A method for preventing fraud in incentive transactions is provided that includes receiving metadata from a brand manufacturer for an incentive associated with a selected product, the metadata including a product identifier and a redemption rule. The method includes requesting a host to create a record in a distributed ledger for the incentive using the metadata, providing the incentive to a consumer via a mobile device, assigning a public address to the incentive, receiving from the host a first private key associated with the public address in the record, providing the first private key to the consumer, and receiving a second private key indicative of a redemption of the incentive at a retailer. The method includes validating redemption of the incentive and recording the redemption of the incentive at a retailer in the distributed ledger record when the redemption of the incentive is validated. A system to perform the above method is also provided.

The present technology relates to a file processing device and a file processing method for enabling restriction of viewing of an image.

A file control unit generates a file that stores an encrypted image obtained by encrypting an image with a first encryption key, and an encrypted encryption key obtained by encrypting the first encryption key with a second encryption key, the encrypted image and the encrypted encryption key being associated with each other in the file. The file control unit also decrypts the encrypted encryption key in the file into the first encryption key, and, with the first encryption key obtained by the decryption, decrypts the encrypted image into the image. The present technology can be applied to a digital camera and the like that capture images, for example.

It is provided the technology to ensure the execution of proper transactions. One aspect of the present disclosure is an escrow system that includes a group of nodes and a blockchain network that connects each node of the group of nodes. In the escrow system, an escrow node sets, with respect to a transaction relating to a product or a service between a user and a first node, a multi-signature address between the first node and the escrow node in the blockchain network. The first node, in response to a completion notification of payment of a cost relating to the transaction by the user to the escrow node, executes the transaction and transmits a signature and a fulfillment notification of the transaction to the multi-signature address. The escrow node, in response to an execution of the transaction by the first node, transmits a signature and a fulfillment notification of the transaction to the multi-signature address. The first node, in response to the signature and the fulfillment notification of the transaction from the first node and the escrow node to the multi-signature address, receives a payment notification of the cost.

A computer-implemented method for managing a life-cycle of at least in parts interdependent cryptographic keys is disclosed. Each of the cryptographic keys is signed and relates to a different one of artifacts. The method comprises creating a key manifest, wherein the key manifest comprises data about determined dependencies of the cryptographic keys at a point in time when one of the artifacts is built encrypting the key manifest with a manifest key, and upon a life-cycle change happening to one out of the group comprising one of the artifacts and one of the interdependent cryptographic keys in the key manifest of the one of the artifacts, the method comprises decrypting the key manifest and invoking an action to a related one out of the group comprising the one of the artifacts and at least one of the interdependent cryptographic keys in accordance with the key manifest.

A method provisions keys in a network of connected objects, including a plurality of such objects as well as a programming station. The nodes of the network could communicate over a main channel and over a secure auxiliary channel, distinct from the main channel. After a first phase of authentication and mutual identification with the nodes of the network, a terminal including a secure hardware element, broadcasts, in a second phase, a set of secret keys to each node, via the auxiliary channel, the set of secret keys including a first secret key intended to authenticate the nodes belonging to the network and a second secret key, intended to encrypt the exchanges over the main channel. In a third phase, the programming station performs a discovery of the nodes of the network.

Disclosed is a system for managing transparent data encryption of a database. The system comprises an encrypted vault application and an application server. The encrypted vault application stores at least one encryption key for the database. The application server is configured to provide an authorization token to the encrypted vault application after unsealing of the encrypted vault application; receive an access token from the encrypted vault application, after authentication of the application server; provide the access token to the encrypted vault application to receive at least one encryption key therefrom; and communicate the at least one encryption key, via a key talker, to the database; and wherein the database comprises a key listener that listens for the at least one encryption key and provides the at least one encryption key to the database.

An apparatus is disclosed for storing a private key on an IoT device for encrypted communication with an external user device and includes a proximity-based communication interface, encryption circuitry and IoT functional circuitry. The encryption circuitry includes a memory having a dedicated memory location allocated for storage of encryption keys utilized in the encrypting/decrypting operations, an encryption engine for performing the encryption/decryption operation with at least one of the stored encryption keys in association with the operation of the IoT functional circuitry, an input/output interface for interfacing with the proximity-based communication interface to allow information to be exchanged with a user device in a dedicated private key transfer operation, an internal system interface for interfacing with the IoT functional circuitry for transfer of information therebetween, memory control circuitry for controlling storage of a received private key from the input/output interface for storage in the dedicated memory location in the memory, in a Write-only memory storage operation relative to the private key received from the input/output interface over the proximity-based communication interface, the memory control circuitry inhibiting any Read operation of the dedicated memory location in the memory through the input/output interface. The IoT functional circuitry includes a controller for controlling the operation of the input/output interface and the memory control circuitry in a private key transfer operation to interface with the external user device to control the encryption circuitry for transfer of a private key from the user device through the proximity-based communication interface for storage in the dedicated memory location in the memory, the controller interfacing with the encryption circuitry via the internal system interface, and operational circuitry for interfacing with the user device over a peer to peer communication link and encrypting/decrypting information therebetween with the encryption engine in the encryption circuitry.

Techniques are described herein that are capable of registering a user device with a cloud-based management service using an intermediate cloud storage. For instance, the intermediate cloud storage may store an encrypted data blob including information that identifies the user device. The intermediate cloud storage or a registration system may decrypt the encrypted data blob so that the registration system may use the decrypted data blob to register the user device with the cloud-based management service. For instance, the registration system may retrieve the encrypted or decrypted data blob from the intermediate cloud storage by providing a requisite secret to the intermediate cloud storage. The requisite secret may be provided to the registration system by the user device (e.g., via a matrix barcode, such as a QR code).

In one embodiment, a method for securely distributing secret keys for hardware devices is disclosed. A distributor server transmits to a provider server an order for hardware devices. Each hardware device has a unique identifier and at least one secret key for authentication. The provider server sends a database associated with the distributor, for each of the hardware devices, the unique identifier and an unencrypted version of the at least one secret key. In response to an order received by the distributor from a customer for a portion of the hardware devices, the distributor server provides the database the unique identifiers and an associated customer order identifier, and the distributor server provides a customer server the unique identifiers. In response to the customer providing order information, the database provides the customer the unencrypted keys for the hardware devices to enable authentication.

The disclosed embodiments are related to securely updating a semiconductor device and in particular to a key management system. In one embodiment, a method is disclosed comprising storing a plurality of activation codes, each of the activation codes associated with a respective unique identifier (UID) of semiconductor device; receiving, over a network, a request to generate a new storage root key (SRK), the request including a response code and a requested UID; identifying a selected activation code from the plurality of activation codes based on the requested UID; generating the SHRSRK value using the response code and the selected activation code; associating the SHRSRK value with the requested UID and storing the SHRSRK value; and returning an acknowledgement in response to the request.