A computing device comprising a frontend and a backend is operably coupled to a plurality of storage devices. The backend comprises a plurality of buckets. Each bucket is operable to build a failure-protected stripe that spans two or more of the plurality of the storage devices. The frontend is operable to encrypt data as it enters the plurality of storage devices and decrypt data as it leaves the plurality of storage devices.

A method for providing Cheon-resistance security for a static elliptic curve Diffie-Hellman cryptosystem (ECDH), the method including providing a system for message communication between a pair of correspondents, a message being exchanged in accordance with ECDH instructions executable on computer processors of the respective correspondents, the ECDH instructions using a curve selected from a plurality of curves, the selecting including choosing a range of curves; selecting, from the range of curves, curves matching a threshold efficiency; excluding, within the selected curves, curves which may include intentional vulnerabilities; and electing, from non-excluded selected curves, a curve with Cheon resistance, the electing comprising a curve from an additive group of order q, wherein q is prime, such that q−1=cr and q+1=ds, where r and s are primes and c and d are integer Cheon cofactors of the group, such that cd≤48.

A method of sharing a first common secret among a plurality of nodes for enabling secure communication for blockchain transactions. The method comprises determining, for at least one first node a plurality of second common secrets, wherein each second common secret is common to the first node and a respective second node, is determined at the first node based on a first private key of the first node and a first public key of the second node and is determined at the second node based on the first private key of the second node and the first public key of the first node. The method further comprises exchanging encrypted shares of the first common secret among the plurality of nodes to enable each of the plurality of nodes to reach a threshold number of shares of the first common secret to access the first common secret.

A method and system are provided for updating an elliptic curve (EC) base point G, with the EC basepoint used in encryption and coding of video data. A candidate base point G is generated that includes additional data used for validation purposes and checked as a valid base point before transmission and use.

According to one embodiment, a system receives, at a host channel manager (HCM) of a host system, a request from an application to establish a secure channel with a data processing (DP) accelerator, where the DP accelerator is coupled to the host system over a bus. In response to the request, the system generates a first session key for the secure channel based on a first private key of a first key pair associated with the HCM and a second public key of a second key pair associated with the DP accelerator. In response to a first data associated with the application to be sent to the DP accelerator, the system encrypts the first data using the first session key. The system then transmits the encrypted first data to the DP accelerator via the secure channel over the bus.

A vehicle control apparatus and a control method thereof are provided. A vehicle control apparatus includes a processor including a host core and a hardware security module (HSM) core. The processor generates a first private key and a first public key, receives a second public key from a diagnostic device, generates a shared key based on the first private key and the second public key, receives a security data transmission request from the diagnostic device, and encodes data based on the shared key and transmits the encoded data to the diagnostic device.

The present techniques generally describe a computer implemented method for establishing a secure communication session between a client device and a first server, the method performed by the client device comprising: obtaining, from a second server, credential data comprising a session identifier and cryptographic key data; performing a connection handshake with the first server to establish the secure communication session; creating a security state record defining one or more parameters used to establish the secure communication session, and associating the session identifier with the security state record; performing a first resumption handshake with the first server using the session identifier to re-establish the secure communication session.

Methods and endpoint nodes and controllers are disclosed for mutual authentication and key exchange. In an embodiment, physical unclonable function circuits on the endpoint nodes are used in combination with key masks to allow mutual authentication and key exchange between the endpoint nodes.

Aspects of the invention include receiving a request from a responder channel on a responder node to initiate a secure communication with an initiator channel on an initiator node. The request includes an identifier of a shared key, and a nonce and security parameter index generated by the initiator node for the secure communication. The receiving is at a local key manager (LKM) executing on the responder node. A security association is created at the LKM between the initiator node and the responder node. The shared key is obtained based at least in part on the identifier of the shared key. Based on obtaining the shared key, a message requesting initialization of the secure communication between the responder channel and the initiator channel is built. The message includes an initiator nonce and an initiator security parameter index generated by the LKM for the secure communication.

Systems and methods for forming a verified secure wireless connection are disclosed. One system includes a first device with a first transceiver and a second device with a second transceiver. The second device does not include a display or any other means for providing high resolution visible light information. The system also includes a visible light signal source on the second device. The first and second devices store computer-readable instructions to initialize a secure wireless connection using the first transceiver and the second transceiver. The second device also stores computer-readable instructions to generate a visible light signal using the visible light source. The first device stores computer-readable instructions to verify the secure wireless connection using the visible light signal.