The present application describes a method, system, and non-transitory computer-readable medium for generating new keys during a secure communication session. A key derivation function is operatively connected to both a counter and a memory. The key derivation function generates new key material from a first input and a second input in response to a signal provided by the counter. The key derivation function generates the new key material and outputs it to the memory.

A communication device for a vehicle has a communication unit set up to establish a communication link between the vehicle and an external vehicle server and to exchange data in a cryptographically secured manner between the vehicle and the external vehicle server. The communication unit is further set up to be operated in a first or second mode. The modes differ in the type of cryptographic securing of the data. The communication unit has a secure hardware memory in which a binary value corresponding to the respective mode is stored.

A secret share value [f.sub.t(x)-f.sub.t(x)] of f.sub.t(x)-f.sub.t(x) is obtained through secure computation using a secret share value [x] of a real number x, and a secret share value [f.sub.t(x)-f.sub.t(x)].sub.r of (f.sub.t(x)-f.sub.t(x)).sub.r obtained by right-shifting f.sub.t(x)-f.sub.t(x) by the predetermined number of bits is obtained through secure computation using the secret share value [f.sub.t(x)-f.sub.t(x)]. Here, [μ] is a secret share value of μ, n is an integer equal to or greater than 1, t=0, . . . , n−1, u=1, . . . , n−1, f.sub.t(x) is a function of the real number x, f.sub.t(x) is an approximation function of the function f.sub.t(x), a secret share value [f.sub.0(x)] of an approximation function f.sub.0(x) is [f.sub.0(x)]=c.sub.o,0+c.sub.0,1[x], a secret share value [f.sub.u(x)] of an approximation function f.sub.u(x) is [f.sub.u(x)]=c.sub.u,0+c.sub.u,1[x]+c.sub.u,2[f.sub.0(x)]+. . . +c.sub.u,u+1[f.sub.u−1(x)], c.sub.t,0 is a public value, and c.sub.t,1, . . . , c.sub.t,n+1 are coefficients.

A system for quantum key synchronization within a server-cluster is provided. The system may include a plurality of silicon-based servers encapsulated in quantum cases. Each quantum case may include a quantum tunneling transmitter module, a quantum random number generator and a quantum entanglement module. The quantum cases may communicate with each other via the quantum tunneling transmitter module or any other suitable manner. The quantum cases may only communicate with cases with which they are entangled. Therefore, in the event of a compromise on one of the servers, the quantum entanglement module, included in the case that encapsulates the compromised server, may become disentangled, and therefore not be able to communicate with the other servers included in the cluster using an internal communications protocol.

A system for quantum key synchronization within a server-cluster is provided. The system may include a plurality of silicon-based servers encapsulated in quantum cases. Each quantum case may include a quantum tunneling transmitter module, a quantum random number generator and a quantum entanglement module. The quantum cases may communicate with each other via the quantum tunneling transmitter module or any other suitable manner. The quantum cases may only communicate with cases with which they are entangled. Therefore, in the event of a compromise on one of the servers, the quantum entanglement module, included in the case that encapsulates the compromised server, may become disentangled, and therefore not be able to communicate with the other servers included in the cluster using an internal communications protocol.

A method for securely receiving a multimedia content by a client device operated by one or more operator(s) involving a dedicated provisioning server of a security provider managing symmetric secrets used by the client devices and operators license servers. The provisioning server provides to the client device one or more generations of operator specific unique device secrets, which are then exploited by the various operators' license servers to deliver licenses such that authorized client devices can consume protected multimedia contents.

A method for securely receiving a multimedia content by a client device operated by one or more operator(s) involving a dedicated provisioning server of a security provider managing symmetric secrets used by the client devices and operators license servers. The provisioning server provides to the client device one or more generations of operator specific unique device secrets, which are then exploited by the various operators' license servers to deliver licenses such that authorized client devices can consume protected multimedia contents.

Disclosed embodiments relate to systems and methods for security protection against threats to network identity providers. Techniques include identifying a first request from a client for access to a secure network resource; redirecting the client to an identity provider. The identity provider may be configured to authenticate the client and provide the client with data signed using a first identity provider key. Further techniques include identifying a second request from the client, the second request including a doubly-signed version of the data, verifying the doubly-signed version of the data using a second identity provider key corresponding to the first identity provider key and a second client key corresponding to the first client key; and allowing, conditional on a result of the verifying, the client to access the secure network resource.

Disclosed embodiments relate to systems and methods for security protection against threats to network identity providers. Techniques include identifying a first request from a client for access to a secure network resource; redirecting the client to an identity provider. The identity provider may be configured to authenticate the client and provide the client with data signed using a first identity provider key. Further techniques include identifying a second request from the client, the second request including a doubly-signed version of the data, verifying the doubly-signed version of the data using a second identity provider key corresponding to the first identity provider key and a second client key corresponding to the first client key; and allowing, conditional on a result of the verifying, the client to access the secure network resource.

Aspects relating to machine learning includes receiving, by a first trusted node, a first target data set sent by a first participant, wherein the first target data set is obtained via encrypting, by the first participant, a data set provided by the first participant based on a first preset encryption mode; decrypting the first target data set, determining first training data, and performing model training for a preset machine learning model based on the first training data to obtain a first intermediate training result; acquiring an encrypted second intermediate training result sent by at least one second trusted node; and performing federated learning for the preset machine learning model based on at least the first intermediate training result and the decrypted second intermediate training result, to update model parameters of the preset machine learning model and obtain a learning completed target model.