A method for implementing zero-knowledge private key management for decentralized applications including receiving a session request, establishing a session responsive to the session request, transmitting a response to the session request to the decentralized application, receiving a session approval from a client application, updating the session with the information included in the session approval, and transmitting the public key and the blockchain network selection to the decentralized application.

A computerized system for encryption and transmission of digital information comprising: a set of non-transitory computer readable instructions that, when executed by a processor, preform the steps of: receiving a data set from an instance of a sender browser running on a sender computer device, verifying that a recipient is a subscriber and if the recipient is a subscriber, generating a sender key, encrypting a portion of the data set with the sender key, generating a key pair having a first key and a second key, encrypting the sender key with the first key, encrypting the second key with a master key, and, generating a hyperlink to the portion of the data set that is encrypted.

A method for execution by one or more processing modules of one or more computing devices begins by encoding data using a dispersed storage error encoding function to produce a plurality of sets of encoded data slices arranged into a plurality of chunksets of encoded data slices. The method continues by selecting a set of storage units for storing the plurality of chunksets and assigning a distributed computing task to each storage unit of the set of storage units. The method then continues by generating a unique key set for each storage unit of the storage units, encrypting each chunkset of encoded data slices with a corresponding one of the unique key sets to produce a plurality of encrypted chunksets and sending an encrypted chunkset of the plurality of encrypted chunksets and an indication of a corresponding distributed computing task to each storage unit of the set of storage units for storage of the encrypted chunksets and execution of the distributed computing task.

A method for determining a key for securing communication between a user apparatus and an application server. An authentication server of a mobile communication network and the user apparatus generate a secret master key during an authentication procedure. The user apparatus sends the authentication server a request for a key to communicate with the application server and receives a random variable. The authentication server and the user apparatus calculate the requested key by using a key derivation function applied to at least the random variable, a user identifier and an application server identifier using the master key.

A computing device includes a secure storage hardware to store a secret value and processing hardware comprising at least one of a cache or a memory. During a secure boot process the processing hardware loads untrusted data into at least one of the cache or the memory of the processing hardware, the untrusted data comprising an encrypted data segment and a validator, retrieves the secret value from the secure storage hardware, derives an initial key based at least in part on an identifier associated with the encrypted data segment and the secret value, verifies, using the validator, whether the encrypted data segment has been modified, and decrypts the encrypted data segment using a first decryption key derived from the initial key to produce a decrypted data segment responsive to verifying that the encrypted data segment has not been modified.

Embodiments provide a mobile communications device that includes a processor configured to communicate with a transceiver and a memory. The transceiver is configured to exchange control signals with a network node. The memory contains instructions that when executed by the processor configure the processor to operate the transceiver to exchange the control signals. The instructions further configure the processor to pass a first proper subset of the control signals to a remote device without operating according to the control signals, and to operate according to control signals in a second proper subset of the control signals. The processor is thereby configured to operate on behalf of a remote communication device to support communication between the remote communication device and the network node.

A device hosting a universal integrated circuit card (UICC or eUICC) initiates a provisioning call flow with an electronic subscriber identity module (eSIM) server. The purpose of the provisioning call flow is to perform a particular provisioning action or function. The eSIM server, the device and/or the eUICC maintain state information related to the provisioning call flow. The provisioning call flow includes generation of a one-time public key (otPK) at the eUICC. The provisioning call flow is interrupted by an error event before, for example, successful installation of a profile in the eUICC. A subsequent provisioning call flow is initiated. The eSIM server assists the eUICC to recover from the error event based on the state information of the eSIM server, the device and/or the eUICC. In some embodiments, the recovery and subsequent successful profile installation makes use of the otPK generated during the earlier provisioning call flow.

Embodiments of the present invention disclose a method, an apparatus, and a system for establishing a security context and relates to the communications field, so as to comprehensively protect UE data. The method includes: acquiring an encryption algorithm of an access node; acquiring a root key and deriving, according to the root key and the encryption algorithm, an encryption key of the access node; sending the encryption key and the encryption algorithm to the access node, so that the access node starts downlink encryption and uplink decryption; sending the encryption algorithm of the access node to the UE so as to negotiate the encryption algorithm with the UE; and instructing the access node to start downlink encryption and uplink decryption and instructing, during algorithm negotiation, the UE to start downlink decryption and uplink encryption.

A blockchain oracle is provided. The blockchain oracle comprises: an intrusion prevention device and a processor in which a private key is stored; the intrusion prevention device is connected to the processor and is configured to send intrusion information to the processor when the blockchain oracle is intruded; and the processor is configured to destroy the private key when it receives the intrusion information. The disclosure alleviates the technical problem of low reliability of the blockchain oracle existing in the prior art, and achieves the technical effect of improving the reliability of the blockchain oracle.

A method performed by an authentication server in a home network of a UE for obtaining a subscription permanent identifier, SUPI. The method comprises: receiving a SUCI which comprises an encrypted part in which at least a part of the SUPI is encrypted, and a clear-text part which comprises a home network identifier and an encryption scheme identifier that identifies an encryption scheme used by the UE to encrypt the SUPI in the SUCI; determining a de-concealing server to use to decrypt the encrypted part of the SUCI; sending the SUCI to the de-concealing server; and receiving the SUPI in response. Methods performed by a UE and a de-concealing server are also disclosed. Furthermore, UEs, de-concealing servers, authentication servers, computer program and a memory circuitry are also disclosed.