A system and method provide aircraft-specific customization of gas turbine engine operation. The system includes a gas turbine engine, a first processing unit, and an engine controller. The first processing unit is configured to selectively transmit an activation key. The engine controller is in operable communication with the first processing unit and the gas turbine engine. The engine controller is configured to receive the activation key transmitted by the first processing unit and is operable, upon receipt of the activation key, to: verify the received activation key is correct, enable operational parameters in the gas turbine engine and the engine controller when the received activation key is correct, and control the gas turbine engine using the enabled operational parameters.

Examples described herein relate to systems and methods for integrating and implementing ad hoc groups within a policy hierarchy environment. The ad hoc groups may implement particular guidelines for group membership, policy evaluations, and group actions. Systems and methods provide a framework for creating groups, removing groups, and associating groups, nodes, clients, and users with groups and policy. In some examples, there is provided a method for implementing ad hoc groups in a policy hierarchy environment, the method including: receiving a key orchestration operation request at a client associated with a node, a group, and a user; applying a sum of policies associated with the node to the request; applying a sum of policies associated with the group to the request; applying a sum of policies associated with the client to the request; applying a sum of policies associated with the user to the request; and evaluating the key orchestration operation request based on each of the sum of policies of the node, the group, the client, and the user.

A method authenticates nodes in a communication network of an automation installation. Respective authentication information is transmitted to an authentication server, which takes the authentication information as a basis for admitting or rejecting the nodes in the communication network as subscribers. In order to be able to perform an authentication of a node even in a communication network configured with redundancy, the communication network contains multiple nodes, each of which has at least two communication ports. The communication network executes a spanning tree protocol and at least two of the nodes use their mutually facing communication ports to interchange authentication requests and send the respective received authentication information to an authentication server, connected to the communication network, that uses the respective received authentication information to perform a check on the authenticity of the node and admits or rejects the node in the communication network based on the check.

Data may be encrypted using a derived block encryption key for each of at least one append blocks of data. A data operation associated with manipulating particular data associated with a user may be received. The particular data may comprise at least one append block of data. In response to the received data operation, for each append block of data of the at least one append block of data, parameters associated with deriving a block encryption key for a given append block of data of the at least one append block of data may be accessed. The parameters may comprise at least a data encryption key associated with the user and a nonce. A block encryption key may be derived for the given append block of data utilizing the parameters. The given append block of data may be encrypted utilizing the block encryption key.

Provided is a system of encryption key management, which is used by a service provision server which provides a cloud service. The system comprises a key access server which encrypts the service key using a master key corresponding to the service key and provides the service key in response to a service key request from the service provision server and a master key management server which extracts a plurality of key fragments from the master key, processes the extracted key fragments to be stored in a distributed manner, and provides the master key reconstructed from the key fragments in response to a master key request from the key access server.

In some aspects, a key establishment protocol is executed to generate a shared secret. A first entity calculates a first image curve E.sub.B representing an image of an elliptic curve E under a first isogeny .sub.B; calculates the shared secret based on the first image curve E.sub.B; receives a second image curve E.sub.A and a first pair of elliptic curve points {.sub.A(P.sub.B), .sub.A(Q.sub.B)} and from a second entity; obtains a basis {R, S}; calculates a third image curve E.sub.BA representing an image of the second image curve E.sub.A under a second isogeny .sub.B; calculates a third pair of elliptic curve points {.sub.B(R), .sub.B(S)}; and sends the third image curve E.sub.BA and the third pair of elliptic curve points {.sub.B(R), .sub.B(S)} to the second entity, wherein the third image curve E.sub.BA and the third pair of elliptic curve points {.sub.B(R), .sub.B(S)} enable the second entity to compute the shared secret.

A computing device is configured to divide an Oblivious Pseudorandom Function (OPRF) key to generate a plurality of N partial keys, distribute a respective one of the plurality of N partial keys to a corresponding plurality of N Key Management System (KMS) units. The computing device receives from a threshold number T of KMS units, a plurality T partial blinded keys, wherein the plurality T partial blinded keys are based on processing of a value of a blinded key received by a respective KMS unit and a corresponding stored partial key of the N partial keys, combines the plurality T of partial blinded keys into the blinded key, processes the blinded key based on the blinding key in accordance with an OPRF unblinding operation to generate a key and accesses secure information based on the key.

A data file is encrypted with a file-specific encryption key and sent to a remote data storage system. The file-specific encryption key is encrypted with a master key. The encrypted file-specific encryption key and the master key are both stored remotely from the encrypted file and they are stored remotely from one another.

A computer-implemented method of providing data governance as data flows within and between networks, comprising: accessing, by a second gateway computing device, data stored in a plurality of hash chains in a hierarchy of digital ledgers and written by a plurality of first gateway computing devices, wherein validity of the data stored in the plurality of hash chains has not been verified prior to writing; detecting, by the second gateway computing device, consensus of the data stored in the plurality of hash chains by comparing each of the plurality of hash chains to all other hash chains of the plurality of hash chains to determine whether the hash chains are cryptographically consistent; in response to detecting consensus of the data stored in the hash chains, updating, by the second gateway computing device, stored blockchain data using the data stored in the plurality of hash chains.

The present invention relates to a method for distributing digital keys. The method includes the steps of a first database storing a plurality of keys relating to a plurality of products; for each product, transferring keys from the first database to a corresponding cache in a second database; in response to a request for a key for a product, retrieving and distributing a key from the corresponding cache; and refreshing the corresponding cache by transferring further keys from the first database to the corresponding cache. A system for distributing digital keys is also disclosed.