A method and apparatus for sign-bill return based on a blockchain, a device and a readable storage medium, through acquiring (S101) a sign-bill return request sent by a shipment terminal; acquiring (S102) pre-stored target sign-bill information according to the sign-bill return request; acquiring (S103) a target hash value corresponding to the target sign-bill information from the blockchain; and sending (S104) the target sign-bill information to the shipment terminal, when verifying that the target sign-bill information is correct by the target hash value, the tamper-proof blockchain storage of the target sign-bill information is achieved, which not only improves efficiency of the sign-bill return, but also improves reliability of the sign-bill return.

Solutions of verifying a plurality of public parameters from a Trusted Centre (TC) in an identity-based encryption and signature system prior to encrypting a plaintext message by a sender having a sender identity string. The method may include identification of the Trusted Centre by a TC identity string, the Trusted Centre having a master public encryption key based on the TC identity string; determination if the sender has a sender private key and the public parameters for the Trusted Centre including the master public key of the Trusted Centre and a bilinear map; and verification of the public parameters using the TC identity string prior to encrypting the plaintext message into a ciphertext by comparing values of the bilinear map calculated with variables comprising the sender private key and the master public key. The ciphertext may include an authentication component for authenticating the sender once the ciphertext is received and decrypted by the recipient using the identity string of the sender and the private key of the recipient. Enables a signature scheme from the same parameters and private keys, the signature is forged using the private key of the signer, the message and the public parameters, the verification is done using the public parameters, the identity of the signer, the signature and the message.

A method of communicating in a secure communication system, comprises the steps of assembling a message at a sender, then determining a security level, and including an indication of the security level in a header of the message. The message is then sent to a recipient.

A technique and system protects documents at rest and in motion using declarative policies and encryption. Encryption in the system is provided transparently and can work in conjunction with policy enforcers installed at a system. A system can protect information or documents from: (i) insider theft; (ii) ensure confidentiality; and (iii) prevent data loss, while enabling collaboration both inside and outside of a company.

A technique and system protects documents at rest and in motion using declarative policies and encryption. Encryption in the system is provided transparently and can work in conjunction with policy enforcers installed at a system. A system can protect information or documents from: (i) insider theft; (ii) ensure confidentiality; and (iii) prevent data loss, while enabling collaboration both inside and outside of a company.

Disclosed is a cyber-security system that is configured to aggregate and unify data from multiple components and platforms on a network. The system allows security administrators can to design and implement a workflow of device-actions taken by security individuals in response to a security incident. Based on the nature of a particular threat, the cyber-security system may initiate an action plan that is tailored to the security operations center and their operating procedures to protect potentially impacted components and network resources.

According to an example, key splitting may include utilizing a masked version of a master key that is masked by using a mask.

There is provided a computer implemented method for secure management of data generated in an Electronic Health Record (EHR) during an episode of care, for a user, wherein the EHR is being maintained in a medical database (140) comprised within a Healthcare Service Provider (HSP) server (130), the computer implemented method comprising the steps of sending an identification hash corresponding to the user to an Application Program Interface (API) server (150) from a first client device (110a); extracting the data from the HSP server (130) and de-identifying the data to obtain de-identified data at the API server (150); generating a record hash at the API server (150); transmitting the identification hash, the record hash and the de-identified data from the API server (150) to a core server (160); receiving the identification hash, the record hash and the de-identified data at the core server (160) and transmitting the identification hash, the record hash and the de-identified data from the core server (160) to a repository database (170) to generate a record identification; transmitting the de-identified data, the record hash and the record identification from the repository database (170) to the first client device (110a), via the core server (160); generating a data hash by hashing the de-identified data and a plurality of attributes corresponding to the de-identified data; generating at the core server (160) a register package based on the data hash, the identification hash and the record hash; storing the register package, from the core server (160), on to a blockchain (180) to generate a transaction identification; transmitting the data hash and the transaction identification from the core server (160) to the repository database (170); and transmitting the transaction identification and the data hash from the repository database (170) to the first client device (110a), via the core server (160).

A system and method generate private keys for devices participating in a self-certified identity based encryption scheme. A private key is used by the devices to establish a common session key for encoding digital communications between devices.

A method includes (a) receiving i-th data among first to n-th data transmitted in a multicast manner from a firmware providing apparatus, (b) acquiring partitioning information thereof, a MAC chaining value, length information, i-th firmware data, and MAC from the i-th data, (c) authenticating the MAC chaining value of the i-th firmware data, the length information, and the i-th firmware data by comparing a MAC of the i-th firmware data with a value computed by a first MAC generation algorithm, which uses the MAC chaining value of the i-th firmware data, the length information, and the i-th firmware data as a relevant input; (d) authenticating the order of the i-th firmware data by using the MAC chaining value of the i-th firmware data and a second MAC generation algorithm; and (e) obtaining the firmware by combining a first to an n-th firmware data obtained by executing (a) to (d).