A computer-implemented method for completing transactions between two users includes creating and encrypting a message by a user. The message is encrypted with an identifier associated with a second user who will receive the message. Once encrypted, the first user digitally signs the message with the encrypted message and a privately held key. Then the first user sends the message to a processor where an exchange record is created and placed on a registry. The exchange record includes an identifier associated with the sending user, the identifier associated with the receiving user, the encrypted message, and the digital signature of the first user. Once the exchange record is created, the receiving user can query the registry for any exchange records that include the receiving user's identifier. The receiving user can then validate the record. The exchange record is validated with the identifier of the sending user. If that identifier is properly associated with the privately held key of the sender, then the message will be validated. The receiving user can then decrypt the message by providing a privately held key that is associated with the receiving user's identifier. Once the exchange record is validated, that validation is sent to the processor and a verification record is created on the registry. The verification record includes the identifier of the receiving user, the identifier of the sending user, the encrypted message, and a digital signature of the receiving user. The combination of the exchange record and verification record on the registry constitutes a completed transaction for review by third parties and for use during future transactions.

Methods and systems are provided for supporting efficient and secure Machine-to-Machine (M2M) communications using a module, a server, and an application. A module can communicate with the server by accessing the Internet, and the module can include a sensor and/or an actuator. The module, server, and application can utilize public key infrastructure (PKI) such as public keys and private keys. The module can internally derive pairs of private/public keys using cryptographic algorithms and a first set of parameters. A server can authenticate the submission of derived public keys and an associated module identity. The server can use a first server private key and a second set of parameters to (i) send module data to the application and (ii) receive module instructions from the application. The server can use a second server private key and the first set of parameters to communicate with the module.

An identification, authentication and authorization method in a laboratory system is presented. The system comprises at least one laboratory device. The method comprises receiving identification data identifying a user; receiving identity confirmation data to authenticate the user; and generating authentication data upon successful authentication of the user. The authentication data is configured to enable authentication of the user based on only the identification data during a validity time period without repeated receipt of the identity confirmation data. The method further comprises receiving the identification data by an identification unit; validating the authentication data corresponding to the identification data comprising the step of verifying non-expiry of the validity time period; and granting authorization to the user for the laboratory device upon successful validation of the authentication data.

Device to device (D2D) communication can be performed with packet data convergence protocol (PDCP) based encapsulation without internet protocol (IP) addressing. The non-IP D2D PDCP-encapsulated communication can further include two forms of secure data transfer. A first non-IP D2D PDCP-encapsulated communication can be a negotiated non-IP D2D PDCP-encapsulated communication. A second non-IP D2D PDCP-encapsulated communication can be a non-negotiated non-IP D2D communication. The non-negotiated non-IP D2D PDCP-encapsulated communication can include a common key management server (KMS) version and a distributed KMS version. The encapsulated communication can be used with various protocols, including a PC5 protocol (such as the PC5 Signaling Protocol) and wireless access in vehicular environments (WAVE) protocols.

Methods and systems are provided for supporting efficient and secure Machine-to-Machine (M2M) communications using a module, a server, and an application. A module can communicate with the server by accessing the Internet, and the module can include a sensor and/or an actuator. The module, server, and application can utilize public key infrastructure (PKI) such as public keys and private keys. The module can internally derive pairs of private/public keys using cryptographic algorithms and a first set of parameters. A server can authenticate the submission of derived public keys and an associated module identity. The server can use a first server private key and a second set of parameters to (i) send module data to the application and (ii) receive module instructions from the application. The server can use a second server private key and the first set of parameters to communicate with the module.

Methods and systems are provided for power management and security for wireless modules in Machine-to-Machine communications. A wireless module operating in a wireless network and with access to the Internet can efficiently and securely communicate with a server. The wireless network can be a public land mobile network (PLMN) that supports wireless wide area network technology including 3.sup.rd generation (3G) and 4.sup.th generation (4G) networks, and future generations as well. The wireless module can (i) utilize sleep and active states to monitor a monitored unit with a sensor and (ii) communicate with wireless network by utilizing a radio. The wireless module can include power control steps to reduce the energy consumed after sending sensor data by minimizing a tail period of a radio resource control (RRC) connected state. Messages between the wireless module and server can be transmitted according to the UDP or UDP Lite protocol with channel coding in the datagram body for efficiency while providing robustness to bit errors. The wireless module and server can utilize public key infrastructure (PKI) such as public keys to encrypt messages. The wireless module and server can use private keys to generate digital signatures for datagrams sent and decrypt messages received. The communication system between the wireless module and the server can conserve battery life in the wireless module while providing a system that is secure, scalable, and robust.

The present disclosure relates to a sensor network, machine type communication (MTC), machine-to-machine (M2M) communication, and technology for internet of things (IoT). The present disclosure may be applied to intelligent services based on the above technologies, such as smart home, smart building, smart city, smart car, connected car, health care, digital education, smart retail, security and safety services. A method for performing an encryption process is provided. The method includes generating a plurality of keys used for keyword encryption and file encryption, generating an address ciphertext by performing a first encryption process on each of addresses that a plurality of files are stored, generating a keyword ciphertext by performing a second encryption process on each of a plurality of keywords that are included in each of the plurality of files, reordering the address ciphertext and the keyword ciphertext based on the keyword ciphertext, and storing the reordered address ciphertext and keyword ciphertext.

Several embodiments of memory devices and systems with command and control access are described herein. In one embodiment, a memory device includes a controller having a processor and a memory component operably coupled to the processor. The controller is configured to receive at least one command and control (C.sup.2) packet from a remote computer associated with a device vendor. The C.sup.2 packet includes a request for the controller to perform a restricted command, and a vendor signature. The memory component stores instructions executable by the processor to determine if the vendor signature is valid and to direct the controller to perform the restricted command if the vendor signature is determined to be valid.

Various embodiments relate to a method of receiving an original message, share-holder list, and threshold amount. The original message is tokenized resulting in a tokenized message. A plurality of shares are generated from the tokenized message using a message sharing algorithm of a secret sharing scheme. Each of the plurality of shares is signcrypted using a public key and a private key associated with the shared secret provider computing system and a public key of a respective one of the share-holders included in the share-holders list, resulting in a plurality of signcrypted shares. The plurality of signcrypted shares is distributed to the respective ones of the share-holders according to the public key used to signcrypt the respective signcrypted share. The authenticity and data integrity of the first share of the plurality of signcrypted shares can be determined by using the public key associated and a public/private key pair associated with the share-holder.

Providing authorization and authentication in a cloud for a user of a storage array includes: receiving, by a storage array access module from a client-side array services module, a token representing authentication of user credentials and authorized access privileges defining one or more storage array services accessible by the user, where the token is generated by a cloud-based security module upon authentication of the user credentials and identification of authorized access privileges for the user; receiving, by the storage array access module from the user, a user access request to one or more storage array services; and determining, by the storage array access module, whether to grant the user access request in dependence upon the authorized access privileges represented by the token.