Aspects and features of a cryptosystem and authentication for the cryptosystem, and a method or process for the cryptosystem, are described. In one example, a method for cryptographic communications includes storing a secret key, generating a system randomization number, and encrypting a plain data package into an encrypted data package by application of the plain data package, the secret key, and the system randomization number to a system of equations for encryption. The system of equations can be a system of linearly dependent equations in one example. Among other benefits, the cryptosystem relies upon the system of linearly dependent equations and the system randomization number to provide additional strength against known-plaintext attacks, chosen-plaintext attacks, and other types of attacks. The system is more semantically secure and offers ciphertext indistinguishability in a new approach using the system of linearly dependent equations.

An apparatus for cloud key management may include a networking interface, a memory, and a processor, coupled to the memory and the networking interface, the networking interface to couple the apparatus to one or more endpoint servers (EPSs) of a cloud service provider (CSP), each EPS including a hardware accelerator, and a management node (MN) of the CSP. The apparatus may further include an accelerator functional unit (AFU) developer interface module operated by the processor to receive cryptographic material (CM) for each of one or more AFU developers (AFUDs) and store it into the memory, the CM includes a public key hash (PKH), and an encryption key (EK) to decrypt an AFU of the AFUD. The apparatus may also include an EK communication module operated by the processor to: receive, from the MN, a request to send to a targeted EPS an encrypted lookup table (LUT), the LUT including PKHs and associated EKs for a set of the one or more AFUDs from which the targeted EPS is authorized to receive AFUs, and in response to the request, send, to the targeted EPS, the LUT.

A method includes receiving, by a server computer, a thin client identifier from a thin client on a communication device. The server computer can then retrieve an encrypted first cryptographic key based on the thin client identifier. The encrypted first cryptographic key is a first cryptographic key that is encrypted with a second cryptographic key. The server computer can initiate the sending of the encrypted first cryptographic key to the thin client. The server computer then receives an encrypted secret from the thin client, the encrypted secret being a secret encrypted with the first cryptographic key.

A secure element (SE) for processing a digital key includes a communication interface for communicating with a host, a memory for storing programs and data for processing the digital key, and a processor for executing the programs stored in the memory to receive a digital key processing request from a target device, determine whether a service is providable to the target device, by using a service-provider-specific service performance manager, process the digital key by using a digital key manager based on digital key processing information stored in the memory, upon determining that a service is providable to the target device, issue a digital key processing certificate by using the service-provider-specific service performance manager based on authentication information stored in the memory, and transmit the digital key processing certificate to at least one of a service provider and the target device.

Systems and methods for handshaking, without a certificate authority, to provide at least post-quantum communications security over a computer network. The method generates an authentication tag, hashing, by an initiator, a concatenation of unique identifiers of the initiator and a recipient. The method also generates an encrypted text, symmetrically encrypting, by the initiator that is configured to use a shared secret, a concatenation of the authentication tag and the unique identifiers of the initiator and the recipient. The method further includes sending the encrypted text from the initiator to a server. The method also includes symmetrically decrypting, by the server that is configured to use the shared secret, the encrypted text. The method further includes authenticating, by the server, the encrypted text. The method also includes generating a session key and providing the session key from the server to the initiator.

A method for creating a secure channel between devices for secure communication therebetween. The method comprises transmitting a first nonce from an initiator device to a responder device; receiving, at the initiator device, a second nonce and an identity of the responder device; transmitting an identity of the initiator device and a first set of one or more encrypted data objects from the initiator device to the responder device; receiving, at the initiator device, a second set of one or more encrypted data objects from the responder device; and generating, at the initiator device, a session key for secure communication between the initiator and responder devices.

A medical device communication system with a modular design to communicate with different types of medical devices, such as physiological sensors. The modular design is implemented using an extensible software library that provides a uniform framework for various applications or third party applications access to medical device data. The modular design also allows for regulated and unregulated portions of the system to be integrated into the system while allowing each portion to be updated separately. The regulated portion of the system may include components, such as sensors and the software library, that are subject to regulatory approval while the unregulated portion may include applications that are not subject to regulatory approval. Thus, the system enables a third party application developer to avoid having to submit the application to a regulatory agency for an application making use of the sensor data.

A high-performance distributed ledger and transaction computing network fabric over which large numbers of transactions (involving the transformation, conversion or transfer of information or value) are processed concurrently in a scalable, reliable, secure and efficient manner. In one embodiment, the computing network fabric or “core” is configured to support a distributed blockchain network that organizes data in a manner that allows communication, processing and storage of blocks of the chain to be performed concurrently, with little synchronization, at very high performance and low latency, even when the transactions themselves originate from distant sources. This data organization relies on segmenting a transaction space within autonomous but cooperating computing nodes that are configured as a processing mesh. Each computing node typically is functionally-equivalent to all other nodes in the core. The nodes operate on blocks independently from one another while still maintaining a consistent and logically-complete view of the blockchain as a whole. According to another feature, secure transaction processing is facilitated by storing cryptographic key materials in secure and trusted computing environments associated with the computing nodes to facilitate construction of trust chains for transaction requests and their associated responses.

The invention relates to a method (100) for securing a communication between a mobile communication apparatus (10) and a vehicle (5), in particular for authentication at a passive access system of the vehicle (5), wherein the vehicle (5) comprises at least one radio unit (20).

Mutual dependency between two devices is established by creating mutual dependency tokens containing stateful information to be stored on the issuing device and the client device. The tokens can be used for both web/application-level authentication and network-level authentication. Tokens for IP or MAC addresses can be created and stored in a modified route table, allowing for the creation of private virtual subnets.