Systems and methods are disclosed for securing a network, for admitting new nodes into an existing network, and/or for securely forming a new network. As a non-limiting example, an existing node may be triggered by a user, in response to which the existing node communicates with a network coordinator node. Thereafter, if a new node attempts to enter the network, and also for example has been triggered by a user, the network coordinator may determine, based at least in part on parameters within the new node and the network coordinator, whether the new node can enter the network.

Systems and methods for attesting an enclave in a network. A method includes receiving, by a first device, proof information from an application provider entity that the enclave is secure, wherein the proof information includes a public part, Ga, of information used by the enclave to derive a Diffie-Hellman key in a key generation process with the application provider entity, processing, by the first device, the proof information to verify that the enclave is secure and ensuring that Ga is authentic and/or valid, deriving, by the first device, a new Diffie-Hellman key, based on Ga and x, wherein x is a private part of information used by the first device to derive the new Diffie-Hellman key, and sending, by the first device, a message including Ga and a public part, Gx, of the information used by the first device to derive the new Diffie-Hellman key to the enclave.

A system and method for training a decision tree are disclosed. A method includes publishing, by a first party, a first set of nominated cut-off values at a current node of a decision tree to be trained, computing a first respective impurity value for the first set of nominated cut-off values at the current node, creating first respective n shares of the first respective impurity value, transmitting, from the first party and so a second party, one of the first respective n shares of the first respective impurity value, receiving from the second party one of a second respective n shares of the second respective impurity value, adding a group of impurity values to yield a combined impurity value based on the one of the first respective n shares and the one of the second respective n shares and determining, based on the combined impurity value, a best threshold.

Methods, apparatus, systems, and articles of manufacture are disclosed. An example apparatus includes: interface circuitry to receive a first value and a second value; selector circuitry to select a first subset of bits and a second subset of bits from the first value; multiplier circuitry to: multiply the first subset to the second value during a first compute cycle; and multiply the second subset to the second value during a second compute cycle; left shift circuitry to perform a bitwise shift with a product of the first subset and the second value during the second compute cycle; adder circuitry to add a product of the second subset and the second value to a result of the plurality of bitwise shift operations during the second compute cycle; and comparator circuitry to determine the result of the modular multiplication based on a result of the addition during the second compute cycle.

A first server receives a set of cryptographic parameters from a second server. The set of cryptographic parameters is received from the second server as part of a secure session establishment between a client device and the second server. The first server accesses a private key that is not stored on the second server. The first server signs the set of cryptographic parameters using the private key. The first server transmits the signed set of cryptographic parameters to the second server. The first server receives, from the second server, a request to generate a premaster secret using a value generated by the second server that is included in the request and generates the premaster secret. The first server transmits the premaster secret to the second server for use in the secure session establishment between the client device and the second server.

Embodiments are direct to monitoring communication between computers may be using network monitoring computers (NMCs). Network packets that are communicated between the computers may be captured and stored in a data store. If the NMCs identify a secure communication session established between two computers, the NMCs may obtain key information that corresponds to the secure communication session that includes a session key that may be provided by a key provider. Correlation information associated with the secure communication session may be captured by the NMCs. The correlation information may include tuple information associated with the secure communication session. And, the key information and the correlation information may be stored in a key escrow. The key information may be indexed in the key escrow using the correlation information.

A system that provides responses to requests obtains a key that is used to digitally sign the request. The key is derived from information that is shared with a requestor to which the response is sent. The requestor derives, using the shared information, derives a key usable to verify the digital signature of the response, thereby enabling the requestor to operate in accordance with whether the digital signature of the response matches the response.

The present embodiments relate to establishing secure data communication using an Elliptic-curve Diffie-Hellman ephemeral (ECDHE) key agreement procedure. Devices in a network environment can utilize a key agreement procedure to establish secure communication between multiple application layers in a micro service architecture. Particularly, a tunnel can be established between a mobile device and an encryption service by transmitting key information between the mobile device and the encryption service. This can allow for encryption keys to only be accurately generated by the mobile device and encryption service. Accordingly, intermediary nodes may be unable to decrypt the data, allowing for safe and secure transport of sensitive data.

Embodiments of this application provide a key update method and a related apparatus. One example method includes: sending a first key update request to a second node, where the first key update request includes a first key negotiation parameter and first identity authentication information, and the first identity authentication information is generated by using a first shared key; receiving a first response message from the second node, where the first response message includes second identity authentication information; performing verification on the second identity authentication information by using the first shared key; and if the verification on the second identity authentication information succeeds, determining a first target key based on the first key negotiation parameter.

A system is provided for performing secure key exchange between a plurality of nodes of a communication network. The system comprises a master node and at least two slave nodes. In this context, the master node is configured to authenticate the at least two slave nodes with a pair-wise authentication key corresponding to each pair of master node and slave nodes. The master node is further configured to generate a group authentication key common to the plurality of nodes. Furthermore, the master node is configured to encrypt the group authentication key with the pair-wise authentication key for each respective pair of master node and slave nodes, thereby generating a respective encrypted group authentication key. Moreover, the master node is configured to communicate the encrypted group authentication key to the respective slave nodes.