A system and method for opportunistic cryptographic key management includes generating a security capability assessment on a first electronic device based on security capabilities of the device, selecting a key management mode based on the security capability assessment, generating a cryptographic key based on the key management mode, and storing the cryptographic key based on the key management mode.

Methods, computer readable media, and devices for escrow of master keys and recovery of previously escrowed master keys may be disclosed. A method for escrow of master keys may include registering a root certificate authority (CA) within each of two first-party hardware security modules (HSMs), initializing each of three third-party HSMs as master escrow recovery devices, performing a bootstrap operation on an authoritative blockchain to generate three master keys, generating a first set of master key shard ciphertexts using a first one of the three master escrow recovery devices, a second set using a second one of the three master escrow recovery devices, and a third set using a third one of the three master escrow recovery devices, and storing the first, the second, and the third set of master key shard ciphertexts as opaque objects in each of the two first-party HSMs.

In a method for cogenerating a shared cryptographic material implemented within a first electronic device, which is connected to a second electronic cogeneration device and to a third electronic cogeneration device, a shared encryption material (pkx) is determined, as a function of a set of cogeneration parameters ECG. The shared encryption material (pkx) is transmitted, and corresponding shared encryption materials (pky, pkz) are received from the other devices. A shared seed (mx) is computed as a function of the shared encryption materials (pkx, pky, pkz) and the set of cogeneration parameters ECG. A masked form (Ox) of said shared seed (mx) is transmitted, and masked forms (Oy, Oz) of corresponding shared seeds (my, mz) are received. A final seed (ad) is computed as a function of the masked forms (Ox, Oy, Oz) of the shared seeds (mx, my, mz) and the set of cogeneration parameters ECG.

The present disclosure provides a provisioning method and a terminal device. The provisioning method is applied to the terminal device, including: the security module establishes a secure channel with the certificate authority CA server through one or more session keys shared by the security module and the CA server; and obtains one or more digital certificates from the CA server; wherein, the security module is to implement Universal Subscriber Identity Module (USIM) functions.

According to an example, key splitting may include utilizing a masked version of a master key that is masked by using a mask.

A computer implemented method for providing communication between a secured client computer and a remote computer. There is provided a client computer that includes peripheral components. Each peripheral component is configured, by a processor, to process a corresponding peripheral component data of a data type that is not compatible with peripheral component data types processed by a processor of other peripheral components. The processor of each peripheral component is further configured to code the corresponding data of the specified data type. Each peripheral component is configured, by the processor, to establish a secured peer-to-peer communication channel between the peripheral component and the remote computer that is authorized to communicate with the client computer, and is further configured to code data that is communicated between the authorized remote computer and the peripheral component through the secured communication channel. The coded data being indecryptable by the processors of other of the peripheral components.

Systems and Methods are disclosed for real-time decryption of a health registry-issued certificate for signaling a user vaccination and/or test status on a user device comprising the steps of: coupling a first user mobile device to a health registry for real-time decryption of a health registry-issued health certificate over a network; outputting on the first user mobile device at least one of an audible output, visual output, vibrational output, and/or textual output based on a pre-defined signaling protocol to signal a user vaccination status based on a token derived from the real-time decrypted health certificate; and decoding a device identifier/tag or token from the first user mobile device by a second user mobile device, fixed access device, or hand-held scanner, signaling to a second user a first user vaccination status based on a pre-defined signaling protocol and the tag/token.

A method of sharing encrypted data includes, by an electronic device, receiving a password from a user to perform an action, receiving a salt value, generating a user key using the password and salt value, receiving an encrypted key location identifier value, decrypting the encrypted key location identifier value to obtain a key location identifier, receiving an encrypted read token value, decrypting the encrypted read token value using the user key to obtain a read token value, and transmitting the read token value and the key location identifier to a server electronic device.

Method(s), system(s), apparatus are provided for storing one or more data item(s) in a quantum-safe (QS) network. The QS network comprising one or more QS server(s) and a repository for storing and accessing said data item(s). Each QS server comprising a hardware security module (HSM) for storing an identical set of quantum distributed (QD) keys. The identical set of QD keys having been distributed to each of said QS server(s) in a quantum-safe manner. The QS server(s) are configured to communicate securely with each other and the repository using one or more available QD keys from the identical set of QD keys. A QS server performs generating a quantum reference (QREF) locator based on input data associated with a data item for storage and an available QD key selected from the set of QD keys, and sending the QREF locator along with the data item encrypted with the available QD key to the repository for storage.

A mobile device comprises a functional arrangement for performing a function of the mobile device, a coupling device for connecting the mobile device to a stationary device, an authentication device for authenticating the stationary device and an activation device. The authentication device authenticates the stationary device based on information on the stationary device. The activation device activates the functional arrangement when the mobile device is connected to the stationary device by the coupling device, and when the stationary device has been authenticated by the authentication device.