A method and system is disclosed for encrypting and decrypting data, with decryption contingent upon user-defined conditions being met. The encryption process comprises a method for using pointers to indicate the locations and sizes of encryption components, utilizing randomly determined patterns to be used for a random number of characters of text data being encrypted. For each randomly determined block of text, a randomly determined pattern is selected, which specifies how to combine the encryption components, including the shuffled and encrypted text, and references to that block's seed key, the size and composition of which are randomly determined. Decryption comprises of a methodology for reversing the process to decode encrypted text, iteratively extracting the decryption components in accordance with the pattern indicator identified for each block of encrypted text, as determined by the pointers, and dependent upon satisfying all user-defined conditions necessary to enable decryption.

An accelerator includes a memory, a compute zone to receive an encrypted workload downloaded from a tenant application running in a virtual machine on a host computing system attached to the accelerator, and a processor subsystem to execute a cryptographic key exchange protocol with the tenant application to derive a session key for the compute zone and to program the session key into the compute zone. The compute zone is to decrypt the encrypted workload using the session key, receive an encrypted data stream from the tenant application, decrypt the encrypted data stream using the session key, and process the decrypted data stream by executing the workload to produce metadata.

At a source network device, data is compiled into a plurality of data blocks for transmission in a data frame over a network to a destination network device. The plurality of data blocks are arranged into a plurality of data block groups such that each data block group comprises a predetermined number of data blocks. Encryption information is generated for each of the plurality of data blocks groups. The encryption information identifies an encryption key for each of the plurality of data block groups. Overhead data configured to allow the destination network device to align and decode the data frame is generated. The data frame is transmitted from the source network device to the destination network device such that the encryption information for each of the plurality of data block groups is transmitted consecutively with a respective data block group, and a portion of the overhead data is transmitted prior to each consecutive transmission of encryption information with a data block group.

In some aspects, an apparatus for encoding data for delivery to or for decoding data retrieved from a storage medium comprises a memory device and at least one hardware processor. The memory device is configured to store at least one parameter associated with at least one cryptographic protocol, the at least one parameter comprising one or more of a first cryptographic scheme, a first cryptographic key operation, a first cryptographic key length, and first cipher directives. The hardware processor is configured to generate a first frame comprising a first field for one parameter selected from the first cryptographic scheme, the first cryptographic key operation, the first cryptographic key length, and the first cipher directives and excluding fields for non-selected parameters, wherein the first frame is associated with the data delivered to or retrieved from the storage medium.

A cryptographic method includes providing memory locations for storing encrypted data. The memory locations have respective addresses and are accessible via a communication bus. The method includes receiving over the communication bus access requests to the memory locations, wherein the access requests include burst requests for access to respective sets of the memory locations starting from respective start addresses, and calculating as a function of the start addresses encryption/decryption cryptographic masks based on cryptographic keys. Plain text data is received for encryption and the method includes applying the cryptographic masks to the plain text data to obtain therefrom encrypted data, and including the encrypted data into output data for transmission over the communication bus.

An adaptive data storage platform includes a plurality of nodes and a plurality of data stores, each associated with a different one of the nodes. An immutable journal distributed is between the plurality of nodes. Access to the data stores is based upon a consensus of trust determined by the plurality of nodes. The data is cyphered as it is received to form ciphered data that is sharded into equally sized shards that are distributed across the nodes for storing on a corresponding ones of the data stores and tracked using the immutable journal. The shard may be periodically sent to a different one of the nodes for storing on the corresponding data store. The data is thereby ciphered and distributed across the plurality of data stores and is not stationary.

A security device may be utilized to provide security measures to an electronic device that may incorporate the security device or be coupled to it. The security measures may comprise authentication (e.g., authentication of devices, users, or activities), and/or encryption measures (e.g., encrypting or decrypting exchanged data). A transaction or access via the security device may be authenticated by communicating an authentication request by the security device to an authentication server, which may generate, in response, a sequence of information requests that are sent to the security device. The security device may then generate, in response, a sequence of responses that are sent to the authentication server, with the sequence of responses comprising a sequence of reported values each of which are unique. The authentication server may then authenticate the security device based on comparing of the sequence of reported values with a sequence of expected values that identifies the security device.

Provided are a method, system, and article of manufacture for iterative data secret-sharing transformation and reconversion. In one aspect, data secret-sharing transformation and reconversion is provided in which each bit of an input stream of bits of data is split, on a bit by bit basis, into a pair of secret-sharing bits, and the secret-sharing bits of each pair of secret-sharing bits are separated into separate streams of secret-sharing bits. In this manner, one secret-sharing bit of each pair of secret-sharing bits may be placed in one stream of secret-sharing bits and the other secret-sharing bit of each pair may be placed in another stream of secret-sharing bits different from the one stream of secret-sharing bits. Confidentiality of the original input stream may be protected in the event one but not both streams of secret-sharing bits is obtained by unauthorized personnel. In another aspect, for an input stream of N bits, each received bit of the N bits of the input stream of data, may be interatively split, on a bit by bit basis, into a pair of secret-sharing bits, to generate as few as N+1 secret-sharing bits from the input stream of bits N bits. Other features and aspects may be realized, depending upon the particular application.

A configuration capable of performing reliable source analysis of illegal copy content using content in which a reproduction path is settable is implemented. Content in which an individual segment region including a plurality of pieces of variation data which include different identification information embedded therein and are decryptable using different keys and a common segment region including single data are provided, and variation data is configured with an aligned unit is set. A content reproducing device calculates a reproduction path by applying a device key and selects and reproduces an aligned unit corresponding to the reproduction path on the basis of a variation data identifier recorded in an adaptation field in a plain text region at the head of a plurality of aligned units constituting the variation data.

System and methods for encrypting data, such as plaintext or binary data, on electronic devices are described. An electronic device can encrypt the data by receiving a string of one or more characters associated with the data to be encrypted, determining an entropy for an encrypted string, determining a position for each character of the one or more characters, generating an encrypted string for each character using the determined entropy and position of the respective character, and generating an encrypted message by concatenating the encrypted strings of the one or more characters together. In some examples, the electronic device encrypts the data using one or more pseudo-random number generators. In some examples, the electronic device can offset the one or more characters before the encrypting and/or offset characters in the encrypted strings after the encrypting. The electronic device can then send the encrypted message to another electronic device for decrypting.