A method of encrypting data in a nonvolatile memory device (NVM) includes; programming data in selected memory cells, sensing the selected memory cells at a first time during a develop period to provide random data, sensing the selected memory cells at a second time during the develop period to provide main data, encrypting the main data using the random data to generate encrypted main data, and outputting the encrypted main data to an external circuit, wherein the randomness of the random data is based on a threshold voltage distribution of the selected memory cells.

An authentication and encryption protocol is provided that can be implemented within a single clock cycle of an integrated circuit chip while still providing unbreakable encryption. The protocol of the present invention is so small that it can co-exist on any integrated circuit chip with other functions, including a general purpose central processing unit, general processing unit, or application specific integrated circuits with other communication related functionality.

Methods for quantum key distribution are disclosed including forming a quantum production key package with a production file name; forming a first quantum sacrificial key package with a first sacrificial file name associated with a portion of the first production file name; sending the quantum sacrificial key package to a sacrificial key server; and sending the quantum production key package to computer devices to set up a quantum key encryption tunnel between the computer devices. The quantum production key packages are received by computer devices that send the production file name to the sacrificial key server to receive the sacrificial return key. The sacrificial return key is used to decrypt the quantum production key package with the quantum production keys. A first quantum production key is retrieved to encrypt and decrypt data at each computer device.

A method and system for encrypted messaging includes first and second client devices and a quantum key device having a quantum random number generator. The generator provides a first quantum random signal, and the key device provides a symmetric first master key from the first quantum random signal. The master key is transmitted to the first client device and stored. The key device uses the master key to generate an encrypted package by encrypting one of a plurality of keys. The key device generates a second encrypted package. The first pairing key is provided to the first client device by decrypting the first encrypted package using the first master key and providing the first pairing key in the second client device by decrypting the second encrypted package using the second master key to establish an encrypted connection between the first and second client devices.

A method includes obtaining, from a server, a filter including a set of encrypted identifiers each encrypted with a server key controlled by the server. The method includes obtaining a request that requests determination of whether a query identifier is a member of a set of identifiers corresponding to the set of encrypted identifiers. The method also includes transmitting an encryption request to the server that requests the server to encrypt the query identifier. The method includes receiving, from the server, an encrypted query identifier including the query identifier encrypted by the server key and determining, using the filter, whether the encrypted query identifier is not a member of the set of encrypted identifiers. When the encrypted query identifier is not a member of the set of encrypted identifiers, the method includes reporting that the query identifier is not a member of the set of identifiers.

A device can (i) operate a primary platform (PP) within a tamper resistant element (TRE) and (ii) receive encrypted firmware images for operating within the primary platform. The TRE can store in nonvolatile memory of the TRE (i) a PP static private key (SK-static.PP), (ii) a server public key (PK.IDS1), and (iii) a set of cryptographic parameters. The TRE can generate a one-time PKI key pair of SK-OT1.PP and PK-OT1.PP and send the public key PK-OT1.PP to a server. The TRE can receive a one-time public key from the server comprising PK-OT1.IDS1. The TRE can derive a ciphering key using an elliptic curve Diffie Hellman key exchange and the SK-static.PP, SK-OT1.PP, PK.IDS1, and PK-OT1.IDS1 keys. The TRE can decrypt the encrypted firmware using the derived ciphering key. The primary platform can comprise a smart secure platform (SSP) and the decrypted firmware can comprise a virtualized image for the primary platform.

Hardware masking may be used as a countermeasure to make power analysis attacks more difficult. Masking attempts to decouple the secret and/or processed values of a cryptographic algorithm from its intermediate values. One method of masking probabilistically splits each bit of a computation into multiple shares. Mask-share domains (i.e., the wires and gates that perform a computation on a share) are physically spaced to reduce coupling between mask-share domains. The mask-share domains may be connected to the same power supply network. The physical distance between mask-share domains along the power-supply network may be selected to reduce coupling between mask-share domains that may occur via the power supply network. The mask-share domains may each be connected to different on-chip power supply networks.

A method for determining the authenticity of an item, the method comprising: receiving, by an item, a seed; storing the seed in a block of non-volatile memory in the supply item follower component; calculating, by the item follower component, an output of a cryptographic function with the input based on the seed and storing the output in the block of non-volatile memory; iteratively calculating, by the item, the outputs of the cryptographic function wherein for each iteration the input for the cryptographic function is based on the seed and all previous outputs, and for each iteration storing the output in the block of non-volatile memory; and determining the authenticity of the item based on a selected output of the cryptographic function of the item, the selected output being one of the outputs stored in the block of non-volatile memory.

Proposed is a controller for a participant of a communication system, wherein the communication system wirelessly communicates in a frequency band that is used for communication by a plurality of communication systems, wherein the controller is configured to identify a channel access pattern, wherein the channel access pattern indicates a frequency hop-based and/or time hop-based occupancy of the frequency band that is usable for the communication of the communication system, wherein the controller is configured to identify the channel access pattern as a function of individual information of the communication system and as a function of a state of a numerical sequence generator for generating a numerical sequence or a number of a numerical sequence.

A computer-implemented method for authentication of a queried device having an electrical circuit exhibiting physically unclonable functions (PUFs). The method includes: at the queried device, generating a first random number based on an initial first counter value; matching the first random number against a first value of a record stored in a database of a querying device, the record including second (shuffled) and third values; at the queried device, generating a second random number based on a once incremented first counter value, deterministically generating a de-shuffled second value based on an initial second counter value, determining that the second random number matches the de-shuffled second value, and submitting sub-challenges corresponding to the second random number to the electrical circuit to generate a response; and, at the querying device, determining that the response matches the third value of the record to complete a first authentication of the queried device.