Abstract: The present disclosure includes systems and methods for quorum-based data processing, in which quorum portions are distributed to candidate participants in determined proportions that control groups of required participants. In exemplary embodiments, a server generates a plurality of quorum portions from original data, wherein the original data includes secret information for data processing within a secured computing environment, and wherein at least a predetermined minimum number of the quorum portions are required to reconstruct the original data. Sets of quorum portions are determined from said plurality of quorum portions, wherein each set includes a respective proportion of the plurality of quorum portions, and at least one set includes a larger proportion of the quorum portions. Each set of quorum portions is distributed to a respective one of a plurality of computing devices associated with respective participants over a data network within a secured computing environment.

Abstract: Systems and methods are described for implementing communication of data between a group of users in a communication system. In one implementation, a plurality of quorum portions of a private group signing key are generated and provided to each of a plurality of devices of the group of users, wherein a group digital signature is reconstructed from a predetermined minimum number of encrypted portions of the group digital signature, each generated by a respective device of the group of users using a corresponding quorum portion of the private group signing key. Each user device may digitally sign group output data using a respective private group signing key portion. A reconstructed group digital signature may be verified using a corresponding public group signing key. Other embodiments are also described and claimed.

Abstract: Methods are described for constructing a secret key by multiple participants from multiple ciphertexts such that any quorum combination of participants can decrypt their respective ciphertexts and so generate a fixed number of key fragments that can be combined by a recipient to generate the secret key. Worked examples are described showing how the encryption keys for the ciphertexts may be key wrapped using a key encapsulation mechanism for which ciphers that are resistant to attack by a quantum computer may be used. In these cases, a post-quantum quorum system is realised. Methods are described by which the quorum key fragment ciphertexts may be updated so that the original key fragments become invalid without necessitating any change to the secret key.

Abstract: Methods are described for constructing a secret key by multiple participants from multiple ciphertexts such that any quorum combination of participants can decrypt their respective ciphertexts and so generate a fixed number of key fragments that can be combined by a recipient to generate the secret key. Worked examples are described showing how the encryption keys for the ciphertexts may be key wrapped using a key encapsulation mechanism for which ciphers that are resistant to attack by a quantum computer may be used. In these cases, a post-quantum quorum system is realised. Methods are described by which the quorum key fragment ciphertexts may be updated so that the original key fragments become invalid without necessitating any change to the secret key.

Abstract: Methods and systems are described for creating irrefutable binding data for a data file. An input sequence of data elements is derived based on information from the data file. A graphical representation of input regions corresponding to the input sequence of data elements is output on a display, superimposed on captured image data including a visible feature of a user associated with the data file. User input of each data element of the input sequence is captured by tracking the visible feature through the corresponding input regions, and the binding data is created from the captured images as the visible feature is tracked through the input regions.

Abstract: Systems and methods for user identity and transaction authentication are described. A user may be authenticated by a terminal configured to process image data of a two-dimensional code to decode key information, the two-dimensional code comprising a cryptographic binding of user credentials including a low-resolution image of the user's face and optionally user biometric data to database user information stored on a secure server. A hash of the two-dimensional code has several digits in common with the hash of the user information stored on the secure server. Authentication may be carried out by computing and comparing the hash values, comparing the high-resolution image of the user's face fetched from the secure server to the user and to the low resolution image embedded in the two dimensional code. The two-dimensional code may be generated to provide access to a restricted area.

Abstract: The present disclosure includes systems and methods for quorum-based data processing, in which quorum portions are distributed to candidate participants in determined proportions that control groups of required participants. In exemplary embodiments, a server generates a plurality of quorum portions from original data, wherein the original data includes secret information for data processing within a secured computing environment, and wherein at least a predetermined minimum number of the quorum portions are required to reconstruct the original data. Sets of quorum portions are determined from said plurality of quorum portions, wherein each set includes a respective proportion of the plurality of quorum portions, and at least one set includes a larger proportion of the quorum portions. Each set of quorum portions is distributed to a respective one of a plurality of computing devices associated with respective participants over a data network within a secured computing environment.

Abstract: Methods are described for constructing a secret key by multiple participants such that any quorum combination of participants can generate a fixed number of key components that can be combined by a recipient to generate the secret key. The methods permit an identical secret key to be generated by a different sized quorum from different participants if required. The keys may be used as private keys for encryption, decryption, digital signatures or authentication tokens and each key is generated from a key index. The circuits used by a quorum of participants for the generation of keys feature nested non-linear devices connected in series with outputs multiplied by stored secret values. Example applications are described including blinded cipher text generation, a multi-signature cryptocurrency system and an encrypted cloud storage system.

Abstract: The present disclosure includes systems and methods for quorum-based data recovery, in which data is recovered provided at least a minimum number of quorum data portions are presented. In exemplary embodiments, a predetermined minimum number of versions of original data is received, and the original data is reconstructed from the received versions, wherein the original data cannot be reconstructed without loss unless a predetermined minimum number of versions is received. In other embodiments, erroneous or corrupted quorum data portions are detected and associated participants presenting said erroneous or corrupted quorum data portions are identified.

Abstract: Systems and methods for user identity and transaction authentication are described. A user may be authenticated by a terminal configured to process image data of a two-dimensional code to decode key information, the two-dimensional code comprising a cryptographic binding of user credentials including a low-resolution image of the user's face and optionally user biometric data to database user information stored on a secure server. A hash of the two-dimensional code has several digits in common with the hash of the user information stored on the secure server. Authentication may be carried out by computing and comparing the hash values, comparing the high-resolution image of the user's face fetched from the secure server to the user and to the low resolution image embedded in the two dimensional code. The two-dimensional code may be generated to provide access to a restricted area.

Abstract: Methods and systems are described for creating irrefutable binding data for a data file. An input sequence of data elements is derived based on information from the data file. A graphical representation of input regions corresponding to the input sequence of data elements is output on a display, superimposed on captured image data including a visible feature of a user associated with the data file. User input of each data element of the input sequence is captured by tracking the visible feature through the corresponding input regions, and the binding data is created from the captured images as the visible feature is tracked through the input regions.

Abstract: Systems and methods for direct packet communications and store and forward packet communications are provided that include packets which have attributes which determine the lifetime of the packet contents and these lifetimes are optionally a function of the recipient. Example methods are given featuring the transmission of packets with limited lifetime, the storing and retransmission of packets to one or more recipients and confirmation of deletion of packet contents. It is also shown that cryptography may be employed to ensure that timed presentation of packet contents to recipients takes place and is authenticated by the sender.

Abstract: Digital data archival methods and systems are described, providing controlled and verifiable information destruction. In one embodiment, the method comprises storing digitally encoded information, wherein the information is encoded as a sequence of numbers or symbols using parameters defining an associated error correction ability of an error correcting algorithm based on a lifetime of the digitally encoded information. Errors are periodically added to the sequence of numbers or symbols, such that the digitally encoded information is recoverable from the sequence of numbers or symbols during the defined lifetime, and after a total of number of added errors exceeds the associated error correction ability, the digitally encoded information cannot be retrieved.

Abstract: Systems and methods for user identity and transaction authentication are described. A user may be authenticated by a terminal configured to process image data of a two-dimensional code to decode key information, the two-dimensional code comprising a cryptographic binding of user credentials including a low-resolution image of the user's face and optionally user biometric data to database user information stored on a secure server. A hash of the two-dimensional code has several digits in common with the hash of the user information stored on the secure server. Authentication may be carried out by computing and comparing the hash values, comparing the high-resolution image of the user's face fetched from the secure server to the user and to the low resolution image embedded in the two dimensional code. The two-dimensional code may be generated to provide access to a restricted area.

Abstract: Methods and systems are described for creating irrefutable binding data for a data file. An input sequence of data elements is derived based on information from the data file. A graphical representation of input regions corresponding to the input sequence of data elements is output on a display, superimposed on captured image data including a visible feature of a user associated with the data file. User input of each data element of the input sequence is captured by tracking the visible feature through the corresponding input regions, and the binding data is created from the captured images as the visible feature is tracked through the input regions.

Abstract: The present disclosure includes systems and methods for quorum-based data recovery, in which data is recovered provided at least a minimum number of quorum data portions are presented. In exemplary embodiments, a predetermined minimum number of versions of original data is received, and the original data is reconstructed from the received versions, wherein the original data cannot be reconstructed without loss unless a predetermined minimum number of versions is received. In other embodiments, erroneous or corrupted quorum data portions are detected and associated participants presenting said erroneous or corrupted quorum data portions are identified.

Abstract: The present disclosure includes systems and methods for quorum-based data recovery, in which data is recovered provided at least a minimum number of quorum data portions are presented. In exemplary embodiments, a predetermined minimum number of versions of original data is received, and the original data is reconstructed from the received versions, wherein the original data cannot be reconstructed without loss unless a predetermined minimum number of versions is received. In other embodiments, erroneous or corrupted quorum data portions are detected and associated participants presenting said erroneous or corrupted quorum data portions are identified.

Abstract: Systems and methods for user identity and transaction authentication are described. A user may be authenticated by a terminal configured to process image data of a two-dimensional code to decode key information, the two-dimensional code comprising a cryptographic binding of user credentials including a low-resolution image of the user's face and optionally user biometric data to database user information stored on a secure server. A hash of the two-dimensional code has several digits in common with the hash of the user information stored on the secure server. Authentication may be carried out by computing and comparing the hash values, comparing the high-resolution image of the user's face fetched from the secure server to the user and to the low resolution image embedded in the two dimensional code. The two-dimensional code may be generated to provide access to a restricted area.

Abstract: Methods and systems are described for binding a data transaction to a person's identity using biometrics. The method comprises the generation of data which includes information associated with a transaction, or an encrypted transaction, between a server and a client device associated with a user, generating authentication data providing an irrevocable binding of the information to biometric characteristics of the user, by capturing biometric input by the user of said authentication data or information associated with the transaction, wherein this information is implanted into the captured data. A predetermined minimum number of quorum portions may be generated from a portion of the data generated or processed by the method, wherein at least a predetermined minimum number of received quorum data portions are required to reconstruct the data portion.

Abstract: The present disclosure includes systems and methods for direct packet communications and store and forward packet communications including packets which have attributes which determine the lifetime of the packet contents and these lifetimes are optionally a function of the recipient. Example methods are given featuring the transmission of packets with limited lifetime, the storing and retransmission of packets to one or more recipients and confirmation of deletion of packet contents. It is also shown that cryptography may be employed to ensure that timed presentation of packet contents to recipients takes place and is authenticated by the sender.