A computing apparatus outputs .sub.1 and .sub.2 corresponding to a ciphertext x, a capability providing apparatus uses .sub.1 to correctly compute f(.sub.1) with a probability greater than a certain probability and sets the result of the computation as z.sub.1, uses .sub.2 to correctly compute f(.sub.2) with a probability greater than a certain probability and sets the result of the computation as z.sub.2, the computing apparatus generates a computation result u=f(x).sup.bx.sub.1 from z.sub.1, generates a computation result v=f(x).sup.ax.sub.2 from z.sub.2, and outputs u.sup.bv.sup.a if the computation results u and v satisfy a particular relation, where G and H are groups, f(x) is a function for obtaining an element of the group G for xH, X.sub.1 and X.sub.2 are random variables having values in the group G, x.sub.1 is a realization of the random variable X.sub.1, and x.sub.2 is a realization of the random variable X.sub.2.

A non-transitory computer-readable storage medium comprising instructions stored thereon. When executed by at least one processor, the instructions may be configured to cause a computing system to at least receive a message, the message including a header, an encrypted symmetric key, and an encrypted body, decrypt the encrypted symmetric key using a private key to generate a decrypted symmetric key, decrypt the encrypted body using the decrypted symmetric key to generate a decrypted body, and store the header, the decrypted symmetric key, and the decrypted body in long-term storage.

Methods, systems, and computer-readable storage media for processing queries in analytical web applications over encrypted data. Implementations include actions of receiving, by a database driver executed on a server-side computing device and from a client-side proxy, a query and one or more encryption keys, the one or more encryption keys having been selected by the client-side proxy based on operations required to perform the query, performing at least one operation of the query to provide a query result including encrypted data, and transmitting, by the database driver, the encrypted data to the client-side proxy, the client-side proxy processing the encrypted data to provide plaintext data to an end user.

There is provided a method of a client for providing a hash value for a piece of data, where the hash value provides for a time-stamp for the piece of data upon verification. The method comprises collecting the piece of data and deriving a one-time signing key, OTSK, of a OTSK hash chain by applying a time fraction hash tree splitting a time slot corresponding to an index into time fractions such that the time slot is divided into fractions according to the number of leafs of the time fraction hash tree, forming a signing request for the piece of data by applying the OTSK for the fraction for the respective piece of data to calculate hash values of the piece of data, and transmitting the signing request comprising the hash values to a server for deriving a time stamp for the piece of data. There is also provided a method of a server of a signing authority for issuing a time stamp signature. The method comprises receiving a signing request for a piece of data formed by application of an OTSK, for a fraction corresponding to an index for time fractions defined by a time fraction hash tree splitting a time slot for the respective piece of data to calculate hash values of the piece of data where the time slot is divided into fractions according to the number of leafs of the time fraction hash tree, deriving a time stamp for the piece of data including a hash path of the time fraction hash tree as a sub-tree of hash tree of the OTSK, and transmitting the time stamp for the piece of data. An electronic device, a server, a network node and computer programs are also disclosed.

A method of encrypting information using a computational tag may include, by a mobile electronic device, detecting a computational tag within a near field communication range of the mobile electronic device, identifying a document to be encrypted by the mobile electronic device, transmitting the document to the computational tag by the mobile electronic device, receiving, from the computational tag, an encrypted document, wherein the encrypted document comprises an encrypted version of the document that was to be encrypted, and storing the encrypted document in a memory of the mobile electronic device.

There is provided a method of providing a hash value for a piece of data, where the hash value provides for a time-stamp for the piece of data upon verification. The method comprises deriving one-time signing keys of signer's one-time signing key hash chain by a one-way function of a secret key of the signer and a function of an index of the one-time signing key, and providing the hash value for the piece of data by a hash function including the piece of data and the derived one-time signing key. An electronic device comprising a processor arranged to implement a functional module for deriving a one-time signing key and providing a hash value for a piece of data by a hash function including the piece of data and the derived one-time signing key is also disclosed. The functional module is arranged to perform the method. A computer program for implementing the method on the electronic device is also disclosed.

This disclosure describes systems and methods related to utilizing hardware assisted protection for media content. In some embodiments, a provided method comprises: receiving, from a content server and by a computing device processor of a secure enclave of a device, first encrypted media content; decrypting, by the computing device processor, the first encrypted media content using a first decryption key; generating, by the computing device processor, a second decryption key; encrypting, by the computing device processor, the first decrypted media content using the second key, thereby resulting in second encrypted media content; and sending, by the computing device processor and to one or more graphical processing units (GPUs) comprised in a graphics component of the device, the second encrypted media content and the second decryption key.

A remote encryption method is executed by at least one processor of a cryptographic center. The cryptographic center connects to a sending end and to at least one receiving end. Data and a list listing at least one receiving end to which the data is to be sent are received from the sending end. A public key corresponding to the at least one receiving end listed in the received list is obtained. The received data is asymmetrically encrypted using the obtained public key corresponding to the at least one receiving end. The encrypted data is sent to the corresponding receiving end.

A computing apparatus outputs .sub.1 and .sub.2 corresponding to a ciphertext x, a capability providing apparatus uses .sub.1 to correctly compute f(.sub.1) with a probability greater than a certain probability and sets the result of the computation as z.sub.1, uses .sub.2 to correctly compute f(.sub.2) with a probability greater than a certain probability and sets the result of the computation as z.sub.2, the computing apparatus generates a computation result u=f(x).sup.bx.sub.1 from z.sub.1, generates a computation result v=f(x).sup.ax.sub.2 from z.sub.2, and outputs u.sup.bv.sup.a if the computation results u and v satisfy a particular relation, where G and H are groups, f(x) is a function for obtaining an element of the group G for xH, X.sub.1 and X.sub.2 are random variables having values in the group G, x.sub.1 is a realization of the random variable X.sub.1, and x.sub.2 is a realization of the random variable X.sub.2.

A system and a method is provided for establishing a session key in a context of communications between entities, the identifiers of which are generated cryptographically and for which one of the entities is highly resource-constrained. It includes assigning to assistant entities of the resource-constrained entity, the highest-consuming asymmetric cryptography operations.