In one embodiment, a method comprises: generating and maintaining, by a network device in a secure peer-to-peer data network, a secure private key and a corresponding secure public key; establishing, by the network device, a two-way trusted relationship with a second network device in the secure peer-to-peer data network; generating by the network device a temporal key, and encrypting a data packet payload using the temporal key into an encrypted payload; encrypting, by the network device, the temporal key into an encrypted temporal key using a second secure public key of the second network device; and generating and outputting a secure data packet comprising the encrypted temporal key and the encrypted payload, enabling a receiving network device to verify the secure data packet is not a copy based on a determined absence of a prior prescribed hash of at least a portion of the encrypted temporal key.

Certain aspects of the present disclosure provide techniques for managing security keys for enciphering and deciphering packets transmitted in a wireless communications system. According to certain aspects, a method of wireless communication by a user equipment (UE) is provided. The method generally includes obtaining an indication of a key area identifier (ID) of a first cell node, wherein the key area ID identifies a set of cell nodes that are associated with a network node that uses a first key for enciphering or deciphering messages and communicating a first set of messages with the first cell node using the first key for enciphering or deciphering the first set of messages.

An example operation may include one or more of encrypting content via an encryption key to generate encrypted content, storing the encrypted content via a distributed ledger, splitting the encrypted encryption key into a set of key shares via a threshold secret sharing scheme, and distributing the set of key shares among a plurality of nodes of a distributed vault, where each key share is distributed with an expiry value that identifies when the respective key share is to be deleted by a node.

An indication that a secure connection has been established with a key management service is received. The secure connection is associated with an automatically generated session encryption key utilized for encryption of data communication through the secure connection. In response to the indication that the secure connection has been established with the key management service, a determination is made to perform a rotation of a local encryption key utilized in encrypting locally stored data. The rotation of the local encryption key is performed based at least in part on the automatically generated session encryption key.

A method for secure communication between a connected object and an entity, includes, for each access to each encrypted key in the memory of the connected object, a preliminary procedure of determining, by each connected object, an access key to its encrypted memory, from at least one fingerprint of a determined memory area and/or hardware of the connected object, and wherein the connected object performs, for each sending or receipt of an encrypted message during a communication with the entity: determining, by the connected object, the access key to its encrypted memory, accessing, in the memory of the connected object, a symmetric encrypted key suitable for encrypted exchanges between the connected object and the entity, symmetric encrypting of the message to be sent to the entity or of symmetric decrypting of the message received from the entity.

A key distribution host determines a trust level of a user authentication server, wherein the trust level is based, at least in part, on one or more attributes of the user authentication server and provides one or more authentication keys to the user authentication server only if the trust level of the user authentication server is above a threshold value.

A method enabling recovery of a terminated client-to-cloud processing sessions includes writing at least some data of cloud-based processing session between a cloud based server and a client device to the client device. Responsive to satisfaction of a session termination condition, the stored data is encrypted such that it can be recovered using suitable decryption techniques when the client-to-cloud-connection is subsequently re-established.

A method in a client computing device includes: establishing an association with a communications network in a first connection time period; via an authentication session with an authentication server of a communications network in an authentication time period following the first connection time period, obtaining at least one key value for use in accessing the communications network; storing reauthentication data associated with the at least one key value; responsive to disconnecting from the communications network, discarding the at least one key value and retaining the reauthentication data; responsive to a reconnection command: deriving the at least one key value from the reauthentication data, establishing a further association with the communications network in a second connection time period by sending an association request to the communications network, the association request containing the at least one key value, and accessing network resources via the communications network following the second connection time period.

Techniques are disclosed relating to securely communicating traffic. In some embodiments, an apparatus includes a secure circuit storing keys usable to encrypt data communications between devices over a network. The secure circuit is configured to store information that defines a set of usage criteria for the keys. The set of usage criteria specifies that a first key is dedicated to encrypting data being communicated from a first device to a second device. The secure circuit is configured to receive a request to encrypt a portion of a message with the first key, the request indicating that the message is being sent from the first device to the second device, and to encrypt the portion of the message with the first key in response to determining that the set of usage criteria permits encryption with the first key for a message being sent from the first device to the second device.

Disclosed are various embodiments for providing access to a recovery key of a managed device and rotating the recovery key after it has been accessed. In one example, among others, a system includes a computing device and program instructions. The program instructions can cause the computing device to store a first recovery key for a first managed computing device. The first recovery key is configured to access an encrypted data store of the first managed computing device. A request is received for the first recovery key from a second managed computing device. The first recovery key is transmitted for display on the second managed computing device. A key rotation command is generated for a command queue of the first managed computing device to rotate the first recovery key after transmitting the first recovery key. The second recovery key is received from the second computing device.