A method and apparatus for a certificate authority system providing authentication to a plurality of devices associated with an organization are described. The method may include receiving, at the certificate authority system, a request from a device to sign authentication information of the device, wherein the device is associated with the organization. The method may also include sending a challenge to the device to perform an action with a system other than the certificate authority system, and receiving the response to the challenge from the device. Furthermore, the method may include verifying that the response was generated correctly based on the challenge, and signing the authentication information of the device with one or more keys of the certificate authority system as an authentication of an identity of the device.

A method and apparatus for a certificate authority system providing authentication to a plurality of devices associated with an organization are described. The method may include receiving, at the certificate authority system, a request from a device to sign authentication information of the device, wherein the device is associated with the organization. The method may also include sending a challenge to the device to perform an action with a system other than the certificate authority system, and receiving the response to the challenge from the device. Furthermore, the method may include verifying that the response was generated correctly based on the challenge, and signing the authentication information of the device with one or more keys of the certificate authority system as an authentication of an identity of the device.

A method of sharing collaborative data between registered users in an online collaboration system. The collaboration system has a server and one or more electronic user devices that are capable of data communication with the server over a data network. Each registered user is allocated a unique asymmetric key pair comprising a user public key and a user private key for encryption and decryption of shared data content. The server is able to modify uploaded encrypted data content to enable access by multiple authorised users, and is able to convert uploaded data content into alternative formats, typically to enable web-browser viewing.

A method of sharing collaborative data between registered users in an online collaboration system. The collaboration system has a server and one or more electronic user devices that are capable of data communication with the server over a data network. Each registered user is allocated a unique asymmetric key pair comprising a user public key and a user private key for encryption and decryption of shared data content. The server is able to modify uploaded encrypted data content to enable access by multiple authorised users, and is able to convert uploaded data content into alternative formats, typically to enable web-browser viewing.

A data transmission method and apparatus are disclosed that resolves a technical problem where an existing data encryption algorithm offers poor security during transmission of data. The solution includes obtaining, by a first terminal, a data transmission request sent by a second terminal, the data transmission request at least carrying first encrypted data that is obtained by encrypting first exchange key of the second terminal by using a private key of the second terminal. The solution further includes decrypting, by the first terminal, the first encrypted data by using a public key of the second terminal to obtain the first exchange key, and obtaining a shared key of the first terminal and the second terminal according to the first exchange key. The solution further includes encrypting, by the first terminal, to-be-transmitted data by using the shared key to obtain encrypted to-be-transmitted data, and sending the encrypted to-be-transmitted data to the second terminal.

A data transmission method and apparatus are disclosed that resolves a technical problem where an existing data encryption algorithm offers poor security during transmission of data. The solution includes obtaining, by a first terminal, a data transmission request sent by a second terminal, the data transmission request at least carrying first encrypted data that is obtained by encrypting first exchange key of the second terminal by using a private key of the second terminal. The solution further includes decrypting, by the first terminal, the first encrypted data by using a public key of the second terminal to obtain the first exchange key, and obtaining a shared key of the first terminal and the second terminal according to the first exchange key. The solution further includes encrypting, by the first terminal, to-be-transmitted data by using the shared key to obtain encrypted to-be-transmitted data, and sending the encrypted to-be-transmitted data to the second terminal.

A method and system for recording data including content in a recording medium on a computer apparatus. First encrypted data, obtained by encrypting the data using a medium key created for each recording medium, is recorded in a recording medium. Second encrypted data, obtained by encrypting the medium key using a public key, is recorded in the recording medium. A private key corresponding to the public key is not recorded in the recording medium.

A method and system for recording data including content in a recording medium on a computer apparatus. First encrypted data, obtained by encrypting the data using a medium key created for each recording medium, is recorded in a recording medium. Second encrypted data, obtained by encrypting the medium key using a public key, is recorded in the recording medium. A private key corresponding to the public key is not recorded in the recording medium.

The invention relates to the field of providing a trusted environment for executing an analogue-digital signature. The claimed document-signing device in the form of a stylus includes a protective compartment, in which the following are disposed: a microcontroller with a programme code; a memory with a secret digital signature key; and additionally inertial sensors, which are connected to the microcontroller; a lens; and a camera, which is also connected to the microcontroller. A wireless interface is used in order to communicate with a computer. The inertial sensors serve to verify the handwritten signature of the user, while the lens and camera serve to carry out a comparison with the text of an electronic document uploaded via the wireless interface. In this way it is ensured that verified information enters the trusted environment of the stylus.

The invention relates to the field of providing a trusted environment for executing an analogue-digital signature. The claimed document-signing device in the form of a stylus includes a protective compartment, in which the following are disposed: a microcontroller with a programme code; a memory with a secret digital signature key; and additionally inertial sensors, which are connected to the microcontroller; a lens; and a camera, which is also connected to the microcontroller. A wireless interface is used in order to communicate with a computer. The inertial sensors serve to verify the handwritten signature of the user, while the lens and camera serve to carry out a comparison with the text of an electronic document uploaded via the wireless interface. In this way it is ensured that verified information enters the trusted environment of the stylus.