The method, system and a computer program and a computer product for managing workers and documents is provided. The method includes storing industry representations and a list of workers with data related to the workers, linking the industry representations to the workers and selecting at least one worker from based on the industry representations for that worker. The method also includes scheduling workers to a job based on whether they have all of the required industry representations. In addition, the method includes uploading industry representations and bar code scanning industry representations into the database. The method further includes dispatching said industry representations to other users and automatically mapping fields of the dispatched data in the destination database. In addition, the method includes selectively encrypting only sensitive fields in data transmission between two entities.

Secure data transfers between communication nodes is performed using a group encryption key supplied by a remote management system. A first node transmits a request for secure communications with a second node to the remote management system using a control channel. The remote management system generates and encrypts a group encryption key usable by the first and second nodes and forwards the encrypted group encryption key to the first and second nodes using one or more control channels. The first and second communication nodes decrypt the group encryption key and use it to encrypt data transmitted between the nodes using a data transport network. In some implementations the securely communicating nodes may use encryption keys and/or techniques that prevent the remote management system from eavesdropping on the nodes' communications.

Embodiments of the invention provide a computer-implemented method for managing cryptographic objects in a key management system. This system comprises a set of one or more hardware security modules (HSMs), as well as clients interacting with the HSMs on behalf of users who interact with the clients. The method comprises monitoring, for each HSM of the set, an entropy pool and/or a load at each HSM. The entropy pool of a HSM is the entropy that is available at this HSM for generating cryptographic objects. The load induced at a HSM is the load due to the users interacting with the clients to obtain cryptographic objects. Cryptographic objects are generated, at each HSM, according to the monitored entropy pool and/or load. The extent to which such objects are generated depends on the monitored entropy pool and/or load.

Multi-context authenticated encryption can be used to secure various data objects, where a data object may be transmitted and/or stored using various types of resources. One or more envelope keys can be used to encrypt the body data, and each envelope key can be encrypted with a master key. The envelope keys are also be encrypted using at least a subset of context information available for the data object, as may correspond to one or more of the resource types. The encrypted data object can include at least one header, as well as the encrypted body data and the encrypted envelope key(s). In order to decrypt the data object, a data consumer would need the master key as well as at least a relevant subset of the context data.

A method includes receiving, at a key management system from one or more client devices, one or more requests for cryptographic keys stored in respective clouds of a plurality of cloud service providers in a multi-cloud environment, the cryptographic keys being distributed across different ones of the respective clouds of the plurality of cloud service providers in the multi-cloud environment. The method also includes determining a location of a given one of the requested cryptographic keys on one or more of the clouds of the cloud service providers in the multi-cloud environment, retrieving the given cryptographic key from the determined location in the multi-cloud environment, providing the given cryptographic key to a given one of the client devices, and shuffling the distribution of the cryptographic keys across the clouds of the plurality of cloud service providers in the multi-cloud environment.

A system and a method for accessing data in a secure manner are provided, in which the data comprises a number of data sets and each of the data sets is assigned to a user. The data sets are stored in a database in an encrypted manner, and are decryptable by means of a first decryption key assigned to the particular entity. The first decryption keys are stored in a volatile memory unit, and each of the first decryption keys are encrypted separately using a first and at least a second encryption key assigned to the particular entity, and the encrypted first decryption keys are stored in a permanent memory unit. After the volatile memory unit is erased, the encrypted first decryption keys are copied from the permanent memory unit into the volatile memory unit, and the encrypted first decryption keys are decrypted in the volatile memory unit.

A service providing system includes a cloud platform including: a security database that stores a device ID and a pair of a public key and a private key corresponding to the device ID; and a communication server that communicates with the security database, the communication server: communicating with a client device; receiving a request from the client device to issue a security token, the request including a device ID of the client device and data encrypted with a public key; determining whether the encrypted data is decrypted with the private key corresponding to the client device by referring to the security database; and in response to the encrypted data being decrypted with the private key, issuing and transmitting the security token to the client device.

Methods and apparatus to provide extended object notation data are disclosed. An example apparatus includes a data handler having a first input to receive object data and a first output to output an object notation key-value pair for the object data; a string processor having a second input coupled to the first output and a second output to convey the object notation key-value pair without string literals; and a hashing and encryption handler having a third input coupled to the second output and a third output to convey the key-value pair signed with a private key, to convey the key-value pair encrypted with a public key, and to convey an indication that the encrypted key-value pair is encrypted in a key of the encrypted key-value pair.

Disclosed is a zero-knowledge distributed application configured to securely share information among groups of users having various roles, such as doctors and patients. Confidential information may be encrypted client-side, with private keys that reside solely client side. Encrypted collections of data may be uploaded to, and hosted by, a server that does not have access to keys suitable to decrypt the data. Other users may retrieve encrypted data from the server and decrypt some or all of the data with keys suitable to gain access to at least part of the encrypted data. The system includes a key hierarchy with multiple entry points to a top layer by which access is selectively granted to various users and keys may be recovered.

Disclosed embodiments relate to decentralized and scalable trust among a plurality of decentralized applications. Techniques include receiving, at a first decentralized application, a signature associated with a first public key, receiving data representing one or more permissions specified by a trusted root application and signed by the trusted root application, signing a second public key associated with a second decentralized application, signing data representing one or more permissions specified by the first decentralized application, and providing the signature associated with the second public key and the signed data representing one or more permissions specified by the first decentralized application, in order to thereby provide trust between the first decentralized application and the second decentralized application.