Provided is a system and method for verifying a blockchain using an external audit chain. The system may include an engine which facilitates communication between two or more independent blockchains. In one example, the method may include reading block data of a source data block that is stored among a hash-linked chain of data blocks on a blockchain, verifying a hash of the source block based on the block data that is read, generating a token based on the hash verification of the source block and storing the generated token in a verification block among the hash-linked chain of blocks on the blockchain to create a verification point on the blockchain, and storing a copy of the generated token in a block among a hash-linked chain of blocks on an audit blockchain that is independent from the blockchain.

A method and apparatus for providing a license to a client device, the license providing a key for decrypting a content instance. In one embodiment, the method comprises accepting a token request, the token request having client device credentials including a client device identifier (client ID) and a content instance identifier (content ID), deriving a private key according to a token key seed, a token key identifier (token key ID), and the content ID, generating a token having a payload and a token identifier (token ID) and being digitally signed according to the derived private key; transmitting the generated token to the client; and providing the license to the client device according to the generated token.

A system and method for electronic payment that involves generating and then using a temporary token based on a legacy PAN (Primary Account Number) to conduct an electronic transaction. The token is generated by transforming the PAN using specific inputs such that the original PAN can be recovered by manipulating the token in various ways as disclosed herein. One potential manipulation that may be used is encryption/decryption. The token is transmitted to a portable electronic device such that the portable electronic device may present the token to a point-of-sale device. The POS communicates the token to a server which validates the token by, among other things, recovering the PAN. If the PAN is recovered as expected a validation message is returned to the POS device.

The present disclosure describes a method, system, and non-transitory computer readable medium that includes instructions that permit users of different secure communication networks to exchange secure communications. A secure communication platform includes a user database that allows users from different secure communication networks to access keys for recipients outside of their network. Additionally, the secure communication platform provides a high degree of trust regarding the sender's identity, allowing the receiving network to trust the sender.

A method of receiving and executing a secret software (G) on data in a secure enclave of a first device (DO) includes the following steps implemented in the secure enclave, that is to say a step of generating a public key (B), a step of receiving the encrypted secret software (G.sub.s) coming from a second device (AP), a step of decrypting the encrypted secret software (G.sub.s) from a key (K; P) depending of the public key (B, a step of receiving data; and a step of executing the secret software (G) using the data.

A computing device for use in a storage network includes one or more network interfaces, memory with operational instructions and a processing module. The processing module is configured to execute the operational instructions receive a storage request for data and select a plurality of memory devices for storage of the data. The processing module partitions the data into a plurality of chunk sets and encode each chunk set of the plurality of chunk sets according to a dispersed storage error coded function to produce a plurality of chunks. Finally, the processing module facilitates storage of each chunk of the plurality of chunks in a memory device of the plurality of memory devices.

A method for a key management server to manage encryption for data stored by a cloud provider server includes receiving, by the key management server from the cloud provider server, a request for a drop key. The request includes a hash drop identifier that uniquely identifies a cipher drop, and the cipher drop comprises a unit of data stored by the cloud provider server. The method further includes generating the drop key based on at least the hash drop and the drop identifier and encrypting the drop key. A response comprising the encrypted drop key is sent to the cloud provider server.

Techniques to facilitate verification of in-situ network telemetry data of data packet of data traffic of packet-switched networks are described herein. A technique described herein includes a network node obtaining a data packet of data traffic of a packet-switched network. The data packet includes an in-situ network telemetry block. The network node obtains telemetry data and cryptographic key. The cryptographic key confidentially identifies the network node. The node encrypts at least a portion of the telemetry data based on the cryptographic key to produce signed telemetry data and updates telemetry-data entry of the in-situ network telemetry block. The telemetry data and signed telemetry data is inserted into the telemetry-data entry. The node forwards the data packet with the updated telemetry-data entry to another network node of the packet-switched network.

The present disclosure relates to methods and apparatus for flexible, security context management during AMF changes. One aspect of the disclosure is a mechanism for achieving backward security during AMF changes. Instead of passing the current NAS key to the target AMF, the source AMF derives a new NAS key, provides the new NAS key to the target AMF, and sends a key change indication to the UE, either directly or through some other network node. The UE can then derive the new NAS key from the old NAS key. In some embodiments, the AMF may provide a key generation parameter to the UE to use in deriving the new NAS key. In other embodiments, the target AMF may change one or more security algorithms.

Systems and methods are disclosed in which data associated with a transaction are protected with encryption. At an access device, a PIN associated with a payment account may be encrypted with a first key derived from an initial key of the access device and sensitive data associated with the payment account may be encrypted with a second key derived from the initial key. At a secure module associated with a host server encrypted sensitive data of an authorization request message may be decrypted. The secure module associated with the host server can re-encrypt the sensitive data using a zone encryption key associated with a payment processing network. A translated authorization request message including the re-encrypted sensitive data can be transmitted by the merchant server to the payment processing network.