A method for providing ciphertext data by a first computing device having memory includes obtaining, from the memory, plaintext data having a structure; providing the plaintext data to a structure preserving encryption network (SPEN) to generate the ciphertext data, where the structure of the plaintext data corresponds to a structure of the ciphertext data; and communicating, from the first computing device to a second computing device, the ciphertext data to permit analysis on the ciphertext data.

Systems and methods for authenticating a request to initiate an electronic transaction and systems and encrypting data relating to executed electronic transactions are provided. Such systems and methods include receiving an electronic request signal, retrieving verified data associated with a user account, extracting verification data, and comparing the verification data against the verified data to authenticate the electronic request signal. Furthermore, when the electronic request signal is determined as authentic, such systems and methods include executing the secured electronic transaction, digitally encrypting transaction data using a digital text string, and registering the transaction data as encrypted with one or more databases.

This application relates to a synchronization circuit for synchronizing signals used in a threshold implementation operation process performing in an S-box of an encryption circuit. In one aspect, the synchronization circuit includes an enable signal generator configured to generate an enable signal. The synchronization circuit may also include a synchronization unit included in an encryption circuit and located inside an S-box that performs a threshold implementation operation that calculates by dividing bits of an input signal into bits equal to or greater than the number of bits of the input signal. The synchronization unit may be configured to synchronize signals used in a threshold implementation operation process based on the generated enable signal.

An encryption / decryption method is disclosed, where the input data string is described in term of consecutive groups of alternating same type bits, where one of these groups of same type bits is defined as a preferred group with the other groups having either lower or higher number of same type bits, where the data string is partitioned into variable length processing strings where the variable length is determined by the occurrence of the preferred group or of a determined number of bits consisting of groups of lower number of same type bits, where these variable length processing strings are encrypted function of the configuration and content of each processing string only, where consecutive processing strings are additionally encrypted based on their content only, where further encryption is performed from permutations of select partitions of groups of processing strings only as well as from permutations of select partitions of consecutive processing strings, where all said encryption means creating a total encryption space, where this total encryption space is represented by a multitude of encryption keys, where each of said encryption keys is interpreted using a set of reference data, and where communication between a data sender device and a data receiver device is secured by conforming to device specific settings.

A data security apparatus includes an analog component. The analog component operates internally with a high degree of entropy. This high degree of entropy resides in the interactions between its internal components in response to an external driving signal. The interactions within the analog component have a level of entropy that is high enough to make digital simulation of the analog component impractical. Because the analog component is impractical to digitally simulate it is referred to as being digitally unclonable. The data security apparatus processes data by encrypting plaintext data into ciphertext and/or decrypting data from ciphertext into plaintext. Part of the conversion between plaintext and ciphertext uses the analog component. Since the analog component is digitally unclonable (that is, impractical to digitally simulate), the part of the conversion process that uses the analog component requires possession of the analog component itself or the possession of another analog component that has the same signature.

A robust, computationally-efficient and secure system is described for streaming content from a server to a client device via the Internet or another digital network. Various aspects relate to automated processes, systems and devices for securing a media stream with efficient yet effective digital cryptography. In particular, content may be transmitted in transport stream (TS) format in which all packets are encrypted (e.g., using a cipher block chain), in which control packets are exempted from encryption (e.g., using an electronic codebook), or in any other manner.

Systems and methods for protecting block cipher computation operations from external monitoring attacks. An example apparatus for implementing a block cipher may comprise a memory device to store instructions for computing a block cipher; and a processing device coupled to the memory device. The processing device performs a Data Encryption Standard (DES) cryptographic operation with multiple rounds of a Feistel structure, each round including a substitution function and a transformation function that combines an expansion function and a permutation function into a single operation. The transformation function transforms a first input portion of an internal state of the respective round and a second input portion of the internal state into a first output portion and a second output portion of data. The second output portion is equal to the first input portion and the first output portion is dependent on a combined permutation output from the transformation function.

A cipher accelerator is provided. An encryption and decryption circuit is configured to perform an encryption and decryption operation according to a control signal. The encryption and decryption operation includes a plurality of normal rounds and a plurality of redundant rounds. A controller is configured to provide a control signal to the encryption and decryption circuit according to a first variable value and a second variable value. The encryption and decryption circuit is configured to divide the normal rounds into a first normal section and a second normal section according to the first variable value, and divide the redundant rounds into a first redundant section and a second redundant section according to the second variable value. The encryption and decryption circuit is configured to perform the first normal section, the first redundant section, the second normal section, and the second redundant section sequentially.

A method includes receiving a memory access request comprising a first memory address and translating the first memory address to a second memory address using a first page table associated with the first virtual machine. The first page table indicates whether the memory of the first virtual machine is encrypted. The method further includes determining that the first virtual machine is nested within a second virtual machine and translating the second memory address to a third memory address using a second page table associated with the second virtual machine. The second page table indicates whether the memory of the second virtual machine is encrypted.

An integrated circuit features technology for generating a keystream. The integrated circuit comprises a cipher block with a linear feedback shift register (LFSR) and a finite state machine (FSM). The LFSR and the FSM are configured to generate a stream of keys, based on an initialization value and an initialization key. The FSM comprises an Sbox that is configured to use a multiplicative mask to mask data that is processed by the Sbox when the LFSR and the FSM are generating the stream of keys. Other embodiments are described and claimed.