A telecommunications network includes a serving network and a home network. In some examples the serving network receives, from the home network, identity data associated with a network terminal. The serving network determines a tied key using a tying key derivation function (TKDF) based on the identity data, then prepares an authentication request based on the tied key and sends the request to the terminal. In some examples, the home network receives the identity data from the access network and determines a tied key using a TKDF. The home network then determines a confirmation message based on the first tied key. In some examples, the serving network receives the identity data from the home network, and receives a network-slice selector associated with the network terminal. The serving network determines a tied key using a TKDF based on the identity data and the network-slice selector.

A method for supporting sharing of travel history of travelers in airports includes receiving, by a trusted entity of the distributed ledger system, a registration request from a traveler via a traveler application. The registration request provides personal information of the traveler to the trusted entity. The method further includes generating, by the trusted entity, a public key for the traveler using an identity-based encryption mechanism and sending, from the trusted entity to the global identity blockchain, a registration transaction with respect to the traveler. The registration transaction comprises the public key of the traveler. The method further includes recording a travel history that includes all travel tickets of the traveler, wherein a Merkle tree of all the travel tickets of the traveler is generated. The Merkle tree has a Merkle root, and the Merkle root of the Merkle tree is stored in the global identity blockchain.

A server determines an array [[addr]] indicating a storage destination of each piece of data, generates an array of concealed values, and connects the generated array to the array [[addr]] to determine an array [[addr′]]. The server generates a sort permutation [[σ.sub.1]] for the array, applies the sort permutation [[σ.sub.1]] to the array [[addr′]], and converts the array [[addr′]] into an array with a sequence composed of first Z elements set to [[i]] followed by α.sub.i elements set to [[B]]. The server generates a sort permutation [[σ.sub.2]] for the converted array [[addr′]], generates dummy data, imparts the generated dummy data to the concealed data sequence, applies the sort permutations [[σ.sub.1]] and [[σ.sub.2]] to the data array imparted with the dummy data, and generates, as a secret hash table, a data sequence obtained by deleting the last N pieces of data from the sorted data array.

Aspects of the subject disclosure may include, for example, a processing system including a processor; and a memory that stores executable instructions that, when executed by the processing system, facilitate performance of operations, including requesting a license for software from first equipment of a license holder; receiving a passed ledger associated with the license from the first equipment of the license holder, wherein the passed ledger comprises a latest block; receiving a hash value for the latest block from a software vendor of the software; calculating a hash value for the latest block; and responsive to the hash value provided by second equipment of the software vendor matching the hash value calculated for the latest block: executing the software. Other embodiments are disclosed.

A method for enabling pruning of a blockchain of a blockchain network includes creating an active blocks commitments Merkle tree from hashes of active blocks and creating an active smart contracts commitments Merkle tree from hashes of active smart contracts. The Merkle trees are created after an amount of blocks created in the blockchain has reached a threshold set by a pruning threshold parameter stored in the blockchain network. Hashes of the roots of the Merkle trees are stored in a header of a new block as a new genesis block. The new genesis block is broadcast to the blockchain network. A set of the active blocks and active smart contracts used respectively to create the active blocks commitments Merkle tree and the active smart contracts commitments Merkle tree are committed to upon the blockchain network reaching consensus on the new genesis block.

A blockchain configuration may be used to store a distributed ledger for information security and accessibility. One example method of operation may include one or more of logging an asset in a blockchain, identifying a sub-asset linked to the asset, creating a use constraint for the sub-asset, logging the use constraint associated with the sub-asset, and during an access attempt of the sub-asset, prohibiting access to the sub-asset based on the use constraint.

A method for filtering blockchain value transfer transactions and updating filtering including receiving a transaction request comprising an indication that the transaction request is associated with an update to an existing transaction smart contract, defining an updated transaction smart contract, applying a filter smart contract to the transaction request, and recording to a log an indication that the updated transaction smart contract was made to the existing smart transaction contract, responsive to the applying the filter smart contract.

A first IoT device includes a memory, a transceiver, bloom filter evaluation, false positive comparison and control modules. The memory stores: a bloom filter set including an array of bits representing entries in a certificate revocation list; and a false positive set including a list of certificate entries falsely identified as being revoked. The transceiver receives from a second IoT device a message including a certificate. The bloom filter evaluation module receives the bloom filter set from a back office station and determines whether an identifier associated with the certificate is in the bloom filter set. The false positive comparison module receives the false positive set from the back office station and determines whether the identifier is in the false positive set. The control module permits communication between the first and second IoT devices based on whether the identifier is in the bloom filter and false positive sets.

Systems and methods for the generation and use of session keys supporting secure communications between a client and server device are disclosed. The client device has or receives a password, which it hashes a predetermined first number of times. The hashed password is sent as a message digest to a server. The server applies the hashed password to a an array of PUF devices, and receives a response bitstream which is stored. The client later hashes the password a second predetermined number of times, which is less than the first predetermined number, and this second message digest is sent to the server. The server continues to hash the second message digest, generate PUF responses, and compare the result to the initially stored responses. The number of hashes necessary to achieve a match is the session key.

A device configured to obtain a first graphical code that represents a public encryption key for an organization and to extract the public encryption key for the organization from the first graphical code. The device is further configured to obtain a second graphical code that represents a digital document comprising data and a digital signature that was signed using a private encryption key for the organization. The device is further configured to extract the digital document from the second graphical code and to validate the second graphical code using the public encryption key for the organization. The device is further configured to determine the second graphical code passes validation using the public encryption key for the organization and to store the digital document in a digital document repository.