A method includes sending, by a trusted application (TA) entity, a certificate of the TA entity and a private key signature of the TA entity to a target security domain (SD). The certificate and the private key signature enable the target SD to perform trust verification via a server, obtaining, by the TA entity, a first key of the target SD when the trust verification of the TA entity succeeds, and establishing, by the TA entity, a trust relationship with the target SD.

A cryptographic method is provided. The cryptographic method comprises an initialisation phase for determining a provisional generator point G′ equal to a first product G′=[d′]G, where d′ is a first random scalar forming a secret key of N bits and G is a generator point of an elliptical curve, and determining a provisional key Q′ equal to a second product Q′=[d′]Q, where Q is a point of the elliptical curve forming a public key. During an encryption phase a second random scalar forming a second secret key k of M bits, with M<N; a public key P is calculated such that P=[k]G′; a coordinate of an intermediate point SP1, of the elliptical curve, equal to a fourth product SP1=[k]Q′; at least one key by application of a derivation function (F1); and data (T1) are encrypted based on said at least one key.

A method includes receiving a memory access request comprising a first memory address and translating the first memory address to a second memory address using a first page table associated with the first virtual machine. The first page table indicates whether the memory of the first virtual machine is encrypted. The method further includes determining that the first virtual machine is nested within a second virtual machine and translating the second memory address to a third memory address using a second page table associated with the second virtual machine. The second page table indicates whether the memory of the second virtual machine is encrypted.

A network interface controller includes processing circuitry configured to pair with a local root of trust of a host device connected to the network interface controller and provide a key to an encryption device of the host device that enables the encryption device to encrypt data of one or more host device applications using the key. The encrypted data are stored in host device memory. The processing circuitry is configured to share the key with a remote endpoint and forward the encrypted data from the host device memory to the remote endpoint.

The present invention relates management of security of a computing environment. The method may include; monitoring and learning, through a master computer, a data traffic of the each of the coupled connecting node to alter a security design to speed up the communications; analysing, through the master computer, the data traffic to categorize the each of the coupled connecting node into a first category of node, which is accessed by a human and a second category of node, which is accessed by a bot; utilizing, at the master computer, one or more secured hidden servers for determining a first data communication route to speed up data traffic for the human and a second data communication route to prevent data traffic above a pre-set limit, for the bot.

A network interface controller includes processing circuitry configured to pair with a local root of trust of a host device connected to the network interface controller and provide a key to an encryption device of the host device that enables the encryption device to encrypt data of one or more host device applications using the key. The encrypted data are stored in host device memory. The processing circuitry is configured to share the key with a remote endpoint and forward the encrypted data from the host device memory to the remote endpoint.

A method is provided for preparing a plurality of distributed nodes to perform a protocol to establish a consensus on an order of received requests. The plurality of distributed nodes includes a plurality of active nodes, the plurality of active nodes including a primary node, each of the plurality of distributed nodes including a processor and computer readable media. The method includes preparing a set of random numbers, each being a share of an initial secret. Each share of the initial secret corresponds to one of the plurality of active nodes. The method further includes encrypting each respective share of the initial secret, binding the initial secret to a last counter value to provide a commitment and a signature for the last counter value, and generating shares of a second and of a plurality of subsequent additional secrets by iteratively applying a hash function to shares of each preceding secret.

A method may include determining, by a first network device, a type of control channel to open across a transport in a software-defined network (SDN). The method may also include establishing the control channel with a control device via a control plane that is separate from a data plane. The method may further include advertising first security association parameters to the control device via the control channel. The method may include receiving, from the control device via the control channel, second security association parameters associated with a second network device. The method may also include establishing a data plane connection with the second network device using the second security association parameters.

A system for performing a service by using biometric information is disclosed. A system according to the present disclosure comprises an electronic device, a first server and a second server, and a control method of the system comprises the steps of: allowing the electronic device to acquire first biometric information; allowing the electronic device to acquire first encrypted data, in which the first biometric information is encrypted, by using the acquired first biometric information and a first encryption key, and to transmit same to the first server, allowing the first server to acquire second encrypted data, in which the first encrypted data is encrypted, by using the first encrypted data received from the electronic device and a second encrypted key, and first user identification information corresponding to the first biometric information, and to transmit same to the second server; allowing the second server to match the second encrypted data and the first user identification information corresponding to the biometric information, which are received from the first server, and to store same; allowing the second server to acquire authentication information on the basis of the matched second encrypted data and first user identification information, and to transmit same to the first server, and allowing the first server to register the authentication information on the biometric information.

The described technology is generally directed towards generating shared authentication keys using network connection characteristics. According to an embodiment, a system can comprise a processor and a memory that can store executable instructions that, when executed by the processor, facilitate performance of operations. The operations can comprise generating a first authenticator based on a first authentication key generated based on a first connection characteristic of the first device and a second connection characteristic of a second device. The operations can further comprise incorporating the first authenticator into first content for authentication by the second device employing a second authentication key, generated by the second device based on the first connection characteristic and the second connection characteristic. The operations can further comprise establishing, based on the first content, a connection with the second device.