The present invention disclose a key distribution method. The method includes obtaining, by a first key management system, a shared key of a first network element, where the shared key of the first network element is generated according to a key parameter obtained after the first network element performs authentication or a root key of the first network element; obtaining a service key, where the service key is used to perform encryption and/or integrity protection on communication data in a first service between the first network element and a second network element; performing encryption and/or integrity protection on the service key by using the shared key of the first network element, to generate a first security protection parameter; and sending the first security protection parameter to the first network element. According to present invention, data can be protected against an eavesdropping attack in a sending process.

An accessory communication control protocol can facilitate faster and more secure transmission of status updates from an accessory to a controller (or network base station). An accessory can register with a controller, where the controller can provide some subscription and key generation information to the accessory. The accessory can detect changes to characteristics of the accessory and generate a broadcast notification that includes updates to the state of the characteristic. The broadcast notification can also include a counter, a device identifier, and a key. According to timing or rules, the accessory can transmit the broadcast notification to the controller without the need to establish a secure session with the controller.

The present disclosure is directed to preventing computer data from being usurped and exploited by individuals or organizations with nefarious intent. Methods and systems consistent with the present disclosure may store keys and keying data for each of a plurality of connections in separate memory locations. These memory locations may store data that maps a virtual address to a physical memory address associated with storing information relating to a secure connection. These separate memory locations may have a unique instance for each individual communication connection session, for example each transport layer security (TLS) connection may be assigned memory via logical addresses that are mapped to one or more physical memory addresses on a per-core basis. Such architectures decouple actual physical addresses that are used in conventional architectures that assign a single large continuous physical memory partition that may be accessed via commands that access physical memory addresses directly.

A patient support apparatus includes a frame, patient support surface, memory having a first key stored therein, a transceiver, and a controller. The transceiver wirelessly communicates with a medical device over a first mesh network using the first key. The controller transmits a request message over the first mesh network to the medical device via the transceiver. The request message includes an identifier identifying the patient support apparatus and a request to join a second mesh network different from the first mesh network. The controller receives a second key input over the first mesh network, uses the second key input to generate a second key, and to use the second key to communicate over the second mesh network. In some instances, the second key input originates from a cloud-based server storing a list of authorized devices for a particular healthcare facility.

A method for asynchronous side channel cipher renegotiation includes: establishing, by a first computing device, a first communication channel and a second communication channel with a second computing device, where the first communication channel is an encrypted tunnel and packages exchanged using the encrypted tunnel are encrypted using a first cipher; receiving, by a receiver of the first computing device, a renegotiation request from the second computing device using the second communication channel, where the renegotiation request includes at least a password value and a relative time; generating, by a processor of the first computing device, a second cipher using at least an encryption protocol and the password value; receiving, by the receiver of the first computing device, a new encrypted packet from the second computing device using the first communication channel; and decrypting, by the processor of the first computing device, the new encrypted packet using the second cipher.

The present disclosure is directed to systems and methods for transparent Provider Backbone Bridge forwarding of MACsec key exchanges over public Ethernet provider backbones. The method includes the steps of receiving, at a first PBB device, an Ethernet frame from a first edge router for transmission to a second edge router via a MACsec connection, the Ethernet frame comprising a plurality of fields; performing a lookup of one or more fields of the plurality of fields to determine a match with one or more pre-defined values; determining that the one or more fields of the Ethernet frame match the one or more pre-defined values; rewriting the one or more fields of the Ethernet frame to one or more open values operable to allow the Ethernet frame to be transmitted to a next hop device; and transmitting the Ethernet frame to the next hop device.

According to one embodiment, an information processing apparatus comprises a calculator configured to calculate an encryption key and k key symbols, an encryption module configured to encrypt k information symbols to output k encrypted symbols, a selector configured to output the k encrypted symbols or the k key symbols as k message symbols, and to output a flag indicating which one of the k encrypted symbols and the k key symbols are output, an encoder configured to encode the k message symbols with a maximum distance separable code to output n code symbols, and an output module configured to output n code blocks from the n code symbols and the flag. k is a positive integer of one or more, and n is a positive integer larger than k.

In a communication apparatus on a network where communication apparatuses perform direct communication with each other, a network management apparatus for managing the network based on message information transmitted and received on the network is determined. When the communication apparatus itself is determined as the network management apparatus, the apparatus collects information indicating device capabilities from other communication apparatuses. On the other hand, the communication apparatus receives information indicating device capabilities from another communication apparatus when the other communication apparatus is determined as the network management apparatus.

First transistor logic is arranged by a first logic provider in circuit form and provides a minimum of functionality of the semiconductor device employed to bring up the semiconductor device, wherein the minimum of functionality is encrypted using a first encryption key. Second transistor logic is arranged by a second logic provider, different than the first logic provider, in circuit form to include security keys capable to perform cryptographic capabilities using a second encryption key. The second transistor logic further includes functionality that completes the semiconductor device as a chip device and is ready to process secure communication signals.

A system includes circuitry for rewriting blockchains in a non-tamper-evident or tamper-evident operation using a key secret held in portions by multiple individually untrusted parties. The blockchains may include a series of blocks secured by integrity codes that may prevent non-tamper-evident rewrites by non-trusted parties that are not in possession of the key secret or individually-untrusted parties in possession of only a portion of the key secret. In some cases, multiple individually-untrusted parties may combine their portions into the key secret. As a group, the multiple individually-untrusted parties may perform non-tamper-evident operation with respect to at least one integrity code within the blockchain.