A communication device is provided, comprising: an ultra-wideband device configured to establish a communication session with an external communication device; a secure element configured to generate a session key for use in said communication session and an authentication key derived from said session key; a processing unit configured to execute an application; wherein the secure element is further configured to transfer the session key and the authentication key to the UWB device; wherein the UWB device is configured to add, upon or after receiving data for use by said application, a cryptographic tag to said data; wherein the processing unit is configured to receive said data and the cryptographic tag, and to forward said data and cryptographic tag to the secure element; wherein the secure element is configured to verify said cryptographic tag and to return, upon or after a positive verification of the cryptographic tag, a signed confirmation.

The present disclosure relates to highly secure, high speed encryption methodologies suitable for applications such as media streaming, streamed virtual private network (VPN) services, large file transfers and the like. For example, encryption methodologies as described herein can provide stream ciphers for streaming data from, for example, a media service provider to a plurality of users. Certain configurations provide wire speed single use encryption. The methodologies as described herein are suited for use with blockchain (e.g. Bitcoin) technologies.

A method including determining, by a first user device, a sharing encryption key based at least in part on a folder access private key associated with a folder and an assigned public key associated with a second user device; encrypting the folder access private key associated with the folder utilizing the sharing encryption key; and transmitting the encrypted folder access private key to enable the second user device to access the folder. Various other aspects are contemplated.

A method of configuring or changing a configuration of a POS terminal by at least one operator, in which an authorization of the operator by the POS terminal is established, in which after successful authorization of the at least one operator, the at least one operator carries out the configuration or change of the configuration, in which an identification feature for identification of the at least one operator is introduced into the POS terminal, in which this identification feature is used for authorizing the at least one operator. A method of associating a POS terminal with an operator, in which the POS terminal checks the integrity of the identification feature of the operator for identification of the operator, with which the POS terminal is associated.

A semiconductor device includes a memory, a random number generation circuit, and a control circuit. The memory stores key information, and the random number generation circuit generates first and second random number signals. The control circuit generates sixth and seventh random number signals from the first random number signal and the key information, generates encrypted update data from update data using the seventh random number signal, transmits the first and second random number signals as request signals to an external terminal device, receives, from the external device, first and second response signals as response signals in response to the request signals, generates an eighth random number signal using the first response signal, the second and the sixth random number signals as input signals, and provides the encrypted update data for the external terminal device when the second response signal coincides with the eighth random number signal.

Certificate and key management is provided. A signed certificate corresponding to an enterprise is deployed to a plurality of cryptographic communication protocol endpoint proxies located in a heterogeneous distributed computing environment where a private key corresponding to the enterprise is not placed in any of the plurality of cryptographic communication protocol endpoint proxies. Offload of cryptographic communications from the plurality of cryptographic communication protocol endpoint proxies to the hardware security module is received by the hardware security module where the hardware security module verifies connection authenticity for the plurality of cryptographic communication protocol endpoint proxies across the heterogeneous distributed computing environment using the private key corresponding to the enterprise that remains within a security boundary of the hardware security module.

A communication system includes a mobile device and an apparatus. The apparatus obtains unique data from the mobile device by using a common key while the common key is stored in the mobile device, generates a unique key by using the obtained unique data, stores the generated unique key as a service key in the apparatus, and transmits the generated unique key to the mobile device. When the mobile device receives the unique key from the apparatus while the common key is stored in the mobile device, the mobile device rewrites a service key stored in the mobile device from the common key to the unique key.

The present application describes a method, system, and non-transitory computer-readable medium for generating new keys during a secure communication session. A key derivation function is operatively connected to both a counter and a memory. The key derivation function generates new key material from a first input and a second input in response to a signal provided by the counter. The key derivation function generates the new key material and outputs it to the memory.

In at least one implementation, technology disclosed herein provides a method including generating a plurality of shares of an encryption key such that a combination of shares having a cardinality above a threshold cardinality is sufficient to retrieve data encrypted with the encryption key, distributing the plurality of shares among a plurality of devices, the plurality of devices including one or more disc drive cartridges and one or more printed circuit board assemblies (PCBAs) configured to host one or more of the disc drive cartridges, receiving one or more of the plurality of shares from the plurality of devices, and in response to determining that cardinality of the received one or more of the plurality of shares is above the threshold cardinality, retrieving the data encrypted with the key.

A method for securing communications for a given network topology is provided. The method comprises generating by a node N(i) of the network, security parameters for the node N(i); transmitting by the node N(i), said security parameters to a controller for the network; maintaining by the controller said security parameters for the node N(i); receiving by the controller a request from a node N(j) for the security parameters for the node N(i); retrieving by the controller the security parameters for the node N(i); and transmitting by the controller said security parameters to the node N(j).