In order to improve security upon distributing a group key, there is provided a gateway (20) to a core network for a group of MTC devices (10_1-10_n) communicating with the core network. The gateway (20) protects confidentiality and integrity of a group key, and distributes the protected group key to each of the MTC devices (10_1-10_n). The protection is performed by using: a key (Kgr) that is preliminarily shared between the gateway (20) and each of the MTC devices (10_1-10_n), and that is used for the gateway (20) to authenticate each of the MTC devices (10_1-10_n) as a member of the group; or a key (K_iwf) that is shared between an MTC-IWF (50) and each of the MTC devices (10_1-10_n), and that is used to derive temporary keys for securely conducting individual communication between the MTC-IWF (50) and each of the MTC devices (10_1-10_n).

A method for execution by one or more processing modules of one or more computing devices begins by encoding data using a dispersed storage error encoding function to produce a plurality of sets of encoded data slices arranged into a plurality of chunksets of encoded data slices. The method continues by selecting a set of storage units for storing the plurality of chunksets and assigning a distributed computing task to each storage unit of the set of storage units. The method then continues by generating a unique key set for each storage unit of the storage units, encrypting each chunkset of encoded data slices with a corresponding one of the unique key sets to produce a plurality of encrypted chunksets and sending an encrypted chunkset of the plurality of encrypted chunksets and an indication of a corresponding distributed computing task to each storage unit of the set of storage units for storage of the encrypted chunksets and execution of the distributed computing task.

A method for implementing zero-knowledge private key management for decentralized applications including receiving an encrypted private key and user identification information, storing the encrypted private key, receiving a session request from a decentralized application, establishing a session, transmitting a response to the session request to the decentralized application, receiving a session approval from the client application, updating the session with the information comprised by the session approval, and transmitting the public key and the blockchain network selection to the decentralized application.

A method of generating wallets for discrete blockchain networks comprising receiving a primary and a first secondary seeds, generating an enhanced hierarchical deterministic (HD) wallet, comprising deriving an enhanced parent public key and an enhanced parent private key from the primary seed, generating a first toughened HD wallet, comprising deriving a first toughened parent public and private key pair from the first secondary seed, deriving a first toughened primary child public/private key pair from a function including as inputs the first toughened parent public/private key pair, a first parent chain code, and the enhanced parent public key, and performing an identity registration and certification procedure for both the enhanced and the first toughened HD wallets. An identify of a user associated with each of the enhanced and the first toughened HD wallets is verifiable by an external blockchain network because of the identity registration and certification procedures.

A method for performing a security chip protocol comprises receiving, by processing hardware of a security chip, a message from a first device as part of performing the security chip protocol. The processing hardware retrieves a secret value from secure storage hardware operatively coupled to the processing hardware. The processing hardware determines a path through a key tree based at least in part on the message. The processing hardware derives a validator at least in part from the secret value using a sequence of entropy redistribution operations associated with the path through the key tree. The processing hardware exchanges the validator between the security chip and the first device as part of the security chip protocol in order to authenticate at least one of the security chip or the first device.

The invention relates to a method and system for key distribution and encryption/decryption. An encryption key (K.sub.enc) is derived in a terminal. The encryption key is applied by the terminal for encrypting at least a part of data included in an application message for an application server transmitted over a network. The terminal and the network both have access to a first key (K.sub.1). The terminal and the server both have access to a second key (K.sub.2). The encryption key is derived at the terminal using the first key and the second key. The first key or the derivative thereof is received at the server. The encryption key for decrypting the application message encrypted by the terminal is derived in the server using the shared second key and the received first key of the derivative thereof.

A method including receiving, by a receiving device from a transmitting device, a combination of messages including encrypted decoy messages and one or more encrypted content messages, the encrypted decoy messages being determined based at least in part on encrypting decoy data and the one or more encrypted content messages being determined based at least in part on encrypting content data; and decrypting, by the receiving device, a received message included in the combination of messages based at least in part on utilizing a cryptographic key; and determining, by the receiving device, that the received message is a content message or that the received message is a decoy message based at least in part on a result of decrypting the received message. Various other aspects are contemplated.

In one aspect, a system for managing data processes in a network of computing resources is configured to: receive, from an instructor device, a parent request for execution of at least one parent data process executable by a plurality of computing resources at least one computing resource; generate at least one child request for execution of at least one corresponding child data process for routing to at least one corresponding destination device, each of the at least one child data process for executing at least a portion of the at least one parent data process, and each of the at least one child request including a respective destination key derived from at least one instructor key; and route each of the at least one child request to the at least one corresponding destination device. The at least one child request can be obtained by a supervisor server via the routing.

The disclosure relates to methods for establishing a secure communication link between a mobile station and a secondary base station in a mobile communication system. The disclosure is also providing mobile communication system for performing these methods, and computer readable media the instructions of which cause the mobile communication system to perform the methods described herein. Specifically, the disclosure suggests that in response to the detected or signaled potential security breach, the master base station increments a freshness counter for re-initializing the communication between the mobile station and the secondary base station; and the mobile station and the secondary base station re-initialize the communication there between. The re-initialization is performed under the control of the master base station and further includes deriving a same security key based on said incremented freshness counter, and establishing the secure communication link utilizing the same, derived security key.

Methods, apparatuses, and systems are described for deriving secured keys and authenticating based on the derived keys. An entity may receive one or more derived keys and one or more key derivation algorithms associated with the one or more derived keys. A user device may derive, based on a key associated with the user device and unknown to the entity, a user key. The entity may derive, based on a first derived key and one of the key derivation algorithms, a second derived key, and may verify, based on the second derived key, the user key.