A communication method according to an embodiment of the present disclosure includes establishing, by a second terminal, a connection with a first terminal through a first communication channel that uses a first protocol, receiving, by the second terminal, a first message including a public key of the first terminal through the first communication channel, storing, by the second terminal, the public key of the first terminal, performing, by the second terminal, a security authentication routine through an authentication unit communicatively connected to the second terminal, and transmitting to the first terminal, by the second terminal, a second message including a public key of the second terminal through the first communication channel on the basis of a determination that authentication has succeeded, and generating a first secret key.

A device implementing end-to-end encryption for location sharing may include at least one processor configured to generate a public-private keypair. The at least one processor may be further configured to encrypt, using a first key of the public-private keypair, location data corresponding to a location of the electronic device. The at least one processor may be further configured to transmit, to a server, the encrypted location data for storage. The at least one processor may be further configured to transmit, via a secure communication channel, a second key of the public-private keypair to another electronic device for subsequent retrieval of the encrypted location data by the other electronic device.

An integrated-circuit device comprises a physical-unclonable-function (PUF) unit, a secure module, and an interconnect system communicatively coupled to the PUF unit and to the secure module. The device transfers a PUF key from the PUF unit to the secure module, over the interconnect system. In order to do this, the secure module generates a random value. The secure module then sends the random value to the PUF unit. The PUF unit then performs a bitwise XOR operation between the received random value and the PUF key, to generate a masked value. The PUF unit then transfers the masked value over the interconnect system to the secure module. The secure module then unmasks the PUF key by performing a bitwise XOR operation between the received masked value and the random value.

Systems, methods and devices are provided for provisioning a computerized device. The system may include a distributor computer that is connected to the computerized device and is operable to receive a first digital asset and transmit it to the computerized device, and a server that is connected to the distributor computer, and that transmits the first digital asset to the distributor computer when a first authorizing condition is met, the first digital asset being configured to cause the computerized device to become partially provisioned, wherein the server transmits a second digital asset to the computerized device, and the computerized device is functional after the second digital asset is transmitted to the computerized device.

The disclosure is directed to use of digital keys in providing access to secured locations, goods and resources as well as other assets. The access may be fee based with the disclosure further directed to including fee payment authorization into the access process. Electronic locks may be employed within modules to faciltiate the access. The digital keys may be accompanied with commands for the electronic locks and/or modules accomodating them to execute in the course of providing the access. The digital keys may be shared, limited to single or multiple use and may be lock agnostic. The commands may be sent from a smart mobile device and be digitally signed for subsequent attestation by the lock for authenticity verification. The digital keys may be generated and otherwise handled under one of a series of escalating security encryption methods typically used and reserved for financial transactions.

Techniques for exporting remote cryptographic keys are provided. In one technique, a proxy server receives, from a secure enclave of a client device, a request for a cryptographic key. The request includes a key name for the cryptographic key. In response to receiving the request, the proxy server sends the request to a cryptographic device that stores the cryptographic key. The cryptographic device encrypts the cryptographic key based on an encryption key to generate a wrapped key. The proxy server receives the wrapped key from the cryptographic device and sends the wrapped key to the secure enclave of the client device.

The application provides a data security processing terminal, system and method, and is related to a field of data processing. The data security processing terminal includes: an image acquisition device configured to acquire image data and transmit the image data to a Trust Execution Environment through a secure channel; an image acquisition driver operating in the Trust Execution Environment and configured to drive, in response to a drive instruction from a processor, the image acquisition device to acquire the image data; the processor operating in the Trust Execution Environment and configured to send the drive instruction to the image acquisition driver, obtain the image data, encrypt the image data using a stored first key to obtain image ciphertext data, and output the image ciphertext data. The technical solution of the present applicant can be used to ensure the security of image data.

The present disclosure relates to a method and apparatus for key relay control based on software-defined networking in a quantum key distribution network. A method of controlling key relay in a quantum key distribution network (QKDN) according to an embodiment of the present disclosure includes: receiving, by a first control entity, a key relay route request from a key management (KM) layer; determining, by the first control entity, whether or not key relay is associated with a plurality of resource groups; and, transmitting a key relay route request from the first control entity to a second control entity, when key relay is associated with the plurality of resource groups, wherein key relay route information produced by the second control entity may be provided to the KM layer.

Embodiments relate to systems and methods for securely provisioning login credentials to an electronic device on a network, e.g., a consumer premises device (CPE) device, such as, among other devices, a modem. The login credential may be used, for example, for securely provisioning and configuring a CPE device.

A method for securing customer sensitive information on private cloud platforms includes receiving, at an on-premises computing system, sensitive information of a user. A local key of the on-premises computing system was previously encrypted by a master key stored at an off-premises computing system. The method includes sending the encrypted local key to the off-premises computing system for decryption, and receiving the decrypted local key in response to sending the encrypted local key to the off-premises computing system. The decrypted local key is decrypted from the received encrypted local key. The method includes decrypting a secret key assigned to the user, encrypting the sensitive information using the decrypted secret key, and storing the encrypted sensitive information.