A virtual private network (VPN) server connected to a client device within a VPN obtains data for delivery to the client device. The VPN server selects a data stream from a set of data streams of the VPN connection with the client device, where each data stream of the set of data streams has a different encryption context. The VPN server generates a data packet based on the data such that the data packet is encrypted using the encryption context specific to the selected data stream. The VPN server transmits the data packets to the client device via the selected data stream.

A method including determining, by a device, a sharing decryption key based at least in part on an assigned private key associated with the device and a group access public key associated with a group; decrypting, by the device, a group access private key associated with the group by utilizing the sharing decryption key; and decrypting, by the device, encrypted content included in a folder associated with the group based at least in part on utilizing the group access private key associated with the group. Various other aspects are contemplated.

A distributed identity system with local identification includes an identity system device and at least one local electronic device. The local electronic device locally stores at least a portion of identity information and the biometric identification information stored by the identity system device. The local electronic device determines identities by comparing received digital representations of biometrics with locally stored biometric identification information, performs actions using locally stored identity information included in the local copy, and uploads data related to the actions to the identity system device upon occurrence of an upload condition.

A decentralized public key management system for named data networks based on blockchain, which solves the Compromised Certificate Authority (CA) Problem. The system divides the power of an individual CA among multiple Public Key Miners (PKMiners) that maintain the public key blockchains. The majority rule in name-principal validation allows the present invention to tolerate compromised PKMiners without causing any damage.

Methods, systems, and devices for quantum key distribution (QKD) in passive optical networks (PONs) are described. A PON may be a point-to-multipoint system and may include a central node in communication with multiple remote nodes. In some cases, each remote node may include a QKD transmitter configured to generate a quantum pulse indicating a quantum key, a synchronization pulse generator configured to generate a timing indication of the quantum pulse, and filter configured to output the quantum pulse and the timing indication to the central node via an optical component (e.g., an optical splitter, a cyclic arrayed waveguide grating (AWG) router). The central node may receive the timing indications and quantum pulses from multiple remote nodes. Thus, the central node and remote nodes may be configured to communicate data encrypted using quantum keys.

An electronic device for receiving data packets in a Bluetooth environment is provided. The electronic device includes a wireless communication circuitry configured to support a Bluetooth protocol. The wireless communication circuitry is configured to establish a first link with a first external electronic device, synchronize a secret key generation scheme with the first external electronic device based on information obtained while establishing the first link, receive page information transmitted from a second external electronic device, based on Bluetooth address information of the first external electronic device, the Bluetooth address information being obtained while establishing the first link, generate a link key used for a second link between the first external electronic device and the second external electronic device, based on the synchronized secret key generation scheme, and receive an encrypted data packet transmitted over the second link from the second external electronic device using the generated link key.

In some examples, in response to a request from a client device for information relating to a transaction stored by a blockchain, a system identifies, using information stored in a distributed storage system that stores data for the blockchain, multiple data owner entities from which permissions are to be obtained for access of the information, and determines an authorization requirement for the information based on a smart contract. The system sends authorization information based on the authorization requirement to trigger a retrieval of authorization tokens from the identified data owner entities for access of the information, and sends the information to the client device in response to receiving the authorization tokens.

Some embodiments of the invention provide a method for a trusted (or originator) device to modify the security state of a target device (e.g., unlocking the device) based on a securing ranging operation (e.g., determining a distance, proximity, etc.). The method of some embodiments exchanges messages as a part of a ranging operation in order to determine whether the trusted and target devices are within a specified range of each other before allowing the trusted device to modify the security state of the target device. In some embodiments, the messages are derived by both devices based on a shared secret and are used to verify the source of ranging signals used for the ranging operation. In some embodiments, the method is performed using multiple different frequency bands.

A system and method for facilitating secure transfer of encrypted files and/or messages can facilitate the secure transfer of encrypted files to a receiving user. The system can include: a computer program for facilitating sending of an e-mail message to a receiving user, the e-mail message including at least a web address of a trusted provider and instructions about how to securely download encrypted files without the receiving user setting up an account or a password, the transfer of encrypted files being facilitated by a code sent to a telephone of the receiving user.

A vehicle control device is provided. The vehicle control device includes a terminal device authentication unit that determines whether a terminal device of a user registered as a user of a vehicle, in advance, is present around or within the vehicle. The vehicle control device also includes a communication unit that communicates with the terminal device. Also included in the vehicle control device is a control unit that causes a display device provided in the vehicle to output a screen for setting communication between the communication unit and the terminal device. The display device outputs the screen in a case where it is determined by the terminal device authentication unit that the terminal device is present and the display device is started up.