Executable code, placed into a plurality of computing resources forming a distributed ledger, (e.g., smart contracts) are provided to enable communicating between parties without requiring trust or an intermediary, such as a broker or escrow service. Data may be deposited in a secure data storage for access by a party who satisfies the condition of the smart contract. A resource holding the deposited data then activates a link upon receiving an access token, as produced as a result of satisfying the smart contract. The distributed ledger is then updated to enable other parties to see a description of the data and the terms.

A set of servers can support secure and efficient Machine to Machine communications using an application interface and a module controller. The set of servers can record data for a plurality of modules in a shared module database. The set of servers can (i) access the Internet to communicate with a module using a module identity, (i) receive server instructions, and (iii) send module instructions. Data can be encrypted and decrypted using a set of cryptographic algorithms and a set of cryptographic parameters. The set of servers can (i) receive a module public key with a module identity, (ii) authenticate the module public key, and (iii) receive a subsequent series of module public keys derived by the module with a module identity. The application interface can use a first server private key and the module controller can use a second server private key.

Methods and systems are provided for supporting efficient and secure Machine-to-Machine (M2M) communications using a module, a server, and an application. A module can communicate with the server by accessing the Internet, and the module can include a sensor and/or an actuator. The module, server, and application can utilize public key infrastructure (PKI) such as public keys and private keys. The module can internally derive pairs of private/public keys using cryptographic algorithms and a first set of parameters. A server can authenticate the submission of derived public keys and an associated module identity. The server can use a first server private key and a second set of parameters to (i) send module data to the application and (ii) receive module instructions from the application. The server can use a second server private key and the first set of parameters to communicate with the module.

The following description is directed to a logic repository service. In one example, a method of a logic repository service can include receiving a first request to generate configuration data for configurable hardware using a specification for application logic of the configurable hardware. The method can include generating the configuration data for the configurable hardware. The configuration data can include data for implementing the application logic. The method can include encrypting the configuration data to generate encrypted configuration data. The method can include signing the encrypted configuration data using a private key. The method can include transmitting the signed encrypted configuration data in response to the request.

Device to device (D2D) communication can be performed with packet data convergence protocol (PDCP) based encapsulation without internet protocol (IP) addressing. The non-IP D2D PDCP-encapsulated communication can further include two forms of secure data transfer. A first non-IP D2D PDCP-encapsulated communication can be a negotiated non-IP D2D PDCP-encapsulated communication. A second non-IP D2D PDCP-encapsulated communication can be a non-negotiated non-IP D2D communication. The non-negotiated non-IP D2D PDCP-encapsulated communication can include a common key management server (KMS) version and a distributed KMS version. The encapsulated communication can be used with various protocols, including a PC5 protocol (such as the PC5 Signaling Protocol) and wireless access in vehicular environments (WAVE) protocols.

According to an example, a device for processing data is suggested, said device comprising a first component, wherein the first software component is arranged for receiving the data; a security processor for receiving said data and a first signature, wherein the security processor is arranged for determining based on the first signature whether the data are valid; for determining a second signature for the data; and for conveying the second signature to the first component.

A system and method for client authentication wherein a client computing system is authenticated by at least performing, at an authentication system different than a target computing system, a set of validation operations on authorization information addressed to a destination port of the target computing system, and, as a result of the client computing system being authenticated by the set of validation operations, switching to a mode wherein a port of the target computing system is opened and data from the client computing system is communicated to the port of the target computing system.

System, device, and method of authenticated encryption of messages. A message intended for authenticated encryption is stored; and a secret authentication key and a secret encryption key are stored. A key-stream set of blocks is generated, each block including pseudo-random bits. The aggregate length of the key-stream is equal to or greater than the message-length of the message. Each block of the key-stream is generated by a deterministic pseudo-random number generator function that is instantiated with the secret encryption key. The key-stream is generated on a block-by-block basis, until the key-stream reaches in aggregate the message-length of the message. Each block of bits of the message is encrypted, on a per-block basis, with a corresponding block from the key-stream. Authentication is performed on the result of the encrypting operation, or on the message, by applying a keyed cryptographic checksum function that ascertains integrity and that utilizes the secret authentication key.

An apparatus and methodology for securing data exchanged between devices in a NarrowBand IoT (NB-IoT) environment is disclosed. The apparatus embodies a cryptoprocessor having a confidentiality block and an integrity block. The confidentiality and integrity blocks are coupled to a bus interface through data channels via a multiplexer/demultiplexer (MUX) and first-in-first-out transmitter and receiver. The confidentiality and integrity blocks are further coupled to a cipher block through data channels via a MUX. The cipher block is operable to implement at least one stream cipher and at least one block cipher, such as SNOW 3G, AES and ZUC.

A distributed multi-function secure system for verifiable signer authentication having a personal private key stored in a secure storage of a mobile device where the mobile device connects to a fragmented distributed signing engine by a secure protocol and is issued a signer certificate from a circle of trust certificate server to securely electronically sign documents.