According to an aspect, a method for accessing a computing device includes receiving, by the computing device, an authentication credential for recovery access to the computing device, the authentication credential being different from an authentication credential used to access encrypted data on the computing device, obtaining, in response to receipt of the authentication credential for recovery access, a first key portion stored on the computing device, transmitting, over a network, a request to receive a second key portion, receiving, over the network, a response that includes the second key portion, recovering a decryption key using the first key portion and the second key portion, and decrypting the encrypted data on the computing device using the decryption key.

A method for sharing data encryption keys among a plurality of storage systems is disclosed. The method generates, by a first storage system, a data encryption key for encrypting data sent from the first storage system to cloud storage. The method stores the encrypted data in the cloud storage in the form of an encrypted data object. In certain embodiments, the first storage system stores an Internet Protocol (IP) address of a second storage system belonging to a same key sharing network as the first storage system. The method replicates, from the first storage system to the second storage system, the data encryption key. The second storage system retrieves the encrypted data object from the cloud storage and decrypts the encrypted data in the encrypted data object using the data encryption key received from the first storage system.

A Bluetooth device (702) is disclosed, the Bluetooth device being provisioned with a security credential (710) that is shared with an authentication server (706). The Bluetooth device comprises processing circuitry configured to use a Bluetooth pairing mechanism to establish a pairing with a Bluetooth gateway (704a-c) by establishing a shared secret key with the Bluetooth gateway and to perform an Extensible Authentication Protocol (EAP) authentication method towards the authentication server using the security credential, wherein performing the EAP authentication method comprises using the paired Bluetooth gateway to forward messages to and from the authentication server. The processing circuitry is further configured to bind the pairing established with the paired Bluetooth gateway to the performed EAP authentication method. Also disclosed are a Bluetooth gateway and methods performed by a Bluetooth device and a Bluetooth gateway.

Each of a secure computation server apparatuses includes a random number generation part that generates random numbers using a pseudo random number generator shared among the secure computation server apparatuses; a seed storage part that shares and stores a seed(s) used for generating random numbers in the random number generation part; a pre-generated random number storage part that stores random numbers generated by the random number generation part; a share value storage part that stores a share(s) to be a target of processing; a logical operation part that computes a carry to be transmitted and received among the secure computation server apparatuses using the random numbers and the share(s) to be a target of processing; an inner product calculation part that removes a mask from the carry; and an arithmetic operation part that performs a processing of erasing the carry to obtain a processing result.

A method performed by a user device is disclosed. The method comprising generating a secret and measuring a biometric template of a user operating the user device. The method then generates a plurality of secret shares of the secret and of the biometric template. The user device then transmits the secret shares of the secret and of the biometric template to a plurality of recovery devices. After, the user device may then initiate a recovery of the secret and measure a biometric measurement of the user. Data of the biometric measurement may be transmitted to the plurality of recovery devices, where the recovery devices perform a partial computation. The user device use the plurality of partial computations to determine a match between the biometric template and the biometric measurement. If the two biometrics match, the user device can reconstruct the secret using shares of the secret from the recovery devices.

A method of facilitating an anonymous message board may include receiving a secret key share associated with a published public key. An initial table state may be generated by encrypting, via the public key, an initial table including a table index and table initial values. A user post encrypted via the public key may be received, the user post including a message and a message index value. The initial table state may be updated to an updated table state by replacing an initial table value of the initial table values with the message. In response to a time interval associated with a predetermined length of time expiring after generating the initial table state, the updated table state may be partially decrypted via the first secret key share as a partially decrypted table. The partially decrypted table may be broadcast.

Secure communication in a geographic incident area is disclosed. Computer-implemented methods are also disclosed, one of which is for restricting access to a resource and includes generating a key and splitting it into N key parts (where N is an integer greater than two). The method also includes encrypting the N key parts. The method also includes transmitting, over a network, to a device: the N encrypted key parts; and identifying information for N secret objects expected to be visible within the area. Each of the N encrypted key parts is decryptable based on at least one video analytics-discernable object attribute for each respective secret object of the N secret objects. The method also includes allowing an additional entity to access the resource only by presentation of a complete key formed from decrypted versions of less than all of the N key parts.

The present disclosure relates to generating a passphrase for an encrypted volume by at least cryptographically combing the first cryptographic key and the shared secret. Where the shared secret is split into a plurality of shares and a first number of the plurality of shares is greater than a second number of the plurality of shares and the second number of the plurality of shares is required to reconstruct the shared secret.

A method including determining, by a device, a sharing decryption key based at least in part on an assigned private key associated with the device and a group access public key associated with a group; decrypting, by the device, a group access private key associated with the group by utilizing the sharing decryption key; and decrypting, by the device, encrypted content included in a folder associated with the group based at least in part on utilizing the group access private key associated with the group. Various other aspects are contemplated.

Some embodiments of the invention provide a method for a trusted (or originator) device to modify the security state of a target device (e.g., unlocking the device) based on a securing ranging operation (e.g., determining a distance, proximity, etc.). The method of some embodiments exchanges messages as a part of a ranging operation in order to determine whether the trusted and target devices are within a specified range of each other before allowing the trusted device to modify the security state of the target device. In some embodiments, the messages are derived by both devices based on a shared secret and are used to verify the source of ranging signals used for the ranging operation. In some embodiments, the method is performed using multiple different frequency bands.