Methods and systems are provided for supporting efficient and secure “Machine-to-Machine” (M2M) communications using a module, a server, and an application. A module can communicate with the server by accessing the Internet, and the module can include a sensor and/or an actuator. The module, server, and application can utilize public key infrastructure (PKI) such as public keys and private keys. The module can internally derive pairs of private/public keys using cryptographic algorithms and a first set of parameters. A server can authenticate the submission of derived public keys and an associated module identity. The server can use a first server private key and a second set of parameters to (i) send module data to the application and (ii) receive module instructions from the application. The server can use a second server private key and the first set of parameters to communicate with the module.

A lightweight attribute-based signcryption (ABSC) method for cloud-fog-assisted Internet-of-things: performing, by a central authority, system initialization to generate a system key pair, and disclosing a public key, the public key including a symmetric encryption algorithm (SEA) and a key derivation function (KDF); generating, by the central authority, a decryption key and an outsourcing decryption key based on a decryption attribute set of a data user, and generating a signature key and an outsourcing signature key based on a signature access structure; calling, by a data owner, a fog node for outsourcing signature, performing symmetric encryption on a plaintext based on a symmetric key, and performing ABSC on the symmetric key based on a defined encryption access structure; and calling, by the data user, a fog node for outsourcing signature verification, calling a fog node for outsourcing decryption, and performing symmetric decryption on a ciphertext based on an outsourcing decryption result.

A method for authenticating an object, comprising determining a physical dispersion pattern of a set of elements, determining a physical characteristic of the set of elements which is distinct from a physical characteristic producible by a transfer printing technology, determining a digital code associated with the object defining the physical dispersion pattern, and authenticating the object by verifying a correspondence of the digital code with the physical dispersion pattern, and verifying the physical characteristic.

A system, method, and apparatus for carrying out a value transfer is provided. A method includes receiving, by a computing system of a financial institution, a de-signcrypted value transfer message including terms of a value transfer from an account of a sending party to an account of a merchant, wherein a receiving party desires to make a purchase from the merchant and the value transfer is a payment from the sending party account to the merchant account; and one or more spending limitations on the desired purchase, wherein the payment is contingent on the desired purchase meeting the spending limitations. The method then includes verifying the authenticity of the de-signcrypted message using a public key of the sending party and a private key of the financial institution; and dispersing funds according to the terms of the value transfer.

Providing authorization and authentication in a cloud for a user of a storage array includes: receiving, by a storage array access module from a client-side array services module, a token representing authentication of user credentials and authorized access privileges defining one or more storage array services accessible by the user, where the token is generated by a cloud-based security module upon authentication of the user credentials and identification of authorized access privileges for the user; receiving, by the storage array access module from the user, a user access request to one or more storage array services; and determining, by the storage array access module, whether to grant the user access request in dependence upon the authorized access privileges represented by the token.

Systems and methods for threshold authenticated encryption are provided. A collection of cryptographic devices may encrypt or decrypt a message, provided that a threshold number of those devices participate in the encryption process. One cryptographic device may generate a commitment message and transmit it to the other selected devices. Those devices may each perform a partial computation using the commitment message, and transmit the partial computations back to the encrypting or decrypting device. The encrypting or decrypting device may use those partial computations to produce a cryptographic key, which may then be used to encrypt or decrypt the message.

Methods and systems are provided for supporting efficient and secure “Machine-to-Machine” (M2M) communications using a module, a server, and an application. A module can communicate with the server by accessing the Internet, and the module can include a sensor and/or an actuator. The module, server, and application can utilize public key infrastructure (PKI) such as public keys and private keys. The module can internally derive pairs of private/public keys using cryptographic algorithms and a first set of parameters. A server can authenticate the submission of derived public keys and an associated module identity. The server can use a first server private key and a second set of parameters to (i) send module data to the application and (ii) receive module instructions from the application. The server can use a second server private key and the first set of parameters to communicate with the module.

A method of biometric authentication includes receiving a biometric input from a user for authentication of the user to access a system. The method includes receiving a set of elements of a field and a random number from an authentication server via a network. The method further includes decoding the biometric input based on the set of elements to generate a polynomial. The method also includes generating a signature key based on the polynomial. The method includes signing the random number with the signature key. The method includes sending the signed random number to the authentication server. The method further includes restricting access to the system until the user is authenticated by the authentication server. The method also includes permitting access to the system in response to receiving an authentication message from the authentication server.

Cryptography provides a wide variety of functions. For example, encryption provides data confidentiality and signatures provide data integrity. In one embodiment, a plurality of encryption functions is iteratively applied to produce a ciphertext. In one embodiment, a data sequence describing a cryptographic function is processed by a reader who outputs the cryptographic function. The data sequence may be stored or transmitted and the cryptographic function may be used for cryptographic purposes. In another embodiment, a generator produces random cryptographic functions.

Secure communication provides data confidentiality, data integrity, and authentication. In one embodiment, encryption and signatures are used to construct a signcryption, which provides confidentiality and integrity. In one embodiment, an identifier and the output of a cryptographic function applied to a token are used to establish a secure channel. In one embodiment, a secure channel is mutated into a new secure channel using a renew message and a construct containing elements for establishing a secure channel.