The present invention realizes an electronic signature system with high security level in which abuse of a signature key by a system administrator is prevented. A user sets an authentication information conceived by the user himself to his/her own signature key stored in the tamper resistant device (5) via the terminal device (2). When digitally signing an electronic document, the user transmits his/her own encrypted authentication information to the tamper resistant device (5) through the terminal device (2) and asks for permission to use his/her signature key. The tamper resistant device (5) decodes the inputted authentication information, verifies the decoded authentication information, and allows the digital signing only if the correct authentication information is entered. As a result, the electronic signature system in which only a user having valid use authority for the signature key can digitally sign is built.

The present invention discloses a cloud-side collaborative multi-mode private data circulation method based on a smart contract, including: S1, a system is initialized; S2, the original data are encrypted into private data, an encryption certificate z′ for storage is generated, and z′ includes metadata and a data certificate key′; S3, the DO calls a smart contract program to realize uplink of the encryption certificate z′ and releases z′ to a block chain through a smart contract, wherein the smart contract is open to all user accounts; S4, rapid data circulation is realized: when DO releases the data certificate, DU has been identified, a DU's account ID.sub.DU is set through an access policy, the DU obtains an encryption key for data access by executing a smart contract and a key algorithm, private data are obtained through metadata and decrypted to obtain a plaintext; and S5, the data circulation is confirmed.

In an approach to attesting control over network devices, responsive to receiving a first signal from a client, wherein the first signal initiates a network connection between the client and a server, a first certificate is sent to the client that contains a common name that is an internet protocol (IP) address. A second certificate is sent to the client that contains a common name that is a uniform resource locator (URL) of the server. Responsive to receiving a second signal from the client that the first certificate and the second certificate are trusted, the client is connected with the server.

Systems and methods are described for a cyber-physical vehicle management system generated by an Integrated Secure Device Manager (ISDM) Authority configured to manage licensing and approval of Cyber-Physical Vehicle (CPV)s, a public/private key pair and a unique ID for the Authority, create a self-signed Authority token signed by the private key, send the Authority token to a plurality of ISDM Node device configured to verify Module device authenticity and in communication with the Authority, store, by each Node, the Authority token, and mark, by each Node, the Authority token as trusted.

A method for filtering blockchain value transfer transactions and updating filtering including receiving a transaction request comprising an indication that the transaction request is associated with an update to an existing transaction smart contract, defining an updated transaction smart contract, applying a filter smart contract to the transaction request, and recording to a log an indication that the updated transaction smart contract was made to the existing smart transaction contract, responsive to the applying the filter smart contract.

The disclosed embodiments relate to a system that provides a selective encryption technique that encrypts all of the fields in a profile, and selectively enables consumers of the profile information to decrypt specific fields in the profiles. This is accomplished by encrypting each field in the profile using a randomly generated symmetric key, and then encrypting the symmetric key for each field with public keys belonging to individuals who are authorized to access each field. These encrypted public keys are stored in a header of the profile to enable individuals to use their corresponding private keys to decrypt symmetric keys for the specific fields that they are authorized to access.

A first IoT device includes a memory, a transceiver, bloom filter evaluation, false positive comparison and control modules. The memory stores: a bloom filter set including an array of bits representing entries in a certificate revocation list; and a false positive set including a list of certificate entries falsely identified as being revoked. The transceiver receives from a second IoT device a message including a certificate. The bloom filter evaluation module receives the bloom filter set from a back office station and determines whether an identifier associated with the certificate is in the bloom filter set. The false positive comparison module receives the false positive set from the back office station and determines whether the identifier is in the false positive set. The control module permits communication between the first and second IoT devices based on whether the identifier is in the bloom filter and false positive sets.

A system and method for efficiently managing an executable environment involving multiple code-sign certificate chains. The system and method include receiving, by one or more processors and from a client device, a request for information to verify an authorization of a code bundle, the code bundle associated with a first signed code segment and a second signed code segment. The system and method include generating, by one or more processors, a list of certificates associated with the code bundle. The system and method include transmitting, by the one or more processors and to the client device, a message comprising the list of certificates, the message causing the client device to verify the code bundle based on the list of certificates.

Systems and procedures are provided for transferring a service identifier for use by an IHS (Information Handling System), where technical support is provided to the IHS based on the service identifier. During factory provisioning of the IHS, a signed inventory certificate is uploaded to the IHS that includes an inventory identifying factory installed components of the IHS. Upon deployment of the IHS, a hardware component is removed, where the service identifier of the IHS is associated to the removed component. Upon installing a replacement hardware component, a request is initiated to transfer the association of the service identifier from the removed hardware component to the replacement hardware component. In response to the request to transfer the service identifier, an updated inventory certificate is generated that associates the service identifier to the replacement hardware component, wherein the replacement inventory certificate maintains the inventory of factory installed hardware components of the IHS.

A first party uses a secret key to encrypt information, which is then sent through an untrusted connection to a second party. The second party, however, cannot decrypt the information on its own, and it relays the encrypted information through a secure network. The secure network includes one or more nodes linking the first and second parties through one or more trusted connections (“hops”); each hop features uses of a shared secret key unique to that hop. The first party's connection to the network (domain) receives the information relayed through the secure network by the second party, it decrypts that information according to the secret key of the first party, and it then retransmits the decrypted information to the second party using the secure hops. Techniques are provided for sharing a private session key, federated credentials, and private information.