The following description is directed to a logic repository service. In one example, a method of a logic repository service can include receiving a first request to generate configuration data for configurable hardware using a specification for application logic of the configurable hardware. The method can include generating the configuration data for the configurable hardware. The configuration data can include data for implementing the application logic. The method can include encrypting the configuration data to generate encrypted configuration data. The method can include signing the encrypted configuration data using a private key. The method can include transmitting the signed encrypted configuration data in response to the request.

A module with an embedded universal integrated circuit card (eUICC) can include a received eUICC profile and a set of cryptographic algorithms. The received eUICC profile can include an initial shared secret key for authentication with a wireless network. The module can receive a key K network token and send a key K module token to the wireless network. The module can use the key K network token, a derived module private key, and a key derivation function to derive a secret shared network key K that supports communication with the wireless network. The wireless network can use the received key K module token, a network private key, and the key derivation function in order to derive the same secret shared network key K derived by the module. The module and the wireless network can subsequently use the mutually derived key K to communicate using traditional wireless network standards.

A computer-implemented method for completing transactions includes a first user creating and encrypting a message with an identifier associated with a second user. The first user then digitally signs the message with the encrypted message and a privately held key. From there, an exchange record is created which includes an identifier associated with the first user, an identifier associated with the second user, the encrypted message, and the digital signature of the first user. The second user validates the exchange record and decrypts the message by providing a privately held key that is associated with the second user's identifier. A verification record, which includes the identifier of the second user, the identifier of the first user, the encrypted message, and a digital signature of the second user, is then created. The exchange record and verification record together constitute a completed transaction.

Systems and methods for threshold authenticated encryption are provided. A collection of cryptographic devices may encrypt or decrypt a message, provided that a threshold number of those devices participate in the encryption process. One cryptographic device may generate a commitment message and transmit it to the other selected devices. Those devices may each perform a partial computation using the commitment message, and transmit the partial computations back to the encrypting or decrypting device. The encrypting or decrypting device may use those partial computations to produce a cryptographic key, which may then be used to encrypt or decrypt the message.

A set of servers can support secure and efficient Machine to Machine communications using an application interface and a module controller. The set of servers can record data for a plurality of modules in a shared module database. The set of servers can (i) access the Internet to communicate with a module using a module identity, (i) receive server instructions, and (iii) send module instructions. Data can be encrypted and decrypted using a set of cryptographic algorithms and a set of cryptographic parameters. The set of servers can (i) receive a module public key with a module identity, (ii) authenticate the module public key, and (iii) receive a subsequent series of module public keys derived by the module with a module identity. The application interface can use a first server private key and the module controller can use a second server private key.

Methods, systems, and media for protecting and verifying video files are provided. In some embodiments, a method for verifying video streams is provided, the method comprising: receiving, at a user device, a request to present a video that is associated with a video archive, wherein the video archive includes a file list, a signature corresponding to the file list, video metadata, a signature corresponding to the video metadata, and at least one encrypted video stream corresponding to the video, and wherein the file list indicates a plurality of files that are to be included in the video archive; verifying the signature corresponding to the file list; in response to determining that the signature corresponding to the file list has been verified, determining whether the plurality of files indicated in the file list are included in the video archive; in response to determining that the plurality of files indicated in the file list are included in the video archive, verifying the signature corresponding to the video metadata; in response to determining that the signature corresponding to the video metadata has been verified, requesting a decryption key corresponding to the video stream; in response to receiving the decryption key, decrypting the encrypted video stream; and causing the decrypted video stream to be presented on the user device.

Systems and methods for self-provisioning of mobile devices in a deployable telecommunications network are disclosed. A telecommunications network may include an enhanced provisioning server for recording and maintaining user data and authentication information associating users with applications of the network, and for generating secure, transportable user credentials that carry the user data and authentication information on a per-user basis. An enhanced deployable mobile communication system may include local versions of the applications, as well as a local subscriber database and provisioning server. The enhanced deployable mobile system securely import individual user data and authentication information from a user's transportable credentials, and use the imported data to provision the user in the deployable mobile system. Multiple deployable systems may be used, each enabling individual users to self-provision. Each may function as a standalone mobile network even in the absence of connectivity to a core telecommunications network.

A module with an embedded universal integrated circuit card (eUICC) can include a received eUICC profile and a set of cryptographic algorithms. The received eUICC profile can include an initial shared secret key for authentication with a wireless network. The module can receive a key K network token and send a key K module token to the wireless network. The module can use the key K network token, a derived module private key, and a key derivation function to derive a secret shared network key K that supports communication with the wireless network. The wireless network can use the received key K module token, a network private key, and the key derivation function in order to derive the same secret shared network key K derived by the module. The module and the wireless network can subsequently use the mutually derived key K to communicate using traditional wireless network standards.

A system, method, and apparatus for providing a value transfer is provided. A method includes creating, by a mobile device, a value transfer message, the message including terms of a value transfer from an account of a sending party to a receiving party or one or more merchants; signcrypting, by the mobile device, the value transfer message using each of the receiving party's public key and the sending party's public and private keys; and sending, by the mobile device, the signcrypted value transfer message to the receiving party, wherein the receiving party can de-signcrypt the signcrypted value transfer message using each of the receiving party's public and private keys and the sending party's public key, and present the value transfer message to a third party to receive the value transfer.

In a communication network system connected between a transmission node and a reception node, both the transmission node and the reception node store the same secret information with their secret information storage units. The transmission node includes a counter configured to increase its transmission count value by 1 for transmitting each message, wherein a MAC generator generates MAC based on secret information, transmission data, and its transmission count value, thus transmitting a message including transmission data and MAC. The reception node includes a counter configured to increase a reception count value by 1 for receiving each message, wherein a MAC checking part generates MAC based on secret information, reception data, and its reception count value, obtained from the received message, thus checking whether the generated MAC matches the MAC obtained from the received message.