Systems and methods are described that include a plurality of devices triggered to be configured with a portable user account to synchronize account events to a distributed log. The plurality of devices includes at least one device configured to trigger a query to determine access rights for the at least one other device. In response to receiving an approval response to the query, the at least one device assigns a provision status to the at least one other device, provides, for the at least one other device, access to at least a subset of the portable user account according to the assigned provision status, and updates the distributed log to include the at least one other device based on the provision status.

Computer-readable media, methods, and systems are disclosed for managing group-level database encryption keys under group-level encryption in a database management system. Upon startup of the database management system, persisted database entries are sequentially processed to produce an in-memory data structure comprising a set of encryption group identifier metadata tuples having an encryption group identifier and a valid-from save point cycle version. The set of encryption group identifier metadata tuples is mapped to a set of key identifier tuples including a local secure store identifier and a group-level encryption key identifier. A set of group-level encryption keys is received from a key management system, according to which a group-level encryption key is mapped to each encryption group identifier metadata tuple. Finally, an in-memory representation of the mapping between the set of encryption group identifier metadata tuples, the set of key identifier tuples, and the set of group-level encryption keys is constructed.

Method and management server for revoking group server identifiers of compromised group servers. One method includes determining, with a management server, an identity-based cryptographic signing key based on a group server identifier. The method also includes distributing, via the management server, the identity-based cryptographic signing key to a group server. The method further includes receiving, at the management server, a security status indicating that the security of the group server is compromised. The method also includes, responsive to receiving the security status, distributing, via the management server, a revocation of the group server identifier to a plurality of communication devices.

Techniques are disclosed for securing traffic flowing across multi-tenant virtualized infrastructures using group key-based encryption. In one embodiment, an encryption module of a virtual machine (VM) host intercepts layer 2 (L2) frames sent via a virtual NIC (vNIC). The encryption module determines whether the vNIC is connected to a “secure wire,” and invokes an API exposed by a key management module to encrypt the frames using a group key associated with the secure wire, if any. Encryption may be performed for all frames from the vNIC, or according to a policy. In one embodiment, the encryption module may be located at a layer farthest from the vNIC, and encryption may be transparent to both the VM and a virtual switch. Unauthorized network entities which lack the group key cannot decipher the data of encrypted frames, even if they gain access to such frames.

Computer-readable media, methods, and systems are disclosed for tenant-specific encryption of container in connection with a database employing group-level encryption. An encryption group identifier may be assigned to container. The encryption group identifier may define how the container is encrypted. A container entry corresponding to the container may be created. A commit operation may be received for committing the assignment of the encryption group identifier to the container. A job may be initialized for encryption the container according to the encryption group identifier. The container may be flagged as modified. A flush operation may be initiated whereby the container is re-encrypted according to the encryption group identifier. Once flushing is complete, the container entry may be deleted.

Computer-readable media, methods, and systems are disclosed for handling intermediate data in connection with a database employing group-level encryption. Intermediate data is used during database operation and stored transiently such that the intermediate data is removed from memory upon database restart. To protect the privacy of the intermediate data, a random encryption key may be generated upon startup of a database instance. The random encryption key may be stored transiently. During database operation, the random encryption key may be used to encrypt and/or decrypt the intermediate data. The transient memory may be wiped upon database shut down such that the random encryption key is no longer accessible upon database restart.

One example method includes connecting, by a first client device associated with a user, to a video conference hosted by a video conference provider, the video conference having a plurality of participants; receiving participant information for each participant of the plurality of participants; generating, for one or more of the participants, an identity record corresponding to the respective participant, the identity record including video conference information, at least a portion of the participant information, and a cryptographic signature; appending, for each generated identity record, the respective identity record to a user contact list; and verifying at least one participant of the plurality of participants based on the user contact list.

Plurality of users share a common key while permitting change of members sharing the common key and computational complexity required for key exchange is reduced. R.sub.i and c.sub.i are computed based on a twisted pseudo-random function in a first key generation step. sid is generated based on a target-collision resistant hash function and (sid, R.sub.α, R.sub.β) is transmitted to communication devices U.sub.i in a session ID generation step. T.sub.1 and T′ are computed based on a pseudo-random function in a representative second key generation step. T.sub.j is computed based on the pseudo-random function in a general second key generation step. k′ is computed based on the twisted pseudo-random function and T′.sub.j is computed with respect to each j in a third key generation step. K.sub.1.sup.l and k.sub.1 are computed in a first session key generation step. A common key K.sub.2 is generated based on the pseudo-random function in a second session key generation step.

There may be provided a computer-implemented method. It may be implemented using a blockchain such as, for example, the Bitcoin blockchain. The computer-implemented method includes: i) joining a congress by transferring, by a node operating in a proof-of-work blockchain network, one or more digital assets to a congress pool having one or more other digital assets associated with other members of a congress; ii) detecting, by the node, a special transaction of digital assets on the proof-of-work blockchain network to an address associated with the congress pool, the special transaction satisfying determined criteria; and iii) minting, by the node, one or more digital assets on a proof-of-stake blockchain network in response to detecting the special transaction.

Embodiments of this application provide a key management method and a communication apparatus, and relate to the field of communication technologies, to securely transmit multicast service data, and prevent an unauthorized terminal device from obtaining the multicast service data. The method includes: A terminal device obtains a target key, where the target key includes at least one of a target multimedia broadcast/multicast service service key MSK, a first sub-key corresponding to the target MSK, or a second sub-key corresponding to the target MSK, the first sub-key is for confidentiality protection calculation, and the second sub-key is for integrity protection calculation. The terminal device receives target data from a multicast user-plane processing network element, where the target data is data on which security protection is performed. Then, the terminal device processes the target data by using the target key.