A device can (i) store public keys Ss and Sn for a network and (ii) record private key sd. A network can record a corresponding private keys ss and sn. The device can (i) generate a device ephemeral PKI key pair (Ed, ed) and (ii) send public key Ed to the network. The device can receive an ephemeral public key Es from the network. The device can calculate values for A: an elliptic curve point addition over Ss, Sn, and Es, and B: (sd+ed) mod n. The device can input values for X and Y into an elliptic curve Diffie Hellman key exchange (ECDH) in order to determine a mutually derived shared secret X5, where the network can also derive shared secret X5. The device can (i) use X5 to derive a key K2 and (ii) decrypt a ciphertext from the network using key K2.

A method of communicating a classical message M between a first party A and a second distant party B over a public channel F, comprises the steps of sharing a key between the parties, the shared key K comprising a short-term-secure key KS and/or a long-term-secure key KL; at A, encoding M as a quantum codeword, A using K to encode M into a first encrypted codeword belonging to a publicly known quantum code; communicating the first encrypted codeword from A to B over F whose output is a second codeword; unitarily transforming the second codeword into a third codeword by using a N-mode interferometer controlled by B, placed at the output of F and keyed by K; determining an estimate of M, at B, by performing a measurement on the third codeword and by processing the measurement using K.

A method and system are provided for improved distributing of a complete software image to all electronic devices of a certain type or model while using encryption to limit its use to specific ones of those devices. In the method, the entire software image is encrypted with a global key and the encrypted software image is distributed to all devices which have the capability of running that software. The global software decryption key for decrypting the software image is uniquely encrypted for every device that is authorized to use the software and the encrypted global software key is distributed to those devices from a field or factory provisioning server across a point-to-point connection.

A method at a network node of a radio access network (RAN) for managing a context of a user equipment (UE) operating in an inactive mode, the method comprising: receiving, from a second network node, a context retrieval request comprising a UE identifier and a first message, the first message being protected with a first cryptographic key; validating the first message using a stored cryptographic key associated with a UE context indicated by the UE identifier; and sending a context retrieval response message to the second network node containing a relocation indication of whether the UE context is to be relocated to the second network node.

Described are various embodiments of a cryptographic process for portable devices, and user presence and/or access authorization systems and methods employing such protocols. In one embodiment, a digital user authentication system is described to comprise a wireless digital user authentication device (UAD) operable to authenticate the user and wirelessly communicate an authenticated identity thereof; and a network application operatively associated with a wireless access point and operable to authenticate the user presence. Upon the network application authenticating the user presence based, at least in part, on the authenticated identity, the UAD and the network application securely establish a short-term symmetric advertising (STSA) key. During a prescribed advertising lifetime of the STSA, the UAD periodically computes and advertises authentication codes encompassing the STSA key so to securely advertise the authenticated user presence.

A system is provided for distribution of device key sets over a network in a protected software environment (PSE). In the system, a client device includes a connection interface for receiving a crypto hardware (CH) token belonging to a user, untrusted software, a quoting enclave, and a PSE for generating a provisioning request for a device key set. An attestation proxy server (APS) receives the provisioning message using a first network connection, and transmits the provisioning message to an online provisioning server (OPS) using a second network connection. The OPS constructs a provisioning response and an encrypted device key set, and delivers the provisioning response to the untrusted software using the first and second network connections. The PSE decrypts the encrypted device key set to obtain the device key set, re-encrypts the device key set with a local chip-specific key, and stores the re-encrypted device key set.

Methods, systems, and computer programs are presented for lowering network latency for cloud-based services. Service-delivery edge locations allow customers to improve communication-providers public and private network connectivity for improved performance. One method includes operations for performing, by an edge server, a handshake to establish a communication session between a client and a main server, and for exchanging data between the client and the main server via the edge server. The handshake includes exchanging, by the edge server, communication initiation messages with the client, and validating, by the edge server, authentication credentials for the communication session based on the communication initiation messages. The exchanging data comprises forwarding, by the edge server, data requests from the client to the main server through a private connection between the edge server and the main server, and forwarding, by the edge server, data responses from the main server to the client through the private connection.

Disclosed are methods for information encryption, decryption and key invalidation control, terminals and a network server. The method includes: a transmitting terminal creating a random key on a network server; the transmitting terminal encrypting to-be-transmitted information according to a common key negotiated with a receiving terminal and the random key or only according to the random key to obtain an encrypted cipher text; and the transmitting terminal transmitting the encrypted cipher text to the receiving terminal.

A disclosed example gateway node includes network communicator circuitry, memory, instructions, and processor circuitry. The network communicator circuitry is to send a first portion of a multi-part secret key to a first secret holder node, and send a plurality of shares of a second portion of the multi-part secret key to second secret holder nodes. The processor circuitry is to execute the instructions to combine responses from the first secret holder node and at least one of the second secret holder nodes to generate a combined authentication message, the network communicator circuitry to send the combined authentication message to a terminal node for authentication.

Exemplary embodiments relate to techniques for sending ephemeral content messages via a communications service. An interface may be presented to allow a user to initially access ephemeral content functionality and select content for inclusion in the ephemeral content message. The interface may present a streamlined set of use cases without regard to the manner in which the content was initially captured. Different types of content may be used as ephemeral content, including images, videos, weather reports, news stories, text, audio recordings, location tags, etc. The ephemeral content may be sent through the communications service as an end-to-end encrypted message. When a user replies to an ephemeral content message, the reply may trigger a one-to-one conversation between the originating user and the replying user. Alternatively, an ephemeral content message may be initially sent to a selected group, and replies may be sent back to the entire group.