Provided are embodiments for performing encryption and decryption. Embodiments include generating a random key address, obtaining a pre-stored key using the random key address, and re-arranging portions of the pre-stored key using the random key address and a first enable signal. Embodiments also include selecting a dynamic logic operation based on the random key address and a second enable signal, receiving data for encryption, and combining portions of the received data for encryption with the re-arranged portions of the pre-stored key using the dynamic logic operation to produce encrypted data. Embodiments include re-arranging portions of the encrypted data based on the random key address and a third enable signal, and combining the re-arranged portions of the encrypted data with the random key address into an encrypted data packet for transmission. Also provided are embodiments for a transmitter and receiver for performing the encryption and decryption.

In aspects of quantum-based security for hardware devices, a computing device includes a processor for application processing in a trusted execution environment, and includes a quantum random number generator to generate quantum random numbers sourced by multiple hardware devices in the computing device. The computing device also includes an embedded secure element that manages connection security of the multiple hardware devices, and is a single root of trust as a secure controller of the quantum random number generator. The computing device also includes a secure switch controlled by the embedded secure element, the secure switch being switchable to connect at least one of the multiple hardware devices to obtain a quantum random number from the quantum random number generator. The secure switch may be a virtualized secure switch implemented in the embedded secure element.

Aspects include a cryptographic hardware security module having a secure embedded heat pipe and methods for assembling the same. The cryptographic hardware security module can include a printed circuit board having one or more components. The cryptographic hardware security module can further include an encapsulation structure having a top can and a bottom can. The top can is fixed to a first surface of the printed circuit board and the bottom can is fixed to second surface of the printed circuit board opposite the first surface. A heat pipe is positioned between the top can and the component. The heat pipe includes two or more 180-degree bends. A portion of the heat pipe extends beyond a secure region of the encapsulation structure.

Systems, methods and devices are provided for provisioning a computerized device. The system may include a distributor computer that is connected to the computerized device and is operable to receive a first digital asset and transmit it to the computerized device, and a server that is connected to the distributor computer, and that transmits the first digital asset to the distributor computer when a first authorizing condition is met, the first digital asset being configured to cause the computerized device to become partially provisioned, wherein the server transmits a second digital asset to the computerized device, and the computerized device is functional after the second digital asset is transmitted to the computerized device.

A customer premises device may include a memory configured to store day 0 configuration instructions, a first network interface to couple to an out-of-band network, a second network interface operatively coupled to a customer network, and at least one processor configured to automatically and without user input execute the day 0 configuration instructions. The at least one processor is configured to establish and maintain a secure tunnel connection with a security gateway device via the out-of-band network and to establish a connection with a configuration platform on the provider network via the secure tunnel connection. Orchestration instructions for configuring one or more VNFs are received from the configuration platform via the tunnel connection. The at least one processor is further configured to receive VNF management instructions via the secure tunnel connection, wherein the VNF management instructions include one of: updates, reconfigurations, or patches.

The disclosure is directed to use of digital keys in providing access to secured locations, goods and resources as well as other assets. The access may be fee based with the disclosure further directed to including fee payment authorization into the access process. Electronic locks may be employed within modules to faciltiate the access. The digital keys may be accompanied with commands for the electronic locks and/or modules accomodating them to execute in the course of providing the access. The digital keys may be shared, limited to single or multiple use and may be lock agnostic. The commands may be sent from a smart mobile device and be digitally signed for subsequent attestation by the lock for authenticity verification. The digital keys may be generated and otherwise handled under one of a series of escalating security encryption methods typically used and reserved for financial transactions.

Disclosed is a method for ultra-wide band (UWB) security ranging and a UWB device configured to perform secure ranging. The method includes obtaining, from a UWB sub-system of the UWB device, first encryption data including a symmetric key encrypted with a public key of a secure application of the UWB device; transferring the first encryption data to the secure application; obtaining, from the secure application, second encryption data including a ranging data set (RDS) encrypted with the symmetric key; and transferring the second encryption data to the UWB sub-system. In this case, the RDS may include a ranging session key configured to secure a UWB ranging session, and the secure application may be included in a trusted execution environment area.

Methods and a system of generating a master seed using location-based data. The system includes a pseudo-random number generator configured to generate a random number and a global positioning system module configured to determine a location of the system. The system also includes an encryption module configured to generate a signing request message. The signing request message includes the random number and the location. The system further includes a communication device configured to transmit the signing request message to a location authority for authorization. The communication device further configured to receive a signature from the location authority upon authorization of the signing request message. The system is further configured to generate a master seed based on the signature.

A method, computer program product, and a system where a secure interface control configures a hardware security module for exclusive use by a secure guest. The secure interface control (“SC”) obtains a configuration request (via a hypervisor) to configure the hardware security module (HSM), from a given guest of guests managed by the hypervisor. The SC determines if the HSM is already configured to a specific guest of the one or more guests, but based on determining that the HSM is not configured to the and is a secure guest the SC forecloses establishing a configuration of the HSM by limiting accesses by guests to the HSM exclusively to the given guest. The SC logs the given guest into the HSM by utilizing a secret of the given guest. The SC obtains, from the HSM, a session code and retains the session code.

A hardware security module (HSM) generates a client key for an account holder of a cryptoasset custodial system. The HSM encrypts the client key to generate an encrypted client key using a hardware-based cryptographic key within a secure storage device. The encrypted client key is transmitted to client devices. The HSM deletes the encrypted client key from the secure storage device. Each client device stores the encrypted client key in an offline secure enclave. A request to authorize a cryptoasset transaction is received. The HSM determines that signed messages endorsing the cryptoasset transaction have been received from at least some client devices in satisfaction of a quorum. The encrypted client key is received from at least one client device. The HSM decrypts the encrypted client key. The HSM signs an approval message for the cryptoasset transaction using a cryptoasset key based at least in part on the client key.