To digitally sign a message, a signing entity generates a set of secret keys is generated and, for each secret key, a signing key is derived. An authenticator value is submitted to a signature server and is formed as a cryptographic binding of both the message and a respective one of the signing keys. The signature server then generates and returns to the signing entity a first signature of the authenticator value. If the signing entity determine that the first signature is valid, it replaces the signing key within the first signature with the secret key from which it was derived to form an augmented signature, and only thereafter reveals the respective secret key. This allows the signing entity to offload computational burden onto even an untrusted signature server.

Data in vehicle networks has been treated as proprietary assets, due to car makers' concern of potential IP infringement via extraction of confidential vehicular data. To address this concern, an intermediate gateway in between internal and external networks translates proprietary in-vehicle data to rich type data, thus preventing the exposure of raw in-vehicle data. The translation relies solely on the gateway which can be a direct target of cyberattacks, making it difficult to trust the data through the gateway. This, in turn, requires authentication of the translated data. A communication protocol is presented that provides secure communications between the vehicle's internal components and external entities. The protocol enables authorization of external servers for in-vehicle ECUs as well as authentication and proof of messages between internal and external components to combat a compromised gateway.

Techniques for authentication via a mobile device are provided. A mobile device is pre-registered for website authentication services. A user encounters a website displaying an embedded code as an image alongside a normal login process for that website. The image is identified by the mobile device, encrypted and signed by the mobile device and sent to a proxy. The proxy authenticates the code and associates it with the website. Credentials for the user are provided to the website to automatically authenticate the user for access to the website bypassing the normal login process associated with the website.

Systems and techniques for a System-on-a-Chip (SoC) security plugin are described herein. A component message may be received at an interconnect endpoint from an SoC component. The interconnect endpoint may pass the component message to a security component via a security interlink. The security component may secure the component message, using a cryptographic engine, to create a secured message. The secured message is delivered back to the interconnect endpoint via the security interlink and transmitted across the interconnect by the interconnect endpoint.

In some embodiments, systems, methods, and devices disclosed herein enable trusted sharing of private data and/or transactions via a distributed ledger, while maintaining data consistency properties. Some embodiments provide and utilize one or more independent and/or dependent channels. In particular, in some embodiments, one or more independent and/or dependent channels can exist on a single distributed ledger, wherein participants or nodes that are members of a particular channel can view and access the information in a given network transaction. To other participants or nodes not on the particular channel, however, only an encrypted or redacted version of the information can be viewable, thereby not disclosing the transaction information to such participants or nodes. In some embodiments, consistency properties may be preserved even in the presence of selective sharing of transaction information with proofs of validity.

Methods, apparatus, systems and articles of manufacture are disclosed to verify encrypted handshakes. An example apparatus includes a message copier to clone a client introductory message, the client introductory message is included in a first handshake for network communication between a client and a server, a connection establisher to initiate a second handshake between the apparatus and the server based on the cloned client introductory message, and a decrypter to, in response to the second handshake, decrypt a certificate sent by the server.

Various examples are directed to secure memory arrangements and methods of using the same. A gateway device of the secure computing system may receiving a first message from an external system. The first message may comprise a first message payload data and first asymmetric access data. The gateway device may determine that the first asymmetric access data matches the first message payload data based at least in part on an external system public key. The gateway device may access a first system controller symmetric key associated with a first system controller in communication with the gateway device and generate a first symmetric access data based at least in part on the first system controller symmetric key and the first message payload data. The gateway device may send the first message payload data and the first symmetric access data to the first system controller.

The disclosed embodiments disclose techniques for extracting encryption keys to enable monitoring services. During operation, an encrypted connection is detected on a computing device. A monitoring service harvests an encryption key for this encrypted connection from the memory of a computing device and then forwards the encryption key to an intercepting agent in an intermediate computing environment that intercepts encrypted traffic that is sent between the computing device and a remote service via the encrypted connection.

The present application provides example website login methods and apparatuses. One example method includes identifying a website jump trigger indication to jump from a first website to a second website. A first token is then obtained from a cookie store of the web browser, the first token associated with a website identifier of the second website and a device fingerprint indicating a running environment at a time when the password-free proxy login was previously set. In response to determining that a current running environment corresponds to the device fingerprint, a second token corresponding to the first token is obtained, wherein the second token comprises an access token indicating that the second website grants password-free login permissions. A password-free login request is sent to the second website including the second token. In response to the second website verifying the second token, the second website is logged into without a password.

Systems, methods, and computer-readable storage devices storing instructions for homomorphic encryption via finite ring isomorphisms are provided. An example method includes selecting a polynomial f(x) of exact degree n with small coefficients in a ring F.sub.q[x] and selecting a polynomial h(y) of exact degree n in a ring F.sub.q[y]. The method includes constructing an isomorphism from the ring F.sub.q[x]/(f(x)) to the ring F.sub.q[y]/(h(y)) and constructing an inverse isomorphism from the ring F.sub.q[y]/(h(y)) to the ring F.sub.q[x]/(f(x)). The method includes encrypting a message using said isomorphism from the ring F.sub.q[x]/(f(x)) to the ring F.sub.q[y]/(h(y)) and transmitting the encrypted message to a remote computer. The method also includes receiving one or more encrypted response messages from the remote computer based at least in part on the transmitted message and decrypting the one or more encrypted response messages.