The following description is directed to a logic repository service. In one example, a method of a logic repository service can include receiving a first request to generate configuration data for configurable hardware using a specification for application logic of the configurable hardware. The method can include generating the configuration data for the configurable hardware. The configuration data can include data for implementing the application logic. The method can include encrypting the configuration data to generate encrypted configuration data. The method can include signing the encrypted configuration data using a private key. The method can include transmitting the signed encrypted configuration data in response to the request.

Several embodiments of memory devices and systems with command and control access are described herein. In one embodiment, a memory device includes a controller having a processor and a memory component operably coupled to the processor. The controller is configured to receive at least one command and control (C.sup.2) packet from a remote computer associated with a device vendor. The C.sup.2 packet includes a request for the controller to perform a restricted command, and a vendor signature. The memory component stores instructions executable by the processor to determine if the vendor signature is valid and to direct the controller to perform the restricted command if the vendor signature is determined to be valid.

Disclosed is an electronic device. The electronic device comprising: a display including a touch screen; a biometric sensor; a communication circuit; a memory; and at least one processor electrically connected to the display, the biometric sensor, the memory, and the communication circuit, wherein the memory stores a plurality of instructions that, when executed, causes the processor to: receive an electronic document from at least one server using the communication circuit; obtain biometric information associated with a user using the biometric sensor; transmit the biometric information associated with the user to the at least one server through the communication circuit; obtain a signature of the user associated with the electronic document using the display; encrypt the obtained signature with specified data associated with the biometric information; and transmit the encrypted signature and at least one of the electronic document and identification information of the electronic document by using the communication circuit.

A method of establishing a network by sharing a secret between a first entity (A) and a second entity (B), comprising the steps of: the first entity (A) broadcasting (100) an ANNOUNCE message announcing its identity and details of other entities it is aware of, wherein each of the other entities of which it is aware is associated with a particular nonce, and the message is encrypted using a broadcast encryption scheme common to the first and second entities (A,B), and; the second entity (B), upon receiving and decrypting the ANNOUNCE message, transmitting (110) to the first entity (A) a SHARE message, wherein the SHARE message comprises a signcryption of the secret, authenticated using signcryption data associated with the particular nonce associated with the second entity (B).

Systems and methods for self-provisioning of mobile devices in a deployable telecommunications network are disclosed. A telecommunications network may include an enhanced provisioning server for recording and maintaining user data and authentication information associating users with applications of the network, and for generating secure, transportable user credentials that carry the user data and authentication information on a per-user basis. An enhanced deployable mobile communication system may include local versions of the applications, as well as a local subscriber database and provisioning server. The enhanced deployable mobile system securely import individual user data and authentication information from a user's transportable credentials, and use the imported data to provision the user in the deployable mobile system. Multiple deployable systems may be used, each enabling individual users to self-provision. Each may function as a standalone mobile network even in the absence of connectivity to a core telecommunications network.

A method of authorizing an operation on a remote device with a cryptographic signature verification component, the remote device being operable in a communications network having human-readable messages with message signatures, comprising receiving at an arbitrator an authorization request to perform an operation requiring authorization on the remote device; retrieving from the request an operation identifier and plaintext data; sending a human-readable request with the identifier and the plaintext data to an authorizer; receiving a reply from an authorizer, the reply message comprising at least the plaintext data and a verifiable cryptographic signature identifying the authorizer derived from the request; and on receiving the reply, sending a request to perform the operation to the remote device with an authorization derived from at least the cryptographic signature, the cryptographic signature being suitable for verification by the cryptographic signature verification component on the remote device.

Methods, systems, and media for protecting and verifying video files are provided. In some embodiments, a method for verifying video streams is provided, the method comprising: receiving, at a user device, a request to present a video that is associated with a video archive, wherein the video archive includes a file list, a signature corresponding to the file list, video metadata, a signature corresponding to the video metadata, and at least one encrypted video stream corresponding to the video, and wherein the file list indicates a plurality of files that are to be included in the video archive; verifying the signature corresponding to the file list; in response to determining that the signature corresponding to the file list has been verified, determining whether the plurality of files indicated in the file list are included in the video archive; in response to determining that the plurality of files indicated in the file list are included in the video archive, verifying the signature corresponding to the video metadata; in response to determining that the signature corresponding to the video metadata has been verified, requesting a decryption key corresponding to the video stream; in response to receiving the decryption key, decrypting the encrypted video stream; and causing the decrypted video stream to be presented on the user device.

A module with an embedded universal integrated circuit card (eUICC) can include a received eUICC profile and a set of cryptographic algorithms. The received eUICC profile can include an initial shared secret key for authentication with a wireless network. The module can receive a key K network token and send a key K module token to the wireless network. The module can use the key K network token, a derived module private key, and a key derivation function to derive a secret shared network key K that supports communication with the wireless network. The wireless network can use the received key K module token, a network private key, and the key derivation function in order to derive the same secret shared network key K derived by the module. The module and the wireless network can subsequently use the mutually derived key K to communicate using traditional wireless network standards.

In representative embodiments keys used in authentication are removed from local systems and stored on a key server system. When keys are needed for authentication, requests are routed to the key server system. In some embodiments, the keys do not leave the key server system and the key server system performs requested operations using the keys. In other embodiments, secure protocols are used to temporarily allow the local system to retrieve and use the key. In this latter situation, keys are not maintained on the local system.

A mobile device for securely authenticating user consent may be provided. The mobile device may include a settings management state. The mobile device may include a processor configured to: access the settings management state, create a personal profile for the user and process a plurality of settings created by the user. The settings may include description-type settings and live motion and/or behavior settings of the user. The mobile device may include a database for storing the plurality of settings and the user's personal profile. The storing may enable future authentication of the user. In response to the user attempting to consent to an initiator via the mobile device, the processor may be configured to perform a real-time profile validation check. The validation check may include capturing live motion and/or behavior of the user, verifying the live motion and/or behavior and instructing the initiator to accept the consent.