In a storage system that includes a plurality of storage devices configured into one or more write groups, quorum-aware secret sharing may include: encrypting a device key for each storage device using a master secret; generating a plurality of shares from the master secret such that a minimum number of storage devices required from each write group for a quorum to boot the storage system is not less than a minimum number of shares required to reconstruct the master secret; and storing the encrypted device key and a separate share of the plurality of shares in each storage device.

A data processing method includes: determining, in response to a request of an access terminal for writing target data to a blockchain, a target node role with a read permission for the target data, an access terminal connected with each node device having a permission of a node role corresponding to the node device; acquiring an encryption key corresponding to the target node role; performing encryption processing on the target data according to the encryption key to obtain a cipher text corresponding to the target data, the cipher text corresponding to the target data being decryptable for an access terminal corresponding to the target node role; and storing the cipher text corresponding to the target data to the blockchain.

Provided is a method of an electronic device for performing ultra wide band (UWB) communication. The method includes receiving upper bit information including pre-set at least one parameter via a UWB command interface (UCI), obtaining slot count information and key information including a constant key value, and performing static scrambled timestamp sequence (STS) generation, based on the upper bit information, the slot count information, and the key information.

A method and system for performing a secure key relay of an encryption key, K.sub.enc, provided by an initial node, KN.sub.0, and used by an encoding unit (ENC) of a first data transceiver for encoding plain data, P.sub.data, to provide encrypted cipher data, C.sub.data, transported via a data transport link, DTL, to a decoding unit (DEC) of a second data transceiver which decodes the transported cipher data, C.sub.data, using the relayed encryption key, K.sub.enc, provided by a terminal node, KN.sub.N, as a decoding key to retrieve the plain data, P.sub.data, wherein the relay of the encryption key, K.sub.enc, from the initial node, KN.sub.0, to the terminal node, KN.sub.N, is performed by means of intermediate relay nodes, KN.sub.1, KN.sub.2 . . . KN.sub.N−1, and comprises the steps of sharing (S1) QKD-keys, K, between the nodes via secure quantum channels, QCH, of a quantum key distribution network, QKDN; performing (S2) encryption of shared QKD-KEYS, K, at the initial node, KN.sub.0, and at each intermediate relay node, KN.sub.1, KN.sub.2 . . . KN.sub.N−1, and blinding them with a blinding value, S.sub.i, of the respective node to provide an encrypted cipher key, CK.sub.i, by the initial node, KN.sub.0, and by each intermediate relay node, KN.sub.1, KN.sub.2 . . . KN.sub.N−1; distributing (S3) or pre-distributing the blinding values, S.sub.i, of the initial node, KN.sub.0, and of each intermediate relay node, KN.sub.1, KN.sub.2 . . . KN.sub.N−1; transmitting (S4) the encrypted cipher keys, CK.sub.i, of the initial node, KN.sub.0, and of each of the intermediate relay nodes, KN.sub.1, KN.sub.2 . . . KN.sub.N−1, to the terminal node, KN.sub.N; performing (S6) by the terminal node, KN.sub.N, logic operations on reconstructed or pre-distributed blinding values, S.sub.i, on the basis of the encrypted cipher keys, CK.sub.i, received by the terminal node, KN.sub.N, from the initial node, KN.sub.0, and received from each of the intermediate relay nodes, KN.sub.1, KN.sub.2 . . . KN.sub.N−1, to provide the encryption key, K.sub.enc, used by the decoding unit (DEC) of the second data transceiver as a decoding key to retrieve the plain data, P.sub.data.

This disclosure describes techniques for allowing an organization to manage user identities. In some examples, the management of user identities may be serverless. In some examples, serverless identity management may be enabled through a distributed application on user devices of the organization. The application may generate and/or store information related to the user identities on the user devices. Serverless identity management may further include storing at least some of the information at a location that is easily accessible to the user devices, such as a cloud computing location, while maintaining security for private data. Serverless identity management may therefore provide an organization with greater operational flexibility.

One disclosed example method includes obtaining a meeting cryptographic key; transmitting, from a client device to a video conference provider, a request to initiate an encrypted video conference, the encrypted video conference including a plurality of participants; distributing the meeting cryptographic key to each participant of the plurality of participants; obtaining a public cryptographic key of a key pair, the key pair including the public cryptographic key and a private cryptographic key; encrypting the meeting cryptographic key using the public cryptographic key; transmitting, from the client device to the video conference provider, a request to record the video conference; encrypting audio and video from a microphone and image sensor of the client device using the meeting cryptographic key; transmitting the encrypted audio and video to the video conference provider; and providing the encrypted meeting cryptographic key to the video conference provider.

Embodiments of this disclosure provide techniques for securely communicating an IMSI over the air from a UE to an SeAN, as well as for securely validating an unencrypted IMSI that the SeAN receives from the home network, during authentication protocols. In particular, the UE may either encrypt the IMSI assigned to the UE using an IMSI encryption key (K.sub.IMSIenc) or compute a hash of the IMSI assigned to the UE using an IMSI integrity key (K.sub.IMSIint), and then send the encrypted IMSI or the hash of the IMSI to the serving network. The encrypted IMSI or hash of the encrypted IMSI may then be used by the SeAN to validate an unencrypted IMSI that was previously received from an HSS in the home network of the UE.

Methods, systems, and devices for distributed caching of encrypted encryption keys are described. Some multi-tenant database systems may support encryption of data records. To efficiently handle multiple encryption keys across multiple application servers, the database system may store the encryption keys in a distributed cache accessible by each of the application servers. To securely cache the encryption keys, the database system may encrypt (e.g., wrap) each data encryption key (DEK) using a second encryption key (e.g., a key encryption key (KEK)). The database system may store the DEKs and KEKs in separate caches to further protect the encryption keys. For example, while the encrypted DEKs may be stored in the distributed cache, the KEKs may be stored locally on application servers. The database system may further support “bring your own key” (BYOK) functionality, where a user may upload a tenant secret or tenant-specific encryption key to the database.

Techniques for securing access to protected resources are provided. In the method and apparatus, an access key and proof of successful completion of a first authentication is obtained in connection to a request. The proof of completion of the first authentication and the access key are verified. The access key is then used to generate a determination that information in the access key indicates that a second authentication was successfully completed prior to allowing the request to be fulfilled.

A method for distributing data to a computing device using device level authentication includes: receiving a single use key from a payment institution, the single use key encrypted by the payment institution using a first encryption, a server public key, and device data; wrapping a device public key using the server public key; electronically transmitting at least the device data, the wrapped device public key, and the single use key to a server; receiving the single use key encrypted using a second encryption from the server, the second encryption using the device public key to encrypt the single use key; decrypting the single use key encrypted with the second encryption using a device private key; and electronically transmitting the decrypted single use key and payment credentials to a point of sale device.