A first entity stores an issuer digital certificate published by a certificate authority (CA) and signed by the issuer certificate; and also stores an old issuer digital certificate published by the CA prior to publication of the issuer digital certificate and an old first entity digital certificate signed by the old issuer digital certificate. The first entity attempts to initiate a secure communication session with a second entity by receiving a second entity digital certificate from the second entity via an electronic network, and sending either the first entity digital certificate or the old first entity digital certificate to the second entity based on which of the issuer digital certificate or the old issuer digital certificate is effective to authenticate the second entity digital certificate received from the second entity. The secure communication session is conducted only if the attempt to initiate the secure communication session is successful.

A method (100) for performing an authentication procedure between a verifying device and a responding device is disclosed, the verifying and responding devices being provisioned with security credentials. The method, performed by the verifying device, comprises generating an authentication challenge (110), delivering the authentication challenge to the responding device (120), receiving an authentication response from the responding device (130), and verifying the authentication response (140). According to the method, at least one of the authentication challenge or authentication response is encoded as a sequence of qubits and delivered over a quantum communication channel between the verifying device and the responding device (120A, 120B, 130A, 130B). Also disclosed are methods for delivering and receiving a message over a quantum communication channel, and devices for performing authentication and message exchange methods.

A system and method are disclosed for providing a privacy-preserving training approach for split learning methods, including blind learning. A method includes receiving, at a server device, encrypted smashed data from a client device, using a secure enclave on the server device, moving, on the server device, a server model, the encrypted smashed data and computer code for a blind learning operation into the secure enclave, performing, in the secure enclave, forward propagation using the decrypted smashed data to generate predicted values, comparing the predicted values to true labels using a loss function to yield a loss value, repeating the comparing step for all smashed data received at the server device from a plurality of clients to yield a plurality of loss values, averaging the plurality of loss values to yield an average loss value, updating model weights of the server model using the average loss value to yield gradients of the smashed data and transmitting the gradients of the smashed data to the client device.

A system for switching between communication platforms using a secure healthcare communication system the system comprising: a healthcare provider server device. Transmitting a communication switch request to a first communication platform and establish a first communication channel between the user device and the healthcare provider server device to communicate one or more messages to the first communication platform. Transmit an encoded message over the first communication channel to the first communication platform in response to receiving the communication switch initiation request, the encoded message including an identifier associated with a second communication platform. Switch to an encrypted second communication channel from the first communication channel in response to receiving an encrypted communication initiation request. Encrypted communication initiation request is generated based on the identifier.

A method for checking the association of radio nodes and objects to a radio environment with a radio node set having at least three radio nodes spaced apart from one another, each with a radio interface and its separate timer, wherein at least two radio nodes are reference radio nodes with known distances from one another and at least one radio node is a test radio node, the association of which with the radio environment of the reference radio node is checked. During a measuring process, signals are emitted and received by radio nodes of the radio node set, wherein at least two radio nodes of the radio node set operate as transceivers and at least one radio node exclusively operates as a transmitter or exclusively operates as a receiver or a transceiver.

Embodiments herein include, for example, a method, comprising: generating a shared symmetric key to begin a communication session among a group of users by a first user; distributing, by the first user, the generated shared symmetric key to each user in the group of users; communicating within the communication session among a group of users, where each user encrypts a message to the group of users to be distributed through the communication session using the generated shared symmetric key, and each user decrypts a message received from the communication session using the generated shared symmetric key.

Embodiments disclosed herein provide a method that includes receiving, at a client-side web browser, a minimal bootstrap payload from an application server; storing, by a client-side processor, the minimal bootstrap payload in a client-side local cache, where the locally cached minimal bootstrap payload is executed by the client-side processor before executing an application from the application server; the minimal bootstrap payload includes at least one public key and at least one Uniform Resource Location (URL) address of an application code payload.

A cryptography administration system facilitates secure, user-friendly and auditable cryptography. An administrator may create channels with associated cryptographic keys and algorithms for performing cryptographic operations such as encryption and decryption. The channel may be associated with licenses which may include permissions to perform cryptographic operations. The licenses may be shared with one or more users. A user may perform cryptographic operations using the channel according to the permissions and operations included in the licenses, to which the user has access, associated with the channel. The user does not need a technical understanding of the cryptographic system (e.g., keys and algorithms) to perform the cryptographic operations and does not need access to the keys to perform the operations. The cryptographic operations may be stored in an audit log that can be reviewed by user.

A message processing server includes a message processor and a database of multi-layer tokens. Each token in the database includes a plurality of encrypted data layers. The first layer includes the second layer and a first pointer. The second layer includes a second pointer. The message processor is configured to receive a first authorization message including a first cryptographic key and a second value; decrypt the first layer of one of the tokens with the first key; validate the first pointer by receiving confirmation of the first pointer pointing to a database entry comprising the second value; receive a second authorization message including a second cryptographic key and a third value; decrypt the second layer of the token with the second key; and validate the second pointer by receiving confirmation of the second pointer pointing to a database entry comprising a maximum data value not less than the third value.

According to one embodiment, a system receives, at a host channel manager (HCM) of a host system, a request from an application to establish a secure channel with a data processing (DP) accelerator, where the DP accelerator is coupled to the host system over a bus. In response to the request, the system generates a first session key for the secure channel based on a first private key of a first key pair associated with the HCM and a second public key of a second key pair associated with the DP accelerator. In response to a first data associated with the application to be sent to the DP accelerator, the system encrypts the first data using the first session key. The system then transmits the encrypted first data to the DP accelerator via the secure channel over the bus.