Disclosed herein are various embodiments an SQL extension to key transfer system with authenticity, confidentiality, and integrity. An embodiment operates by generating a key pair including both a target public key and a target private key. The target public key is provided to a source database server, wherein the source database server includes a source secret for unencrypting encrypted data accessible to the target database server. A source public key generated by the source database server and a digital signature signed with a source private key generated by is received from the source database server including an encrypted version of the source secret. The digital signature is verified as being valid. The encrypted version of the source secret is unencrypted using the target private key and the source secret is used to access the encrypted data.

Provided is a method for establishing a secure connection from a chip to a network. The method comprises sending a connection request with a decentralized identifier address, sending a request for getting a decentralized identifier, sending, to the network, the decentralized identifier, sending, to the chip, an authentication request with data, and determining and sending, to the network, authentication data, and authenticating the chip. It further include sending, to the ledger, a request for getting subscription data associated with the decentralized identifier address, verifying, whether the decentralized identifier address is associated with a subscription wallet address or a subscription address in an operator wallet sending, to the network, associated subscription data, verifying whether valid, and establishing, when valid, a connection to the chip.

An embedded policy takes the form of an executable entity local to the endpoint or end application attempting to access target data. The executable entity is compiled from a declarative remote policy based on objects, subjects and actions, and includes a library and API (Application Programming Interface) in conjunction with a client application seeking access according to the policy. Evaluation of appropriate access is resolved with a local function call to the executable entity, rather than a network message exchange, thus providing data target access according to the policy without incurring network latency.

Techniques provided herein relate to registering secondary authentication information with a blockchain. A block chain is stored, having primary authentication information, secondary authentication information, or both that is used in authenticating one or more electronic data action requests provided by a client system to a backend system. The client system, a secondary device, or both registers the secondary device with blockchain node, such that secondary device data is stored as the primary authentication information, the secondary authentication information, or both in the blockchain node.

Systems and methods for provisioning and operating a primary security device in a verifiable end-to-end election system are presented herein. The security device serves as a root of trust for chains of certificates that are deployed and utilized throughout the election process. These chains of certificates, originating with the device, which acts as an intermediate certification authority, are used to create a verifiable trust chain throughout the different parts of the election process, the trust chain being traceable back to the device and to the original root of trust certificate. In various embodiments the security device includes a compute module, a security chip, a connection to an interface device, at least one lockable transfer device port, and an air-gapped main board to house the compute module, the security chip, and the lockable transfer device port.

One example method includes a device management system detecting an attempt to access a user account by an unenrolled device. The device management system identifies a first enrolled device of the user account by accessing a signature chain of the user account. The device management system facilitates a transmission of a cryptographically-signed enrollment request from the unenrolled device to the first enrolled device. The first enrolled device is configured to cryptographically validate the enrollment request. The first enrolled device is further configured to generate an encrypted attestation message that indicates that the unenrolled device has been authenticated. The unenrolled device can receive and decrypt the encrypted attestation message based on a passcode being displayed on the first enrolled device. The device management system receives a decrypted attestation message from the unenrolled device and updates the signature chain to include a new sequential record for the unenrolled device.

An information processing device includes a memory; and a processor coupled to the memory and configured to transmit, to a terminal, a program and a first identifier related to the program, the program being encrypted with a first public key corresponding to a first private key of the terminal, the first identifier being encrypted by using the first public key and a second public key not corresponding to the first private key; and when the terminal receives the first identifier decrypted by the first public key and encrypted by the second public key, register, in a blockchain, transaction information which includes the first identifier decrypted with the second private key corresponding to the second public key.

When a user attempts to execute a procedure for transfer or the like from an app, user authentication is first required by a PIN code or the like. When the user authentication is successful, function limitation of an IC chip is released and a mode in which a function provided by the IC chip can be used is set. The app encrypts a procedure message describing procedure content with a private key using the function of the IC chip and creates electronic signature. The electronic signature and the procedure message are transmitted to a server of an online service via an intermediate server. The server executes a procedure of transfer or the like in accordance with the content of the procedure message.

The present disclosure provides computing systems and techniques for providing a certificate to sue to securely connect to a server. More particularly, the present disclosure provides a computing device certificate rotation server arranged to provide certificates to the computing device for use by an application executing on the computing device to securely connect to a server.

A method for storing time-sensitive secrets in a network is provided. The method includes receiving a first encryption key from multiple encryption keys, the multiple encryption keys associated with a first time window and accessing a data packet encoded according to the encryption keys. The method also includes writing a decrypted data packet to a block in a blockchain when the first encryption key matches a first time-sensitive value, and writing the decrypted data packet to the block in the blockchain when a second encryption key, received from the content provider, matches a second time-sensitive value after the first time-sensitive value has lapsed, wherein the first time-sensitive value and the second time-sensitive value are a non-overlapping time sequence in the first time window. A system and a non-transitory, computer-readable medium storing instructions to perform the above method are also provided.