The present invention discloses a system and method of generating application specific keys using key derived from network access authentication.

A multi-hop mesh network includes a root network device and a first network device. The first network device is configured to establish a first direct wireless connection with the root network device and negotiate a first shared secret key with the root network device. The multi-hop network further includes a second network device configured to establish a second direct wireless connection with the first network device and negotiate a second shared secret key with the first network device.

A computer implemented method includes generating, by a processor associated with a first client computer, a request message; generating, by the processor, a first public token based on a first private token; augmenting, by the processor, the electronic data transaction request message with the first public token; transmitting, by the processor, the augmented electronic data transaction request message to a second client computer; generating, by the processor, a second public token based on the first public token; identifying, by the processor, from a database of result messages, a result message labeled with the second public token, the identified result message including encrypted confidential information; generating, by the processor, a second private token corresponding to the second public token used to identify the result message; and decrypting, by the processor, the encrypted confidential information with the second private token.

According to one embodiment, a storage system includes a processor, a storage device, and a first memory. The storage device includes a nonvolatile memory, a control circuit, and a second memory. The processor retrieves, based on a retrieval key and retrieval information stored in the first memory, location information of data including the retrieval key and a value, and transmits the location information and the retrieval key to the control circuit. The control circuit reads the data from the nonvolatile memory based on the location information and the retrieval key, stores the data in the second memory, retrieves the value corresponding to the retrieval key from the data, and transmits the value to the processor.

In a general aspect, a plurality of cryptographic hash trees is generated. Each hash tree includes a root node and a plurality of leaf nodes. The leaf nodes are generated from verification keys for a one-time signature scheme. The hash trees are stored on hardware security modules. Public keys are generated for each of the hash trees. A composite public key is then generated for the plurality of hash trees such that the composite public key includes the plurality of public keys. A digital certificate that certifies the composite public key is obtained, the digital certificate including the composite public key and a digital signature of a certificate authority.

Technologies for secure collective authorization include multiple computing devices in communication over a network. A computing device may perform a join protocol with a group leader to receive a group private key that is associated with an interface implemented by the computing device. The interface may be an instance of an object model implemented by the computing device or membership of the computing device in a subsystem. The computing device receives a request for attestation to the interface, selects the group private key for the interface, and sends an attestation in response to the request. Another computing device may receive the attestation and verify the attestation with a group public key corresponding to the group private key. The group private key may be an enhanced privacy identifier (EPID) private key, and the group public key may be an EPID public key. Other embodiments are described and claimed.

A method for moderation in a permissioned blockchain using a hash-oriented scheme includes: storing a blockchain including a most recent block; receiving transaction data values; receiving a first reference value and a second reference value; generating a first hash value by hashing the first reference value; generating a block proof including the first hash value, a second hash value, a third reference value, and a block value; verifying a block header of the most recent block using the block proof; receiving a new block value; generating a new block header including the first reference value, the second reference value, a fourth reference value, and the new block value; generating a new block for the blockchain including the new block header and the transaction data values; and transmitting the new block to one or more additional nodes associated with the blockchain.

The present disclosure relates to a method for decrypting encrypted data. The method includes generating a first count value by a monotonic counter of a processing device, deriving, using a key derivation circuit, a first encryption key based on the first count value, transmitting the first encryption key to a cryptographic processor; and decrypting, based on the first encryption key, first encrypted data.

Technologies disclosed herein provide cryptographic computing. An example processor includes a core to execute an instruction, where the core includes a register to store a pointer to a memory location and a tag associated with the pointer. The tag indicates whether the pointer is at least partially immutable. The core also includes circuitry to access the pointer and the tag associated with the pointer, determine whether the tag indicates that the pointer is at least partially immutable. The circuitry is further, based on a determination that the tag indicates the pointer is at least partially immutable, to obtain a memory address of the memory location based on the pointer, use the memory address to access encrypted data at the memory location, and decrypt the encrypted data based on a key and a tweak, where the tweak including one or more bits based, at least in part, on the pointer.

Systems, methods, and computer-readable media are disclosed for secure integer comparison using binary trees. A server may receive a first encrypted input and a public encryption key from a client. The server may create a binary tree representing a second encrypted input. The server may evaluate the first encrypted input on the binary tree. The evaluation may comprise computing decision bits along a plurality of paths of the binary tree. The decision bits may then be aggregated along each path of the binary tree and the aggregation stored at a leaf node of each path. The leaf node of each path may be evaluated to obtain a comparison result. The comparison result may be encrypted with the public encryption key. The server may send the comparison result to the client for decryption. The comparison result may indicate whether the first input was larger than the second input.