A high-performance distributed ledger and transaction computing network fabric over which large numbers of transactions (involving the transformation, conversion or transfer of information or value) are processed concurrently in a scalable, reliable, secure and efficient manner. In one embodiment, the computing network fabric or “core” is configured to support a distributed blockchain network that organizes data in a manner that allows communication, processing and storage of blocks of the chain to be performed concurrently, with little synchronization, at very high performance and low latency, even when the transactions themselves originate from distant sources. This data organization relies on segmenting a transaction space within autonomous but cooperating computing nodes that are configured as a processing mesh. Each computing node typically is functionally-equivalent to all other nodes in the core. The nodes operate on blocks independently from one another while still maintaining a consistent and logically-complete view of the blockchain as a whole. According to another feature, secure transaction processing is facilitated by storing cryptographic key materials in secure and trusted computing environments associated with the computing nodes to facilitate construction of trust chains for transaction requests and their associated responses.

In order to ensure that a Subscription Concealed Identifier, SUCI, is calculated in the Universal Subscriber Identity Module, USIM, part of a User Equipment, UE, when intended, when a SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the USIM, a network node sets proprietary information, which is not known to a Mobile Equipment, ME, part of the UE, as required for calculation of the SUCI. The USIM facilitates calculation of the SUCI in the ME part of the UE only when the SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the ME. When the SUCI-Calculation-Indicator is set to a value indicating that the SUCI should be calculated in the USIM, the ME part deletes any locally stored information required for calculation of the SUCI.

The invention relates to an electronic transaction method for a system comprising a user-associated payment device 3 or 4 and a payment terminal 1. The payment device 3 or 4 and the payment terminal 1 perform a cryptographic key exchange 500 before performing a transaction step 501. The payment device includes personal information PI about the user. The payment terminal includes a transaction policy including a condition relative to the personal information Pi. The method includes a verification step 510, 520, 530, prior to the transaction step 501, for securely verifying the condition of the transaction policy relative to the personal information using the cryptographic key.

The present disclosure provides a provisioning method and a terminal device. The provisioning method is applied to the terminal device, including: the security module establishes a secure channel with the certificate authority CA server through one or more session keys shared by the security module and the CA server; and obtains one or more digital certificates from the CA server; wherein, the security module is to implement Universal Subscriber Identity Module (USIM) functions.

A data transmission method, apparatus, and system, a computer device, and a storage medium. The method includes: performing two-way authentication with a first interaction device; receiving encrypted interaction data obtained by encrypting interaction data based on a working key and transmitted by the first interaction device, after the two-way authentication is completed, the working key being obtained by the first interaction device by mapping an authentication key used in the two-way authentication; decrypting the encrypted interaction data according to the working key obtained by mapping the authentication key on the communication adapter; transmitting interaction data obtained through the decryption to a second interaction device through a simulated device node identifiable by the second interaction device and based on a communication protocol of the second interaction device that is natively adapted to the device node.

Systems, methods, apparatuses, and computer program products for dynamically updating routing identifiers (IDs) are provided. One method may include deciding, at a network node, to update a routing identifier for at least one user equipment. The method may then include obtaining or generating a new routing identifier to be assigned to the at least one user equipment along with authentication vectors, and transmitting the new routing identifier to an authentication entity.

Embodiments of the present invention provide a system for establishing permanent records based on micro-interactions. In particular, the system may be configured to identify initiation of an event based on receiving first set of interaction requests from user devices of one or more users, initiate a first set of micro-interactions, wherein initiation of the first set of micro-interactions comprises transferring resources to one or more resource pools associated with the one or more users, identify completion of the event based on receiving a second set of interaction requests from the user devices of the one or more users, revert the first set of micro-interactions, wherein reverting the first set of micro-interactions comprises transferring the resources back from the one or more resource pools associated with the one or more users, and create a permanent record associated with the initiation of the event and the completion of the event.

A server can record a device static public key (Sd) and a server static private key (ss). The server can receive a message with (i) a device ephemeral public key (Ed) and (ii) a ciphertext encrypted with key K1. The server can (i) conduct an EC point addition operation on Sd and Ed and (ii) send the resulting point/secret X0 to a key server. The key server can (i) perform a first elliptic curve Diffie-Hellman (ECDH) key exchange using X0 and a network static private key to derive a point/secret X1, and (ii) send X1 to the server. The server can conduct a second ECDH key exchange using the server static private key and point X0 to derive point X2. The server can conduct an EC point addition on X1 and X2 to derive X3. The server can derive K1 using X3 and decrypt the ciphertext.

Methods, systems, and devices for providing computer implemented services using managed systems are disclosed. To provide the computer implemented services, the managed systems may need to operate in a predetermined manner conducive to, for example, execution of applications that provide the computer implemented services. Similarly, the managed system may need access to certain hardware resources (e.g., and also software resources such as drivers, firmware, etc.) to provide the desired computer implemented services. To improve the likelihood of the computer implemented services being provided, the managed systems may be managed using a subscription based model. The subscription model may utilize a highly accessible service to obtain information regarding desired capabilities (e.g., a subscription) of a managed system, and use the acquired information to automatically configure and manage the features and capabilities of the managed systems by powering and depowering select components.

A network protocol provides mutual authentication of network-connected devices that are parties to a communication channel in environments where the amount of memory and processing power available to the network-connected devices is constrained. When a new device is added to a network, the device contacts a registration service and provides authentication information that proves the authenticity of the device. After verifying the authenticity of the device, the registration service generates a token that can be used to by the device to authenticate with other network entities, and provides the token to the device. The registration service publishes the token using a directory service. When the device connects to another network entity, the device provides the token to the other network entity, and the other network entity authenticates the device by verifying the token using the directory service.