Systems and methods for accessing credentials from a blockchain are provided. A computing device requests for a server to process a transaction. In response to the request, the server transmits a server public key to the computing device. A key generator of the computing devices uses the user private key and the server public key to generate a user public key. The user public key includes permissions to access credentials that are stored on blockchain. The server receives the user public key and generates a request for credentials to blockchain. The request includes the user public key and the server private key. The blockchain receives the request and generates an identity token. The identity token includes credentials that are specified in the user public key. The blockchain transmits the identity token to the server and the server uses the identity token to processes the transaction.

A method and apparatus for providing user key material from a server to a client is disclosed. The method comprises receiving a first message from the client in a server, the first message having a user key material request, an access token and an identifier of a transport key (TrK-ID), validating the user key material request according to the access token, generating a response having user key material responsive to the user key material request, encrypting the response according to the transport key (TrK), and transmitting a second message comprising the response from the server to the client. The client decrypts the second message according to the transport key (TrK) and validates the second message using the identifier of the transport key (TrK-ID).

A computer-implemented method for granting permission to a requestor to join a first network. The first network comprises a set of bridging nodes and a set of devices controllable by one or more of the set of bridging nodes. Each bridging node is also a respective node of a blockchain network. The method is performed by a registration authority and comprises generating a first blockchain transaction. The first blockchain transaction comprises an input comprising a signature linked to a first public key of the registration authority. The first blockchain transaction also comprises a first output comprising a first certificate, the first certificate comprising an identifier assigned to the requestor. The method further comprises transmitting the first blockchain transaction to the blockchain network for inclusion in the blockchain.

A method of providing credentials to enable a second party to verify an identity of a first party. The first party is associated with a first public key which is registered with a third party. One or more first credentials are provided to the second party. A request transaction is obtained, which comprises a) an input comprising a signature generated based on a respective private key of the third party, and b) an output locked to a second public key of the first party. The second public key is based on the first public key. A confirmation transaction is generated. The confirmation transaction comprises an input that references the output of the request transaction, and a signature generated based on a private key corresponding to the second public key of the first party. The confirmation transaction is transmitted to nodes of a blockchain network for inclusion in a blockchain.

A computing system comprises a plurality of network computing devices, each maintaining an instance of a blockchain. The blockchain includes an ordered set of blocks, each block including one or more transaction entries and a cryptographic hash of an immediately preceding block. The blockchain further includes new participant introduction logic configured to add a transaction entry to a block of the blockchain. The transaction entry includes a blockchain account and a verifiable unique digital identity including a public cryptographic key.

A method for byzantine fault-tolerance replicating of data on a plurality of n servers includes performing a preprocessing procedure. The n servers include one primary node (PN) and n−1 backup nodes (BN), wherein f servers may arbitrarily fail, and wherein all n servers have a trusted computing entity (TCE). The preprocessing procedure is performed by the TCE of the PN and includes computing a random secret value for a unique, monotonic, sequential counter (UMSC) to be assigned with a request message for requesting an operation to be performed, computing a commitment for the random secret value and the UMSC, and splitting the random secret value into a plurality of shares. The preprocessing procedure further includes computing a server-specific authenticated encryption of each share, and providing the computed server-specific shares and the computed commitment to the respective servers.

An information processing system includes a first authentication terminal for authenticating a first user, a second authentication terminal for authenticating a second user, a device for authenticating the device, and an authentication server that performs authentication using a registered authentication function. The authentication server registers an authentication function of the first authentication terminal based on an operation of the first user. When authentication using the first authentication terminal is requested through the device, the authentication server authenticates the first user and registers an authentication function of the device. When registration of an authentication function of the second authentication terminal is requested through the device, the authentication server registers the authentication function when the authentication function of the device has been registered. When authentication using the second authentication terminal is requested, the authentication server authenticates the second user when the authentication function of the second authentication terminal has been registered.

A method and system for temporarily gaining access to a system is disclosed, The method includes: receiving biometric data from a first biometric device of a first user on a computer processor; generating a temporary code on the computer processor in response to receipt of the biometric data from the first biometric device of the first user; sending the temporary code from the computer processor to the first biometric device of the first user; receiving biometric data from a second biometric device of a second user on the first biometric device of the first user; generating an access code on the first biometric device, the access code including one or more of the biometric data of the first user, the temporary code from the computer processor, and the biometric data of the second user; and sending the access code to the biometric device of the second user.

A mobile network operator (MNO) uses a provisioning server to update or install profile content in a profile or electronic subscriber identity module (eSIM). In an exemplary embodiment, the profile is present on a secure element such as an embedded universal integrated circuit card (eUICC) in a wireless device. One or more MNOs use the provisioning server to perform profile content management on profiles in the eUICC. In some embodiments, an MNO has a trust relationship with the provisioning server. In some other embodiments, the MNO does not have a trust relationship with the provisioning server and protects payload targeted for an MNO-associated profile using an over the air (OTA) key.

A first verifiable claim is received at a second entity from a first entity. The first verifiable claim is signed by the first entity. A second verifiable claim is generated. The second verifiable claim embeds the first verifiable claim therein and specifies a service that is to be performed on behalf of a fourth entity. The second verifiable claim is provided to a third entity. The second verifiable claim is configured to cause the third entity to verify the signature of the first entity with a public key associated with a decentralized identifier (DID) of the first entity to determine that the first entity is a trusted entity that is able to verify that the second entity is authorized to specify the service to be performed on behalf of the fourth entity.