A server can record a device static public key (Sd) and a server static private key (ss). The server can receive a message with (i) a device ephemeral public key (Ed) and (ii) a ciphertext encrypted with key K1. The server can (i) conduct an EC point addition operation on Sd and Ed and (ii) send the resulting point/secret X0 to a key server. The key server can (i) perform a first elliptic curve Diffie-Hellman (ECDH) key exchange using X0 and a network static private key to derive a point/secret X1, and (ii) send X1 to the server. The server can conduct a second ECDH key exchange using the server static private key and point X0 to derive point X2. The server can conduct an EC point addition on X1 and X2 to derive X3. The server can derive K1 using X3 and decrypt the ciphertext.

A tracking device can use a permanent encryption key pair to encrypt a temporary private key that corresponds to a set of diversified temporary public keys. When a community mobile device subsequently detects the tracking device, the central tracking system provides a diversified temporary public key to the community mobile device. The community mobile device uses the diversified temporary public key to encrypt location data representative of a location of the community mobile device, and provides the encrypted location data to the central tracking system. When a user subsequently requests a location of the tracking device from the central tracking system, the central tracking system provides the encrypted temporary private key and the encrypted location data to a device of the user, and the device can decrypt the encrypted temporary private key using the permanent encryption key pair, and decrypt the encrypted location data using the decrypted temporary private key.

Disclosed herein are method and systems for transmitting a plurality of ciphertexts to a plurality of users. The systems and methods described herein provide for performing an encryption update comprising a plurality of encryption keys and a multi-ciphertext to a plurality of recipient nodes. Methods and systems for organizing a database are also disclosed herein.

A network protocol provides mutual authentication of network-connected devices that are parties to a communication channel in environments where the amount of memory and processing power available to the network-connected devices is constrained. When a new device is added to a network, the device contacts a registration service and provides authentication information that proves the authenticity of the device. After verifying the authenticity of the device, the registration service generates a token that can be used to by the device to authenticate with other network entities, and provides the token to the device. The registration service publishes the token using a directory service. When the device connects to another network entity, the device provides the token to the other network entity, and the other network entity authenticates the device by verifying the token using the directory service.

A cryptographic method is provided. The cryptographic method comprises an initialisation phase for determining a provisional generator point G′ equal to a first product G′=[d′]G, where d′ is a first random scalar forming a secret key of N bits and G is a generator point of an elliptical curve, and determining a provisional key Q′ equal to a second product Q′=[d′]Q, where Q is a point of the elliptical curve forming a public key. During an encryption phase a second random scalar forming a second secret key k of M bits, with M<N; a public key P is calculated such that P=[k]G′; a coordinate of an intermediate point SP1, of the elliptical curve, equal to a fourth product SP1=[k]Q′; at least one key by application of a derivation function (F1); and data (T1) are encrypted based on said at least one key.

Methods, apparatus, systems, and articles of manufacture are disclosed. An example apparatus includes: interface circuitry to receive a first value and a second value; selector circuitry to select a first subset of bits and a second subset of bits from the first value; multiplier circuitry to: multiply the first subset to the second value during a first compute cycle; and multiply the second subset to the second value during a second compute cycle; left shift circuitry to perform a bitwise shift with a product of the first subset and the second value during the second compute cycle; adder circuitry to add a product of the second subset and the second value to a result of the plurality of bitwise shift operations during the second compute cycle; and comparator circuitry to determine the result of the modular multiplication based on a result of the addition during the second compute cycle.

Methods and apparatus to establish secure low energy wireless communications in a process control system are disclosed. An example field device includes a Bluetooth Low Energy (BLE) interface to receive a first initialization message from a remote device over an unpaired BLE connection. The first initialization message includes a plaintext message containing authentication content. The authentication content is generated based on a private authentication token available to the remote device using middleware. The field device also includes a BLE message analyzer to validate the plaintext message based on the authentication content using the authentication token stored by the field device.

A coordinating network element manages a protocol that prohibits the coordinating network element from substantively accessing data content that, at least in part, underlies received protocol-compliant requests. By one approach, these teachings provide for preventing substantive access to data information that is included within the protocol-compliant request in tokenized form, wherein the tokens are generated using secrets, at least one of which is unavailable to the coordinating network element.

Methods and devices for privately verifying and enhancing location data by a distributed ledger system are disclosed. A location-based services server receives a possible location of a mobile device. A location verification system determines a detected location of the mobile device. A distributed ledger system uses a private set intersection technique to determine whether the possible location corresponds to the detected location without the possible location or detected location being shared. Probabilities associated with the possible and detected locations can also be combined to enhance the accuracy of the possible location.

A method for learning a shared machine learning model while preserving privacy of individual participants is provided. The method includes: receiving, from each of a group of users, an encrypted user input; when a number of user inputs is greater than or equal to a threshold, transmitting, to each user, a list of the group of users; receiving, from each user, a message indicating a mutual agreement regarding a shared secret among the group; and when a number of received messages indicating the mutual agreement is greater than or equal to the threshold, determining information about the shared machine learning model by combining the received encrypted user inputs. The shared machine learning model facilitates a secure multi-party computation of a function that generates an updated version of the shared machine learning model.