A block chain defining authority and access to confidential data may not be encrypted, and the access to the block chain can be regulated by the block chain itself and an access control server operating in an enterprise information technology (IT) environment. To incorporate authority defined in multiple sources, such as the block chain and the access control server, a token can be created containing multiple layers of permissions, i.e. constraints, coming from multiple sources. Each additional permission attenuates the authority granted by the token. When a processor controlling the access to the block chain receives the token, the processor can check the validity of the token and the authority granted by the token to determine whether the requester is authorized to access at least a portion of the block chain.

Systems and methods are described for providing decentralized access to a user account. The method may include generating, by an electronic device, a public key and a private key for the user account, generating, by the electronic device, a first inner account block of a blockchain for the user account. The first inner account block may include an identifier for the user account, the public key for the user account associated with the electronic device, encrypted data for the user account, and a signature over contents of the first inner account block using the private key for the user account on the electronic device. The method may further include generating a second inner account block of the blockchain, providing, using the identifier associated with the user account, the blockchain to a plurality of other devices, and controlling access to the user account based on portions of the blockchain.

Methods, apparatus, systems, and articles of manufacture are disclosed to protect distributed data. An example apparatus includes at least one memory, machine readable instructions, and processor circuitry to at least one of instantiate or execute the machine readable instructions to detect a key identifier combination from a distributed key, identify a match between the key identifier combination and a platform identifier combination, extract a second key from the distributed key, the second key associated with the object, and decrypt the object via the extracted second key.

Methods and systems are presented for providing a multi-party computation (MPC) framework for dynamically configuring, deploying, and utilizing an MPC system for performing distributed computations. Based on device attributes and network attributes associated with computer nodes that are available to be part of the MPC system, a configuration for the MPC system is determined. The configuration may specify a total number of computer nodes within the MPC system, a minimum number of computer nodes required to participate in performing a computation process, a key distribution mechanism, and a computation processing mechanism. Encryption keys are generated and distributed among the computer nodes based on the key distribution mechanism. Upon receiving a request for performing the computation, updated network attributes are obtained. The configuration of the MPC system is dynamically modified based on the updated network attributes, and the MPC system performs the computations according to the modified configuration.

An improved telecommunications network that can reduce the network load on a rich communication services (RCS) server and/or local routers that implement 1-to-N and/or M-to-N services is described herein. In particular, the improved telecommunications network may include an improved RCS server that can route secure multicast messages instead of and/or in addition to unicast messages. For example, the improved RCS server can create a multicast group for a group of UEs in response to a request from a UE to create a group of UEs. Creation of the multicast group may include creating a shared multicast group key (SMGK) for the multicast group and/or selecting a security algorithm for the multicast group. The improved RCS server can then distribute the SMGK and/or the selected security algorithm to the UEs such that the UEs can use the SMGK and/or the selected security algorithm to encrypt and/or decrypt messages.

Systems, methods, and software for secure access control to digitally stored information. Owners of digitally stored information enter access control data using a first graphical user interface (GUI) on a first device. Vault space is allocated in memory for receiving and storing the information remotely from the first device. A keyholder and a guardian identified by the access control data are associated with the information. A keyholder access request for the information is transmitted via a second GUI on a second device. Responsive to determining the keyholder to be associated with the information, a third device of a guardian receives a notification of the access request, and the guardian may use a third GUI to transmit an access authorization. The information may be transmitted to the second device upon determining that the guardian is associated with the information.

Genomics information such as DNA, RNA and proteins carry a wealth of sensitive information, the exposure of which risks compromising the privacy and/or business interest of individuals and companies. An apparatus, a system and methods are disclosed for protecting sensitive genomic information either as it is produced by a sequencing machine or immediately therafter, then throughout the whole genomic workflow. Raw genomic data (“reads”) is detected and classified according to sensitivity. Reads are decomposed by excising the number and type of detected sensitive base or base pairs in less sensitive or insensitive parts of the read. The genomic workflow processes the excised information locally or in a distributed fashion, preferably within trusted execution environments for increased security.

A provisioning control apparatus configured to be coupled to a provisioning equipment server electrically connectable with one or more electronic devices for provisioning the electronic devices with security sensitive provisioning data. The provisioning control apparatus includes a processor configured to generate a group context for sharing the group context with a first further provisioning control apparatus for creating a group of provisioning control apparatuses. The processor is configured to assign an identity to the first further provisioning control apparatus. The identity of the first further provisioning control apparatus is indicative of the provisioning control apparatus and the first further provisioning control apparatus. The processor is configured to generate the security sensitive provisioning data based on the group context. The provisioning control apparatus includes a communication interface configured to provide the security sensitive provisioning data to the provisioning equipment server.

A provisioning control apparatus is configured to be coupled to a provisioning equipment server, wherein the provisioning equipment server is electrically connectable with one or more electronic devices for provisioning the electronic devices with security sensitive provisioning data. The provisioning control apparatus includes a processor configured to generate a group context for sharing the group context with a first further provisioning control apparatus for creating a group of provisioning control apparatuses. The group context includes a group private key, a certificate for the group private key and a group encryption key used for encryption and/or decryption and the first further provisioning control apparatus is configured to be coupled to the provisioning equipment server. The processor is configured to generate the security sensitive provisioning data based on the group context. The provisioning control apparatus includes a communication interface configured to provide the security sensitive provisioning data to the provisioning equipment server.

Cryptographically secure data communications between layered groups of devices in a wireless cooperative broadcast network encrypts datagrams twice prior to transmission by a source device, first using an inner layer key that is shared by a first group of devices, and second using an outer layer key that is shared by a second group of devices; the devices of the first group being members of the second group. Received datagrams are recovered by first decrypting with the outer layer key and second decrypting with the inner layer key.