Generally discussed herein are devices, systems, and methods for binding with cryptographic key attestation. A method can include generating, by hardware of a device, a device public key and a device private key, based on the device private key, signing a first attestation resulting in a signed first attestation, the first attestation claiming the device private key originated from the hardware, based on the device public key and the signed first attestation, registering the device with a trusted authority, generating, by the hardware, a first application private key and a first application public key, and based on the device private key, signing a second attestation resulting in a signed second attestation, the second attestation claiming the first application private key originated from the hardware, and based on the first application public key and the signed second attestation, registering a first application of the device to a first server.

According to certain embodiments, a method comprises performing a posture assessment at a trust anchor in order to determine whether a hardware component is authorized to run on a product. Performing the posture assessment comprises determining a random value (K), encrypting the random value (K) using a long-term key associated with the hardware component in order to yield an encrypted value, communicating the encrypted value to the hardware component, and determining whether the hardware component is authorized to run on the product based at least in part on whether the trust anchor receives, from the hardware component, a response encrypted using the random value (K). The method further comprises allowing or preventing the hardware component from running on the product based on whether the hardware component is authorized to run on the product.

According to certain embodiments, a method performed by a trust anchor comprises determining a random value (K), encrypting the random value (K) using a long-term key associated with a hardware component in order to yield an encrypted value, communicating the encrypted value to the hardware component, and receiving a response encrypted using the random value (K). The response is received from the hardware component. The method further comprise encrypting a schema using the random value (K) and sending the encrypted schema to the hardware component. The schema indicates functionality that the hardware component is authorized to enable.

A real or simulated quantum entanglement can also exhibit a very high level of security in secure key exchanges between two or more components or devices. The present invention relates to a mechanism to simulate entanglement of devices using electronic hardware and software in such a way to emulate the real particle entanglement (without the need for all the necessary systems and costs associated with it), using localized blockchain ledger evaluation and authentication.

A coordinating network element manages a protocol that prohibits the coordinating network element from substantively accessing data content that, at least in part, underlies received protocol-compliant requests. By one approach, these teachings provide for preventing substantive access to data information that is included within the protocol-compliant request in tokenized form, wherein the tokens are generated using secrets, at least one of which is unavailable to the coordinating network element.

A password input system equipped with a security setting function is disclosed. The system includes one input unit configured to receive an input from user; an output unit configured to output a current state and result; a dedicated communication port configured to transmit and receive data to and from a password adaptor; a memory configured to save a program for security setting function; and a processor configured to execute the program saved in memory. When the processor waits for an input of a password from user and simultaneously password adaptor is coupled to dedicated communication port, the processor receives a password through communication with password adaptor and compares received password with a pre-saved password, and when the received password matches the pre-saved password, the processor unlocks a secure state without further inputting a password.

Disclosed embodiments relate to encrypting or decrypting confidential data with additional authentication data by an accelerator and a processor. In one example, a processor includes processor circuitry to compute a first hash of a first block of data stored in a memory, store the first hash in the memory, and generate an authentication tag based in part on a second hash. The processor further includes accelerator circuitry to obtain the first hash from the memory, decrypt a second block of data using the first hash, and compute the second hash based in part on the first hash and the second block of data.

The disclosure discloses a method and apparatus for mutual authentication between two smart security media for bundle transfer between the security media. According to an embodiment of the disclosure, a first device for providing a bundle for the second device includes a transceiver; and at least one processor, wherein the at least one processor is configured to obtain information about a bundle to be transmitted to the second device, control the transceiver to transmit identification information of the bundle to the second device, control the transceiver to receive, from the second device, authentication information relating to bundle transfer of a second smart secure platform (SSP) of the second device, determine whether a second secondary platform bundle loader (SPBL) of the second SSP is a Spbl which is able to receive the bundle based on the authentication information relating to bundle transfer of the second SSP, and control the transceiver to transmit the bundle to the second device based on a result of the determining.

An integrated-circuit device comprises a physical-unclonable-function (PUF) unit, a secure module, and an interconnect system communicatively coupled to the PUF unit and to the secure module. The device transfers a PUF key from the PUF unit to the secure module, over the interconnect system. In order to do this, the secure module generates a random value. The secure module then sends the random value to the PUF unit. The PUF unit then performs a bitwise XOR operation between the received random value and the PUF key, to generate a masked value. The PUF unit then transfers the masked value over the interconnect system to the secure module. The secure module then unmasks the PUF key by performing a bitwise XOR operation between the received masked value and the random value.

Certificate and key management is provided. A signed certificate corresponding to an enterprise is deployed to a plurality of cryptographic communication protocol endpoint proxies located in a heterogeneous distributed computing environment where a private key corresponding to the enterprise is not placed in any of the plurality of cryptographic communication protocol endpoint proxies. Offload of cryptographic communications from the plurality of cryptographic communication protocol endpoint proxies to the hardware security module is received by the hardware security module where the hardware security module verifies connection authenticity for the plurality of cryptographic communication protocol endpoint proxies across the heterogeneous distributed computing environment using the private key corresponding to the enterprise that remains within a security boundary of the hardware security module.