environment using a virtual environment device, where the virtual environment is logically and/or physically separated from other devices and/or environments within the network. The system may then open a specified set of executable data within the virtual environment and perform a set of commands or processes with respect to the executable data. If the system determines that the executable data is safe to run, the system may generate a hash output of the executable data and store the hash output in a database of approved executable data. In this way, the system may securely generate a repository of authorized hashes such that the system may ensure that only safely executable code is processed by the computing systems within the network environment.

Methods and systems for provable, auditable and secure software updates for resource-constrained IoT devices are provided via a security framework and a protocol for owner-controlled software updates for IoT devices through blockchain.

An elliptic curve random number generator avoids escrow keys by choosing a point Q on the elliptic curve as verifiably random. An arbitrary string is chosen and a hash of that string computed. The hash is then converted to a field element of the desired field, the field element regarded as the x-coordinate of a point Q on the elliptic curve and the x-coordinate is tested for validity on the desired elliptic curve. If valid, the x-coordinate is decompressed to the point Q, wherein the choice of which is the two points is also derived from the hash value. Intentional use of escrow keys can provide for back up functionality. The relationship between P and Q is used as an escrow key and stored by for a security domain. The administrator logs the output of the generator to reconstruct the random number with the escrow key.

A homomorphic encryption-based testing computing system provides a risk-based, automated, one-directional push of production data through a homomorphic encryption tool and distributes the encrypted data to use in testing of applications. Data elements and test requirements are considered when automatically selecting a homomorphic encryption algorithm. A decisioning component selects an algorithm to use to homomorphically encrypt the data set and a push mechanism performs one or both of the homomorphic encryption and distribution of the encrypted data set to at least one intended host. Once delivered, the testing software and/or testing procedures proceed using the encrypted data set, where results of the testing may be stored in a data store. A validation mechanism may validate the test data against production data and communicates whether testing was successful.

A baseband processor of a communication device, the baseband processor including an encryptor block that encrypts a transmit data stream into an encrypted data stream, at least one transmit chain block that transforms the encrypted data stream into an analog transmit signal, and a randomness inspector unit that is in communication with the encryptor block, the randomness inspector unit accessing the transmit data stream and the encrypted data stream from the encryptor block as first and second input streams, respectively, to the randomness inspector unit, and determining a randomness gain by comparing a first randomness measurement associated with the first input stream to a second randomness measurement associated with the second input stream.

A method is provided for secure provisioning of a device. In the method, a plurality of integrated circuit (IC) devices is manufactured by a first entity for use in the device. The first entity provides signed provisioning software and stores in at least one provisioning IC device one or more keys used for provisioning the plurality of ICs. The provisioning device with the signed provisioning software is provided to a second entity. The second entity verifies the provisioning software using a stored key. The provisioning software encrypts provisioning assets provided by the second entity and provides the encrypted provisioning assets to the third entity. The signed provisioning software is provided to a third entity by the first entity. During manufacturing of the manufactured products by the third entity, the provisioning software verifies and decrypts the encrypted provisioning assets of the second entity to provision all the plurality of IC devices.

Methods and systems for provable, auditable and secure software updates for resource-constrained IoT devices are provided via a security framework and a protocol for owner-controlled software updates for IoT devices through blockchain.

A biometric device comprising: biometric sensing circuitry; cryptographic circuitry; a device key area in the biometric device for storing a cryptographic device key unique to the biometric device; and a test key area in the biometric device, for storing a cryptographic test key. The biometric device is controllable between: a test state in which the test key area is connected to the cryptographic circuitry to provide the test key to the cryptographic circuitry, and the cryptographic circuitry is prevented from performing cryptographic operations on data provided by the biometric sensing circuitry; and a functional state in which the device key area is connected to the cryptographic circuitry to provide the device key to the cryptographic circuitry, and the cryptographic circuitry is connected to the biometric sensing circuitry to receive and perform cryptographic operations on data from the biometric sensing circuitry using the device key.