An apparatus for validating an identity of an individual based on biometrics includes a memory and a processor operatively coupled to a distributed database and the memory. The processor is configured to provide biometric data as an input to a predefined hash function to obtain a first biometric hash value. The processor is configured to obtain, using a first pointer to the distributed database, a signed second biometric hash value. The processor is configured to define a certification of the biometric data in response to verifying that a signature of the signed second biometric hash value is associated with the compute device and verifying that the first biometric hash value corresponds with the second biometric hash value. The processor is configured to digitally sign the certification using a private key associated with the processor to produce a signed biometric certification and store the signed biometric certification in the distributed database.

Disclosed is a method of verifying integrity of a pair of public and private cryptographic keys within the additive group of the integers modulo N, with N being the product of two primary numbers p and q, the method including: calculating a candidate private exponent d′ corresponding to a private exponent d of the private key; and executing a test of integrity. The test of integrity includes a step for verifying the coherence of the candidate private exponent d′ with respect to a public exponent e of the public key and to the numbers p and q, the verification step involving a first multiple modulo of the public exponent e of the public key and a second multiple modulo of the public exponent e of the public key.

An infrastructure delivery platform provides a proxy service as an enhancement to the TLS/SSL protocol to off-load to an external server the generation of a digital signature, the digital signature being generated using a private key that would otherwise have to be maintained on a terminating server. Using this service, instead of digitally signing (using the private key) “locally,” the terminating server proxies given public portions of ephemeral key exchange material to the external server and receives, in response, a signature validating the terminating server is authorized to continue with the key exchange. In this manner, a private key used to generate the digital signature (or, more generally, to facilitate the key exchange) does not need to be stored in association with the terminating server. Rather, that private key is stored only at the external server, and there is no requirement for the pre-master secret to travel (on the wire).

A control system for construction machinery includes a smart key configured to store a plurality of authentication codes and activate any one of the authentication codes, and a plurality of construction machines including a plurality of smart key modules mounted thereon respectively, the smart key modules communicating wirelessly with the smart key and having respective registration authentication codes which match with the authentication codes respectively. The construction machine including the smart key module having the registration authentication code which matches with the activated authentication code is controlled by the smart key.

A system and method for preventing use of invalid digital certificates is disclosed. The method comprises receiving, in a validation service from a requesting entity, a cryptographic asset and a request to evaluate the cryptographic asset, the cryptographic asset uniquely assigned to one of the plurality of devices by an associated one of the commercially distinct entities, the request comprising the cryptographic asset, determining an evaluation state of the cryptographic asset at least in part from a database derived from a plurality of public keys currently assigned to the plurality of devices and previously received by the validation service, determining a disposition of the cryptographic asset according to a disposition policy associated with the determined evaluation state and the device and effecting the determined disposition of the cryptographic asset.

Post quantum secure network communication is provided. The process comprises sending, by a client in a first computing cluster, an outbound message to a quantum safe cryptographic (QSC) proxy server in the first computing cluster, wherein the outbound message is addressed to a target server in a second computing cluster. The QSC proxy server initiates a QSC transport layer security (TLS) connection with an ingress controller in the second computing cluster, wherein the ingress controller comprises a QSC algorithm. The QSC proxy server transfers the message to the ingress controller via the QSC TLS connection, and the ingress controller routes the message to the target server in the second computing cluster via a non-QSC connection.

Provided are a method and apparatus for a hardware-based accelerated arithmetic operation on homomorphically encrypted messages. The method of performing hardware-based modular multiplication on homomorphically encrypted messages according to the present invention includes receiving a plurality of homomorphically encrypted messages expressed in a polynomial form and a modulus for modular multiplication, decomposing the modulus into a product of a plurality of disjoint factors through CRT operation, and extracting a divided ciphertext from a plurality of homomorphically encrypted messages based on each of the disjoint factors, performing NTT transformation on each coefficient of the divided ciphertext, performing a pointwise multiplication operation between result values of the NTT transformation, performing INTT transformation on a result value of the pointwise multiplication operation to obtain the divided ciphertext, and merging the divided ciphertext obtained in the performing of the INTT transformation through ICRT operation to generate an output ciphertext.

Systems, methods, and computer-readable media for controlling the execution of a deployed software program to a customer system are disclosed herein. A vendor may deploy a software program to the customer system. The software program may comprise an access key, the access key comprising a digital signature and access parameters. The digital signature may utilize a public key private key pair. The customer may run the software program by validating the access key on the customer system. Validating the access key may comprise verifying the digital signature and verifying the access parameters. Once the access key has been validated, the customer may execute the software program on the customer system.

A method is disclosed. The method includes receiving, by a token service computer, a token request message, the token request message being originated from a token requestor computer. The method also includes determining, by the token service computer, two or more access tokens based upon a single credential, and then transmitting the two or more access tokens to the token requestor computer in a token response message.

Disclosed herein is an apparatus for calculating a cryptographic component R.sup.2 mod n for a cryptographic function, where n is a modulo number and R is a constant greater than n. The apparatus comprises an arithmetic logic unit configured to iteratively perform Montgomery multiplication of a first operand with a second operand to produce an intermediate result, wherein the first operand and the second operand are set to the intermediate result after each iteration, responsive to a termination condition being met, determine an adjustment parameter indicative of a difference between the intermediate result and the cryptographic component, and perform Montgomery multiplication of the intermediate result with the adjustment parameter, to calculate the cryptographic component for the cryptographic function.