A transmitter device for sending an encrypted message to a receiver device in an identity-based cryptosystem, the identity-based cryptosystem includes a transmitter trusted center connected to the transmitter device and a receiver trusted center connected to the receiver device. The transmitter device is configured to: receive, from the transmitter trusted center, two public authentication keys; check if a set of conditions related to a transmitter trusted center public key, to a receiver trusted center public key, and to a transmitter authentication key comprised in the two public authentication keys are satisfied; determine a ciphertext set comprising an encrypted message if the set of conditions are satisfied; send the ciphertext set to the receiver device.

One or more implementations of the present specification provide a method and an apparatus for generating description information. The method for generating description information includes: determining local DIDs registered in a first blockchain, and generating a relationship graph of all local DIDs based on data that is related to individual local DIDs and that is maintained by a first blockchain node corresponding to the first blockchain; determining, from the relationship graph and based on a target local DID corresponding to a target object, an associated local DID related to the target local DID; and generating description information of the target object based on (a) an association relationship between the target local DID and the associated local DID and (b) data related to the associated local DID.

A node in a blockchain network may initiate a non-fungible token identity, establish a profile for the non-fungible token identity, receive reputation data related to the non-fungible token identity, determine, based on the reputation data, a reputation score, append the non-fungible token identity with the reputation score as a non-fungible token metadata tag, and upload the non-fungible token identity and the metadata tag to an ID repository.

In some aspects, an apparatus for encoding data for delivery to or for decoding data retrieved from a storage medium comprises a memory device and at least one hardware processor. The memory device is configured to store at least one parameter associated with at least one cryptographic protocol, the at least one parameter comprising one or more of a first cryptographic scheme, a first cryptographic key operation, a first cryptographic key length, and first cipher directives. The hardware processor is configured to generate a first frame comprising a first field for one parameter selected from the first cryptographic scheme, the first cryptographic key operation, the first cryptographic key length, and the first cipher directives and excluding fields for non-selected parameters, wherein the first frame is associated with the data delivered to or retrieved from the storage medium.

The owner sameness confirmation system determines whether or not the owners of two terminals (200A, 200B) are the same. Authentication station servers (100A, 100B) store electronic certificates issued to the terminals and identity confirmation information of the owners of the terminals in association with each other. The terminal (200B) transmits information obtained by encrypting the identity confirmation information of the owner of the terminal (200B) through homomorphic encryption and the electronic certificate of the partner terminal (200A) to the authentication station server (100A). The authentication station server (100A) transmits response encrypted information including information obtained by encrypting the identity confirmation information of the owner of the terminal (200A) as a response. The terminal (200B) decrypts the response encrypted information and determines the sameness of the owners based on whether or not the decryption result matches a predetermined value.

A method is provided for generating a key ladder for securely communicating between a first device and a second device using a first device symmetric key and a chip-unique private key. The method includes generating a second processor-specific first device symmetric key from a first processor-specific first device symmetric key and a first identifier (CPU_ID), generating a chip-unique first device application private key (CUAPrK) from a second identifier and the second processor-specific first device symmetric key, generating a chip-unique first device application public key (CUAPuK) from the chip-unique first device application private key (CUAPrK), and transmitting the chip-unique first device application public key (CUAPuK) and an identifier of the processor to the second device.

Disclosed are devices, systems, and methods for securing data using attribute based data access. The data may correspond to a sensory environment, and the data is secured at the device. The device secures the data by segmenting the data into number of segments and defining an access policy, further submitting the access policy to a PKG of system for generating Access Tree having attributes at different level for accessing the data. These Access Trees are securely stored on the device using IBE mechanism. Further, the data after being secured, is uploaded to a system for analysis. At the system, an access request may be received for accessing the data. The access request further includes a request attribute, whereby the system verifies if the attribute satisfies the Access Policy. If the verification is positive, an access may be provided to the data accessor for accessing the data.

Upon receiving ciphertext data transmitted by each service apparatus, a cooperation apparatus according to an embodiment generates re encrypted data by performing re encryption processing for the ciphertext data using are encryption key. Each of the service apparatuses transmits, to the cooperation apparatus, a request to acquire user information of a user specified by an identification (ID) indicated by the ciphertext data and stored in the other service apparatus, together with the ciphertext data. Upon receiving the re encrypted data transmitted by the cooperation apparatus, the service apparatus acquires an ID by decrypting the re encrypted data using a private key, reads out user information, and transmits the user information to the other service apparatus.

An approach is provided for providing access control to shared data based on a trust level. A method comprising, encrypting, at a first device, data with public attribute keys associated with attributes according to an attribute-based encryption (ABE) scheme, wherein the attributes comprising at least one trust level related attribute representing an access condition for the data based on a trust level; storing the encrypted data into a data center, determining the eligibility of a user of a second device by checking whether a trust level of the user of the second device satisfies the access condition; and issuing to the second device, secret attribute keys associated with attributes and personalized for the user of the second device for decrypting the encrypted data, when the user of the second device is eligible.

Disclosed are techniques for remotely managing computing devices using blockchain and DICE-RIoT. In one embodiment, a method is disclosed comprising scanning a network to obtain a list of devices on the network; classifying the devices as either controlled or uncontrolled devices; establishing a secure channel with the controlled devices; issuing one or more control commands to the controlled devices over the secure channel, the one or more control commands included within a signed message, the signed message signed using a private key of the sender and verified using a public key of the receiver, the private key and public key generated during the establishing of the secure channel; receiving a response to the control commands; and logging the control commands and the response in a blockchain.