The disclosure provides a method and an apparatus for acquiring an electronic file. The method for acquiring an electronic file includes: generating a first encryption key according to login information of a user of a terminal device at the time of logging in to a platform server and a first identifier corresponding to an information providing server that provides the electronic file; sending a first request message for acquiring the electronic file to the platform server; receiving the electronic file encrypted using a second encryption key and returned by the platform server according to the login information and the first request message; and generating a first decryption key according to the first encryption key, and decrypting, using the first decryption key, the electronic file encrypted using the second encryption key, so as to obtain the decrypted electronic file. By means of the disclosed embodiments, private information concerning a user in an electronic file is not leaked by a platform server. Since a terminal device can obtain a decryption key without the need to perform key exchange with an information providing server, use by the user of the terminal device is facilitated.

In one embodiment, an apparatus includes a core to execute instructions, where in response to a first instruction, the core is to obtain an encrypted binary of a requester from a source location and store the encrypted binary to a destination location. The apparatus may further include a memory execution circuit coupled to the core that, in response to a request from the core and based on the first instruction, is to generate at least one integrity value for the binary and store the at least one integrity value in association with the binary.

According to a first aspect, it is provided a method for requesting access to a physical space secured by a lock. The method is performed in a mobile device of a user and comprises the steps of: authenticating the mobile device with an authentication server, resulting in a token, being a data item, indicating one or more access groups to which the user belongs, wherein the token is cryptographically signed by the authentication server; storing the token in the mobile device; obtain a lock identifier of the lock; and transmitting an access request to an access control device, the access request comprising the token and the lock identifier.

Methods, systems, and apparatus, including computer programs encoded on a computer storage medium for retrieving information from a server. Methods can include a server receiving a set of client-encrypted queries. The server identifies a set of server-encrypted decryption keys and transmits the set to the client device. The server receives a set of client-server-encrypted decryption keys that includes the set of server-encrypted decryption keys encrypted by the client device. The server also receives a set of client-encrypted/client-derived decryption keys that were derived by the client device. The server generates matching a map that specifies matches between the set of client-server-encrypted decryption keys and the set of client-encrypted/client-derived decryption keys. The server filters the set of client-encrypted queries using the map to create a set of filtered client-encrypted queries and generates a set of query results.

A virtual cryptographic module is used to perform cryptographic operations. The virtual cryptographic module may include a fleet of cryptographic modules and a load balancer that determines when a cryptographic module should be added to or removed from the fleet. The fleet size may be adjusted based on detecting a set of conditions that includes the utilization level of the fleet. One or more cryptographic modules of the fleet may be used to fulfill requests to perform cryptographic operations. A cryptographic module may be a hardware security module (“HSM”).

A system includes an intelligent electronic device (IED) and a proxy device communicatively coupled to the TED via a Media Access Control (MACsec) communication link. The proxy device is configured to perform operations that include receiving permissions data, receiving a request to perform an action associated with the TED, determining whether the action is authorized based on the permissions data, and transmitting data to the TED via the MACsec communication link in response to determining that the action is authorized.

A digital credential issuing system and method use public storage and encryption to provide a more secure digital credential issuing process because there is no direct interaction between the credential issuer and an entity requesting a new credential. The new credential may be secured, such as by using encryption, so that the newly issued credential may be uploaded to the public storage and then decrypted and used by only the particular entity for which the new credential is intended.

A cryptographic communication system includes: a first cryptographic communication apparatus including a first tamper-resistant device configured to store a first key generation function and a first storage unit configured to store first individual information; and a second cryptographic communication apparatus including a second tamper-resistant device configured to store a second key generation function and a second storage unit configured to store second individual information. The first cryptographic communication apparatus generates a twelfth shared key using the first key generation function and the second individual information. The second cryptographic communication apparatus generates a twenty first shared key using the second key generation function and the first individual information.

A data center 5.sup.th-Generation (5G) network encrypted multicast-based authority authentication method, system, and device, and a medium. In the present disclosure, authority authentication and data connection are performed on each platform of a data center by 5G network encrypted multicast, and a network encrypted multicast component is configured on the platform of the data center. An encrypted multicast packet is sent to a network by the platform. Connection is completed by handshaking and mutual heartbeat transmission between the platforms. Authority verification is performed through the multicast packet. In this manner, the problem of security risk of traditional authority authentication may be reduced, and the intercommunication speed and efficiency of each platform of the data center may be improved greatly.

Embodiments relate to systems for the distribution of payload in a secure manner. A server may receive a query from a device that includes a subscriber identifier. The server may determine, from confidential information stored, an association between the subscriber identifier and a public key of the device. The server may retrieve the public key of the device. The server may generate a data payload as a response to the query. The server may encrypt the data payload by a symmetric key that is generated randomly. The server may encrypt the symmetric key by the public key of the device. The server may transmit the data payload and the symmetric key that are encrypted to the device for the device to use a private key corresponding to the public key to decrypt the symmetric key and use the symmetric key to decrypt the data payload.