An apparatus includes a first-processor, and a programmable integrated circuit coupled to the first-processor; a second-processor, and a memory coupled to the second-processor, the second-processor being configured to access the first-processor; and a third-processor to manage the first-processor, wherein the first-processor is configured to write, to the rewritable-integrated circuit, a computation circuit to perform computation according to information from the second-processor, and an encryption circuit to generate encrypted data by encrypting a computation result computed by the computation circuit, by using an encryption key for the computation circuit, the third-processor is configured to manage the encryption key in association with the computation circuit and notify the second-processor of the encryption key for the computation circuit, and the second-processor is configured to read out the encrypted data from the memory for storing the encrypted data, and decrypt the read encrypted data by using the encryption key notified from the third-processor.

A secure method for transmitting a control word between a server and a plurality of processing entities so as to respectively produce and utilize the control word. Preferably such a method is applied to the field of conditional access methods and systems for preventing the fraudulent use of compromised decryption keys resulting from a coalition of pirate hackers.

Provided are an operation method and a secure terminal for performing the method. The operation method may include receiving, from a user terminal, a plain text on which an external encoding operation is to be performed, performing the external encoding operation on the plain text, and transmitting the external encoding operated plain text to the user terminal, and the operation method may include receiving, from a user terminal, a cryptogram in which a white-box cryptography operation is performed on an external encoding operated plain text; performing an external decoding operation on the cryptogram; and transmitting the external decoding operated cryptogram to the user terminal.

A method may include allocating a number of public keys, where each respective public key is allocated to a respective entity of a number of entities; storing a number of private keys, where each respective private corresponds to a respective public key; storing one or more decryption algorithms, where each respective decryption algorithm is configured to decrypt data previously encrypted using at least one encryption algorithm of the encryption algorithms. Each respective encryption algorithm may be configured to encrypt data using at least one public key. Each respective decryption algorithm may be configured to decrypt data using at least one private key. The method may include receiving encrypted data, where the encrypted data is encrypted using a first public key and a first encryption algorithm, and the encrypted data is provided over a network.

The description relates in particular to a method for encoding information represented in the form of a function P, and to a corresponding method for decoding information. The encoding comprises the encoding of secondary information. These methods may be implemented within a context of biometric enrollment and (respectively) biometric authentication. The description also relates to an electronic device, a computer program, and a storage medium for the implementation of such methods.

Disclosed herein are methods and systems for enabling legal-intercept mode for a targeted secure element. In an embodiment, a method includes embedding a first key-negotiation parameter associated with a target client device into an intercept secure encryption element; configuring an encryption-management device to receive the intercept secure encryption element and to receive a second key-negotiation parameter associated with the target client device and obtained from a service-provider system, the encryption-management device configured to embed the second key-negotiation parameter into the intercept secure encryption element; and providing the intercept secure encryption element to a communications-intercept system configured to obtain intercepted messages associated with the target client device, the intercepted messages comprising session-key-negotiation messages and associated data messages encrypted with a corresponding negotiated session key, wherein the intercept secure encryption element is configured to (i) identify the negotiated session key based on the session-key-negotiation messages and the first and second key-negotiation parameters and (ii) decrypt the data messages with the negotiated session key.

Disclosed are methods and apparatus for detecting mismatch of ciphering parameters, such as Count-C, in a wireless device and recovery therefrom. The methods and apparatus for detection include examining a predefined ciphered field, such as a Length Indicator field, in one or more received Radio Link Control (RLC) Protocol Data Units (PDUs). Next, a determination of when the field is invalid over a predetermined sample number of PDUs is performed. Mismatch of ciphering parameters can then be determined when a predetermined number of samples of the field detected as invalid exceed a predetermined threshold. Additionally, recovery of PDUs after mismatch detections is disclosed using a range of Hyper-Frame Numbers (HFNs) to decipher buffered PDUs, and then check which of the HFNs eliminate the parameter mismatch by again determining if parameter mismatch occurs using the methods and apparatus for detection.

Embodiments of systems and methods disclosed herein provide a simple and effective method for authentication and key exchange that is secure from man-in-the-middle attacks and is characterized by perfect forward secrecy. More specifically, in certain embodiments, the systems and methods are disclosed that enable secure communications between a local device and a remote device(s) via a protocol that uses a Central Licensing Authority that shares derived secrets with the endpoints, without sharing the secrets themselves. The derived secrets may be comprised of public information, taking the form of nonces, in order to protect the system against replay-style attacks. Each endpoint can generate its own nonce with sufficient entropy such that neither endpoint is dependent on the trustworthiness of the other.

A method performed by one or more network node(s) of a wireless telecommunications network to dynamically manage encryption keys for multiple narrowband Internet of Things (NB-IoT) devices of the network. The network node(s) can maintain a database that stores a device profile for each of the NB-IoT devices and obtain multiple encryption keys for the multiple NB-IoT devices. The encryption keys are associated with different encryption strengths ranging from high to ultra-low encryption strengths. The network node(s) can allocate the encryption keys to the NB-IoT devices, detect a change in the condition of the network, capability or communications service of NB-IoT devices, and refresh the encryption keys accordingly to ensure that the network nodes properly balance encryption while providing efficient network performance.

In one embodiment, it is proposed a method of cryptographic processing of data, the method being executed by an electronic device, and comprising obtaining at least two points belonging to a same elliptic curve defined on an algebraic structure being a finite ring, each point being represented by at least two coordinates. The method is remarkable in that it comprises: obtaining a parameterization of an isomorphism between said elliptic curve and another elliptic curve, said parameterization defining some configuration parameters, each configuration parameter having a range of possible values; determining in function of values of coordinates of said at least two points said configuration parameters, delivering determined configuration parameters; and obtaining coordinates of another point corresponding to an image of an addition of said at least two points through said isomorphism, said another point belonging to said another elliptic curve, and said obtaining being performed without an inversion operation in said algebraic structure, due to said determined configuration parameters.