In order for supporting separate ciphering at an MeNB (20) and an SeNB (30), the MeNB (20) derives separate first and second keys (KUPenc-M, KUPenc-S) from a third key (KeNB). The first key (KUPenc-M) is used for confidentially protecting first traffic transmitted over U-Plane between the MeNB (20) and a UE (10). The first key (KUPenc-M) may be the same as current KUPenc or a new key. The second key (KUPenc-S) is used for confidentially protecting second traffic transmitted over the U-Plane between the UE (10) and the SeNB (30). The MeNB (20) sends the second key (KUPenc-S) to the SeNB (30). The UE (10) negotiates with the MeNB (20), and derives the second key (KUPenc-S) based on a result of the negotiation.

Embodiments provide methods, and systems for cryptographic keys exchange where the method can include receiving, by a server system, a client public key being part of a client asymmetric key pair from a client device; sending, by the server system, a server public key being part of a server asymmetric key pair to the client device; generating, by the server system, a random value master key and sending the random value master key encrypted using the client public key to the client device; and generating, by the server system, an initial unique session key and sending the initial unique session key encrypted under the random value master key to the client device. A unique session key from the set of the unique session keys is used by the client device to encrypt a session data for transmission to the server system per session.

Anonymizing systems and methods comprising a native configurations database including a set of configurations, a key management database including a plurality of private keys, a processor in communication with the native configurations database and the key management database, and a memory coupled to the processor. The set of configurations includes one or more textual descriptions and one or more ranges, wherein each range includes a contiguous sequence comprised of IP addresses, port numbers, or IP addresses and port numbers. The processor is configured to retrieve the set of configurations from the native configurations database, wherein the set of configurations includes a plurality of objects; retrieve a private key from the key management database; assign a unique cryptographically secure identity to each object; and anonymize the plurality of objects based on the cryptographically secure identities and the private key. The present system prevents retrieving the textual descriptions and the ranges of the configuration files of the native configuration database from the anonymized configuration database

Systems, devices, and methods are disclosed for instantaneously decrypting data in an end-to-end encrypted secure messaging session while maintaining forward secrecy and post-compromise security using a double ratchet communication protocol. Unique message keys can be generated in a predictable progression independently on each device, ratcheting keys for each message on an as-needed basis, and a seed key and state for the predictable progression can be updated based on an asymmetric key exchange between the devices, thereby serving as a second ratchet. Message keys can feed a pseudo-random number generator (PRG) to generate the next message key in a progression. A Continuous Key Agreement (CKA) engine can use an asymmetric key pair to generate a shared secret key to feed a Pseudo-Random Function (PRF-PRNG) to reset the state of the PRG and provide a refresh key to the PRG.

A method for implementing zero-knowledge private key management for decentralized applications on a client device including registering an account with a verifier server, initializing a wallet, generating a public key and a private key, encrypting the private key with a zero-knowledge encryption function, producing an encrypted private key, transmitting the encrypted private key to the verifier server, removing the private key from the decentralized client application, sending a transaction request to a decentralized application, receiving a raw transaction, requesting and receiving the encrypted private key from the verifier server, decrypting the encrypted private key with a zero-knowledge decryption function, signing the raw transaction with the decrypted private key, transmitting the signed transaction to the decentralized application, and removing each of the encrypted private key and the decrypted private key from the client application.

The present disclosure is directed to methods that provide a secure communication protocol by utilizing one step process of authenticating and encrypting data without having to exchange symmetric keys or needing to renew or re-issue digital identities fundamental to asymmetric encryption methodology.

A network and a device can support secure sessions with both (i) a post-quantum cryptography (PQC) key encapsulation mechanism (KEM) and (ii) forward secrecy. The device can generate (i) an ephemeral public key (ePK.device) and private key (eSK.device) and (ii) send ePK.device with first KEM parameters to the network. The network can (i) conduct a first KEM with ePK.device to derive a first asymmetric ciphertext and first shared secret, and (ii) generate a first symmetric ciphertext for PK.server and second KEM parameters using the first shared secret. The network can send the first asymmetric ciphertext and the first symmetric ciphertext to the device. The network can receive (i) a second symmetric ciphertext comprising “double encrypted” second asymmetric ciphertext for a second KEM with SK.server, and (ii) a third symmetric ciphertext. The network can decrypt the third symmetric ciphertext using the second asymmetric ciphertext.

This document describes a three-party cryptographic handshake protocol in a wireless network in which a sighter receives, from a beacon, a packet including an exponentiation of a random value and a proxy value and generates an end-to-end encrypted ephemeral identifier (E2EE-EID) from the exponentiation of the random value and the proxy value. The sighter generates a message for an owner, selects a private key, and computes an exchanged key using the private key and the E2EE-EID. The sighter extracts a common symmetric key from the exchanged key, encrypts the message using the common symmetric key, and transmits the encrypted message to the owner.

A method including determining, by a transmitting device in communication with a receiving device, encrypted decoy messages based at least in part on encrypting decoy data utilizing an encryption key; determining, by the transmitting device, one or more encrypted content messages based at least in part on encrypting content data utilizing a cryptographic key, different from the encryption key; and transmitting, by the transmitting device to the receiving device, the one or more encrypted content messages among the encrypted decoy messages. Various other aspects are contemplated.

A method including determining, by a transmitting device in communication with a receiving device, encrypted decoy messages based at least in part on encrypting decoy data utilizing an encryption key; determining, by the transmitting device, one or more encrypted content messages based at least in part on encrypting content data utilizing a cryptographic key, different from the encryption key; and transmitting, by the transmitting device to the receiving device, the one or more encrypted content messages among the encrypted decoy messages. Various other aspects are contemplated.