Systems and methods are described for securely and efficiently processing electronic content. In one embodiment, a first application running on a first computing system establishes a secure channel with a second computing system, the secure channel being secured by one or more cryptographic session keys. The first application obtains a license from the second computing system via the secure channel, the license being encrypted using at least one of the one or more cryptographic session keys, the license comprising a content decryption key, the content decryption key being further encrypted using at least one of the one or more cryptographic session keys or one or more keys derived therefrom. The first application invokes a second application to decrypt the license using at least one of the one or more cryptographic session keys, and further invokes the second application to decrypt the content decryption key using at least one of the one or more cryptographic session keys or one or more keys derived therefrom, and to decrypt a piece of content using the content decryption key. The first application then provides access to the decrypted piece of content in accordance with the license.

A method for qualifying a validator server used in zero-knowledge transactions including receiving hashed transactions between a prover client and a verifier server from the prover client and hashed transactions between the prover client and the verifier server, accessing the hashed transactions an enforcement node, analyzing the first and second pluralities of hashed transactions by the enforcement node, and qualifying or disqualifying the verifier server by the enforcement node responsive to analyzing the first and second pluralities of hashed transactions.

In various embodiments, a server stores a set of cryptographic keys associated with a client that includes a server-stored bootstrap key, a server-stored authentication key, and a server-stored proposed key. The server receives an authentication request from the client that includes a client-indicated bootstrap key, a client-indicated authentication key, and a client-indicated proposed key. The server makes a determination that the client is authenticated based in part on whether there is a match between the client-indicated authentication key and either the server-stored authentication key or the server-stored proposed key. The server provides, based on the determination, an authentication response to the client indicating that the client has been authenticated.

A method for transmitting content in a communication network comprising a quantum key distribution network of quantum keys, the communication network comprising a key manager device connected to transmission nodes and connected to the quantum key distribution network, the transmission nodes communicating in the communication network and transmitting and receiving quantum keys in the quantum key distribution network, the method comprising sending and receiving control messages to and from the control plane manager to organize the transfer of the content in the communication network. The control messages comprise hash values to identify quantum keys. Also a control plane manager device, a transmission node, and a computer program.

The present disclosure relates to methods and apparatus for flexible, security context management during AMF changes. One aspect of the disclosure is a mechanism for achieving backward security during AMF changes in idle mode. Instead of passing the current NAS key to the target AMF, the source AMF derives a new NAS key, provides the new NAS key to the target AMF, along with a key change indication indicating that the NAS key has changed. The target AMF sends the key change indication to the user equipment.

An information processing apparatus that executes authentication processing using authentication information received from a terminal includes a first authentication unit configured to execute first authentication processing using second authentication information and preliminarily managed authentication information, the second authentication information being obtained by encrypting first authentication information received from the terminal, and a second authentication unit configured to execute second authentication processing different from the first authentication processing, wherein, in a case where the second authentication information is authenticated by the first authentication unit, the first authentication information is managed to be usable by the second authentication unit.

A method by a core network node of a core network of a wireless communication system for authenticating a user equipment, UE, to the core network includes receiving a first authentication request to authenticate the UE to the core network, determining that the UE should be authenticated by an external authentication entity that is external to the wireless communication system, transmitting a second authentication request to the external authentication entity, the second authentication request identifying the UE, receiving an authentication response from the external authentication entity verifying authenticity of the UE, the authentication response including a master key, and deriving a first key for securing communications with the UE from the master key.

A Bluetooth device (702) is disclosed, the Bluetooth device being provisioned with a security credential (710) that is shared with an authentication server (706). The Bluetooth device comprises processing circuitry configured to use a Bluetooth pairing mechanism to establish a pairing with a Bluetooth gateway (704a-c) by establishing a shared secret key with the Bluetooth gateway and to perform an Extensible Authentication Protocol (EAP) authentication method towards the authentication server using the security credential, wherein performing the EAP authentication method comprises using the paired Bluetooth gateway to forward messages to and from the authentication server. The processing circuitry is further configured to bind the pairing established with the paired Bluetooth gateway to the performed EAP authentication method. Also disclosed are a Bluetooth gateway and methods performed by a Bluetooth device and a Bluetooth gateway.

Systems and methods are disclosed in which data associated with a transaction are protected with encryption. At an access device, a PIN associated with a payment account may be encrypted with a first key derived from an initial key of the access device and sensitive data associated with the payment account may be encrypted with a second key derived from the initial key. At a secure module associated with a host server encrypted sensitive data of an authorization request message may be decrypted. The secure module associated with the host server can re-encrypt the sensitive data using a zone encryption key associated with a payment processing network. A translated authorization request message including the re-encrypted sensitive data can be transmitted by the merchant server to the payment processing network.

A medical pump includes a cuboid pump housing and a front lid that is pivotably hinged to the pump housing. The front lid includes a display, in particular a touch display, and/or operating elements. The front lid is attached to the pump housing with at least one first hinge element and at least one second hinge element. The at least one first hinge element and/or the at least one second hinge element includes or forms at least one electrical connection between the pump housing and the front lid for electrical linking and exchange of data.