One or more implementations of the present specification provide an invoice access method and apparatus based on a blockchain, and an electronic device. The method includes: generating first ciphertext data by encrypting plaintext data of the target invoice based on a first key corresponding to an invoice issuer; generating second ciphertext data by encrypting the plaintext data of the target invoice based on a second key corresponding to an invoice receiver; adding the first ciphertext data and an user identifier of the invoice issuer to the blockchain as related to one another; and adding the second ciphertext data and an user identifier of the invoice receiver to the blockchain as related to one another.

A format-preserving cipher including an encryption and a decryption scheme supporting non-linear access to input data by allowing the selection of portions of data from a potentially larger dataset to be encrypted, thus avoiding a necessarily sequential access into the input plaintext data. The cipher first defines a forward mapping from the allowable ciphertext values to an integer set of the number of such allowable ciphertext values, and a corresponding reverse mapping. It also supports exclusion of a certain set of characters from the ciphering process. An encryption algorithm is provided that encrypts the input plaintext data while preserving its original format and length, and a corresponding decryption algorithm is provided. The cipher advantageously embodies the encryption and decryption of multi-byte values, composite datasets, and credit card numbers, thus fitting a variety of industrial needs.

An apparatus for use in electronic document control includes a storage device a processor coupled to the storage device. The storage device storing software instructions for controlling the processor that when executed by the processor configure the processor to: receive a signal representing data including an original document, append a unique identifier to the original document to generate a modified document, generate a hash value of the modified document, and transmit the hash value corresponding to the modified document to an electronic distributed ledger.

A device management system facilitates an automatic pairing of an electronic device with a management account. The device management system receives a public network address associated with a computer device on a private network accessing the management account. The system retrieves the metadata including a public network address associated with a registration of the electronic device with the device management system. The public network address registered with the metadata is provided by a router on the private network and therefore should match the public network address used by computer devices on the private network. The management account is paired with the electronic device if the electronic device has the same public network address as the computer device accessing the management account. Pairing the management account to the electronic device allows the management account to communicate with the electronic device over the public network through the device management system.

Methods and systems for encryption control in optical networks without data loss enable various transitions related to encryption of an ODU data payload. A transition from unencrypted data payload to encrypted data payload is performed without data loss or dropping of OTN frames. A transition from encrypted data payload to unencrypted data payload is performed without data loss or dropping of OTN frames. A rotation of the encryption key to another encryption key is also performed without data loss or dropping of OTN frames.

A security software comprises administrative module for configuring access levels and creating types of accounts and application server for domain filtering by checking against friendly and unfriendly inbound, outbound and exception lists. Hard filtering either approves, terminates requests or re-routes request without the user's knowledge. Soft filtering passes disapproved requests and sends an e-mail alert to authorized recipients. Content filtering includes checking a content of a requested document against a friendly, unfriendly list and exception list. Hard filtering passes or rejects the requested document. Soft filtering passes the requested document or rejects or approves by highlighting its content. Options include e-mail filtering that checks subject, sender's address and domain against an unfriendly, friendly and exception list. e-mail alert for hard filtering, inbound privacy shield, a pop up blocker, the application server acts as proxy server with proxy chaining capabilities and an encryption function can encrypt part of e-mail message.

A computer-based method for real-time communication authorization includes receiving, from a first communication device, a communication request, verifying, with a verification engine, a pre-approval status of the communication request, storing the communication request in an approval queue if the communication authorization the pre-approval status is set to false, issuing an alert to the authorization device, and receiving one or more authorization parameters from an authorization device.

A method, an apparatus, and a computer program product for symmetric stream encryption are provided. An encryption chain is obtained from a real random number generator (RRNG) and stored in memory. A vector key is identified based on numbers obtained from a fast, large period pseudo-random number generator. A set of encryption keys are identified from the encryption chain using the vector key. Strings of clear text are encrypted using the encryption keys.

Various methods for implementing memory segment access control in a distributed memory environment are provided. One example method may comprise during a first write state for a memory segment receiving a cryptographic key stream in association with a request from a first device for use of shared storage capacity of a second device and causing the cryptographic key stream to be stored in the memory segment. Further, during the second write state for the memory segment, the example method may comprise receiving data content, transforming the date content using the cryptographic key stream to form encrypted data content, and causing the encrypted data content to be stored in the memory segment. Finally, during the first read state, the example method may comprise causing the encrypted data content to be provided to one or more requesting devices. Similar and related example methods, example apparatuses, and example computer program products are also provided.

It is an object to provide predicate encryption that can conceal both attribute information being set in a ciphertext and predicate information being set in a decryption key even in a public key setting. An encryption device 200 generates a ciphertext ct.sub.x in which attribute information x is set as a basis vector of a basis D. A conversion device 300 converts with conversion information W the basis D of the ciphertext ct.sub.x generated by the encryption device 200 to a basis B so as to generate a ciphertext CT.sub.x. A decryption device 400 decrypts the ciphertext CT.sub.x generated by the conversion device 300 with a token tk.sub.v in which predicate information v is set as a coefficient of a basis vector of a basis B* corresponding to the basis B.