A key management apparatus receives a key request including a first device identification information and a second device identification information, encrypts a common key using the first device identification information to generate a first encrypted common key, encrypts the common key using the second device identification information to generate a second encrypted common key, and transmits a key response including the first encrypted common key and the second encrypted common key. A first device receives the key response, decrypts the first encrypted common key using the first device identification information to obtain the common key, and transmits the second encrypted common key. A second device receives the second encrypted common key and decrypts the second encrypted common key using the second device identification information to obtain the common key.

An example client device includes a processor configured construct a key to be used to encrypt or decrypt data of a communication session between the client device and a server device, partition the key into a plurality of key partitions, send data representative of the key and a location of the client device to the server device, send data representative of each of the plurality of key partitions to a respective key verification server device of a plurality of key verification server devices, and after receiving an indication from the server device that the key has been verified using data representative of the key, the location of the client device, and the plurality of key partitions, encrypt or decrypt data exchanged with the server device using the key.

Cluster state information is generated in response to a request to establish a connection with a cloud service system. The cluster state information includes a first instance of a security token and host information. The cluster state information is provided to a web browser associated with a user. The web browser associated with the user is redirected to a cloud identity provider. The cloud identity provider is configured to provide to the cloud service system via the web browser associated with the user, the cluster state information that includes the first instance of the security token and the host information. A certificate is requested from the cloud service system. The cluster state information that includes a second instance of the security token is provided to the cloud service system. The cloud service system is configured to establish the connection based on comparison between the first instance of the security token and the second instance of the security token. The established connection enables the user to manage a secondary storage system via the cloud service system.

A path for a node of a computing environment is secured. The securing includes obtaining, by the node, a message that includes an identifier of a shared key and an encrypted message. The node obtains the shared key from a key server and uses it to decrypt the encrypted message to obtain an encryption key and one or more parameters. A security parameters index to be associated with the encryption key and the one or more parameters is obtained. The node sends a response message to another node, the response message including the security parameters index.

To provide a terminal device that can share a session key for use in encryption communication with multiple terminal devices at a certain timing without relying on an existing server device. The terminal device includes: a list/request sending unit that, when the terminal device operates as an owner device, generates a key distribution request, signs the key distribution request, and transmits the key distribution request to a key distribution management device; a participation request sending unit that, when the terminal device operates as a general device, generates a participation request, signs the participation request, and transmits the participation request to the key distribution management device; a session key generating unit that executes an authentication-based multipoint key distribution algorithm of server-client type in cooperation with another terminal device participating in the session and with the key distribution management device to generate a session key; and a post-confirmation unit that, when the session key has been normally generated, transmits a success notice to the key distribution management device and receives a collective notice from the key distribution management device.

A computer-implemented method, non-transitory, computer-readable medium, and computer-implemented system are provided for deploying a smart contract in a blockchain network. The computer-implemented method includes: receiving, by a blockchain node in a blockchain network, a transaction for creating a smart contract, wherein the transaction comprises a machine code of the smart contract, and the machine code of the smart contract is obtained by Ahead of Time (AoT) compilation of a bytecode of the smart contract in a first trusted execution environment (TEE); determining, by the blockchain node, that the machine code of the smart contract is obtained in a trusted TEE; and in response to determining that the machine code of the smart contract is obtained by the trusted TEE, completing, by the blockchain node, a deployment of the smart contract.

An electronic device and a method for performing a peer to peer (P2P) service in the electronic device are provided. The electronic device includes a communication module, a processor, a memory, and a security module, wherein the memory may be configured to store instructions that, when executed, enable the processor to receive a public key from an external electronic device as a P2P service is requested, transmit, to the external electronic device, an authentication certificate chain generated on the basis of the received public key via the security module, verify an authentication certificate chain received from the external electronic device by using a root authentication certificate stored in the security module, receive encrypted information of the external electronic device from the external electronic device, decrypt the encrypted information of the external electronic device by using a shared key generated according to a result of the verifying of the received authentication certificate chain, and perform the P2P service with the external electronic device via the communication module, on the basis of the decoded information of the external electronic device.

One disclosed example method includes a leader client device associated with a leader participant generating a meeting key for a video meeting joined by multiple participants. For each participant, the leader client device obtains a long-term public key and a cryptographic signature associated with the participant. The leader client device verifies the cryptographic signature of the participant based on the long-term public key and the cryptographic signature. If the verification is successful, the leader client device encrypts the meeting key for the participant using a short-term private key generated by the leader client device, a short-term public key of the participant, a meeting identifier, and a user identifier identifying the participant. The leader client device further publishes the encrypted meeting key for the participant on the meeting system. The leader client device encrypts and decrypts meeting data communicated with other participants based on the meeting key.

One disclosed example involves a client device joining a videoconferencing meeting in which there is end-to-end encryption, where the end-to-end encryption is implemented by the client devices participating in the meting using a meeting key provided by the meeting host. Thereafter, the client device receives a public key of an asymmetric key pair corresponding to the host of the meeting, where the public key is different from the meeting key. The client device then generates a security code based on the public key and output the security code on a display device. The security code can be compared to another security code generated by another client device participating in the meeting to verify if the meeting is secure. The client device may also receive encrypted videoconferencing data, decrypt it using the meeting key, and output the decrypted videoconferencing data on the display device.

Techniques are disclosed relating to a computer system accessing a client credential set to authenticate with a destination computer system. A computer system may, subsequent to receiving an indication to make available an application for a particular user, retrieve configuration data specifying a reference to a key value. The computer system may maintain a data object that includes a client credential set for the particular user. In response to an occurrence of an event associated with the application, the computer system may access the client credential set of the particular user from the data object using the key value and an indication of the particular user. The computer system may then send a request including the client credential set to a destination computer system for authentication with the destination computer system and receive a response indicating whether the computer system has been authenticated.