A computing device comprising a frontend and a backend is operably coupled to a plurality of storage devices. The backend comprises a plurality of buckets. Each bucket is operable to build a failure-protected stipe that spans two or more of the plurality of the storage devices. The frontend is operable to encrypt data as it enters the plurality of storage devices and decrypt data as it leaves the plurality of storage devices.

A method for secure key exchange. The method comprises receiving a request to certify a key from a communication partner at an interface between an access and tamper resistant circuit block and exposed circuitry. Within the access and tamper resistant circuit block, a first random private key is generated. A corresponding public key of the first random private key is derived, and a cryptographic digest of the public key and attributes associated with the first random private key is generated. The generated cryptographic digest is signed using a second random private key that has been designated for signing by one or more associated attributes. The public key and the signature are then sent to the communication partner via the interface.

Systems and methods for encrypted content management are provided and include generating a user private key, a user public key, and a symmetric encryption key. A group private key, a group public key, and a group symmetric encryption key are generated and the group private key is encrypted with the group symmetric encryption key. A first shared-secret key is generated based on the user public key and the group private key using a diffie-hellman exchange algorithm. The group symmetric encryption key is encrypted using the first shared-secret key to generate an escrow key. Plaintext data is encrypted using a content symmetric key. A second shared-secret key is generated based on an ephemeral private key and the group public key using a diffie-hellman exchange algorithm. The content symmetric key is encrypted using the second shared-secret key.

Disclosed herein is an apparatus for calculating a cryptographic component R.sup.2 mod n for a cryptographic function, where n is a modulo number and R is a constant greater than n. The apparatus comprises a processor configured to set a start value to be equal to R mod n, perform b iterations of a shift and subtract operation on the start value to produce a base value, wherein the start value is set to be equal to the base value after each iteration, set a multiplication operand to be equal to the base value, and perform k iterations of a Montgomery modular multiplication of the multiplication operand with the multiplication operand to produce an intermediate result, wherein the multiplication operand is set to be equal to the intermediate result after each iteration, wherein the shift and subtract operation comprises determining a shifted start value which is equivalent to the start value multiplied by two, and subtracting n from the shifted start value if the shifted start value is greater than or equal to n.

A method for leveraging a universal credential in an access control system according to one embodiment includes generating, by a cloud system, a CBOR web token for user access to at least one electronic lock, wherein the CBOR web token includes a group tag associated with a set of access rights for a group of users and a cryptographic signature, transmitting the CBOR web token to a user mobile device, receiving, by a first electronic lock, the CBOR web token from the user mobile device for access to a passageway secured by the first electronic lock, verifying an authenticity of the cryptographic signature of the CBOR web token and that the group tag of the CBOR web token is associated with a group authorized to access the passageway secured by the first electronic lock, and unlocking a lock mechanism in response to the verifications.

A Bluetooth central apparatus encrypts a piece of verification data according to a secret-key system to generate a first encrypted verification parameter, and transmits the first encrypted verification parameter to a Bluetooth peripheral apparatus. The Bluetooth peripheral apparatus decrypts the first encrypted verification parameter according to the secret-key system to obtain a piece of decrypted verification data. The Bluetooth peripheral apparatus also encrypts the piece of decrypted verification data according to the secret-key system to generate a second encrypted verification parameter, and transmits the second encrypted verification parameter to the Bluetooth central apparatus. After that, the Bluetooth central apparatus decrypts the second encrypted verification parameter according to the secret-key system to obtain the piece of decrypted verification data, and verify whether the Bluetooth peripheral apparatus is valid according to the piece of verification data and the piece of decrypted verification data.

Embodiments of the invention introduce efficient methods for securely generating a cryptogram by a user device, and validating the cryptogram by a server computer. A secure communication can be conducted whereby a user device provides a cryptogram without requiring the user device to persistently store an encryption key or other sensitive data used to generate the cryptogram. The user device and server computer can mutually authenticate and establish a shared secret. Using the shared secret, the server computer can derive a session key and transmit key derivation parameters encrypted using the session key to the user device. The user device can derive the session key using the shared secret, decrypt the encrypted key derivation parameters, and store the key derivation parameters. Key derivation parameters and the shared secret can be used to generate a single use cryptogram key, which can be used to generate a cryptogram for conducting secure communications.

The disclosure relates to a method for enabling the secure functions of a chipset (1) and especially the encryption of the content of the secure memory (7) when the device goes into low power mode. The content of the secure memory (7) may be encrypted and stored in an external memory (20) during low power mode of the chipset (1).

This application provides a key distribution method, an apparatus, and a system, includes: determining, by an identity management server based on AAA authentication information, whether AAA authentication on the terminal succeeds; if the AAA authentication succeeds, sending the ID of the terminal to a key management server; and generating, by the key management server, a private key of the terminal and returning the private key to the management server. After negotiating with the terminal to generate a first key, the identity management server encrypts the ID and the private key of the terminal, and sends an encrypted ID and an encrypted private key to the terminal. The terminal obtains the ID and the private key of the terminal. According to the key distribution method, apparatus, and system provided in this application, communication security performance of the terminal during ID-based registration authentication is improved.

A system described herein may provide for secure group messaging between multiple participant devices, in which two or more of the participant devices support blockchain-based techniques for the secure sharing of keys used to secure the group messaging, and in which one or more of the participant devices (e.g., a third device) do not support such techniques. A key escrow system may maintain keys associated with the third device, and the other devices of the group messaging system may retrieve such keys from the key escrow system. Such other devices may attempt to obtain keys associated with the third device from a blockchain and may retrieve such keys from the key escrow system when the retrieval from the blockchain is unsuccessful. The other devices may additionally share their respective keys to the blockchain and the key escrow system, or the key escrow system may “pull” such keys from the blockchain.