An authentication and encryption protocol is provided that can be implemented within a single clock cycle of an integrated circuit chip while still providing unbreakable encryption. The protocol of the present invention is so small that it can co-exist on any integrated circuit chip with other functions, including a general purpose central processing unit, general processing unit, or application specific integrated circuits with other communication related functionality.

Encryption and decryption techniques based on one or more transposition vectors. A secret key is used to generate vectors that describe permutation (or repositioning) of characters within a segment length equal to a length of the transposition vector. The transposition vector is then inherited by the encryption process, which shifts characters and encrypts those characters using a variety of encryption processes, all completely reversible. In one embodiment, one or more auxiliary keys, transmitted as clear text header values, are used as initial values to vary the transposition vectors generated from the secret key, e.g., from encryption-to-encryption. Any number of rounds of encryption can be applied, each having associated headers used to “detokenize” encryption data and perform rounds to decryption to recover the original data (or parent token information). Format preserving encryption (FPE) techniques are also provided with application to, e.g., payment processing.

Apparatuses, methods, and systems are disclosed for supporting remote unit reauthentication. One apparatus includes a network interface that receives a first authentication message for reauthenticating a remote unit and a processor that verifies a first domain-name. The first domain-name identifies a key management domain name and an associated gateway function holding a reauthentication security context. Here, the first authentication message includes a NAI containing a first username and the first domain-name. The processor validates the first authentication message using at least the first username and generates a second authentication message in response to successfully validating the first authentication message. Via the network interface, the processor responds to the first authentication message by sending the second authentication message.

Systems, methods and devices for implementing cryptographic and security-in-depth techniques on-board spacecrafts or satellites are provided, to allow users to task activities or retrieve satellite data from the satellite system in an anonymous, secure, safe, and private manner, such that no other user sharing the satellite system resources can know what has been tasked or transmitted to the ground. Considerable advantages can be realized by providing spacecraft or satellite systems with a substantial capacity of applying security-in-depth and cryptographic techniques and protocols to data and requests, based on autonomous tasking, allowing a secure, safe and private use of spacecraft or satellite resources.

According to an example, key splitting may include utilizing a masked version of a master key that is masked by using a mask.

A method and system for encrypted messaging includes first and second client devices and a quantum key device having a quantum random number generator. The generator provides a first quantum random signal, and the key device provides a symmetric first master key from the first quantum random signal. The master key is transmitted to the first client device and stored. The key device uses the master key to generate an encrypted package by encrypting one of a plurality of keys. The key device generates a second encrypted package. The first pairing key is provided to the first client device by decrypting the first encrypted package using the first master key and providing the first pairing key in the second client device by decrypting the second encrypted package using the second master key to establish an encrypted connection between the first and second client devices.

Disclosed is a data encryption method performed by an apparatus, which includes encrypting plaintext data based on an encryption key to generate first ciphertext data, applying a noise vector being periodically extracted to an artificial intelligence-based generative model to generate a first signature code and a second signature code, and applying the first signature code and the second signature code to the first ciphertext data to generate second ciphertext data. The generating of the first signature code includes determining a type and a replacement location of a character necessary to generate the first signature code by means of a predetermined conversion formula and generating a first character, which is obtained by calculating an existing encryption character being present at the replacement location in the first ciphertext data and the character in a predetermined scheme, as the first signature code.

Systems and methods for secure peer-to-peer communications are described. Devices registered into trusted network may be capable of establishing a shared data encryption key (DEK). In embodiments, each device may be configured to obtain a share of a data encryption key (DEKi) that can be stored locally. The shares may be shares in an M of N Secret Sharing Scheme. This may involve a network that includes an integer, N, devices, and in which M devices may share a secret (i.e. the DEK) during communications, M being an integer less than or equal to N. To obtain the entire DEK during encryption/decryption, a requesting device may send requests to M of N devices for their shares of the DEK. Once M shares are obtained, they may be used generate the DEK for encrypting/decrypting data between the devices.

The present system and method allow the exchange of messages, such as email, between a sender and a recipient while maintaining the data secure and the integrity of the content of the messages. The method and system do not require a user having an account to open a received message. The method comprises the server creating a new communication key upon reception of a request. The communication key is typically valid for a single request to ensure that each request is encrypted using different communication keys. The method typically comprises a client [A] establishing communication on [HANDSHAKE] with one or more servers [B]. The HANDSHAKE generally aims at initializing the encryption key that will be used to exchange information between A and B.

A computer-implemented method performed by a user device is provided. The computer-implemented method includes receiving a message including an encrypted credential from a server computer; determining a response shared secret using a private key and a server public key; decrypting the encrypted credential using the response shared secret to determine a credential; obtaining a key derivation parameter from the credential; determining a first cryptogram key using the key derivation parameter; generating a first cryptogram using the first cryptogram key; and sending the first cryptogram to a second computer.