Embodiments of the present invention disclose a method, an apparatus, and a system for establishing a security context and relates to the communications field, so as to comprehensively protect UE data. The method includes: acquiring an encryption algorithm of an access node; acquiring a root key and deriving, according to the root key and the encryption algorithm, an encryption key of the access node; sending the encryption key and the encryption algorithm to the access node, so that the access node starts downlink encryption and uplink decryption; sending the encryption algorithm of the access node to the UE so as to negotiate the encryption algorithm with the UE; and instructing the access node to start downlink encryption and uplink decryption and instructing, during algorithm negotiation, the UE to start downlink decryption and uplink encryption.

A coupon-minter is configured to perform operations including: generating a coupon comprising encrypted discount information, wherein the encrypted discount information is encrypted with a discount key; generating, for the coupon, a hashlock from a preimage; introducing the coupon to a blockchain in association with the hashlock, wherein the blockchain is configured to permit claiming of the generated coupon only upon receiving access to the preimage used to generate the hashlock. A store-manager configured to perform operations including: claiming, using the preimage, the coupon in the blockchain; encrypting the discount key with a clearing-house public key; updating the coupon with the encrypted discount key. A clearing-house-manager configured to perform operations comprising: detecting the store-manager's claiming of the coupon; decrypting the encrypted discount key with a clearing-house private key to re-generate the discount key; and decrypting the encrypted discount information with the preimage.

A system and method for pairing two devices for secure communications. A user selects a first device to pair with a second device. The first and second devices have the ability to securely communicate with each other through the use of encrypted communications. An encryption key is written to the first device and then burned into the encryption module on the first device. A corresponding decryption key is written to the second device and then is burned into the decryption module of the second device.

A method may include allocating a number of public keys, where each respective public key is allocated to a respective entity of a number of entities; storing a number of private keys, where each respective private corresponds to a respective public key; storing one or more decryption algorithms, where each respective decryption algorithm is configured to decrypt data previously encrypted using at least one encryption algorithm of the encryption algorithms. Each respective encryption algorithm may be configured to encrypt data using at least one public key. Each respective decryption algorithm may be configured to decrypt data using at least one private key. The method may include receiving encrypted data, where the encrypted data is encrypted using a first public key and a first encryption algorithm, and the encrypted data is provided over a network.

Provided is a data security sharing method for multiple edge nodes to operate in a collaboration mode under an industrial cloud environment. The method includes: firstly, edge nodes that need collaborative computing separately applying for a shared key to an authority center; secondly, the authority center generating a shared key and issuing the key to each of the edge nodes applying for participation in the collaborative computing; again, the edge nodes combining industrial characteristics to generate an interference factor set, and adding different interference factors for different types of data; then, the data of the edge nodes is implemented with improved homomorphic encryption and is uploaded to an industrial cloud platform; and finally, the industrial cloud platform performing homomorphic analysis and computing on the data uploaded by each of the edge nodes, and issuing the data back to each of the edge nodes.

Methods and systems are provided for supporting efficient and secure “Machine-to-Machine” (M2M) communications using a module, a server, and an application. A module can communicate with the server by accessing the Internet, and the module can include a sensor and/or an actuator. The module, server, and application can utilize public key infrastructure (PKI) such as public keys and private keys. The module can internally derive pairs of private/public keys using cryptographic algorithms and a first set of parameters. A server can authenticate the submission of derived public keys and an associated module identity. The server can use a first server private key and a second set of parameters to (i) send module data to the application and (ii) receive module instructions from the application. The server can use a second server private key and the first set of parameters to communicate with the module.

Methods and devices that manage the secure distribution of credentials from a group of autonomous specialized nodes to a requesting node. The secure distribution of credentials may uses secret share and a group private key that none of the nodes reconstructs or possesses. The credentials include an identifier for the requesting node and a secret point that the node assembles from portions of the secret point provided by each of a plurality of the specialized nodes, where the secret point is based on the group private key and a map-to-point hash of the requesting node's identifier.

A hardware agent is a hardware device attached to, embedded in, or otherwise associated with a good. In particular, the hardware agent is bound to the good in such a way that information held by the agent may be confidently associated with the good. The hardware agent is constructed to securely hold information about the good, and information about stakeholders, such that the agent may autonomously make binding decisions regarding the good, including sales and financial transactions. Although the hardware agent may perform many functions autonomously, it often will have communication capabilities enabling it to share information with stakeholders, or to others as allowed

A method of transferring a rights object (RO) and an electronic device are provided. The method includes generating a secure RO by encrypting an RO including usage rights information regarding digital content and transferring the secure RO from a first device to a second device.

A security device provisioning hub, including: a memory; and a processor configured to: receive a first secret token from a device manufacturer, wherein the first secret token is associated with a first service; receive a second secret token from a customer device having a security chip; verify that the first secret token and the second secret token are the same; and provide to the customer device access credentials to the first service.