A modified measured boot approach is utilized for establishing a secure communication link between two devices. Each device may execute a respective boot process until the device reaches the stage responsible for establishing the communication link with the other device. Each device may exchange its respective self-signed certificate and extend its certificate chain with the self-signed certificate received from the other device. Each device can then generate a new pair of keys based on its extended certificate chain that includes the identity of the other device, and exchange the public key of the new key pair with the other device. A secure link can be established using the public key of the other device as a based key for a key exchange protocol. A central management entity can attest the measurements of the boot stages for each device using the corresponding public key.

A non-SI device (120) is arranged for wireless communication (130) and cooperates with an SI device (110) having access to a subscriber identity. The non-SI device has a transceiver (121) to communicate in a local network and a processor (122) to establish an association with the SI. A non-SI public key is provided to the SI device via a first communication channel. A verification code is shared with the SI device via a second communication channel. The channels are different and include an out-of-band channel (140). Proof of possession of a non-SI private key is provided to the SI device via the first or the second communication channel. From the SI device, security data is received that is related to the SI and is computed using the non-SI public key. The security data reliably enables the non-SI device to access the core network via the local network and a gateway between the local network and the core network.

The invention provides a secure method for exchanging entities via a blockchain. The invention incorporates tokenisation techniques, and also techniques for embedding metadata in a redeem script of a blockchain transaction. Embodiment(s) provide a method of: generating a first script, the first script comprising: a first set of metadata associated with a first invitation for the exchange of a first entity by a first user, the first set of metadata comprising an indication of the first entity to be offered for exchange and a first location condition for the exchange, a first user public key (P1A) associated with the first user, wherein the first user public key (P1A) is part of an asymmetric cryptographic pair comprising the first user public key (P1A) and a first user private key (V1A). The script may further comprise and a first third-party public key (P1T) associated with a first third-party, wherein the first third-party public key (P1T) is part of an asymmetric cryptographic pair comprising the first third-party public key (P1T) and a first third-party private key (V1T) The method further comprises the steps of hashing the first script to generate a first script hash and publishing the first script and the first script hash on a distributed hash table (DHT).

The techniques described herein may provide an efficient and secure two-party distributed signing protocol, for example, for the IEEE P1363 standard. For example, in an embodiment, method may comprise generating, at a key generation center, a first partial private cryptographic key for a user ID and a second partial private cryptographic key for the user ID, transmitting the first partial private cryptographic key to a first other device, transmitting the second partial private cryptographic key to a second other device, and generating a distributed cryptographic signature for a message using the first partial private cryptographic key and the second partial private cryptographic key.

A method for registering and provisioning an electronic device is provided. The method includes a step of inserting a first keypair into a secure element of the electronic device. The first keypair includes a public key and a private key. The method further includes a step of requesting, from a server configured to register and provision connected devices, a provisioning of credentials of the electronic device. The method further includes a step of verifying, by the server, the electronic device credentials. The method further includes a step of registering, by the server, the electronic device. The method further includes a step of transmitting, from the server to the electronic device, a device certificate. The method further includes steps of installing the transmitted device certificate within the secure element of the electronic device, and provisioning the electronic device according to the installed device certificate.

Solutions of verifying a plurality of public parameters from a Trusted Centre (TC) in an identity-based encryption and signature system prior to encrypting a plaintext message by a sender having a sender identity string. The method may include identification of the Trusted Centre by a TC identity string, the Trusted Centre having a master public encryption key based on the TC identity string; determination if the sender has a sender private key and the public parameters for the Trusted Centre including the master public key of the Trusted Centre and a bilinear map; and verification of the public parameters using the TC identity string prior to encrypting the plaintext message into a ciphertext by comparing values of the bilinear map calculated with variables comprising the sender private key and the master public key. The ciphertext may include an authentication component for authenticating the sender once the ciphertext is received and decrypted by the recipient using the identity string of the sender and the private key of the recipient. Enables a signature scheme from the same parameters and private keys, the signature is forged using the private key of the signer, the message and the public parameters, the verification is done using the public parameters, the identity of the signer, the signature and the message.

A method and system for encrypted messaging includes first and second client devices and a quantum key device having a quantum random number generator. The generator provides a first quantum random signal, and the key device provides a symmetric first master key from the first quantum random signal. The master key is transmitted to the first client device and stored. The key device uses the master key to generate an encrypted package by encrypting one of a plurality of keys. The key device generates a second encrypted package. The first pairing key is provided to the first client device by decrypting the first encrypted package using the first master key and providing the first pairing key in the second client device by decrypting the second encrypted package using the second master key to establish an encrypted connection between the first and second client devices.

A method of controlling and coordinating of processing steps in a distributed system can be implemented by an initiator node of a cyclically-ordered set of nodes participating in a blockchain network (e.g., Bitcoin blockchain). The method includes generating a private key and cryptographic shares thereof for the nodes of the set and distributing them. A locking value is determined based on the shares and a transaction is arranged to transmit control of a resource responsive to supply of a corresponding unlocking value. A circuit of transactions amongst the nodes each arranged to transmit control of a resource responsive to supply of an unlocking value corresponding to a locking value determined based on the share distributed to a first node of one of two adjacent nodes and a value received from another node immediately previous to it is prepared. The initiator node may belong to a cyclically-ordered set of initiator nodes.

A tracking device can use a permanent encryption key pair to encrypt a temporary private key that corresponds to a set of diversified temporary public keys. When a community mobile device subsequently detects the tracking device, the central tracking system provides a diversified temporary public key to the community mobile device. The community mobile device uses the diversified temporary public key to encrypt location data representative of a location of the community mobile device, and provides the encrypted location data to the central tracking system. When a user subsequently requests a location of the tracking device from the central tracking system, the central tracking system provides the encrypted temporary private key and the encrypted location data to a device of the user, and the device can decrypt the encrypted temporary private key using the permanent encryption key pair, and decrypt the encrypted location data using the decrypted temporary private key.

A device can (i) operate a primary platform (PP) within a tamper resistant element (TRE) and (ii) receive encrypted firmware images for operating within the primary platform. The TRE can store in nonvolatile memory of the TRE (i) a PP static private key (SK-static.PP), (ii) a server public key (PK.IDS1), and (iii) a set of cryptographic parameters. The TRE can generate a one-time PKI key pair of SK-OT1.PP and PK-OT1.PP and send the public key PK-OT1.PP to a server. The TRE can receive a one-time public key from the server comprising PK-OT1.IDS1. The TRE can derive a ciphering key using an elliptic curve Diffie Hellman key exchange and the SK-static.PP, SK-OT1.PP, PK.IDS1, and PK-OT1.IDS1 keys. The TRE can decrypt the encrypted firmware using the derived ciphering key. The primary platform can comprise a smart secure platform (SSP) and the decrypted firmware can comprise a virtualized image for the primary platform.