The invention includes a tool for the generation and usage of a dynamic polychrome lattice image for unique and secure authentication and verification purposes. The tool is multi-purposed and can be applied to a variety of use cases and may utilize multiple channels of communication between devices. The dynamic polychrome lattice image may be adjusted according to the display size and resolution of various user devices. System devices may scan the dynamic polychrome lattice image, and upon successful retrieval and decryption of the dynamic polychrome lattice image, the user may be authenticated and verified to access one or more programs or services.

A computer-implemented method for providing a secured updated kernel module of an electronic device, wherein the method comprises the following steps: inserting by a computer a chameleon hash of a kernel module, a kernel module private key of the kernel module and an updated kernel module of the kernel module in a chameleon hash collision function thereby obtaining a collision data, combining by the computer, the updated kernel module with the collision data obtaining thereby a secured updated kernel module. Additionally, it is further described a computer-implemented method for secure updating at least one kernel module of an electronic device, a system comprising a server and an electronic device, computer programs and a computer-readable medium.

The techniques described herein may provide an efficient and secure two-party distributed signing protocol for the identity-based signature scheme described in the IEEE P1363 standard. For example, in an embodiment, a method may comprise generating a distributed cryptographic key at a key generation center and a first other device and a second other device and generating a distributed cryptographic signature at the first other device using the second other device.

Embodiments described herein relate to credential wrapping for secure transfer of electronic SIMs (eSIMs) between wireless devices. Transfer of an eSIM from a source device to a target device includes re-encryption of sensitive eSIM data, e.g., eSIM encryption keys, financial transaction credentials, transit authority credentials, and the like, using new encryption keys that include ephemeral elements applicable to a single, particular transfer session between the source device and the target device. The sensitive eSIM data encrypted with a symmetric key (K.sub.s) is re-wrapped with a new header that includes a version of K.sub.s encrypted with a new key encryption key (KEK) and information to derive KEK by the target device. The re-encrypted sensitive SIM data is formatted with additional eSIM data into a new bound profile package (BPP) to transfer the eSIM from the source device to the target device.

An encryption system includes one or more computers each including a memory and a processor configured to generating a public key and a master private key that are used in attribute-based encryption; using, as inputs, at least the public key and one of an attribute and a policy that is denoted by an arbitrary conditional expression related to the attribute, and generating at least cyphertext in which one of the attribute and the policy is embedded; using the public key, the master private key, and the other of the attribute and the policy as inputs, and generating a private key in which the other of the attribute and the policy is embedded; and using the public key, the cyphertext, and the private key as inputs, and decrypting the cyphertext.

A method is disclosed. The method includes transmitting, to a token service computer, a request message comprising a token requestor identifier associated with the token requestor and a service provider computer identifier associated with the service provider computer. The method also includes receiving a response message comprising the token and/or a cryptogram, generating an authorization request message comprising the token and the cryptogram, and transmitting the authorization request message to a processing computer in communication with a token service computer.

The present disclosure relates to a searchable encrypted data sharing method and system based on blockchain and homomorphic encryption, which protects security of sensitive data on the blockchain and realizes searchable and homomorphic calculation of data ciphertext. According to the present disclosure, a data owner encrypts the generated sensitive data and the keywords extracted according to the data with his own key, and then sends the encrypted transaction information to the cloud server. The cloud server verifies the identity of the data owner. If the verification succeeds, the uploaded ciphertext data is stored on a local server, and a ciphertext index, keyword ciphertext and related evidences of the data storage are uploaded to an alliance chain. The alliance chain node verifies the consistency of the uploaded transaction information, and if the verification succeeds, the transaction information is recorded.

A device implementing a system for using a verified claim of identity includes at least one processor configured to receive a verified claim including information to identify a user of a device, the verified claim being signed by a server based on verification of the information by an identity verification provider separate from the server, the verified claim being specific to the device. The at least one processor is further configured to send, to a service provider, a request for a service provided by the service provider, and receive, from the service provider and in response to the sending, a request for the verified claim. The at least one processor is further configured to send, in response to the receiving, the verified claim to the service provider.

Authentic remote presence for a user located at a source computer is established at a target computer without requiring transmission of the user password from the source computer to the target computer, and without requiring that the user be previously credentialed at the target. The presence established at the target computer will be recognized by a security domain identity provider as authentic, allowing the user to work remotely on the source computer as if the user was physically present at the target computer even when the source and target are miles apart. The remote access presence may be bound to the particular source and target computers, such that the presence credentials can only be used for remote access from the source through the target into the security domain. The remote access functionality will work with a wide variety of operating systems, on both desktop and mobile platforms.

A system described herein provide for the secure maintaining and providing of information, such as public keys used in Public Key Infrastructure (“PKI”) techniques or other techniques, using a secure distributed ledger (e.g., “blockchain”) system. A blockchain system may be utilized in lieu of a key escrow system in the exchange and/or providing of public keys in a Diffie-Hellman key exchange technique or other type of technique in which public keys are provided from one entity to another. A first entity may generate an asymmetric key pair that includes a public key and a private key, and may provide the public key to a blockchain system for retrieval by one or more other entities. For example, the entities may be engaged in a secure messaging session, in which messages are encrypted and may be decrypted using one or more keys, including the public key.