Aspects of this description provide for a computer program product comprising computer executable instructions. In at least some examples, the instructions are executable by a controller to cause the controller to broadcast, in a data frame, a scan request to a node, the scan request including a certificate of the controller and a public authentication key of the controller, receive, in the data frame, a scan response from the node, the scan response including a certificate of the node and a public authentication key of the node, and perform pairing between the controller and the node based on the public authentication key of the node and a private authentication key of the controller.

A method for sharing data encryption keys among a plurality of storage systems is disclosed. The method generates, by a first storage system, a data encryption key for encrypting data sent from the first storage system to cloud storage. The method stores the encrypted data in the cloud storage in the form of an encrypted data object. In certain embodiments, the first storage system stores an Internet Protocol (IP) address of a second storage system belonging to a same key sharing network as the first storage system. The method replicates, from the first storage system to the second storage system, the data encryption key. The second storage system retrieves the encrypted data object from the cloud storage and decrypts the encrypted data in the encrypted data object using the data encryption key received from the first storage system.

A system for security key rotation in a cloud computing environment is disclosed. The system performs steps to at least initiate, at a predetermined interval, a call to determine whether to initiate generation of a public-private key pair for a client application. The system determines whether to initiate generation of the public-private key pair for the client application and based on determining to initiate generation of the public-private key pair for the client application, transmits a control signal requesting generation of the public-private key pair The system generates the public-private key pair and transmits a private key associated with the public-private key pair to a secure storage location for later retrieval by the client application and transmits a public key associated with the public-private key pair to a public key service for later retrieval by a client associated with the client application.

Provided is a highly practical cryptographic technology which is capable of being used when encryption and decryption are performed in a single data processing device and which can be said to be unbreakable, or close to unbreakable. A data processing device is configured to generate encrypted data by encrypting processing target data and record the generated encrypted data in a predetermined recording medium, and to decrypt the encrypted data recorded in the recording medium back into the processing target data. The processing target data is data of a text. Encryption is performed in units of plaintext split data generated by splitting the processing target data into pieces having a predetermined number of bits. The units of the splitting are equal to or shorter than a bit length of a code for identifying characters in the text.

A Bluetooth device (702) is disclosed, the Bluetooth device being provisioned with a security credential (710) that is shared with an authentication server (706). The Bluetooth device comprises processing circuitry configured to use a Bluetooth pairing mechanism to establish a pairing with a Bluetooth gateway (704a-c) by establishing a shared secret key with the Bluetooth gateway and to perform an Extensible Authentication Protocol (EAP) authentication method towards the authentication server using the security credential, wherein performing the EAP authentication method comprises using the paired Bluetooth gateway to forward messages to and from the authentication server. The processing circuitry is further configured to bind the pairing established with the paired Bluetooth gateway to the performed EAP authentication method. Also disclosed are a Bluetooth gateway and methods performed by a Bluetooth device and a Bluetooth gateway.

Methods of data encryption using a mutating encryption key are disclosed. The methods generate an encryption key and utilize a codex to mutate or vary the encryption key value. The encryption key may be generated using a random number generator. The encryption key value in pre-mutation state, together with the codex, is used to generate the next valid value for the encryption key. Unencrypted message data may be used together with the codex to mutate the encryption key. A valid encryption key and the unencrypted or successfully deciphered message are thus required to mutate the encryption key to the next key post-mutation state at each end.

Each of a secure computation server apparatuses includes a random number generation part that generates random numbers using a pseudo random number generator shared among the secure computation server apparatuses; a seed storage part that shares and stores a seed(s) used for generating random numbers in the random number generation part; a pre-generated random number storage part that stores random numbers generated by the random number generation part; a share value storage part that stores a share(s) to be a target of processing; a logical operation part that computes a carry to be transmitted and received among the secure computation server apparatuses using the random numbers and the share(s) to be a target of processing; an inner product calculation part that removes a mask from the carry; and an arithmetic operation part that performs a processing of erasing the carry to obtain a processing result.

According to various embodiments, a method for code-based generation of a key pair for asymmetric cryptography is described including generating a private key defining a linear code, determining a parity check or generator matrix for the linear code, blinding a sub-matrix of the parity check or generator matrix, generating a blinded inverse matrix by inverting the blinded sub-matrix or by inverting a quadratic matrix contained in the blinded sub-matrix, de-blinding the blinded inverse matrix to generate an inverse matrix and generating a public key for the private key using the inverse matrix.

A method performed by a user device is disclosed. The method comprising generating a secret and measuring a biometric template of a user operating the user device. The method then generates a plurality of secret shares of the secret and of the biometric template. The user device then transmits the secret shares of the secret and of the biometric template to a plurality of recovery devices. After, the user device may then initiate a recovery of the secret and measure a biometric measurement of the user. Data of the biometric measurement may be transmitted to the plurality of recovery devices, where the recovery devices perform a partial computation. The user device use the plurality of partial computations to determine a match between the biometric template and the biometric measurement. If the two biometrics match, the user device can reconstruct the secret using shares of the secret from the recovery devices.

An example process includes breaking content into multiple fragments; and transmitting at least two of the multiple fragments over different physical channels in order to isolate the at least two fragments during transmission. The example process may include generating session keys; encrypting at least some of the fragments using different session keys; and associating, with each fragment, a session key used to encrypt a different fragment to produce fragment/session key pairs.