In an approach, a processor receives a request to access an electronic resource from a device. A processor causes the device to generate a Completely Automated Public Turing test (CAPTCHA), where the CAPTCHA comprises: a virtual keyboard; an ordered string of characters required to be input; and presentation of a highlighted key of the virtual keyboard on the device, wherein (i) the highlighted key is a first key visually distinct from other keys of the virtual keyboard and (ii) the first key corresponds to a character of the ordered string of characters. A processor receives a result of the CAPTCHA from the device. A processor performs an action based on the result.

Embodiments of this disclosure provide techniques for securely communicating an IMSI over the air from a UE to an SeAN, as well as for securely validating an unencrypted IMSI that the SeAN receives from the home network, during authentication protocols. In particular, the UE may either encrypt the IMSI assigned to the UE using an IMSI encryption key (K.sub.IMSIenc) or compute a hash of the IMSI assigned to the UE using an IMSI integrity key (K.sub.IMSIint), and then send the encrypted IMSI or the hash of the IMSI to the serving network. The encrypted IMSI or hash of the encrypted IMSI may then be used by the SeAN to validate an unencrypted IMSI that was previously received from an HSS in the home network of the UE.

In one embodiment, a method comprises: establishing, by a first executable resource in a network device having joined a secure peer-to-peer data network, a registry providing a mapping between one or more network entities associated with a tag object by an identified user entity, each network entity represented by a federation identifier of a user entity or a corresponding data object; receiving a search request for one or more identified network entities having been tagged with the tag object, and in response generating a search result based on identifying the network entities having been mapped relative to tag object, the search result identifying one or more of an identified federation identifier or an identified unique identifier for the identified network entities; and providing the search result by the first executable resource, the search result causing an endpoint device to attract the identified network entities for presentation by the endpoint device.

A data provider encrypts source data to obtain a ciphertext of the source data, and uploads the ciphertext of the source data to a data storage platform for storage. Subsequently, in response to a data application request of a data consumer, the data provider encrypts a storage address of the ciphertext of the source data by using a public key of the data consumer, and uploads the encrypted storage address to a blockchain network. The data consumer obtains the ciphertext of the source data from the data storage platform. In the process, a blockchain decentralization capability is used to implement secure and trusted data exchange by using a smart contract that is public and commonly visible to a plurality of parties.

Some embodiments of the subject technology provide a novel system for synchronizing content items among a group of peer devices. The content synchronizing system of some embodiments includes the group of peer devices and a set of one or more synchronizing servers communicatively connected with the peer devices through one or more networks. In some embodiments, the synchronizing system uses a star architecture, in which each peer device offloads its synchronization operations to the synchronizing server set. Without establishing a peer-to-peer communication with any other peer device, the particular peer device in these embodiments supplies an encrypted content item set along with the N−1 encryptions of a content key used to encrypt the content item set to the synchronizing server set so that this server set can distribute the encrypted content item set and an encrypted content key to each of the N−1 peer devices.

A method including determining, by a first device, encrypted content based at least in part on utilizing a symmetric key; determining, by the first device, a sharing link to be utilized by a second device to obtain access to the encrypted content, the sharing link including a static portion and a dynamic portion; transmitting, by the first device to the second device, the sharing link to enable the second device to obtain access to the encrypted content; transmitting, by the second device to the endpoint, a request to access the encrypted content, the request being routed to the endpoint based at least in part on the static portion; and receiving, by the second device, access to the encrypted content based at least in part on transmitting the request. Various other aspects are contemplated.

A method for controlling access to data by users, where a system generates a first symmetric encryption key stream and defines a number of shares of which a number is required to calculate each of said symmetric encryption keys; a sequential portions of data being symmetrically encrypted with the symmetric encryption key; the key stream data further being asymmetrically encrypted with at least one public asymmetric encryption key that is received by the system; and transmitting the asymmetrically encrypted key stream data and said first symmetrically encrypted data file or stream comprising sequential portions of encrypted data to a data storage.

Techniques are disclosed relating to securely authenticating communicating devices. In various embodiments, a computing device receives, via a network connection with a network, a first certificate for a first public key pair of the computing device. The computing device provides the first certificate to an offline accessory device and receives a second certificate for a second public key pair maintained by the offline accessory device. The computing device performs a verification of the second certificate and, responsive to the verification being successful, interacts with the offline accessory device. In some embodiments, prior to providing the first certificate, the computing device determines an ordering in which the first and second certificates are to be exchanged by the first computing device and the offline accessory device, and the first certificate is provided to the offline accessory device in accordance with the determined ordering.

A method for secure file transmission comprises: encrypting a file using a location key system having multi-part keys; generating an identification for the encrypted file; transmitting the identification from a sender to a recipient; transmitting a public key from the recipient to the sender; generating, by M of N devices of a set of devices associated with the sender, its respective partial secret for the encrypted file and encrypting respective partial shared secrets with the public key; transmitting, by the sender, the encrypted file and encrypted partial shared secrets to the recipient; decrypting, by the recipient, the received encrypted partial shared secrets; combining the decrypted partial shared secrets with a threshold scheme; and decrypting the encrypted file using the combined secrets.

A key distribution host determines a trust level of a user authentication server, wherein the trust level is based, at least in part, on one or more attributes of the user authentication server and provides one or more authentication keys to the user authentication server only if the trust level of the user authentication server is above a threshold value.