Apparatuses, systems, methods, and software are disclosed for authorization delegation. In a participant device a derivative key is generated in dependence on a received key. An authenticity check value for a delegation information block is generated in dependence on the delegation information block and the received key. The derivative key is derived in dependence on the delegation information block and the received key. An extended certificate chain is created comprising a received certificate chain appended with a local certificate, which comprises the delegation information block and the authenticity check value.

Computation efficiency of distributed secure implementation of the computation of a (sum of) products of values Vi, Wi from different servers on a distributed computing system is improved by generation of coefficients of a first and second polynomials P, Q by a first server. The first polynomial P has all numbers Xi from a first data set on the first server as roots. The second polynomial Q has values Q(Xi)=Vi for the numbers Xi from the first data set. The first server transmits coefficients of the polynomials to a second server in encrypted form. The second sever computes encrypted values <P(Xi′)> and <Q(Xi′)> of the polynomials for a number Xi′ in a second set from the encrypted coefficients. The second server computes an encrypted binary value <di> from the encrypted value <p(Xi′) of the first polynomial p and computes an encrypted value of a product <di Q(Xi′) Wi>.

An optical code scanner being operated using an algorithm is provided. The scanner may scan an optical label. The label may include machine-readable code. The scanner may derive a single set of instructions from the code or multiple sets of instructions from the code. The scanner may process the code. The processing may upload a set of instructions from the code to the scanner and store the set of instructions in an instructions library. The scanner may also derive a picture associated with the instructions and store the picture in the library. The scanner may display a plurality of pictures. Each of the pictures may correspond to a set of uploaded instructions stored on the scanner. Each of the plurality of pictures may be selectable by a user. In response to a user selection of a picture, the scanner may be configured to execute the uploaded instructions that correspond to the selected picture.

Disclosed are various examples for securing the transmission of files to and from a client device. In some examples, an initialization token is identified for a file that includes a number of portions. An algorithm is iteratively applied to the initialization token to determine that no repeated output occurs over a number of iterations corresponding to the number of file portions. Initialization data is transmitted from a client device to a management service that manages access to the file. The initialization token is included in the initialization data if no repeated output occurs when the algorithm is iteratively applied over the number of iterations.

The concepts and technologies disclosed herein are directed to conditional temporary authentication for third party nodes. According to one aspect of the concepts and technologies disclosed herein, a first node of a plurality of nodes can provide a master authentication key to a second node of the plurality of nodes. The first node can receive, from a third node of the plurality of nodes, a temporary child authentication key derived from the master authentication by the second node. The first node can process the temporary child authentication key to determine which portion of a resource to allow the third node to access. The first node can provide the third node access to the portion of the resource.

Techniques for secure public exposure of digital data include extracting first digital data comprising one or more batches, each batch comprising a plurality of no more than a number T of packets, each packet containing a plurality of a number n of bits. A random binary matrix A consisting of T rows and n columns is generated. For a first batch, a first random n-bit temporary key is generated. For a packet in the first batch, a first packet vector key is generated based on random non-overlapping pairs of bit positions for both the temporary key and for a first packet-corresponding row of matrix A. An encrypted packet is generated for the packet based on the packet and the first packet vector key. The encrypted packet is exposed publicly.

A method for device authentication comprises receiving, by processing hardware of a first device, a message from a second device to authenticate the first device. The processing hardware retrieves a secret value from secure storage hardware operatively coupled to the processing hardware. The processing hardware derives a validator from the secret value using a path through a key tree, wherein the path is based on the message, wherein deriving the validator using the path through the key tree comprises computing a plurality of successive intermediate keys starting with a value based on the secret value and leading to the validator, wherein each successive intermediate key is derived based on at least a portion of the message and a prior key. The first device then sends the validator to the second device.

A multivariate signature method for resisting key recovery attack, which establishes a new signature verification condition by adding additional value of signature. The verification condition implies verification of internal information x and y, thereby effectively resisting key recovery attack generated by the existence of equivalence key. Specifically, the method includes the three stages of data preprocessing, signature generation and signature verification. The invention is a signature authentication method based on polynomial equations of a plurality of variables in a finite field, which can effectively resist the key recovery attack, provide the basic technical support for the information security and the establishment of the trust system in the quantum computer era, and provide a secure digital signature option in the quantum era. The present invention is especially suitable for use under application condition which has limited storage and processing time, such as smart cards, wireless sensor networks and dynamic RFID tags.

A system and method for opportunistic cryptographic key management includes generating a security capability assessment on a first electronic device based on security capabilities of the device, selecting a key management mode based on the security capability assessment, generating a cryptographic key based on the key management mode, and storing the cryptographic key based on the key management mode.

A data processing system having a PUF and method for providing multiple enrollments, or instantiations, of the PUF are provided. A PUF segment includes a plurality of SRAM cells on an integrated circuit. A PUF response from the PUF segment is used to create a first activation code and a first PUF key. A second PUF key may be created from the PUF response. Initially, during a second enrollment, the PUF response is combined with the first activation code to reproduce a codeword. The first secret string is reconstructed by encoding the codeword. The codeword is combined with the first activation code to reproduce the PUF response. Inverse anti-aging is applied to the PUF response. Then a second secret string is generated using a random number generator (RNG). The second secret string is encoded to produce a new codeword. The new codeword is combined with the recovered PUF response to create a second activation code. The second activation coded is hashed with the second secret string to provide a second PUF key.