A method for key generation is arranged in a client processor device, by means of which a second public client key P.sub.c′ of the client is generated. The public key P.sub.c′ is formed by a calculation, or sequence of calculations, which does not contain any operation whose result depends exclusively on the nonce s and at least one public value, or the public key P.sub.c′ being formed by a calculation, or sequence of calculations, where into each operation in which the nonce s enters, at least one non-public value enters the first private client key k.sub.c or the second private client key k.sub.c′, for example as a result of the calculation P.sub.c′=(k.sub.c′.Math.s).Math.G+(k.sub.c′.Math.k.sub.c).Math.P.sub.t.

A data processing method and apparatus based on a blockchain network, and a computer device. The method includes acquiring a transaction request, the transaction request carrying transaction data and reference signature data corresponding to the transaction data; validating the transaction data and the reference signature data; determining a matching node device from a target node device if the transaction data and the reference signature data are validated, and acquiring a signing key of the matching node device; determining data to be signed according to the transaction data, and signing on the data to be signed using the signing key of the matching node device to obtain endorsement signature data; and transmitting the endorsement signature data to the management device, wherein the management device generates a transaction block according to the endorsement signature data and the transaction data.

A cryptographic system includes an encryption apparatus including a memory and a processor configured to encrypt a plaintext into a ciphertext. The processor of the encryption apparatus executes generating first information resulting from encryption of the plaintext by an encryption function of a predetermined block cipher using a first secret key; generating second information resulting from encryption of a preset adjustment value by the encryption function using a second secret key; and generating the ciphertext by encrypting an arithmetic operation result of a bitwise exclusive OR of the first information and the second information by the encryption function using the first secret key.

Various techniques are provided to implement information leakage mitigation associated with elliptic curve operations. In one example, a method includes generating second data based on first data. The first data is associated with a message. The second data is associated with a decoy message. The method further includes performing a first elliptic curve operation based on the first data. The method further includes performing a second elliptic curve operation based on the second data. The first elliptic curve operation and the second elliptic curve operation are performed in a random order. Related systems and devices are provided.

A method of transmitting data in a storage device includes encrypting original data based on a homomorphic encryption algorithm to generate encrypted data, generating a parameter for regeneration of a ciphertext higher than an operation level of the encrypted data by using the encrypted data and a key value, and transmitting the encrypted data and the parameter to an external host device.

A computer-implemented method for providing a system-specific secret to a computing system having a plurality of computing components is disclosed. The method includes storing permanently a component-specific import key as part of a computing component and storing the component-specific import key in a manufacturing-side storage system. Upon a request for the system-specific secret for a computing system, the method includes identifying the computing component comprised in the computing system, retrieving a record relating to the identified computing component, determining the system-specific secret protected by a hardware security module and determining a system-specific auxiliary key. Furthermore, the method includes encrypting the system-specific auxiliary key with the retrieved component-specific import key, thereby creating a auxiliary key bundle, encrypting the system-specific secret and storing the auxiliary key bundle and a system record in a storage medium of the computing system.

A location verification system according to an embodiment of the present disclosure includes a plurality of base stations located in respective preset areas and transmitting, to an adjacent mobile communication device, location verification information obtained by signing GPS information on the base stations with a private key. It is possible to expect an effect of re-verifying a location of a mobile communication device, such as a drone or a smart car, at a destination, when the mobile communication device has moved to the destination based on GPS information.

Disclosed is a method for generating and authenticating a three-dimensional dynamic OTP that does not require input of a password. In the method, a user address received from a user terminal is converted into coordinate values in degrees, minutes, and seconds on latitude and longitude, and set as address coordinates from the coordinates in a unit of seconds and then a two-dimensional reference coordinate system is displayed that is subdivided with the address coordinates as an origin, a two-dimensional function is provided and rotated about an arbitrary axis to form a three-dimensional space by a three-dimensional function, one OTP generation coordinate within the three-dimensional space is provided, and then a one-time password is generated by combining respective coordinate values of x, y, and z axes of the one OTP generation coordinate.

The present invention discloses a cloud-side collaborative multi-mode private data circulation method based on a smart contract, including: S1, a system is initialized; S2, the original data are encrypted into private data, an encryption certificate z′ for storage is generated, and z′ includes metadata and a data certificate key′; S3, the DO calls a smart contract program to realize uplink of the encryption certificate z′ and releases z′ to a block chain through a smart contract, wherein the smart contract is open to all user accounts; S4, rapid data circulation is realized: when DO releases the data certificate, DU has been identified, a DU's account ID.sub.DU is set through an access policy, the DU obtains an encryption key for data access by executing a smart contract and a key algorithm, private data are obtained through metadata and decrypted to obtain a plaintext; and S5, the data circulation is confirmed.

A system and method for providing secure Single-Sign-On (SSO) authentication in a zero-knowledge architecture. A first server component may operate as a first relying party in a first SSO flow. When the user of an application successfully authenticates to a first identity provider, a first part of a secret key may be provided to the application. Additionally, a second server component may operate as a second relying party in a second SSO flow. When the first part of the secret key is received by the application, authentication information may be provided to a second identity provider. Based on a successful authentication, a second part of the secret key may be provided to the application. The first and second parts of the secret key may be combined by the application to generate a final secret key that may be used to decipher encrypted user data.