A cryptography apparatus includes multiple multiplication units and logic circuitry. The multiplication units are arranged in two or more multiplication levels, and are configured to operate in accordance with Galois-Field (GF) arithmetic over respective Galois fields. The logic circuitry is configured to receive input data whose word-size exceeds a maximal input word-size among the multiplication units, to hold a cryptographic key including multiple sub-keys whose number does not exceed a number of the multiplication units, and to perform a cryptographic operation on the input data by applying the sub-keys to the multiplication units.

Methods and systems are provided for supporting efficient and secure “Machine-to-Machine” (M2M) communications using a module, a server, and an application. A module can communicate with the server by accessing the Internet, and the module can include a sensor and/or an actuator. The module, server, and application can utilize public key infrastructure (PKI) such as public keys and private keys. The module can internally derive pairs of private/public keys using cryptographic algorithms and a first set of parameters. A server can authenticate the submission of derived public keys and an associated module identity. The server can use a first server private key and a second set of parameters to (i) send module data to the application and (ii) receive module instructions from the application. The server can use a second server private key and the first set of parameters to communicate with the module.

One embodiment provides a system that facilitates mutating and caching content in a CCN. During operation, the system receives, by an intermediate node, a content object that indicates an encrypted payload, a signature, and a parameter for a group to which the content object belongs, wherein the content object includes a name that is a hierarchically structured variable length identifier which comprises contiguous name components ordered from a most general level to a most specific level. The system re-encrypts the content object based on the encrypted payload and the parameter to obtain a new encrypted payload and a new signature, wherein re-encrypting is not based on a private key or a public key associated with the encrypted payload. The system transmits the re-encrypted content object to a client computing device, thereby allowing the client computing device to decrypt the re-encrypted content object and verify the new signature.

The present disclosure relates to a sensor network, machine type communication (MTC), machine-to-machine (M2M) communication, and technology for internet of things (IoT). The present disclosure may be applied to intelligent services based on the above technologies, such as smart home, smart building, smart city, smart car, connected car, health care, digital education, smart retail, security and safety services. A method for performing an encryption process is provided. The method includes generating a plurality of keys used for keyword encryption and file encryption, generating an address ciphertext by performing a first encryption process on each of addresses that a plurality of files are stored, generating a keyword ciphertext by performing a second encryption process on each of a plurality of keywords that are included in each of the plurality of files, reordering the address ciphertext and the keyword ciphertext based on the keyword ciphertext, and storing the reordered address ciphertext and keyword ciphertext.

A message including a digital signature of a message originator is received at a processor. In response to determining that the message originator is authorized by a data protection policy to originate the message, a determination is made as to whether a specific authorized certificate issuer is configured for the message originator within a data protection policy. In response to determining that the specific authorized certificate issuer is configured for the message originator within the data protection policy, a determination is made as to whether a message originator certificate used to generate the digital signature of the message originator is issued by the specific authorized certificate issuer configured for the message originator within the data protection policy.

The invention concerns a method for generating an electronic signature key and an associated public key certificate, implemented by a client unit and a server unit, the method comprising a step during which the client unit and/or the server unit generate(s) a signature key comprising a private key and a public key, and a public key certificate comprising said public key, the method being characterized in that the client unit acquires an item of biometric data of an individual, and in that the signature key and/or the public key certificate are generated from at least a portion of said biometric data, and in that the portion of biometric metric data from which the signature key and/or the public key certificate have been generated is ephemeral and is not memorized after the signature key and the public key certificate have been generated. The invention also concerns a method for transferring a message and a system designed to implement the method for generating a signature key.

In one example embodiment, a system for registering an application installable on a client device is provided. The system comprises processors and a memory storing instructions that, when executed by at least one processor among the processors, cause the system to perform operations comprising, at least, registering the application at a consumer registry service; receiving, in association with a client device ID, a public key of a public-private key pair generated by the consumer registry service, the private key of the public-private key pair stored at a device management service; publishing the application, having the public key and associated client device ID, to an application store; and based on a user installation of the published application onto the client device, communicating with the installed application.

Systems, methods, and apparatuses for low-latency page efficient chained decryption and decompression acceleration are described. In one embodiment, a processor comprises a hardware processor core, and an accelerator circuit coupled to the hardware processor core, the accelerator circuit to: in response to a descriptor, comprising an indication of a hash key and encrypted data to be decrypted, from the hardware processor core, perform a determination that the encrypted data is to be read in an encrypted order or a reverse order from the encrypted order, in response to the determination that the encrypted data is to be read in the reverse order, generate a resultant authentication tag in the reverse order for the encrypted data based at least in part on the hash key without reordering the encrypted data in the reverse order into the encrypted order, and, in response to the determination that the encrypted data is to be read in the encrypted order, generate the resultant authentication tag in the encrypted order for the encrypted data based at least in part on the hash key.

A method of establishing a network by sharing a secret between a first entity (A) and a second entity (B), comprising the steps of: the first entity (A) broadcasting (100) an ANNOUNCE message announcing its identity and details of other entities it is aware of, wherein each of the other entities of which it is aware is associated with a particular nonce, and the message is encrypted using a broadcast encryption scheme common to the first and second entities (A,B), and; the second entity (B), upon receiving and decrypting the ANNOUNCE message, transmitting (110) to the first entity (A) a SHARE message, wherein the SHARE message comprises a signcryption of the secret, authenticated using signcryption data associated with the particular nonce associated with the second entity (B).

A distributed multi-function secure system for verifiable signer authentication having a personal private key stored in a secure storage of a mobile device where the mobile device connects to a fragmented distributed signing engine by a secure protocol and is issued a signer certificate from a circle of trust certificate server to securely electronically sign documents.