A system for security key rotation in a cloud computing environment is disclosed. The system performs steps to at least initiate, at a predetermined interval, a call to determine whether to initiate generation of a public-private key pair for a client application. The system determines whether to initiate generation of the public-private key pair for the client application and based on determining to initiate generation of the public-private key pair for the client application, transmits a control signal requesting generation of the public-private key pair The system generates the public-private key pair and transmits a private key associated with the public-private key pair to a secure storage location for later retrieval by the client application and transmits a public key associated with the public-private key pair to a public key service for later retrieval by a client associated with the client application.

Disclosed is a device and method to secure software update information for authorized entities. In one embodiment, a device for receiving secured software update information from a server, the device includes: a physical unclonable function (PUF) information generator, comprising a PUF cell array, configured to generate PUF information, wherein the PUF information comprises at least one PUF response output, wherein the at least one PUF response output is used to encrypt the software update information on the server so as to generate encrypted software update information; a first encrypter, configured to encrypt the PUF information from the PUF information generator using one of at least one public key from the server so as to generate encrypted PUF information; and a second encrypter, configured to decrypt the encrypted software update information using one of the at least one PUF response output so as to obtain the software update information.

Methods of data encryption using a mutating encryption key are disclosed. The methods generate an encryption key and utilize a codex to mutate or vary the encryption key value. The encryption key may be generated using a random number generator. The encryption key value in pre-mutation state, together with the codex, is used to generate the next valid value for the encryption key. Unencrypted message data may be used together with the codex to mutate the encryption key. A valid encryption key and the unencrypted or successfully deciphered message are thus required to mutate the encryption key to the next key post-mutation state at each end.

In a blockchain, contents of communication of electronic data are basically made public, and a malicious person can find system vulnerability of the blockchain. Leak of secret information or the like to an unintended third party through unauthorized access or the like by exploiting the vulnerability and cause is actually possible. Thus, it cannot be said that sufficient security measures are taken. In the present invention, a colony server stores partial data containing data of a predetermined size from a beginning of data to be managed received from a terminal, and a center server stores body data containing data of the predetermined size +1 and thereafter. Thus, the data to be managed is managed in a divided manner. Also, even if the body data is leaked from the colony server through unauthorized access or the like, the body data is merely part of the data to be managed, and has no value on its own. Thus, the present invention provides a system and the like for achieving robust security against unauthorized access.

A method of facilitating an anonymous message board may include receiving a secret key share associated with a published public key. An initial table state may be generated by encrypting, via the public key, an initial table including a table index and table initial values. A user post encrypted via the public key may be received, the user post including a message and a message index value. The initial table state may be updated to an updated table state by replacing an initial table value of the initial table values with the message. In response to a time interval associated with a predetermined length of time expiring after generating the initial table state, the updated table state may be partially decrypted via the first secret key share as a partially decrypted table. The partially decrypted table may be broadcast.

The disclosed embodiments relate to a memory device. In one embodiment, a memory device is disclosed comprising a storage array, the storage array including a first region, the first region storing a server public key associated with a server, and a key table; and a controller configured to: receive a message from the server, the message including a command modifying the key table, validate the message using the server public key, and modify the key table based on the message.

A device management service of a provider network maintain a device repository that is accessible to a remote managed network. The device management service assigns different service credentials for different edge devices indicated by the device repository. For a particular edge device, the device management service provides, based on the service credentials assigned for the edge device, secure transmission of a message between the device management service and a network manager of the managed network. The network manager of the managed network provides secure transmission of the message between the network manager and the edge device based on local credentials assigned for the edge device.

A virtual private network (VPN) server connected to a client device within a VPN obtains data for delivery to the client device. The VPN server selects a data stream from a set of data streams of the VPN connection with the client device, where each data stream of the set of data streams has a different encryption context. The VPN server generates a data packet based on the data such that the data packet is encrypted using the encryption context specific to the selected data stream. The VPN server transmits the data packets to the client device via the selected data stream.

A decentralized public key management system for named data networks based on blockchain, which solves the Compromised Certificate Authority (CA) Problem. The system divides the power of an individual CA among multiple Public Key Miners (PKMiners) that maintain the public key blockchains. The majority rule in name-principal validation allows the present invention to tolerate compromised PKMiners without causing any damage.

Secure management of keys and identities of an object manufactured by a manufacturer having a manufacturer key pair, and a client having a client key pair, the management being carried out using a decentralized blockchain database. The method includes generation of a manufacturing key pair; and publication and recording, in the blockchain, of the decentralized object identifier used to obtain the public key of the object. When a client purchases the object from the manufacturer, the method includes providing, by the object manufacturer, the object identifier, and the public manufacturing key to the client; and updating the blockchain. When the object is switched on for the first time, the object enrolls itself by generation of a utilization key pair; auto-enrollment using the manufacturing key pair; and replacement, in the blockchain, of the public manufacturing key associated with the object identifier with the public utilization key associated with the object identifier.