The disclosed embodiments include computerized systems and methods for generating secured block-chain-based ledger data structures that track subdivide ownership and usage of one or more assets, such as Internet-connected devices. In one instance, an apparatus associated with a rules authority of the secured block-chain-based ledger may detect an occurrence of a triggering event related to at least one of partial ownership interests in the assets, and may access and decrypt a set of rules hashed into the secured block-chain-based ledger using a confidentially-held master cryptographic key. The apparatus may identify a rule associated with the detected event, and perform one or more operations consistent with the rule, including a generation of additional data blocks reflecting a change in at least one of the partial ownership interests, and additionally or alternatively, processes that adaptively monitor a compliance of one or more partial owners with an imposed usage restriction.

The disclosed embodiments include computerized systems and methods for generating secured blockchain-based ledger data structures that track occurrences of events across fragmented and geographically dispersed lines-of-business of an enterprise. In one instance, an apparatus associated with a rules authority of the secured blockchain-based ledger may detect an occurrence of a triggering event, and may access and decrypt a set of rules hashed into the secured blockchain-based ledger using a confidentially-held master cryptographic key. The apparatus may identify a rule associated with the detected event, and perform one or more operations consistent with the rule, including a disbursement of various rewards to employees in response to customer-specific interactions with the enterprise. The disclosed embodiments provide a rules process for aggregating mutually incompatible enterprise data that specifies the events, and for tracking the events in uniform data structures accessible across the enterprise.

Embodiments provide methods, and systems for cryptographic keys exchange where the method can include receiving, by a server system, a client public key being part of a client asymmetric key pair from a client device; sending, by the server system, a server public key being part of a server asymmetric key pair to the client device; generating, by the server system, a random value master key and sending the random value master key encrypted using the client public key to the client device; and generating, by the server system, an initial unique session key and sending the initial unique session key encrypted under the random value master key to the client device. A unique session key from the set of the unique session keys is used by the client device to encrypt a session data for transmission to the server system per session.

A module with an embedded universal integrated circuit card (eUICC) can include a received eUICC profile and a set of cryptographic algorithms. The received eUICC profile can include an initial shared secret key for authentication with a wireless network. The module can receive a key K network token and send a key K module token to the wireless network. The module can use the key K network token, a derived module private key, and a key derivation function to derive a secret shared network key K that supports communication with the wireless network. The wireless network can use the received key K module token, a network private key, and the key derivation function in order to derive the same secret shared network key K derived by the module. The module and the wireless network can subsequently use the mutually derived key K to communicate using traditional wireless network standards.

A personal digital ID device provides a digital identifier to a service for a predetermined duration in response to user interaction. The user interaction may include a button press. The personal digital ID device may be in the form of a bracelet, a key fob, or other form factor. The service may be provided by a mobile device, in the cloud, or elsewhere.

There is provided an encryption device to ensure strong security without using a random number in a white-box model. The encryption device includes: an encryption part configured to encrypt an input value using a black-box model in which input/output values are able to be recognized from the outside and an intermediate value is not able to be recognized from the outside; and a key generation part configured to encrypt the input value to the encryption part to generate a cryptographic key of the encryption part using a white-box model in which the input/output value and the intermediate value are able to be recognized from the outside.

An improved method or security solution for securing cryptographic keys in a virtual machine RAM. A security solution is proposed to hide cryptographic keys in the cloud, without the necessity of any architectural modifications. The present solution requires the availability of a Trusted Platform Module (TPM) capable of creating and holding a protected public/private key pair. It lends itself to security-as-a-service scenarios where third parties perform encryption or decryption on behalf of data owners. This allows the present solution to be easily integrated and coupled with other existing cloud architectures. A decrypt-scatter or gather-decrypt solution which allows users to carry out encryption or decryption while protecting keys from unauthorized peeks by the cloud administrators is proposed.

An example operation may include one or more of receiving, by a document processor node, a document comprising a document identifier (ID) and a document type, generating, by the document processor node, at least one hashed attribute for sharing of the document based on the document ID and the document type, acquiring, by the document processor node, a list of documents and corresponding document owners to be linked to the document based on the at least one hashed attribute, and creating a plurality of linked documents based on the list of the documents.

Methods and apparatus for control of data and content protection mechanisms across a network using a download delivery paradigm. In one embodiment, conditional access (CA), digital rights management (DRM), and trusted domain (TD) security policies are delivered, configured and enforced with respect to consumer premises equipment (CPE) within a cable television network. A trusted domain is established within the user's premises within which content access, distribution, and reproduction can be controlled remotely by the network operator. The content may be distributed to secure or non-secure “output” domains consistent with the security policies enforced by secure CA, DRM, and TD clients running within the trusted domain. Legacy and retail CPE models are also supported. A network security architecture comprising an authentication proxy (AP), provisioning system (MPS), and conditional access system (CAS) is also disclosed, which can interface with a trusted authority (TA) for cryptographic element management and CPE/user device authentication.

Methods and systems for network communication are disclosed. Proxy information may be received. The proxy information may facilitate a gateway device communicating as a proxy for a user device.