The present disclosure relates to systems and methods for communicating over a network, including encrypting and decrypting communications of data over the network for providing enhanced security utilizing a blockchain-encryption process and a global device ledger. The following also discloses systems for establishing the identity of a device derived at least in part from a BIOS fingerprinting process to create a Device by User by Application (DUA) identity. Methods of establishing and monitoring network communications are also disclosed.

A tracking device can use a permanent encryption key pair to encrypt a temporary private key that corresponds to a set of diversified temporary public keys. When a community mobile device subsequently detects the tracking device, the central tracking system provides a diversified temporary public key to the community mobile device. The community mobile device uses the diversified temporary public key to encrypt location data representative of a location of the community mobile device, and provides the encrypted location data to the central tracking system. When a user subsequently requests a location of the tracking device from the central tracking system, the central tracking system provides the encrypted temporary private key and the encrypted location data to a device of the user, and the device can decrypt the encrypted temporary private key using the permanent encryption key pair, and decrypt the encrypted location data using the decrypted temporary private key.

Various embodiments relate to a method performed by a processor of a computing system. An example method includes generating a symmetric content encryption key. Content is encrypted using the content encryption key to generate cipher text. A hash of the cipher text is generated. Each of the hash and the content encryption key is signcrypted using each of a signcrypting party public key, a signcrypting party private key and a recipient public key to generate a signcrypted envelope message. The cipher text is embedded in a component of the signcrypted envelope message. The signcrypted envelope message is transmitted to a recipient. The recipient can designcrypt the signcrypted envelope message using each of the recipient public key, a recipient private key, and the signcrypting party public key to retrieve the content encryption key and hash of the cipher text. The recipient can decrypt the cipher text using the content encryption key.

A method for securing a secret of a client using an escrow agent operatively connected to the client includes initiating enrollment of the client with the escrow agent, wherein the enrollment results the escrow agent generating a key pair comprising a public key and a private key, obtaining the public key from the escrow agent, wherein the private key is not shared with the client, encrypting the secret with the public key to obtain an encrypted secret, and storing the encrypted secret on the client.

A method for performing a fully homomorphic encryption on a plain text is disclosed. The method includes computing a first subfunction based on a first computationally intractable problem and the plain text to generate a first section of a cipher text. The method also includes computing a second subfunction based on a second computationally intractable problem and the plain text to generate a second section of the cipher text. The method further includes generating a fully homomorphic function by integrating the first subfunction and the second subfunction. The method further includes encrypting the plain text to a fully homomorphic cipher text using the fully homomorphic function.

Systems and methods may be used for establishing a link between user identifiers of different systems without disclosing specific user identifying information. One method includes generating a matching relationship based on double encrypted one or more first data sets of a first party system and double encrypted one or more second data sets of a second party system. The matching relationship indicates one or more links between match keys associated with the first party system and the match keys associated with the third party system. The method includes assigning bridge identifiers for user identifiers associated with the first party system and the user identifiers associated with the third party system based on the matching relationship.

A method for providing a digital signature to a message, M, in accordance with a digital signature algorithm (DSA) or an elliptic curve digital signature algorithm (ECDSA) is disclosed. A secret key, x, is generated as a random secret sharing [x] among at least two parties, such as among at least three parties. Random secret sharings, [a] and [k], are generated among the at least two parties and [w]=[a][k], R=g.sup.k and W=R.sup.a are computed and their correctness verified. [w] is verified by checking whether or not g.sup.w=W. The message, M, is signed by generating a sharing, [s], among the at least two parties, using at least M, [w], R and [x].

Systems, apparatuses, methods, and computer program products are disclosed for post-quantum cryptography (PQC). An example method includes receiving data. The example method further includes receiving a set of data attributes about the data. The set of data attributes comprises one or more sets of data environment data attributes that are each representative of a set of data environments associated with the data. The example method further includes receiving one or more sets of data environment threat data structures associated with one or more data environments in the one or more sets of data environments associated with the data. The example method further includes selecting one or more cryptographic techniques for encrypting the data for at least the one or more data environments based on the set of data attributes, the one or more sets of data environment threat data structures, and a cryptograph optimization machine learning model.

A Computer-implemented method is provided for encrypting data by a server in cooperation with a predetermined number of rate limiters. The method includes receiving, by the server, a user identification, and a password to be encrypted and creating a secret message, the secret message being a key suitable for use with a symmetric key encryption/decryption scheme. The method further includes generating, on the basis of a predetermined interactive cryptographic encryption protocol, a ciphertext which encrypts the user password, and the secret message using secret keys of the rate limiters of the subset, where the threshold is smaller than or equal to the number of rate limiters, and the protocol is adapted such that the server needs only to interact with a subset of the predetermined size of the number of rate limiters for decryption of the ciphertext to recover the secret message.

A server can record a device static public key (Sd) and a server static private key (ss). The server can receive a message with (i) a device ephemeral public key (Ed) and (ii) a ciphertext encrypted with key K1. The server can (i) conduct an EC point addition operation on Sd and Ed and (ii) send the resulting point/secret X0 to a key server. The key server can (i) perform a first elliptic curve Diffie-Hellman (ECDH) key exchange using X0 and a network static private key to derive a point/secret X1, and (ii) send X1 to the server. The server can conduct a second ECDH key exchange using the server static private key and point X0 to derive point X2. The server can conduct an EC point addition on X1 and X2 to derive X3. The server can derive K1 using X3 and decrypt the ciphertext.