A Radio Frequency Identification (RFID) system including an RFID reader and a reader proxy authenticates itself to a verification authority. The proxy receives a proxy challenge from a verification authority and determines a proxy response based on the proxy challenge and a proxy key known to the proxy. The proxy response is then sent to the verification authority along with an identifier for the reader. The reader then authenticates an RFID tag by sending a tag response to the verification authority, which determines whether the reader is authentic based on the authenticity of the proxy response.

Embodiments of the present disclosure disclose a method and apparatus for updating a digital certificate. A specific embodiment of the method includes: receiving digital certificate data, the digital certificate data including a number of times of forwarding and a first forwarding moment; determining whether the following conditions are satisfied: the number of times of the forwarding being less than a preset threshold, or a time length between a current moment and the first forwarding moment being less than a preset time length; and increasing, in response to determining at least one of the conditions being satisfied, the number of times of the forwarding by a preset number, and forwarding the digital certificate data to another proxy server.

Various embodiments of the present technology provide a distributed overwatch system that allows transactions with government-grade privacy and security. The security and privacy can be achieved by a combination of distributed trusted proxies, to which anonymous users connect with the overwatch of a variety of network security engines. The structured ecosystem provides mechanism for the blockchain to be monitored by an overwatch capability combining big data analytics, intelligent learning, and comprehensive vulnerability assessment to ensure any risks introduced by vulnerabilities are effectively mitigated. The system may include multiple proxy servers geographically distributed around the world. Each proxy can be associated with local network security engines to probe and analyze network traffic. Each proxy can mask sensitive data (e.g., personally identifiable information) within the transaction before it is stored. Various embodiments can interface with most blockchain or distributed ledger technologies that support multi-signature transactions and/or smart contracts.

A portable electronic device according to one embodiment has a data storage and a processor. The data storage stores encrypted data which is decryptable on the basis of different decryption key information corresponding to a read-out start position. In accordance with a read-out request which is received from an external device and includes at least offset information indicating a read-out start position of the encrypted data stored by the data storage and decryption key information corresponding to the offset information, the processor decrypts data having a prescribed length from the read-out start position indicated by the offset information from among the encrypted data on the basis of the decryption key information, and transmits the decrypted data to the external device.

A request to perform an operation with a cryptographic item may be received. A request for approval to perform the requested operation with the cryptographic item may be transmitted to a set of entities based on a policy associated with the cryptographic item. Indications of approval to perform the requested operation may be received from corresponding entities of the set of entities. A determination as to whether a number of the received indications of approval to perform the requested operation with the cryptographic item satisfies a threshold number may be made. In response to determining that the number of the received indications of approval from the corresponding entities of the set of entities satisfies the threshold number, the requested operation may be performed with the cryptographic item.

Disclosed is a computer-implemented method for establishing a secure connection between two electronic computing devices which are located in a network environment, the two electronic computing devices being a first computing device offering the connection and a second computing device designated to accept the connection, the method comprising executing, by at least one processor of at least one computer, a connection-establishing application for exchanging an information packet between the first computing device and the second computing device comprising a secret usable for establishing the connection, and evaluating a response from the second computing device for establishing the secure connection.

A security keys broker residing on a core mobile communication network may manage security keys associated with network-enabled devices, such as Internet-of-Things devices. The security keys broker may authenticate, encrypt, or decrypt communications with the network-enabled devices using the associated security keys. Characteristics of the communications with the network-enabled devices may be determined, and the security keys broker may determine insecure communications based on the characteristics. Responsive to determining that an insecure communication has occurred, the security keys broker may update one or more of the security keys.

The present invention relates to a method to authenticate a user using an authenticator at an access device using another registered device named personal device, said authenticator being stored by the access device after registration of the personal device comprising a double encryption using an access device's secret key and a personal device's public key to be retrieved at each request of authentication received from the personal device, encrypted using a session key and sent with the session key encrypted using the personal device's public key to the personal device for partial decryption using the decrypted session key and the personal device's private key, re-encryption using the session key and sending back to the access device for total decryption of the authenticator, using the session key and the access device's secret key, and use of the thus decrypted authenticator to authenticate at the access device.

The application relates to a method for aggregation of a performance indicator of a device including: concatenating a respective first data item to a plurality of second data items in the device; encrypting the plurality of concatenated second data items relevant for computing the performance indicator using a first encryption key in the device, wherein the first encryption key is based on an additive homomorphic encryption scheme; sending the encrypted concatenated second data items to a computation cluster; computing the performance indicator on the computation cluster using the encrypted concatenated second data items and computing an aggregate value regarding the performance indicator by summing up the encrypted concatenated second data items; sending the aggregate value to a server of a service provider of the device; decrypting the aggregate value using a second encryption key on the server of the service provider; and verifying the decrypted result by checking whether the decrypted sum computed by summing up the encrypted concatenated second data items comprises a predetermined value. The present application also relates to a corresponding system and corresponding computer program product including one or more computer readable media having computer executable instructions for performing the steps of the method.

A system and method for encrypting metadata in a communication system, including defining paths from a source node to a destination node through intermediate nodes and anchor nodes; dividing messages and sending a portion in each path by: dividing the path into sub-paths, where each two contiguous sub-paths are connected by an anchor node; calculating a secret value including a list of nodes of a first sub-path and an encrypted form of a remaining portion of the path; calculating a first random point on a linear line connecting a first metadata share of a symmetric key of the source node and a first intermediate node, and a metadata share including a second x-value of the symmetric key of the source node and the first intermediate node in the path and the secret value; and sending the portion together with the first random point to the first intermediate node.