Abstract: A first electronic device can establish a communication channel with a second electronic device and receive a second signed log head of an identifier log via the communication channel. The identifier log is managed by a key transparency server and can include public keys of users registered with the server and user identifiers. The second signed log head includes a hash of the public keys and the user identifiers in the identifier log. The second signed log head can be provided to the second device by the server. In response to sending a request for a consistency-checked log head from the server, the device can receive at least one consistency-checked signed log head. The device can verify a consistency between the second signed log head and the at least one consistency-checked log head. If verified the device can maintain use of the server for verifying ownership of the keys.

Abstract: A device may include accessing first public key associated with a first user identifier for the first electronic device and a second public key associated with a second user identifier for a second electronic device. The device can generate a first random number and a first commitment using a hash function and the first random number; transmit a first message to the second electronic device via a channel between the first and second electronic devices. The device can receive a message from the second electronic device via the channel including include a second random number generated by the second electronic device. The device can extract a code via the hash function using the first public key, the second public key, the first random number, and the second random number. The device can present the code on a user interface for verification. The user interface can receive confirmation of the verification.

Abstract: The subject disclosure provides systems and methods for providing secure data access for electronic devices. The secure data access can allow processes, such as scripts, at a device to be executed to obtain and process restricted data locally on the device without requesting user authorization for the access and processing. The secure data access can prevent the processes from exporting the data, and/or data derived from the data, from an execution space of the processes, whether locally on the device or externally from the device, without obtaining user authorization for the exportation. In this way, user authorizations can be obtained for securing restricted data, in a way that is efficient for the device, for the processes accessing and processing the data, and for the user.