An example method performed by one or more processing devices includes: generating encrypted content at a sender device using one or more first keys that are available from a key provider; and outputting the encrypted content to a recipient device over one or more channels; where the key provider enables access, following authorization, by the recipient device to one or more second keys for decrypting the encrypted content; and where an entity that enables the channel is unaffiliated with the key provider.

The present disclosure provides a method and system for performing an SSL Handshake. In the method, during an SSL handshake with a target terminal, a target CDN node determines a target service server accessed by the target terminal and obtains information to be processed by a private key; the target CDN node sends a private key processing request to a private key server corresponding to the target service server, the private key processing request carries the information to be processed and target private key processing type information; the private key server processes the information to be processed based on the target private key processing type information and a private key of the target service server and sends a processing result to the target CDN node so that the target CDN node may continue to perform the SSL handshake with the target terminal according to the processing result.

The disclosed embodiments relate generally to complex data stream control and entitlement. Specifically, the disclosed embodiments provide systems and methods for ensuring that only authenticated/verified participants receive data streams. A third party, e.g., a party other than the data provider or the data recipient, who is nevertheless associated with both the data provider and the data recipient, may be involved in controlling whether data streams from the data provider can reach the data recipient. Thus, a third party may logically sit between the data provider and the data recipient, and may decide whether the data recipient should receive data streams. The disclosed embodiments implement data generation, flow, control and permissioning between multiple entities via digital assets accessed and manipulated on a shared data structure.

A method, computer system, and a computer program product for controlling access to an asset in a blockchain network is provided. The present invention may include encrypting the asset using a target encryption key. The present invention may also include storing the encrypted asset on a ledger. The present invention may then include receiving a start encryption key to access the asset. The present invention may further include traversing a graph of keys beginning with the start encryption key across a plurality of nodes and edges until reaching the target encryption key. The present invention may also include allowing access to the asset based on reaching the target encryption key.

Provided is a method of managing keys in a security system of a multicast environment. The key managing method according to the embodiments of the present disclosure enables key management that a key renewal regarding a receiver joining or leaving a group does not affect all groups.

Disclosed are systems and methods for registering and localizing a building server. A system comprises a building server communicatively coupled with a computing cloud, and configured to initiate a registration process that comprises transmitting data identifying the building server. The computing cloud comprises at least a device registration module that receives the data transmitted from the building server, authenticates the building server, and generates and transmits data such as a building server password and a digital certificate. The computing cloud also comprises an identity management module that receives a request to create a unique ID associated with the building server, and updates a memory to indicate an association between the building server and the computing cloud.

Systems and methods are provided for confidential communication management. For example, a client computer can determine a client key pair comprising a client private key and a client public key. The client computer can further determine a protected server key identifier, identify a server public key associated with the protected server key identifier, and generating a shared secret using the server public key and the client private key. The client computer can further encrypt message data using the shared secret and sending, to a server computer, a message including the encrypted message data, the protected server key identifier, and the client public key. The protected server key identifier can be associated with the server computer and can be usable by the server computer to identify a server private key to be used in decrypting the encrypted message data.

A method begins by a processing module identifying, for a DSN (Dispersed Storage Network) memory using multiple IDA (Information Dispersal Algorithms) configurations simultaneously, a first IDA configuration with a highest security level relative to each of the multiple IDA configurations. The method continues by generating at least one master key. The method continues by encoding the master key with a secure error coding function to produce master key slices according to the first IDA configuration. The method continues by storing the master key slices in the DSN memory using the first IDA configuration. The method continues by, when storing data with a second IDA configuration having a security level lower than the first IDA configuration, retrieving the master key slices, decoding the master key slices to obtain the master key and encrypting the data using the master key.

A mobile device can establish a communication with a separate device via a single function action such as bringing the devices near to each other. A method can include setting the mobile device to be in a state that enables a user to complete a purchase via the single function action with the mobile device, establishing, based on the user performing the single function action associated with the mobile device, a wireless link between the mobile device and the separate device, the wireless link providing communications associated with the purchase, receiving purchase data from the separate device via the wireless link, the purchase data being associated with the purchase, retrieving payment data from a memory of the mobile device and transmitting, from the mobile device to the separate device and via the wireless link, the payment data to make the purchase.

A device can include a memory storing user payment data and another memory device storing instructions that cause the device to establish a communication between a separate device and the system based on a gesture associated with the system and via a wireless link between the system and the separate device, the communication being associated with a potential purchase, receive purchase data from the separate device via the wireless link, the purchase data being associated with the potential purchase, present, on the display, an instruction associated with the potential purchase, receive a single-interaction from the user of the system to confirm a payment for the potential purchase, the single-interaction comprising a security measure to prevent unauthorized purchases, retrieve, based on the single-interaction from the user, the user payment data from the memory and transmit the user payment data via the wireless link to the separate device to make a purchase.