A system for generating and applying a secure token in a resource distribution network is provided. For example, a headend system generates a global token based on a time duration specified for multiple meters that are in communication with the headend system through at least a mesh network in a normal condition. The global token is associated with the time duration and is applicable to the multiple meters. The headend system causes the global token to be broadcast via a broadcast network. After receiving the global token, the meter verifies the global token and determines the time duration associated with the global token. The meter further connects premises associated with the meter to a resource distribution network for at least the time duration associated with the global token.

A key broker monitors network traffic metadata and determines which decryption keys are required at one or more packet brokers in order to decrypt relevant traffic required by various network monitoring devices. The key broker retrieves the required keys from a secure keystore distributes them, as needed, to the network packet brokers, and dynamically updates the decryption keys stored in the network packet brokers in response to changes in network traffic.

A method and apparatus for setting profiles are provided. The profile setting method includes receiving, from a first terminal, a profile transfer request message that requests transfer of a first profile or portion thereof from a first secure element to a second secure element; configuring a second profile using the first profile or portion thereof; and sending, to a second terminal, the configured second profile.

A method for processing an application program includes steps for a non-service system to obtain a first running instruction from a user for running a target first service system. Sending, by a terminal, a key acquiring request to a digital rights management (DRM) server using the non-service system, requesting key information corresponding to the target first service system. The key information is fed back by the DRM server when the user has use permission of the target first service system. Decrypting, by the terminal, the target first service system based on the key information using the non-service system, and executing a service function corresponding to the target first service system.

A cloud system provides services to a user registered in a tenant and includes a processor programmed to issue a communication destination for registering the user in association with the tenant.

A system includes circuitry for rewriting blockchains in a non-tamper-evident or tamper-evident operation using a key secret held in portions by multiple individually untrusted parties. The blockchains may include a series of blocks secured by integrity codes that may prevent non-tamper-evident rewrites by non-trusted parties that are not in possession of the key secret or individually-untrusted parties in possession of only a portion of the key secret. In some cases, multiple individually-untrusted parties may combine their portions into the key secret. As a group, the multiple individually-untrusted parties may perform non-tamper-evident operation with respect to at least one integrity code within the blockchain.

A method may include sending, to a provisioning service and by an application executing on a virtual machine, a local authentication token for a user of the virtual machine. The provisioning service may use the local authentication token to generate a portable access token. The method may further include receiving, from the provisioning service, the portable access token, and launching, by the application and for the user, a session in a web service by sending the portable access token to an application programming interface (API) of the web service.

The proposed system employs one or more steps and an architectural arrangement of a plurality of relevant functional element to enable a security. A USB device is arranged to enable secure access of a computing device. A first cloud server is arranged to receive an ID, a cryptographic key, an authentication PIN and a pre-stored data from the computing device. The first cloud server encrypts the received pre-stored data using the received cryptographic key and subsequently transmits the ID, the cryptographic key and the authentication PIN, to a second cloud server. Further, the second cloud server performs a plurality of sequential functional operation, critical to the motive and objective of deploying the proposed system.

A revocable lightweight group authentication method and system for an edge controller is described here. When the edge controller needs to be registered, an edge server generates a private key of the edge controller and sends the private key to the edge controller, and meanwhile adds the edge controller to a group list of the edge server; the edge server updates a certificate of the edge controller, adds the certificate to a certificate list of the edge server and sends the certificate to the edge controller so that the edge controller updates the private key according to the updated certificate; and then the edge controller generates a signature according to the updated private key, and sends the signature to the edge server so that the edge server authenticates the edge controller after determining that the signature meets preset requirements.

A system and method for establishing a secure communication connection between at least one medical device and a network. The system includes a first communication channel and at least one second communication channel out of a plurality of second communication channels. The method includes the steps of sending a connection request by the at least one medical device to a control unit, registering the at least one medical device via the first communication channel in the network, and encoding and establishing the communication connection via the at least one second communication channel from the plurality of second communication channels. The at least one second communication channel is selected depending on the data type and/or prioritization of data.