A method for device authentication comprises receiving, by processing hardware of a first device, a message from a second device to authenticate the first device. The processing hardware retrieves a secret value from secure storage hardware operatively coupled to the processing hardware. The processing hardware derives a validator from the secret value using a path through a key tree, wherein the path is based on the message, wherein deriving the validator using the path through the key tree comprises computing a plurality of successive intermediate keys starting with a value based on the secret value and leading to the validator, wherein each successive intermediate key is derived based on at least a portion of the message and a prior key. The first device then sends the validator to the second device.

A security device may be utilized to provide security measures to an electronic device that may incorporate the security device or be coupled to it. The security measures may comprise authentication (e.g., authentication of devices, users, or activities), and/or encryption measures (e.g., encrypting or decrypting exchanged data). A transaction or access via the security device may be authenticated by communicating an authentication request by the security device to an authentication server, which may generate, in response, a sequence of information requests that are sent to the security device. The security device may then generate, in response, a sequence of responses that are sent to the authentication server, with the sequence of responses comprising a sequence of reported values each of which are unique. The authentication server may then authenticate the security device based on comparing of the sequence of reported values with a sequence of expected values that identifies the security device.

An apparatus, computer program, and method are provided for securely broadcasting a message to a plurality of recipient devices. In operation, a message is identified, and the message is encrypted utilizing a first key. A message authentication code (MAC) is generated utilizing a second key that is mathematically coupled to the first key (that is utilized to encrypt the message). The encrypted message is caused to be broadcasted to a plurality of recipient devices, utilizing the MAC.

An asymmetric cryptographic method for securing access to a private key generated and stored in a device is provided. The method includes generating an application password relating to a predetermined level of entropy; generating, within a trusted execution environment relating to a key manager, a user private key secured by using the application password; receiving, from a user via an input device, user entropy relating to a unique identifier for the user; deriving, using a password derivation function, a symmetric key based on the user entropy; encrypting, using an encryption system, the application password by using the symmetric key; and storing, in a memory, a device payload component relating to the application password and the symmetric key in a password management system.

An authentication and encryption protocol is provided that can be implemented within a single clock cycle of an integrated circuit chip while still providing unbreakable encryption. The protocol of the present invention is so small that it can co-exist on any integrated circuit chip with other functions, including a general purpose central processing unit, general processing unit, or application specific integrated circuits with other communication related functionality.

Methods are described for a data creator to securely send a data payload to another device in a transient symmetric key technology (TSKT) system, and for the other device to securely receive the payload data. One method includes receiving a first seed and a formula from a command and control server. A second seed is generated, and the first seed and the second seed are combined using the formula to create a data seed. A first key is generated using the first seed, and the second seed is encrypted using the first key to form an encrypted second seed. A second key is generated using the data seed, and the data payload is encrypted using the second key to form an encrypted data payload. The encrypted data payload and the encrypted second seed are combined in a secure container, and subsequently all keys and seeds and the formula are destroyed.

Hardware circuitry defines logic for both Sbox generation and inverse Sbox generation via generating a multiplicative inverse matrix as a truth table for data. The hardware circuitry receives input plain text to be encrypted. The hardware circuitry divides the input plain text to be encrypted. The hardware circuitry feeds multiplicative inverse values generated from the input plain text to a transformer module for performing affine to encrypt the plain text data. The hardware circuitry receives encrypted data to be decrypted. The hardware circuitry divides the encrypted data to be decrypted. The hardware circuitry feeds multiplicative inverse generated from the encrypted data to the transformer module for performing inverse affine to decrypt the encrypted data.

A method for determining a cryptographic key is carried out in a data processing system, and comprises: providing a plaintext and a ciphertext determined from the plaintext using a cryptographic key and a cryptographic procedure which comprises cryptographic operations; for each cryptographic operation of the cryptographic procedure, providing at least one intermediate relation which comprises an intermediate equation and/or an intermediate inequality; determining an optimization problem comprising: the plaintext and the ciphertext; at least one optimization expression assigned to a round of the cryptographic procedure; and optimization variables comprising state variables of the cryptographic procedure and a cryptographic key variable; wherein the at least one optimization expression is determined from the at least one intermediate relation and comprises at least one preceding state variable assigned to a preceding round. The method further comprises: solving the optimization problem and determining the cryptographic key from an optimizing value of the cryptographic key variable.

A processor, a system, a machine readable medium, and a method. The processor comprises first circuitry to: encrypt a first code image using a first code key; load the encrypted first code image into a memory area allocated in memory for the first code image by an operating system miming on the processor; and send to the operating system a substitute key that corresponds to the first code key, wherein the first code key is concealed from the operating system; and an instruction cache including control circuitry; and second circuitry coupled to the instruction cache, the second circuitry to: receive the substitute key from the operating system; in response to a first request from the operating system to execute the first code image to instantiate a first process, perform a first cryptographic function using a hardware key to generate the first code key from the substitute key; and program the control circuitry of the instruction cache with the first code key to enable the first code image to be decrypted using the first code key.

Systems, methods, and other embodiments for decentralized identity with user biometrics are presented herein. In one embodiment, a method includes, in response to a request to access resources of a cloud service provider by a computing device, transmitting a request for a biometric private key to a mobile device associated with a user; in response to receiving the biometric private key, submitting the biometric private key for validation against a blockchain associated with the user and the mobile device; adding a record of the results of the validation to the blockchain; and controlling access to the resources of the cloud service provider based on the record in the blockchain by (i) denying access where the record indicates that validation has failed (ii) granting access where the record indicates that validation has succeeded.