The invention is a cryptographic pseudonym mapping method for an anonymous data sharing system, the method being adapted for generating a pseudonymized database (DB) from data relating to entities and originating from data sources (DS.sub.i), wherein the data are identified at the data sources (DS.sub.i) by entity identifiers (D) of the respective entities, and wherein the data are identified in the pseudonymized database (DB) by pseudonyms (P) assigned to the respective entity identifiers (D) applying a one-to-one mapping. According to the invention, one mapper (M) and one key manager (KM) are applied, and a respective pseudonym (P) is generated by the mapper (M), for each encrypted entity identifier (C.sub.i) encrypted by the data source (DS.sub.i), utilizing the mapping cryptographic key (hi) corresponding to the particular data source (DS.sub.i). The invention is further a computer system realizing the invention, as well as a computer program and a computer-readable medium.

Disclosed is a calculation apparatus. The calculation apparatus comprises a memory which stores at least one instruction and a processor which executes the at least one instruction, wherein the processor executes the at least one instruction to store a predetermined base prime number, invert the bits of information about the pre-stored base prime number to generate first prime number information different from the base prime number information, and perform modular calculation on a plurality of ciphertexts by using the generated first prime number information.

A system and method are provided for the secure sharing of information across and open network and for performing management of keys used for encrypting and decrypting data.

A method for securely encrypting and decrypting data in a blockchain, wherein a node member of a network involved in executing a state transition function for the blockchain, uses a key derived from a sequence of digits in an irrational number. The irrational number can derive from a ratio and/or a root, and preferably a square root of a non-perfect square. A key might or might not utilize the entirety of the sequence of digits. For example, the key might utilize every other or every third digit in the sequence. A key might alternatively include some or all of the sequence, with one or more additional characters or digits added to the beginning or end of the sequence, or included elsewhere within the sequence. A key might even utilize non-consecutive members of the sequence of digits, or perhaps a reverse or partially reversed sequence.

Provided is a method for securely performing a public key algorithm comprising cryptographic computations using a private key. It includes selecting (S1), by a server device, a set of mutually coprime integers (p1,...,pn) as a base of a Residue Number System (RNS-base B), with n an integer; computing (S2), by said server device, a RNS representation of said private key, said RNS representation of an integer x in [0, P-1], with P the product of every elements of the base, being the list (x1, ...xn) with xi = x mod pi, i being an integer in [1,n]; sending (S3), by said server device, the computed RNS representation to a client device; and performing (S4), by said client device, the cryptographic computations of the public key algorithm in said RNS base using said sent RNS representation.

A system and method for private key management in a public key encryption system are disclosed. In one embodiment, the system and method may utilize a “fake” private key to provide the private key management.

In one embodiment, a file comprising a disk image and a key blob is prepared. The file is attached to a virtual machine configuration. A virtual machine based on the virtual machine configuration is launched. A kernel is paired to the key blob by a kernel driver paired to the key blob reading secret comprising identity information into the kernel of the virtual machine. The identity information is registered with a kernel service. The attached file is ejected from the virtual machine configuration. The identity information is accessed by an application running on the virtual machine, wherein the identity information is used by the application when the kernel service requires identity information. Related hardware and systems are also described.

An information handling system may include a host information handling system that is configured to execute a host operating system (OS), a management controller configured to provide out-of-band management of the information handling system, and a cryptoprocessor. The information handling system may be configured to: generate, at the cryptoprocessor, a cryptographic key pair comprising a public key and a private key, wherein the private key is sealed based on platform measurements of the information handling system; transmit the public key from the cryptoprocessor to the management controller; access, by the host information handling system, the sealed private key; transmit an authorization from the host information handling system to the management controller, wherein the authorization is signed with the private key; and based on a verification of the authorization with the public key, grant access to the management controller from the host OS.

A method includes sending, to a compute device and via a private channel, a public key for asymmetric encryption. The method also includes concurrently authenticating the compute device and generating a traffic key for symmetric encryption, based at least in part on the public key. The method further includes sending a message to the compute device, the message being encrypted using the traffic key via the symmetric encryption.

An apparatus for validating an identity of an individual based on biometrics includes a memory and a processor operatively coupled to a distributed database and the memory. The processor is configured to provide biometric data as an input to a predefined hash function to obtain a first biometric hash value. The processor is configured to obtain, using a first pointer to the distributed database, a signed second biometric hash value. The processor is configured to define a certification of the biometric data in response to verifying that a signature of the signed second biometric hash value is associated with the compute device and verifying that the first biometric hash value corresponds with the second biometric hash value. The processor is configured to digitally sign the certification using a private key associated with the processor to produce a signed biometric certification and store the signed biometric certification in the distributed database.