Methods and devices for privately verifying and enhancing location data by a distributed ledger system are disclosed. A location-based services server receives a possible location of a mobile device. A location verification system determines a detected location of the mobile device. A distributed ledger system uses a private set intersection technique to determine whether the possible location corresponds to the detected location without the possible location or detected location being shared. Probabilities associated with the possible and detected locations can also be combined to enhance the accuracy of the possible location.

One disclosed example method includes a leader client device associated with a leader participant generating a meeting key for a video meeting joined by multiple participants. For each participant, the leader client device obtains a long-term public key and a cryptographic signature associated with the participant. The leader client device verifies the cryptographic signature of the participant based on the long-term public key and the cryptographic signature. If the verification is successful, the leader client device encrypts the meeting key for the participant using a short-term private key generated by the leader client device, a short-term public key of the participant, a meeting identifier, and a user identifier identifying the participant. The leader client device further publishes the encrypted meeting key for the participant on the meeting system. The leader client device encrypts and decrypts meeting data communicated with other participants based on the meeting key.

A method enabling recovery of a terminated client-to-cloud processing sessions includes writing at least some data of cloud-based processing session between a cloud based server and a client device to the client device. Responsive to satisfaction of a session termination condition, the stored data is encrypted such that it can be recovered using suitable decryption techniques when the client-to-cloud-connection is subsequently re-established.

One example system for providing long-term key management for end-to-end encryption of videoconferencing information includes a processor and at least one memory device. The memory device includes code for causing the processor to generate one or more persistent cryptographic keys for a specific client device. A persistent key can be stored in or on the specific client device. A mapping of the key to a client device identifier can be transmitted to the video conference provider and can enable the video conference provider to set up videoconferences with per client encryption. A processor at the video conference provider can distribute the key for each client device to one or more participants in a videoconference to enable the client devices to end-to-end encrypt the videoconference.

One disclosed example involves a client device joining a videoconferencing meeting in which there is end-to-end encryption, where the end-to-end encryption is implemented by the client devices participating in the meting using a meeting key provided by the meeting host. Thereafter, the client device receives a public key of an asymmetric key pair corresponding to the host of the meeting, where the public key is different from the meeting key. The client device then generates a security code based on the public key and output the security code on a display device. The security code can be compared to another security code generated by another client device participating in the meeting to verify if the meeting is secure. The client device may also receive encrypted videoconferencing data, decrypt it using the meeting key, and output the decrypted videoconferencing data on the display device.

A cloudless infrastructure supporting a transaction management service is provided to facilitate asset transactions within the infrastructure. The transaction management service may manage an exchange of assets between entities utilizing the computing devices of the infrastructure in a secure and efficient manner. Such assets may include physical assets, digital assets, and/or a combination of both physical and digital assets, also known as a hybrid asset. Exchanging of assets may include a recursive function for converting an initial asset type into another asset type to facilitate a transaction between entities. Exchange of assets over the infrastructure may include converting one type of asset to another, lending assets for a particular time, renting assets, and/or selling assets so as to convert the initial asset into another infrastructure-supported asset. In some instances, a market of assets may be hosted by the cloudless infrastructure for exchanging or converting assets using the recursive function.

Systems, apparatuses, and methods to establish a secure channel of communication with a remote computer using a memory device having a host system. The memory device stores a first cryptographic key representative of an identity of the host system and a second cryptographic key usable to validate an identity of the remote computer. The memory device controls, based on cryptography and independent of the file system, access to the first cryptographic key and the second cryptographic key. To establish the secure channel, an application running in the host system communicates with the memory device to generate, using the first cryptographic key, a first verification code for a first message of the remote computer without revealing the first cryptographic key to the host system, and to validate, using the second cryptographic key, a second verification code generated by the remote computer for a second message from the application.

Techniques are disclosed relating to securely communicating traffic. In some embodiments, an apparatus includes a secure circuit storing keys usable to encrypt data communications between devices over a network. The secure circuit is configured to store information that defines a set of usage criteria for the keys. The set of usage criteria specifies that a first key is dedicated to encrypting data being communicated from a first device to a second device. The secure circuit is configured to receive a request to encrypt a portion of a message with the first key, the request indicating that the message is being sent from the first device to the second device, and to encrypt the portion of the message with the first key in response to determining that the set of usage criteria permits encryption with the first key for a message being sent from the first device to the second device.

Identity authentication method, system, and computing device are disclosed. The method includes: an identity authentication method is provided, which includes: a first device establishing a communication connection with a second device, and obtaining encrypted information through the Internet, where the first device is a device that is allowed to access the Internet, and the second device is a device that is not allowed to access the Internet; the first device encrypting identity information of an account that is logged into the second device by using the encrypted information, and sending the encrypted identity information to the second device; and the first device receiving a verification result that is returned by the second device, wherein the second device verifies the encrypted identity information based on verification information.

Various embodiments are directed to a system and method for establishing a secure communication pathway between a network-connected device and a computing platform. Such configurations encompass encrypting a device-specific installation package passed to the device using a device-generated cryptography key, verifying the identity of the computing platform at the device, encrypting a response message via a platform-generated cryptography key, transmitting the response message to the computing platform, verifying characteristics of the device via the response message, and establishing a secure communication platform upon verification of the device.