This Application sets forth techniques for establishing a custodial relationship between a user device and a custodian device for recovering access to a user account and/or to encrypted user data with assistance provided by the custodian device to effect access recovery. A server of a cloud network service provides an anonymous identifier to associate with the custodian device and an account recovery key to store at the custodian device. Identity of an account of the cloud network service associated with the custodian device can be hidden from the server. The user device generates a data recovery key and provides a first portion of the data recovery key to the custodian device and a second portion of the data recovery key to the server. Integrity of the stored account recovery key and portions of the data recovery key are checked regularly by the custodian device and the user device.

Some embodiments of the invention provide a program for recovering access to a service associated with an account. The program provides a login credential to log into the account to receive the associated service. Next, the program receives an access continuation parameter (ACP) after logging into the account. The program then accesses the service and receives a rejection of a subsequent access to the service. The program then provides the ACP in lieu of the login credential to continue to receive the service.

Disclosed are various embodiments for providing access to a recovery key of a managed device and rotating the recovery key after it has been accessed. In one example, among others, a system includes a computing device and program instructions. The program instructions can cause the computing device to store a first recovery key for a first managed computing device. The first recovery key is configured to access an encrypted data store of the first managed computing device. A request is received for the first recovery key from a second managed computing device. The first recovery key is transmitted for display on the second managed computing device. A key rotation command is generated for a command queue of the first managed computing device to rotate the first recovery key after transmitting the first recovery key. The second recovery key is received from the second computing device.

Embodiments disclosed herein are related to generating and using a private key recovery seed based on random words extracted from a generated story to recover the private key. An input story is received from a user. The story includes random words and filler words that were previously generated. The number of random words generated is based on an entropy level. The random words included in the story are extracted. This means that the user does not need to enter any random words that are not included in the story to recover the private key. The random words are input into a first key recovery mechanism to thereby generate a private key recovery seed. The private key recovery seed is then input into a second private key recovery mechanism, the second private key recovery mechanism generating a recovered private key upon performing a recovery operation on the private key recovery seed.

Disclosed are various examples for managing firmware passwords, such as BIOS passwords. A password reset command can be generated and transmitted to a client device. A management agent can execute the command and provide confirmation to a management service that the password has been updated.

A method for resolving ambiguity in computer data includes processing a record creation request transmitted from a computing device. The record creation request includes entity creation data and a login key. The login key includes a primary identifier and a password. The method also includes executing a matching algorithm with a selectable combination of the entity creation data at an entity database to identify a single entity record matching a selectable combination of the record creation request. The single entity record is linked to multiple different login keys. The method also includes updating one or more attributes of the single entity record with the entity creation data. Further, the method includes storing session data created during a session associated with the login key by using the login key to segregate the session data in the entity database, and linking the session data to the single entity record.

A system and method for providing marine connectivity that include receiving sensor data from a plurality of sensors of a watercraft. The system and method also include determining watercraft operational data associated with an operation of the watercraft. The system and method further include communicating the watercraft operational data to at least one external computing infrastructure associated with a user.

A method for dynamic security challenge authentication may include generating, based on data about one or more previous interactions of the user with a plurality of applications, files, and devices, one or more security challenges. Examples of interactions include launching an application, editing a file, and logging onto a device. The data may be retrieved from services or components involved with the interactions. The identity of the user may be authenticated based on the responses to the security challenges. Related systems and computer program products are also provided.

An example image forming device includes an input device to receive authentication information input from predefined users, a memory, and a processor to execute an administrator password resetting mode in a case where the authentication information is input from t (where t=a natural number) or more of the predefined users through the input device, change an existing administrator password to a reset administrator password, and store the reset administrator password in the memory.

A hosted secrets management transport system and method for managing secrets at one or more offsite locations that facilitates secret flow, secret retrieval, and secret replication. The method includes defining boundaries for two or more sovereignties, each sovereignty having an independent master record and each sovereignty including two or more regions; defining a primary region within the two or more regions; accessing, within the primary region, a master record hardware security module that is a primary source of secrets; defining a second region; accessing, within the second region, a backup record hardware security module that is where data backups of the secrets from the master record hardware security module are created; and executing live replication from the master record hardware security module to the backup record hardware security module in which the live replication that supports multi-tenancy secret management of multiple distinct companies at the same time.