A combined security access system for a building that includes a controllable building component. The system includes a combined security access device connected to the building component. The access device further includes: a processor; a first memory device connected to the processor; a second memory device connected to the processor; and a wireless interface module connected to the processor. The access device may be connected to an external electronic device, and the external electronic device communicates with the processor of the access control system to control the building component.

A scheme for securely transferring a patient data file to an intended recipient regardless of a transfer mode selected by a sender. Encryption system executing at the sender device is operative to encrypt each plaintext data line of a file, one by one, using a symmetric key and a starting IV that is incremented per each line, resulting in corresponding ciphertext lines added to an encrypted file. A hash is generated based on the encrypted file. An encrypted header containing the symmetric key, starting IV and the hash is generated using a public key of the recipient, which is appended to the encrypted file. The encrypted header and associated encrypted file are transmitted to the recipient in any manner. Upon receipt, the recipient decrypts the encrypted header using a private key to obtain the symmetric key, starting IV and the hash, which are used by the recipient to validate and decrypt the encrypted file on a line-by-line basis.

A method including determining, by a device, a sharing decryption key based at least in part on an assigned private key associated with the device and a group access public key associated with a group; decrypting, by the device, a group access private key associated with the group by utilizing the sharing decryption key; and decrypting, by the device, encrypted content included in a folder associated with the group based at least in part on utilizing the group access private key associated with the group. Various other aspects are contemplated.

A system, apparatus and product comprising: a multi-tenant layer that comprises shared resources, wherein the shared resources are accessible to multiple tenants of the storage system, wherein the shared resources comprise shared logic resources and shared data resources; and multiple single-tenant layers, wherein each single-tenant layer is associated with a respective tenant of the multiple tenants, wherein each single-tenant layer comprises a database and business logic of the respective tenant, wherein a multi-tenant encryption scheme is configured to enable secure communications with the multiple tenants without divulging sensitive information to the multi-tenant layer.

A system, apparatus and product comprising: a multi-tenant layer that comprises shared resources, wherein the shared resources are accessible to multiple tenants of the storage system, wherein the shared resources comprise shared logic resources and shared data resources; and multiple single-tenant layers, wherein each single-tenant layer is associated with a respective tenant of the multiple tenants, wherein each single-tenant layer comprises a database and business logic of the respective tenant, wherein a multi-tenant encryption scheme is configured to enable secure communications with the multiple tenants without divulging sensitive information to the multi-tenant layer.

A diamond asset comprising one or more diamonds and an encryption chip is used to asset-back a cryptographic token that can be used to conduct transactions. The cryptographic token is written to a blockchain using a smart contract that is configured to enable a transaction associated with the token in response to two or more of: a signature by the encryption chip, a signature by the owner of the diamond asset, and a validation of a visual layout of the diamond asset.

A diamond asset comprising one or more diamonds and an encryption chip is used to asset-back a cryptographic token that can be used to conduct transactions. The cryptographic token is written to a blockchain using a smart contract that is configured to enable a transaction associated with the token in response to two or more of: a signature by the encryption chip, a signature by the owner of the diamond asset, and a validation of a visual layout of the diamond asset.

Secure management of keys and identities of an object manufactured by a manufacturer having a manufacturer key pair, and a client having a client key pair, the management being carried out using a decentralized blockchain database. The method includes generation of a manufacturing key pair; and publication and recording, in the blockchain, of the decentralized object identifier used to obtain the public key of the object. When a client purchases the object from the manufacturer, the method includes providing, by the object manufacturer, the object identifier, and the public manufacturing key to the client; and updating the blockchain. When the object is switched on for the first time, the object enrolls itself by generation of a utilization key pair; auto-enrollment using the manufacturing key pair; and replacement, in the blockchain, of the public manufacturing key associated with the object identifier with the public utilization key associated with the object identifier.

Secure management of keys and identities of an object manufactured by a manufacturer having a manufacturer key pair, and a client having a client key pair, the management being carried out using a decentralized blockchain database. The method includes generation of a manufacturing key pair; and publication and recording, in the blockchain, of the decentralized object identifier used to obtain the public key of the object. When a client purchases the object from the manufacturer, the method includes providing, by the object manufacturer, the object identifier, and the public manufacturing key to the client; and updating the blockchain. When the object is switched on for the first time, the object enrolls itself by generation of a utilization key pair; auto-enrollment using the manufacturing key pair; and replacement, in the blockchain, of the public manufacturing key associated with the object identifier with the public utilization key associated with the object identifier.

A method for enabling a secure communication with a target device over a network includes: opening an unsecured OPC UA Endpoint by an OPC UA Server that runs on the target device; connecting to the OPC UA Server over the network by an OPC UA Client running on a first device, and requesting the initial device certificate; receiving the initial device certificate by unsecured communication over the network; validating, by the first device, the initial device certificate; establishing, by the first device, a device certificate; encrypting, by the first device, at least the device certificate; sending the encrypted data over the network; decrypting, by the target device, the encrypted data using an initial device private key associated with the initial device certificate to obtain at least the device certificate; storing the device certificate on the target device; and opening a secured OPC UA Endpoint by the OPC UA Server.