A method for security handling in a mobility of a terminal device, where the method includes: a target access and mobility management function (AMF) entity receiving a first message for registering a terminal device; the target AMF entity sending a second message to a source AMF entity after receiving the first message; the source AMF entity deriving a first key based on a key between the source AMF entity and the terminal device; the source AMF entity sending the first key to the target AMF entity; the target AMF entity determining to use the first key based on security related information after receiving the first key; and the target AMF entity determining a communication key between the target AMF entity and the terminal device based on the first key after determining to use the first key.

A computer storage device having a host interface, a controller, non-volatile storage media, and firmware. The firmware instructs the controller to: limit a crypto key to be used in data access requests made in a first namespace allocated on the non-volatile storage media of the computer storage device; store data in the first namespace in an encrypted form that is to be decrypted using the crypto key; free a portion of the non-volatile storage media from the first namespace, the portion storing the data; and make the portion of the non-volatile storage media available in a second namespace without erasing the data stored in the portion of the non-volatile storage media.

Embodiments are disclosed that allow encrypted data to be sent between a Bluetooth enabled device and a virtual device associated with a corresponding physical device. In particular, a Bluetooth implementation on the physical device may include one or more raw interfaces to facilitate endpoint to endpoint secure Bluetooth cryptography. Using these raw interfaces, an encrypted Bluetooth channel may be established directly between the virtual device and the Bluetooth enabled device using the radio of the physical device, where data may be encrypted and decrypted at an endpoint of the Bluetooth communication channel (such as at the virtual device or the Bluetooth enabled device) and passed through a Bluetooth implementation on the physical device without any additional encryption or decryption being performed on that data.

A method for storing a data file (DF) on a storage entity (SE) includes receiving, by a proxy (PE) and from a computing entity (CE), a plurality of hash values corresponding to a plurality of blocks of the DF. The PE may check whether the plurality of blocks of the DF are stored in the SE based on the plurality of hash values. Based on determining that at least a subset of the plurality of blocks of the DF are not being stored in the SE, the PE may compute a secret associated with an encryption key. The PE may transmit, to the CE, the secret. The PE may receive, from the CE, information including storage locations of the subset of the plurality of blocks within the SE and one or more hash values, of the plurality of hash values, associated with the subset of the plurality of blocks.

A multivariate signature method for resisting key recovery attack, which establishes a new signature verification condition by adding additional value of signature. The verification condition implies verification of internal information x and y, thereby effectively resisting key recovery attack generated by the existence of equivalence key. Specifically, the method includes the three stages of data preprocessing, signature generation and signature verification. The invention is a signature authentication method based on polynomial equations of a plurality of variables in a finite field, which can effectively resist the key recovery attack, provide the basic technical support for the information security and the establishment of the trust system in the quantum computer era, and provide a secure digital signature option in the quantum era. The present invention is especially suitable for use under application condition which has limited storage and processing time, such as smart cards, wireless sensor networks and dynamic RFID tags.

An example operation may include one or more of receiving, from an executing client, a blockchain transaction comprising an anonymous rating related to an authorizing client, a merkle tree root node value, a proof, and a nullifier, and in response, executing, by a smart contract, a valid historical value assert call on a lookback key storing the merkle tree root node value, verifying, through a valid historical value assert call, that the merkle tree root node value is a current or previous value of the merkle tree root node value, verifying the proof with the merkle tree root node value and the nullifier, adding the anonymous rating to a shared ledger, marking the nullifier as used, and storing the marked nullifier to the shared ledger.

In general, embodiments of the invention relate to implementing a secure boot process in information handling systems that supports both an external root of trust (eRoT) and an internal root of trust (RoT). Further, embodiments of the invention relate to binding a management controller to a specific chassis and, in the case where the eRoT is used, to an eRoT. When the management controller and the chassis are provisioned according to one or more embodiments of the invention, security checks may be performed by management controller executing an initial program loader (IPL) using the aforementioned bindings. If the bindings are not present or do not match, then the boot process halts and the user is unable to use the information handling system.

Systems and methods for implementing confidential communications between nodes of a network provide reduced power consumption, require less memory, and provide improved security, relative to previously-known systems and method. Preferred embodiments implement protocol functions in hardware, as opposed to software, to yield some or all of the foregoing improvements. Some embodiments use a hashing circuit for multiple purposes, while maintaining its ability to compute successive intermediate hash values. Some embodiments improve security of systems using circuits configured to leverage a favorable data format.

In general, embodiments of the invention relate to implementing a secure boot process in information handling systems that supports both an external root of trust (eRoT) and an internal root of trust (RoT). Further, embodiments of the invention relate to binding a management controller to a specific chassis and, in the case where the eRoT is used, to an eRoT. When the management controller and the chassis are provisioned according to one or more embodiments of the invention, security checks may be performed by management controller executing an initial program loader (IPL) using the aforementioned bindings. If the bindings are not present or do not match, then the boot process halts and the user is unable to use the information handling system.

Systems and methods for data authentication can comprise processing a first secret element to generate a first encrypted secret element, processing a second secret element to generate a non-secret element, and processing the first encrypted secret element and the non-secret element to generate an encrypted data block.