A network interface controller includes processing circuitry configured to pair with a local root of trust of a host device connected to the network interface controller and provide a key to an encryption device of the host device that enables the encryption device to encrypt data of one or more host device applications using the key. The encrypted data are stored in host device memory. The processing circuitry is configured to share the key with a remote endpoint and forward the encrypted data from the host device memory to the remote endpoint.

A method in a network having a plurality of network nodes comprises the following steps performed in a first node of the network: receiving an initiation message from a second node of the network, the received initiation message comprising a public key of the second node; determining at least one of a proximity or velocity measure of the second node; checking whether the at least one determined measure is below a threshold and, when so, emitting a reply message comprising an encrypted part and an encryption key encrypted with the received public key from the second node; and repeatedly emitting status messages, wherein at least a part of each emitted status message is encrypted with the encryption key.

A processor of a remote crypto cluster (RCC) may receive a public key from a client device through at least one network. The processor of the RCC may obtain an encrypted specific key and a blinded project key from at least one data source through the at least one network. The processor of the RCC may derive a derived key in blind based on the encrypted specific key and the blinded project key. The processor of the RCC may send the derived key in blind to the client device.

Systems and methods are provided for implementing a centralized configurator server/service in the cloud that can take the place of conventional mobile devices used for provisioning IoT devices or WiFi clients in a network. In order to provision the IoT devices or WiFi clients, a mobile device or access point (AP) may be used to relay Device Provisioning Protocol (DPP) messages and/or information between the centralized configurator server/service and the IoT devices or WiFi clients.

An electronic device (such as an IoT controller) that distributes a link key is described. During operation, while an administrator is logged in, the electronic device may receive the link key using a secure widget, where the link key may facilitate secure communication via a link. Then, the electronic device may generate an access key, and may generate an encrypted version of the link key based at least in part on the access key and the link key, where the access key enables access to the link key based at least in part on the encrypted version of the link key. Next, the electronic device may store the link key, the access key and/or the encrypted version of the link key in a trusted envelope or partition in the memory with encryption. Moreover, when the administrator logs out, the electronic device may disable access to the trusted envelope.

An encrypted sequence that includes an authentication key may be received. A base key stored at a device may be identified and the encrypted sequence may be decrypted with the base key to obtain the authentication key. A challenge value may be received and the authentication key may be combined with the challenge value to generate a device ephemeral key. An authentication result may be generated for the device based on a combination of the device ephemeral key and the challenge value. Furthermore, the authentication result may be transmitted to a mobile network to authenticate the device.

A method for resuming a Transport Layer Security (TLS) session in a Service Function Chain comprising a plurality of Service Function nodes coupled to a Service Function Forwarder. A request is received at a first Service Function node to establish a TLS session, and a Pre-Shared Key (PSK) and a PSK identifier that uniquely correspond to the first Service Function node and the TLS session are generated. The PSK identifier is forwarded to one or more of the Service Function Forwarder and the plurality of Service Function nodes. A request to resume the TLS session is received from a client device that previously disconnected. It is determined that the connection request contains the PSK identifier, a second Service Function node is selected, and the TLS session is re-established between the client device and the second Service Function node using the same PSK as the prior TLS session.

Methods, systems, and apparatuses associated with hardware mechanisms for link encryption are disclosed. In various embodiments, an interconnect interface is coupled to a processor core to interconnect a peripheral device to the processor core via a link established between the peripheral device and the interconnect interface. The interconnect interface is to select a cryptographic engine of a plurality of cryptographic engines instantiated in the interconnect interface for the link. The cryptographic engine is to symmetrically encrypt data to be transmitted through the link. In more specific embodiments, each of the plurality of cryptographic engines is instantiated for one of a request type on the link, a virtual channel on the link, or a request type within a virtual channel on the link.

The present disclosure discloses a file key storage method, system and apparatus, an electronic device, and a storage medium. A terminal generates, after receiving an encryption request for a target file, a key for the target file based on the encryption request, and transmits a key storage request to an external safety device to request the external safety device to store a correspondence between an identifier of the target file and the key.

A communication method according to an embodiment of the present disclosure includes establishing, by a second terminal, a connection with a first terminal through a first communication channel that uses a first protocol, receiving, by the second terminal, a first message including a public key of the first terminal from the first terminal through the first communication channel, storing, by the second terminal, the public key of the first terminal, transmitting, by the second terminal, a second message including a public key of the second terminal to the first terminal through the first communication channel, and generating a first secret key.