NETWORK NODES

TECHNICAL FIELD

The disclosure relates to synchronization of sensitive information between multiple network nodes that are mutually coupled together via a data communication network; more particularly, the disclosure relates to network nodes that are mutually coupled together via server nodes, wherein the network nodes are configured to synchronize sensitive information therebetween without employing special hardware to ensure data security. Moreover, the disclosure relates to a method for operating the network nodes and the server nodes to synchronize sensitive information between the network nodes.

BACKGROUND

For data security reasons, it is often necessary to control access to data in a computing environment, for example for protecting against unauthorized access to the data and for preventing corruption of the data. Legal obligations require client data to be kept safe and secure, to prevent leakage and corruption of the client data, wherein such security is conventionally achieved by using data encryption, hashing, tokenization, and key management practices across applications and platforms that are client-accessible.

In a contemporary client-cloud scenario, when sensitive information is uploaded in plaintext without any data security being utilized, the cloud can easily obtain the sensitive information. In other words, the sensitive information potentially becomes leaked to the cloud.

For achieving data security in a client-cloud scenario, known data communication systems utilize a hardware security module (HSM) or software guard extensions (SGX) for performing various cryptographic operations such as key management, key exchange, encryption, and so forth. For example, the cloud uses the HSM or the SGX to synchronize the sensitive information uploaded by a given client device and ensures that the sensitive information uploaded by the given client device, including the cloud itself, is not exposed to an attacker. In the client-cloud scenario, there is no interactive communication between client devices. During encryption, a high-security key is generated using device hardware, and this high-security key cannot be synchronized to other devices due to a lack of interaction between devices. If the high-security key is lost, the sensitive information cannot be decrypted by other devices, causing a data loss to occur. Hence, the existing HSM or SGX for data security may cause data loss if the security key is lost. Furthermore, known types of data security systems are often difficult to deploy and are potentially very costly.

Therefore, there arises a need to address the aforementioned technical drawbacks in existing technologies used for synchronizing sensitive information between network nodes.

SUMMARY

It is an object of the disclosure to provide an improved approach to synchronize sensitive information (m) among network nodes coupled in communication with a cloud service, without using special hardware components to ensure data security.

This object is achieved by features of the independent claims. Further implementation forms are apparent from the dependent claims, the description, and the figures.

The disclosure provides network nodes and server nodes and a method for operating the network nodes and the server nodes to synchronize sensitive information (m) between the network nodes coupled in communication with a cloud service including the server nodes.

According to a first aspect, there is provided a first network node (client-device- 1) that is configured to be coupled in communication via a cloud service with other network nodes. The cloud service includes one or more server nodes. The one or more server nodes are configured to communicate sensitive information (m). The first network node (client-device- 1) is configured to register itself to the cloud service and thereafter to synchronize itself to the other network nodes (client-device-j) in communication with the cloud service. The first network node (client-device- 1) is configured to generate a string (si) that is transmitted to each of the one or more server nodes and to receive a response from each of the one or more server nodes, wherein the response is a function of the string (si) and a sub-key (Ki) allocated to each of the one or more server nodes server node. The first network node (client-device- 1) is configured to generate a password (PW) for the other network nodes to use to access the sensitive information (m). The first network node (client-device- 1) is configured to instruct the one or more server nodes to send the string (si) to the other network nodes, for the other network nodes to use the password (PW) and the string (si) as confirmation responses back to the one or more server nodes. The first network node (client-device- 1) is configured to instruct the one or more server nodes to process the confirmation responses to generate a corresponding response from which the other network nodes (client-device-j) are able to derive a root key (RK) for decrypting the sensitive information (m) at the other network nodes (client-device-j). The password (PW) is used to synchronize the sensitive information (m) of the first network node (client-device- 1) to the other network nodes (client-device-j). The root key (RK) is useable to perform an authentication of the other network nodes (client-device-j) with at least one of the one or more server nodes, whereafter the sensitive information (m) is transmitted from the at least one of the one or more server nodes to the other network nodes (client-device-j) to be decrypted to provide the sensitive information (m).

The first network node (client-device- 1) communicates the sensitive information (m) to the other network nodes (client-device-j) in communication with the cloud service without any special hardware components being needed to ensure the security of the sensitive information (m). The first network node (client-device- 1) validates the security of the one or more server nodes using the string (si). Once the security of the one or more server nodes is validated, the first network node (client-device- 1) is able to communicate the root key (RK) to the other network nodes via the one or more server nodes for decrypting the sensitive information (m). Such an establishment of security among the one or more server nodes and the other network nodes and the synchronization of the sensitive information (m) occurs without a need to use any special hardware components to ensure security. The first network node (client-device- 1) enables the sensitive information (m) to be kept secure without a need to use special hardware components to ensure security.

In a first possible implementation form of the first network node (client-device- 1) of the first aspect, the one or more server nodes have distributed thereto a series of sub-keys (Ki) generated from a secret key (K). A given server node of the one or more server nodes of the cloud service is unable to regenerate the secret key (K) solely from the knowledge of their corresponding sub-key (Ki). The sub-keys (Ki) are allocated to each of the one or more server nodes to use when processing the string (si) that is received from the first network node (client-device- 1), to ensure trustworthiness of the one or more server nodes. In a second possible implementation form of the first network node (client-device- 1) of the first aspect, the first network node (client-device- 1) is configured to arrange for the other network nodes (client-device-j) during the authentication to exchange one or more tasks (Challenge 1, Challenge2) with at least one of the one or more server nodes for authentication purposes. The authentication of the other network nodes at the one or more server nodes is beneficially achieved by exchanging the one or more tasks (Challengel, Challenge2). Such an authentication enhances data security.

In a third possible implementation form of the first network node (client-device- 1) of the second possible implementation of the first aspect, the first network node (client-device- 1) is configured to set a threshold number of tasks to be attempted by the other network nodes (client-device-j) for confirming the authentication. The first network node (client-device- 1) prevents hacking into the cloud service by malicious third parties which are trying to test the cloud service by setting the threshold number of tasks to be attempted by the other network nodes (client-device-j) for the authentication.

According to a second aspect, there is provided a method for operating a first network node (client-device- 1) that is configured to be coupled in communication via a cloud service including one or more server nodes. The one or more server nodes are configured to communicate sensitive information (m). The method includes configuring the first network node (client-device- 1) to register itself to the cloud service and thereafter to synchronize itself to other network nodes (client-device-j) in communication with the cloud service. The method includes configuring the first network node (client-device- 1) to generate a string (si) that is transmitted to each of the one or more server nodes and to receive a response from each of the one or more server nodes, the response is a function of the string (si) and a subkey (Ki) allocated to each of the one or more server nodes. The method includes configuring the first network node (client-device- 1) to synchronize the sensitive information (m) to the other network nodes (client-device-j) by generating a password (PW) for the other network nodes (client-device-j) to use to access the sensitive information (m). The method includes configuring the first network node (client-device- 1) to use the one or more server nodes to send the string (si) to the other network nodes (client-device-j), for the other network nodes (client-device-j) to use the password (PW) and the string (si) as confirmation responses back to the one or more server nodes. The method further includes configuring the first network node (client-device- 1) to instruct the one or more server nodes to process the confirmation responses to generate a corresponding response from which the other network nodes (client- device-j) are able to derive a root key (RK). The root key (RK) is useable for decrypting the sensitive information (m) at the other network nodes (client-device-j) and for performing an authentication of the other network nodes (client-device-j) with at least one of the one or more server nodes, whereafter the sensitive information (m) is transmitted from the at least one of the server node to the other network nodes (client-device-j) to be decrypted thereat (client-device-j) to provide the sensitive information (m) in decrypted form.

The method for operating the first network node (client-device- 1) synchronizes the sensitive information (m) with the other network nodes (client-device-j) in communication with the cloud service without any special hardware components being needed to ensure the security of the sensitive information (m). The method for operating the first network node (client- device- 1) uses the string (si) for authenticating the one or more server nodes. Then, the other network nodes (client-device-j) receive the encrypted sensitive information (m) through the one or more server nodes after the other network nodes authenticated with the one or more server nodes using the root key. The method for operating the first network node (client- device- 1) enables the sensitive information (m) to be kept secure without a need to involve special hardware components to ensure security.

In a first possible implementation form of the method of the second aspect, the method includes distributing to the one or more server nodes a series of sub-keys (Ki) generated from a secret key (K). A given server node of the one or more server nodes of the cloud service is unable to regenerate the secret key (K) solely from the knowledge of their corresponding sub-key (Ki). The method for operating the first network node (client-device- 1) includes allocating the sub-keys (Ki) to each of the one or more server nodes to use when processing the string (si) sent from the first network node (client-device- 1), to ensure trustworthiness of the one or more server nodes.

In a second possible implementation form of the method of first possible implementation form of the second aspect, the method includes configuring the first network node (client- device- 1) to arrange for the other network nodes (client-device-j) during authentication to exchange one or more tasks (Challenge 1, Challenge2) with at least one of the one or more server nodes for authentication purposes. The exchange of the one or more tasks (Challengel, Challenge2) is performed during the authentication of the other network nodes at the one or more server nodes to ensure data security.

In a third possible implementation form of the method of the second aspect, the method includes configuring the first network node (client-device- 1) to set a threshold number of tasks to be attempted by the other network nodes (client-device-j) for confirming the authentication. The first network node (client-device- 1) sets the threshold number of tasks, to be attempted by the other network nodes (client-device-j) for the authentication to prevent hacking of the cloud service by malicious hacking applications.

According to a third aspect, there is provided a server node of a cloud service that is configured to be coupled in communication with a first network node (client-device-1). The server node is configured to communicate sensitive information (m). The server node is configured to receive a request from the first network node (client-device- 1) to register the first network node (client-device- 1) to the cloud service and thereafter to synchronize the first network node (client-device- 1) to other network nodes (client-device-j) coupled in communication with the cloud service. The server node is configured to receive a string (si) generated by the first network node (client-device- 1) that is transmitted to each of one or more server nodes, wherein the each of one or more server nodes is configured to send a response to the first network node (client-device- 1) that is a function of the string (si) and a sub-key (Ki) allocated to each of one or more server nodes. The server node is configured to synchronize the sensitive information (m) from the first network node (client-device- 1) to the other network nodes (client-device-j) by communicating a password (PW) generated by the first network node (client-device- 1) for the other network nodes (client-device-j). The server node is configured to receive an instruction from the first network node (client-device- 1) to use the one or more server nodes of the cloud service to send the string (si) to the other network nodes (client-device-j), for the other network nodes (client-device-j) to use the password (PW) and the string (si) when sending confirmation responses back to the one or more server nodes. The server node is configured to receive instructions from the first network node (client-device- 1) to configure the cloud service to process the confirmation responses to generate a corresponding response from which the other network nodes are able to derive a root key (RK). The root key (RK) is used to decrypt the sensitive data information (m) at the other network nodes (client-device-j) and to perform authentication with at least one of the server nodes, whereafter the sensitive information (m) is transmitted from the at least one of the server nodes to the other network nodes (client-device-j) to be decrypted thereat (client-device-j) to provide the sensitive information (m) in decrypted form.

The one or more server nodes are authenticated by the first network node (client-device- 1) using the string (si). The one or more server nodes authenticate the other network nodes using the root key(RK), thereafter transmit the sensitive information (m) to the other network nodes. The advantage is that the authentication of the one or more server nodes and the other network nodes and synchronization of the sensitive information (m) occurs without a need for any special hardware components to be used to ensure data security. Thereby, the first network node (client-device- 1) enables the sensitive information (m) to be communicated securely without a need to use any special hardware components.

In a first possible implementation form of the server node of the third aspect, the one or more server nodes of the cloud service have distributed thereto a series of sub-keys (Ki) generated from a secret key (K). A given server node of the one or more server nodes of the cloud service is unable to generate the secret (K) solely from its corresponding sub-key (Ki). The one or more server nodes have distributed thereto the sub-keys (Ki) to ensure a credibility of the one or more server nodes.

In a second possible implementation form of the server node of the third aspect, the server node is configured to receive instructions from the first network node (client-device- 1) to arrange for the other network nodes (client-device-j) during the authentication to exchange one or more tasks (Challenge 1, Challenge2) with at least one of server node for authentication purposes. To improve data security among the network nodes, the one or more server nodes authenticate the other network nodes by exchanging the one or more tasks (Challenge 1, Challenge2) therebetween.

According to a fourth aspect, there is provided a method for operating a server node of a cloud service that configured to be coupled in communication with a first network node (client-device-1). The server node is configured to communicate sensitive information (m). The method includes configuring the server node to receive a request from the first network node (client-device- 1) to register the first network node (client-device- 1) to the cloud service and thereafter to synchronize the first network node (client-device- 1) to other network nodes (client-device-j) in communication with the cloud service. The method includes configuring the server node to receive a string (si) generated by the first network node (client-device- 1) that is transmitted to each of one or more server nodes, and to receive from each of the one or more server nodes a response that is a function of the string (si) and a sub-key (Ki) allocated to each of the one or more server nodes. The method includes configuring the server node to synchronize the sensitive information (m) from the first network node (client- device- 1) to the other network nodes (client-device-j) by transmitting a password (PW) generated by the first network node (client-device- 1) for the other network nodes (client- device-j) to use when accessing the sensitive information (m). The method includes configuring the server node to receive an instruction from the first network node (client- device- 1) to use the one or more server nodes of the cloud service to send the string (si) to the other network nodes (client-device-j), for the other network nodes (client-device-j) to use the password (PW) and the string (si) as confirmation responses back to the one or more server nodes. The method includes configuring the server node to receive instructions from the first network node (client-device- 1) to configure the cloud service to process the confirmation responses to generate a corresponding response from which the other network nodes (client-device-j) are able to derive a root key (RK). The root key (RK) is useable for decrypting the sensitive information (m) at the other network nodes (client-device-j). The root key (RK) is further useable to perform an authentication with at least one of the server nodes, whereafter the sensitive information (m) is communicated from the at least one of the one or more server nodes to the other network nodes (client-device-j) to be decrypted thereat (client-device-j) to provide the sensitive information (m) in decrypted form.

The method for operating the server node includes authenticating the other network nodes (client-device-j) using the root key (RK), and thereafter transmitting the sensitive information (m) to the other network nodes. The advantage is that the method for operating the server node enables data security to be achieved without a need for any special hardware components to be used.

In a first possible implementation form of the method for operating the server node of the fourth aspect, the method includes distributing to the one or more server nodes a series of sub-keys (Ki) generated from a secret key (K). A given server node of the cloud service is unable to generate the secret (K) solely from its corresponding sub-key (Ki). The sub-keys (Ki) are allocated to each of the one or more server nodes to ensure trustworthiness of the one or more server nodes.

In a second possible implementation form of the method for operating the server node of the fourth aspect, the method includes configuring the server node to receive instructions from the first network node (client-device- 1) to arrange for the other network nodes (client- device-j) during the authentication to exchange one or more tasks (Challenge 1, Challenge2) with at least one of the server nodes for authentication purposes. The exchange of the one or more tasks (Challenge 1, Challenge2) is performed during the authentication of the other network nodes at the one or more server nodes to improve the data security among the network nodes.

In a third possible implementation form of the method for operating the server node of the fourth aspect, the method includes configuring the server node to set a threshold number of tasks to be attempted by the other network nodes (client-device-j) for confirming the authentication. The threshold number of tasks to be attempted by the other network nodes is set by the server node for authorization of the other network nodes (client-device-j). This prevents hacking of the cloud service by malicious hacking applications.

According to a fifth aspect, there is provided a second network node (client-device-j) that is configured to be coupled in communication with a cloud service including one or more server nodes. The second network node (client-device-j) is configured to receive sensitive information (m) communicated from the one or more server nodes. The second network node (client-device-j) is configured to synchronize to a first network node (client-device- 1) after the first network node (client-device- 1) is registered to the cloud service. The first network node (client-device- 1) is configured to generate a string (si) that is transmitted to each of the one or more server nodes. Each of the one or more server nodes is arranged to respond by generating a response that is a function of the string (si) and a sub-key (Ki) allocated to each of the one or more server nodes. The second network node (client-device-j) is configured to receive a password (PW) generated by the first network node (client-device- 1) for the second network node (client-device-j) to use to access the sensitive information (m). The second network node (client-device-j) is configured to receive a string (si) as arranged by the first network node (client-device- 1) instructing the one or more server nodes to send the string (si) to the second network node (client-device-j), for the second network node (client-device- j) to use the password (PW) and the string (si) as responses transmitted back to the one or more server nodes. The second network node (client-device-j) is configured to receive a response generated by the one or more server nodes processing the responses received from the second network node and to generate a corresponding response from which the second network node (client-device-j) is able to derive a root key (RK). The password (PW) is used to synchronize the sensitive information (m) to the second network node (client-device-j). The root key (RK) is used to decrypt the sensitive information (m) at the second network node (client-device-j). The root key (RK) is useable to perform an authentication with at least one of the one or more server nodes, whereafter the sensitive information (m) is received from the at least one of the one or more server nodes to be decrypted thereat (client- device-j) to provide the sensitive information (m) in decrypted form.

The second network node (client-device-j) is authenticated with the one or more server nodes using the root key (RK), thereby validation of the second network node (client-device-j) is established. The validation of the second network node (client-device-j) is established without a need to use any special hardware components to ensure security.

In a first possible implementation form of the second network node (client-device-j) of the fifth aspect, the one or more server nodes have distributed thereto a series of sub-keys (Ki) generated from a secret key (K). A given server node of the one or more server nodes of the cloud service is unable to regenerate the secret key (K) solely from the knowledge of their corresponding sub-key (Ki). The sub-keys (Ki) are allocated to each of the one or more server nodes to use when processing the string (si) that is received from the first network node (client-device- 1), to ensure trustworthiness of the one or more server nodes.

In a second possible implementation form of the second network node (client-device-j) of the fifth aspect as such or the first possible implementation of the fifth aspect, the second network node (client-device-j) is configured during the authentication to exchange one or more tasks (Challenge 1, Challenge2) with at least one of the one or more server nodes for authentication purposes. The exchange of the one or more tasks (Challengel, Challenge2) is performed during the authentication of the other network nodes at the one or more server nodes to ensure data security. In a third possible implementation form of the second network node (client-device-j) of the second possible implementation of the fifth aspect, a threshold number of tasks is defined by the first network node (client-device- 1) to be attempted by the second network node (client-device-j) for confirming the authentication. The threshold number of tasks defined by the first network node (client-device- 1) to be attempted by the second network node (client-device-j) during authentication to prevent hacking of the cloud service by malicious third parties which are trying to test the cloud service.

According to a sixth aspect, there is provided a method for operating a second network node (client-device-j) that is configured to be coupled in communication with a cloud service including one or more server nodes. The one or more server nodes are configured to communicate sensitive information (m) to the second network node (client-device-j). A first network node (client-device- 1) is configured to register itself to the cloud service and thereafter to synchronize itself to the second network node (client-device-j) in communication with the cloud service. The first network node (client-device- 1) is configured to generate a string (si) that is transmitted to each of the one or more server nodes. Each of the one or more server nodes is arranged to respond by generating a response that is a function of the string (si) and a sub-key (Ki) allocated to each of the one or more server nodes. The method includes configuring the second network node to receive a password (PW) generated by the first network node (client-device- 1) for the second network node (client-device-j) to use to access the sensitive information (m), wherein the password (PW) is used to synchronize the sensitive information (m) to the second network node (client- device-j). The method includes configuring the second network node (client-device-j) to receive the string (si) as arranged by the first network node (client-device- 1) instructing the one or more server nodes to send the string (si) to the second network node (client-device- j), for the second network node (client-device-j) to use the password (PW) and the string (si) as responses back to the one or more server nodes. The method includes configuring the second network node (client-device-j) to receive a response generated by the one or more server nodes processing the responses received from the second network node (client-device- j) and to generate a corresponding response from which the second network node (client- device-j) is able to derive a root key (RK). The root key (RK) is useable for decrypting the sensitive information (m) at the second network node (client-device-j) and for performing an authentication of the second network node (client-device-j) with at least one of the one or more server nodes, thereafter the sensitive information (m) is transmitted from the at least one of the one or more server nodes to the second network node (client-device-j) to be decrypted thereat (client-device-j) to provide the sensitive information (m) in decrypted form.

The method for operating the second network node (client-device-j) derives the root key (RK) to use in authentication of the second network node (client-device-j) with at least one of the one or more server nodes. The authentication of the second network node is established without any special hardware components being required to ensure security. The method for operating the second network node (client-device-j) enables the sensitive information (m) to be kept secure without a need to involve any special hardware components to ensure security.

In a first possible implementation form of the method for operating the second network node (client-device-j) of the sixth aspect, the one or more server nodes have distributed thereto a series of sub-keys (Ki) generated a secret key (K). A given server node of the one or more server nodes of the cloud service is unable to regenerate the secret key (K) solely from the knowledge of their corresponding sub-key (Ki). The one or more server nodes are provided with the sub-keys (Ki) to use during the processing of the string (si) received from the first network node (client-device- 1), to ensure trustworthiness of the one or more server nodes.

In a second possible implementation form of the method for operating the second network node of the sixth aspect, the method includes configuring the first network node (client- device- 1) to arrange for the second network node (client-device-j) during the authentication to exchange one or more tasks (Challenge 1, Challenge2) with at least one of the one or more server nodes for authentication purposes. The authentication of the second network node (client-device-j) at the one or more server nodes is easily achieved by exchanging one or more tasks (Challengel, Challenge2). This authentication enhances data security.

In a third possible implementation form of the method for operating the second network node (client-device-j) of the second possible implementation of the sixth aspect, the first network node is configured to set a threshold number of tasks to be attempted by the second network node (client-device-j) for confirming the authentication. The first network node (client- device- 1) prevents hacking into the cloud service by malicious third parties by setting the threshold number of tasks to be attempted by the second network node for authentication purposes.

According to a seventh aspect, there is provided a computer program product including a non-transitory computer-readable storage medium having computer-readable instructions stored thereon, the computer-readable instructions being executable by a computerized device including processing hardware to execute the method of any of the aspects or any of their possible implementations.

A technical problem in the prior art is resolved, wherein the technical problem concerns synchronizing the sensitive information among network nodes or client devices in a cloud service in a secure manner without using hardware to ensure data security.

Therefore, in contradistinction to prior art, according to the network nodes and the server nodes of the cloud service and the method of operating the network nodes and the server nodes provided in the disclosure, data owners are enabled to have control over encryption or anonymity of the sensitive information (e.g., personal information). Moreover, the cloud service processes the encrypted sensitive data and may not obtain the plaintext, thereby no leakage of data even the cloud service is manipulated by a hacker. Furthermore, the disclosure improves data security, i.e., the confidentiality of customer sensitive data (e.g. subscription permanent identifier (SUPI)) which is achieved through encryption without trusting the cloud. Additionally, the disclosure improves data security by preventing brute force attack, offline attack, crypto-analytic attack as the attempts to get authenticated in the cloud service are finite.

These and other aspects of the disclosure will be apparent from and the embodiment(s) described below.

BRIEF DESCRIPTION OF DRAWINGS

To illustrate the technical solutions in the embodiments of the disclosure or the prior art more clearly, the following briefly introduces the accompanying drawings required for describing the embodiments of the prior art. Apparently, the accompanying drawings in the following description show merely some embodiments of the disclosure, and a person of ordinary skill in the art may still derive other drawings from these accompanying drawings without creative efforts.

FIG. 1 is an illustration of a first network node, one or more server nodes of a cloud service, and other network nodes; these nodes are configured to interact to synchronize sensitive information (m) in accordance with an example of the disclosure;

FIGS. 2A and 2B are flow diagrams of a method for operating the first network node of FIG. 1 in accordance with an example of the disclosure;

FIG. 3 is an interaction diagram of a method for operating the first network node of FIG. 1 in accordance with an example of the disclosure;

FIGS. 4A and 4B are flow diagrams of a method for operating the server node of a cloud service of FIG. 1 in accordance with an example of the disclosure;

FIG. 5 is an interaction diagram of a method for operating the server node of a cloud service of FIG. 1 in accordance with an example of the disclosure;

FIGS. 6 A and 6B are flow diagrams of a method for operating the second network node of FIG. 1 in accordance with an example of the disclosure;

FIG. 7 is an interaction diagram of a method for operating the second network node of FIG. 1 in accordance with an example of the disclosure; and

FIG. 8 is an illustration of a computing arrangement for use in implementing examples of the disclosure.

DETAILED DESCRIPTION

Embodiments of the disclosure provide network nodes and server nodes and methods for operating the network nodes and the server nodes to synchronize sensitive information between network nodes in communication with a cloud service including the server nodes.

To make solutions of the disclosure more comprehensible for a person skilled in the art, the following embodiments of the disclosure are described with reference to the accompanying drawings. Terms such as "a first", "a second", "a third", and "a fourth" (if any) in the summary, claims, and foregoing accompanying drawings of the disclosure are used to distinguish between similar objects and are not necessarily used to describe a specific sequence or order. It should be understood that the terms so used are interchangeable under appropriate circumstances, so that the embodiments of the disclosure described herein are, for example, capable of being implemented in sequences other than the sequences illustrated or described herein. Furthermore, the terms "include" and "have" and any variations thereof, are intended to cover a non-ex elusive inclusion. For example, a process, a method, a system, a product, or a device that includes a series of steps or units, is not necessarily limited to expressly listed steps or units, but may include other steps or units that are not expressly listed or that are inherent to such process, method, product, or device.

FIG. 1 is a block diagram that illustrates a first network node 10 (client-device- 1), one or more server nodes 20A-N, and other network nodes 30 (client-device-j); these nodes are configured to mutually interact to synchronize sensitive information (m) in accordance with an example of the disclosure. A cloud service 20 includes the one or more server nodes 20A- N. The first network node 10 (client-device- 1) is configured to be coupled in communication via the cloud service 20 with other network nodes 30 (client-device-j). The one or more server nodes 20A-N communicate the sensitive information (m) among the other network nodes 30 (client-device-j) through the cloud service 20 in a secure manner.

In overview, the first network node 10 (client-device- 1) registers itself with the cloud service 20. Thereafter, the first network node 10 (client-device- 1) synchronizes itself to the other network nodes 30 (client-device-j) in communication with the cloud service 20. Such registration and synchronization will next be described in detail.

The first network node 10 (client-device- 1) generates a string (si) and transmits to each of the one or more server nodes 20A-N. The first network node 10 (client-device- 1) further receives a response from each of the one or more server nodes 20A-N. The response is a function of the string (si) and a sub-key (Ki) allocated to each of the one or more server nodes 20A-N. The first network node 10 (client-device- 1) generates a password (PW) for the other network nodes 30 (client-device-j) for accessing the sensitive information (m). The password (PW) is used to synchronize the sensitive information (m) to the other network nodes 30 (client-device-j). The first network node 10 (client-device- 1) instructs the one or more server nodes 20A-N to send the string (si) to the other network nodes 30 (client-device- j), for the other network nodes 30 (client-device-j) to use the password (PW) and the string (si) as confirmation responses back to the one or more server nodes 20A-N. The first network node 10 (client-device- 1) instructs the one or more server nodes 20A-N to process the confirmation responses to generate a corresponding response from which the other network nodes 30 (client-device-j) are able to derive a root key (RK) for decrypting the sensitive information (m) at the other network nodes 30 (client-device-j) from the corresponding response of the one or more server nodes 20A-N. The root key (RK) is useable to perform an authentication of the other network nodes 30 (client-device-j) with at least one of the one or more server nodes 20A-N. The sensitive information (m) may be encrypted at the at least one of the one or more server nodes 20A-N and communicated to the other network nodes 30 (client-device-j). The sensitive information (m) is transmitted from the at least one of the one or more server nodes 20A-N to the other network nodes 30 (client-device-j) to be decrypted.

In an embodiment, the first network node 10 (client-device- 1) and the other network nodes 30 (client-device-j) may be user equipment or client devices.

The sensitive information (m) is data that may be guarded against unauthorized access and unwarranted disclosure to maintain the security of the sensitive information (m); for example, the sensitive information (m) belongs to an individual or an organization. The string (si) may be a data type that includes a set of characters and spaces and numbers. The root key (RK) may be a term for a unique passcode that may be generated for secure server interaction with a protective network.

According to a first embodiment, the one or more server nodes 20A-N have distributed thereto a series of sub-keys (Ki) generated from a secret key (K). A given server node of the one or more server nodes 20A-N of the cloud service 20 is unable to generate the secret (K) solely from its corresponding sub-key (Ki). The subkey (Ki) may be used for signing or for encryption. The secret key (K) may be divided into various parts, for example, sub-keys, KI, K2, K3, . . .Ki.

According to a second embodiment, the first network node 10 (client-device- 1) arranges for the other network nodes 30 (client-device-j) to exchange tasks (Challenge 1, Challenge2) with the at least one of the one or more server nodes 20A-N during authentication. The other network nodes 30 (client-device-j) optionally decrypt the sensitive information (m). Thus, the sensitive information (m) may be synchronized among the network nodes without a need to use special hardware for achieving data security. According to a third embodiment, the first network node 10 (client-device- 1) is configured to set a threshold number of tasks to be attempted by the other network nodes 30 (client-device-j) for confirming the authentication.

The one or more server nodes 20A-N of the cloud service 20 are configured to communicate the sensitive information (m) of the first network node 10 (client-device- 1). The one or more server nodes 20A-N are configured to be coupled to the first network node 10 (client-device- 1). The one or more server nodes 20A-N receive a request from the first network node 10 (client-device- 1) to register the first network node 10 (client-device- 1) to the cloud service 20 and thereafter to synchronize the first network node 10 (client-device- 1) to the other network nodes 30 (client-device-j) coupled in communication with the cloud service 20. The one or more server nodes 20A-N receive the string (si) generated by the first network node 10 (client-device- 1). The first network node 10 (client-device- 1) sends the string (si) to each of the one or more server nodes 20A-N. The one or more server nodes 20A-N compute a response and send the response to the first network node 10 (client-device-1). The response is a function of the string (si) and a sub-key (Ki) allocated to each of the one or more server nodes 20A-N. The one or more server nodes 20A-N synchronize the sensitive information (m) from the first network node 10 (client-device- 1) to the other network nodes 30 (client- device-j) by communicating a password (PW). The password (PW) is generated by the first network node 10 (client-device- 1) for the other network nodes 30 (client-device-j) to use to access the sensitive information (m). The one or more server nodes 20A-N receive an instruction from the first network node 10 (client-device- 1). The instruction specifies the one or more server nodes 20A-N to send the string (si) to the other network nodes 30 (client- device-j). The other network nodes 30 (client-device-j) use the password (PW) and the string (si) when sending confirmation responses back to the one or more server nodes 20A-N. The one or more server nodes 20A-N further receive instructions from the first network node 10 (client-device- 1) to process the confirmation responses to generate a corresponding response. The other network nodes 30 (client-device-j) derive a root key (RK) from the corresponding response. The root key (RK) is useable for decrypting the sensitive information (m) at the other network nodes 30 (client-device-j). The root key (RK) is useable to perform authentication with at least one of the server nodes 20A. The sensitive information (m) is transmitted from the at least one of the server nodes 20A-N to the other network nodes 30 (client-device-j) to be decrypted thereat (client-device-j) to provide the sensitive information (m) in decrypted form.

In an embodiment, the one or more server nodes 20A-N of the cloud service 20 have distributed thereto a series of sub-keys (Ki) generated from a secret key (K). A given server node of the one or more server nodes 20A-N of the cloud service 20 is unable to generate the secret (K) solely from its corresponding sub-key (Ki). The secret key (K) may be divided into various parts, for example, sub-keys, KI, K2, K3, . . .Ki.

In an embodiment, the one or more server nodes 20A-N are configured to receive instructions from the first network node 10 (client-device- 1) to arrange for the other network nodes 30 (client-device-j) during the authentication to exchange one or more tasks (Challenge 1, Challenge2) with at least one of the server nodes 20A for authentication purposes.

The other network nodes 30 (client-device-j) include a second network node 30A. The second network node 30A is configured to obtain the sensitive information (m) of the first network node 10 (client-device- 1) through the one or more server nodes 20A-N of the cloud service 20 securely. The second network node 30A (client-device-j) is coupled in communication with the cloud service 20. The second network node 30A receives the sensitive information (m) communicated from the one or more server nodes 20A-N. The second network node 30 A is configured to synchronize to the first network node 10 (client- device-1) after the first network node 10 (client-device- 1) is registered to the cloud service 20. The first network node 10 (client-device- 1) is configured to compute a string (si) and is transmitted to each of the one or more server nodes 20A-N. Each of the one or more server nodes 20A-N of the cloud service 20 generates a response that is a function of the string (si) and a sub-key (Ki) allocated to the one or more server nodes 20A-N. The second network node 30A is configured to receive a password (PW) generated by the first network node 10 (client-device-1). The second network node 30A uses the password (PW) to access the sensitive information (m). The password (PW) is used to synchronize the sensitive information (m) to the second network node 30A. The second network node 30A is configured to receive a string (si) as arranged by the first network node 10 (client-device-1). The first network node 10 (client-device- 1) instructs the one or more server nodes 20A-N to send the string (si) to the second network node 30A. The second network node 30A uses the password (PW) and the string (si) as responses transmitted back to the one or more server nodes 20A-N. The second network node 30A is configured to receive a response generated by the one or more server nodes 20A-N. The one or more server nodes 20A-N process the response received from the second network node 30A and generate a corresponding response. The second network node 30 A computes a root key (RK) using the corresponding response. The root key (RK) is useable for decrypting the sensitive information (m) at the second network node 30A (client-device-j). The root key (RK) is useable to perform an authentication of the second network node 30A (client-device-j) with at least one of the one or more server nodes 20A-N. The sensitive information (m) is received from the at least one of the one or more server nodes 20A-N to be decrypted thereat (client-device-j) to provide the sensitive information (m) in decrypted form.

In an embodiment, the one or more server nodes 20A-N of the cloud service 20 have distributed thereto a series of sub-keys (Ki) generated from a secret key (K). A given server node of the one or more server nodes 20A-N of the cloud service 20 is unable to generate the secret key (K) solely from its corresponding sub-key (Ki). Thus, the sensitive information (m) is synchronized within the network nodes without any special hardware being required for ensuring data security. The secret key (K) is divided into various parts, for example, subkeys, KI, K2, K3, ...Ki.

In an embodiment, the second network node 30A is configured during the authentication to exchange one or more tasks (Challenge 1, Challenge2) with the at least one of the one or more server nodes 20A-N for authentication purposes.

In an embodiment, a threshold number of tasks is defined by the first node 10 to be attempted by the other network nodes 30 (client-device-j) for confirming the authentication.

FIGS. 2A and 2B are flow diagrams of a method 200 for operating the first network node 10 (client-device- 1) of FIG. 1 in accordance with an example of the disclosure. The first network node 10 (client-device- 1) is configured to be coupled in communication with the cloud service 20. At a step 202, the first network node 10 is configured (client-device- 1) to register itself to the cloud service 20 and thereafter to synchronize itself to other network nodes 30 (client-device-j) in communication with the cloud service 20. At a step 204, the first network node 10 (client-device- 1) is configured to generate a string (si) that is transmitted to each of the one or more server nodes 20A-N. The first network node 10 (client- device- 1) is further configured to receive a response from each of the one or more server nodes 20A-N, wherein the response is a function of the string (si) and a sub-key (Ki) allocated to each of the one or more server nodes 20A-N. At a step 206, the first network node 10 is configured to synchronize the sensitive information (m) to the other network nodes 30 (client-device-j) by generating a password (PW) for the other network nodes 30 (client-device-j) to use to access the sensitive information (m). At a step 208, the first network node 10 is configured to use the one or more server nodes 20A-N to send the string (si) to the other network nodes 30 (client-device-j), for the other network nodes 30 (client- device-j) to use the password (PW) and the string (si) as confirmation responses back to the one or more server nodes 20A-N. At a step 210, the first network node 10 is configured to instruct the one or more server nodes 20A-N to process the confirmation responses to generate a corresponding response from which the other network nodes 30 (client-device-j) are able to derive a root key (RK). The root key (RK) is useable for decrypting the sensitive information (m) at the other network nodes 30 (client-device-j) and for performing an authentication of the other network nodes 30 (client-device-j) with at least one of the one or more server nodes 20A-N, whereafter the sensitive information (m) is transmitted from the at least one of the one or more server nodes 20A-N to the other network nodes 30 (client- device-j) to be decrypted thereat to provide the sensitive information (m) in decrypted form.

FIG. 3 is an interaction diagram of a method 300 for operating the first network node 10 (client-device- 1) of FIG. 1 in accordance with an example of the disclosure. At a step 302, the first network node 10 (client-device- 1) is configured to register itself to the cloud service 20 and to synchronize to the other network nodes 30 (client-device-j) through the cloud service 20 by generating a string (si) at the first network node 10 (client-device- 1) and transmitting the string (si) to each of the one or more server nodes 20A-N. At a step 304, the first network node 10 (client-device- 1) is configured to receive a response by the first network node 10 (client-device- 1) from each of the one or more server nodes 20A-N. The response is a function of the string (si) and a sub-key allocated to each of the one or more server nodes 20A-N. At a step 306, the first network node 10 (client-device- 1) is configured to generate a password (PW) for the other network nodes 30 (client-device-j). The password (PW) is used by the other network nodes 30 (client-device-j) to access the sensitive information (m) of the first network node 10 (client-device-1). At a step 308, the first network node 10 (client-device- 1) is configured to instruct, by the first network node 10 (client-device- 1), the one or more server nodes 20A-N to send the string (si) to the other network nodes 30 (client-device-j). At a step 310, the first network node 10 (client-device- 1) is configured to respond back as confirmation responses by the other network nodes 30 (client-device-j) to the one or more server nodes 20A-N using the password (PW) and the string (si). At a step 312, the first network node 10 (client-device- 1) is configured to instruct, by the first network node 10 (client-device- 1), the one or more server nodes 20A-N to process the confirmation responses and generate a corresponding response to the other network nodes 30 (client-device-j) from which the other network nodes 30 (client-device-j) are able to derive a root key (RK) for authentication of the other network nodes 30 (client- device-j) with at least one of the server nodes 20A-N. At a step 314, the sensitive information (m) of the first network node 10 (client-device- 1) is transmitted from the at least one of the one or more server nodes 20A-N to the other network nodes 30 (client-device-j) to be decrypted after performing authentication of the other network nodes 30 (client-device-j). The root key (RK) is useable for decrypting the sensitive information (m) at the other network nodes 30 (client-device-j).

According to a first embodiment, the method 300 for operating the first network node 10 includes distributing to the one or more server nodes 20A-N a series of sub-keys (Ki) generated from a secret key (K). A given server node of the one or more server nodes 20A- N of the cloud service 20 is unable to generate the secret (K) solely from its corresponding sub-key (Ki).

According to a second embodiment, the method 300 for operating the first network node 10 includes configuring the first network node 10 (client-device- 1) to arrange for the other network nodes 30 (client-device-j) during the authentication to exchange one or more tasks (Challenge 1, Challenge2) with at least one of the one or more server nodes 20A-N for authentication purposes. According to a third embodiment, the method 300 for operating the first network node 10 includes configuring the first network node 10 (client-device- 1) to set a threshold number of tasks to be attempted by the other network nodes 30 (client-device-j) for confirming the authentication. FIGS. 4A and 4B are flow diagrams of a method 400 for operating the server node 20A of FIG. 1 in accordance with an example of the disclosure. The server node 20A of the cloud service 20 is configured to be coupled in communication with the first network node 10 (client-device-1). At a step 402, the server node 20A is configured to receive a request from the first network node 10 (client-device- 1) to register the first network node 10 (client- device-1) to the cloud service 20 and thereafter to synchronize the first network node 10 (client-device- 1) to other network nodes 30 (client-device-j) in communication with the cloud service 20. At a step 404, the server node 20A is configured to receive a string (si) generated by the first network node 10 (client-device- 1) that is transmitted to each of one or more server nodes 20A-N, and to receive from each of the one or more server nodes 20A-N a response that is a function of the string (si) and a sub-key (Ki) allocated to each of the one or more server nodes 20A-N. At a step 406, the server node 20A is configured to synchronize the sensitive information (m) from the first network node 10 (client-device- 1) to the other network nodes 30 (client-device-j) by transmitting a password (PW) generated by the first network node 10 (client-device- 1) for the other network nodes 30 (client-device-j) to use to access the sensitive information (m). At a step 408, the server node 20A is configured to receive an instruction from the first network node 10 (client-device- 1), to use the one or more server nodes 20A-N of the cloud service 20 to send the string (si) to the other network nodes 30 (client-device-j), for the other network nodes 30 (client-device-j) to use the password (PW) and the string (si) as confirmation responses back to the one or more server nodes 20A-N. At a step 410, the server node 20A is configured to receive instructions from the first network node 10 (client-device- 1) to configure the cloud service 20 to process the confirmation responses to generate a corresponding response from which the other network nodes 30 (client-device-j) are able to derive a root key (RK). The root key (RK) is useable for decrypting the sensitive information (m) at the other network nodes 30 (client-device-j) and for performing an authentication with at least one of the one or more server nodes 20A- N; thereafter, the sensitive information (m) is communicated from the at least one of the one or more server nodes 20A-N to the other network nodes 30 (client-device-j) to be decrypted thereat (client-device-j) to provide the sensitive information (m) in decrypted form.

FIG. 5 is an interaction diagram of a method 500 for operating the server node 20A of the cloud service 20 of FIG. 1 in accordance with an example of the disclosure. At a step 502, the server node 20A is configured to receive a request from the first network node 10 (client- device- 1) to register the first network node 10 (client-device- 1) to the cloud service 20 and thereafter to synchronize the first network node 10 (client-device- 1) to the other network nodes 30 (client-device-j) in communication with the cloud service 20. At a step 504, the server node 20 A is configured to receive a string (si) generated by the first network node 10 (client-device- 1) that is transmitted to each of the one or more server nodes 20A-N. At a step 506, the server node 20A is configured to receive a response from each of the one or more server nodes 20A-N that is a function of the string (si) and a sub-key (Ki) allocated to each of the one or more of server nodes 20A-N. At a step 508, the server node 20A is configured to synchronize the sensitive information (m) from the first network node 10 (client-device- 1) to the other network nodes 30 (client-device-j) by transmitting a password (PW) generated by the first network node 10 (client-device- 1) for the other network nodes 30 (client-device- j) to use to access the sensitive information (m). At a step 510, the server node 20 A is configured to receive an instruction from the first network node 10 (client-device- 1) to use the one or more server nodes 20A-N of the cloud service 20 to send the string (si) to the other network nodes 30 (client-device-j). The other network nodes (client-device-j) 30 use the password (PW) and the string (si) when sending confirmation responses back to the one or more server nodes 20A-N. At a step 512, the method 500 includes receiving, at the cloud service 20, instructions from the first network node 10 (client-device- 1) to process the confirmation responses to generate a corresponding response to the other network nodes 30 (client-device-j) from which the other network nodes 30 (client-device-j) are able to derive a root key (RK). At a step 514, the server node 20A is configured to transmit the sensitive information (m) of the first network node 10 (client-device- 1) from at least one of the one or more server nodes 20A-N to the other network nodes 30 (client-device-j) to be decrypted thereat (client-device-j) to provide the sensitive information (m) in decrypted form.

According to a first embodiment, the method 500 for operating the server node 20A includes distributing to the one or more server nodes 20A-N a series of sub-keys (Ki) generated from a secret key (K). A given server 20A of the cloud service 20 is unable to generate the secret (K) solely from its corresponding sub-key (Ki).

According to a second embodiment, the method 500 for operating the server node 20A includes configuring the server node 20A to receive instructions from the first network node 10 (client-device- 1) to arrange for the other network nodes 30 (client-device-j) during the authentication to exchange one or more tasks (Challenge!, Challenge2) with at least one of the one or more server nodes 20A-N for authentication purposes. According to a third embodiment, the method 500 for operating the server node 20A includes configuring the server node 20A to set a threshold number of tasks to be attempted for confirming authentication.

FIGS. 6A and 6B are flow diagrams of a method 600 for operating the second network node 30A of FIG. 1 in accordance with an example of the disclosure. The second network node 30A (client-device-j) is configured to be coupled in communication with the cloud service 20 including the one or more server nodes 20A-N. The second network node 30A (client- device-j) is configured to synchronize to the first network node 10 (client-device- 1) after the first network node 10 (client-device- 1) is registered to the cloud service 20. The first network node 10 (client-device- 1) is configured to compute a string (si) that is transmitted to each of the one or more server nodes 20A-N. Each of the one or more server nodes 20A-N of the cloud service 20 generates a response that is a function of the string (si) and a sub-key (Ki) allocated to the one or more server nodes 20A-N. At a step 602, the second network node 30A (client-device-j) is configured to receive a password (PW) generated by the first network node 10 (client-device- 1), for the second network node 30A (client-device-j) to use to access the sensitive information (m), wherein the password (PW) is used to synchronize the sensitive information (m) to the second network node 30A (client-device-j). At a step 604, the second network node 30A (client-device-j) is configured to receive the string (si) as arranged by the first network node 10 (client-device- 1) instructing the one or more server nodes 20A-N to send the string (si) to the second network node 30A (client-device-j), for the second network node 30A (client-device-j) to use the password (PW) and the string (si) as responses back to the one or more server nodes 20A-N. At a step 606, the second network node 30A (client-device-j) is configured to receive a response generated by the one or more server nodes 20A-N processing the responses received from the second network node 30A (client-device-j) and to generate a corresponding response from which the second network node 30A (client-device-j) is able to derive a root key (RK). The root key (RK) is useable for decrypting the sensitive information (m) at the second network node 30A (client-device- j) and performing an authentication of the second network node 30A (client-device-j) with at least one of the one or more server nodes 20A-N, whereafter the sensitive information (m) is transmitted from the at least one of the one or more server nodes 20A-N to the second network node 30A (client-device-j) to be decrypted thereat to provide the sensitive information (m) in decrypted form.

FIG. 7 is an interaction diagram of a method 700 for operating the second network node 30A (client-device-j) of FIG. 1 in accordance with an example of the disclosure. The second network node 30A (client-device-j) is configured to be coupled in communication with the cloud service 20 including the one or more server nodes 20A-N. The second network node 30A is configured to synchronize to the first network node 10 (client-device- 1) after the first network node 10 (client-device- 1) is registered to the cloud service 20. At a step 702, the second network node 30A (client-device-j) is configured to receive a password generated by the first network node 10 (client-device- 1) and is transmitted to each of the one or more server nodes 20A-N. The password is used to synchronize the sensitive information (m) to the second network node 30A (client-device-j). At a step 704, the second network node 30A (client-device-j) is configured to instruct, by the first network node 10 (client-device- 1), the server nodes 20A-N to send a string (si) to the second network node 30A (client-device-j). At a step 706, the second network node 30A (client-device-j) is configured to receive the string (si) by the second network node 30A (client-device-j) as arranged by the first network node 10 (client-device-1). The second network node 30A (client-device-j) responds to the server nodes 20A-N using the password (PW) and the string (si). At a step 708, the second network node 30A (client-device-j) is configured to receive a response by the second network node 30A (client-device-j) from the server nodes 20A-N. The second network node 30A (client-device-j) processes the response by the server nodes 20A-N and generates a response to the second network node 30A (client-device-j). At a step 710, the second network node 30A (client-device-j) is configured to derive a root key (RK) for authentication of the second network node 30A (client-device-j) with at least one of the server nodes 20A- N. At a step 712, the second network node 30A (client-device-j) is configured to receive the sensitive information (m) of the first network node 10 (client-device- 1) from at least one of the server nodes 20A-N to the second network node 30A (client-device-j) to be decrypted.

According to a first embodiment, the one or more server nodes 20A-N have distributed thereto a series of sub-keys (Ki) generated from a secret key (K). A given server node of the one or more server nodes 20A-N of the cloud service 20 is unable to generate the secret (K) solely from its corresponding sub-key (Ki). According to a second embodiment, the method 700 for operating the second network node 30A includes configuring the first network node 10 (client-device- 1) to arrange for the second network node 30A (client-device-j) during the authentication to exchange one or more tasks (Challenge 1, Challenge2) with at least one of the one or more server nodes 20A- N for authentication purposes. According to a third embodiment, the first network node 10 (client-device- 1) is configured to set a threshold number of tasks to be attempted by the second network node 30A for confirming the authentication.

In an embodiment, there is provided a system for communicating the sensitive information (m) among the network nodes through the cloud service 20. The system includes a first network node 10 (client-device- 1), one or more server nodes 20A-N that provide the cloud service 20, and other network nodes 30 (client-device-j). The other network nodes 30 include a second network node 30A. The system (i) registers the first network node 10 (client-device- 1) to the cloud service 20, and (ii) synchronizes the first network node 10 (client-device- 1) to the other network nodes 30 (client-device-j) in communication with the cloud service 20. The system is configured to, for the registration and synchronization of the first network node 10 (client-device- 1):

(i) generate a string (si) by the first network node 10 (client-device- 1) and transmit by the first network node 10 (client-device- 1) to each of the one or more server nodes 20A-N of the cloud service 20;

(ii) generate, at each of the one or more server nodes 20A-N, a response as a function of the string (si) and a sub-key (Ki) allocated to each of the one or more server nodes 20A-N;

(iii) receive, at the first network node 10 (client-device- 1), the response from each of the one or more server nodes 20A-N;

(iv) generate, at the first network node 10 (client-device- 1), a password (PW) for the other network nodes 30 (client-device-j) to use to access the sensitive information (m); (v) instruct, by the first network node 10 (client-device- 1), the one or more server nodes 20A-N to share the string (si) to the other network nodes 30 (client-device- j);

(vi) respond back with confirmation responses by the other network nodes 30 (client-device-j) to the one or more server nodes 20A-N using the password (PW) and the string (si);

(vii) process the confirmation responses by the one or more server nodes 20A-N to generate a corresponding response to the other network nodes 30 (client-device-j);

(viii) derive a root key (RK) by the other network nodes 30 (client-device-j) from the corresponding response for decrypting the sensitive information (m) at the other network nodes 30 (client-device-j);

(ix) authenticate the other network nodes 30 (client-device-j) with at least one of the server nodes 20A-N using the root key (RK); and

(x) transmit the sensitive information (m) from the at least one of the one or more server nodes 20A-N to the other network nodes 30 (client-device-j) to be decrypted thereat (client-device-j) to provide the sensitive information (m) in decrypted form.

According to another embodiment, there is provided a method for communicating the sensitive information (m) among the network nodes through the cloud service 20. The method includes:

(i) registering the first network node 10 (client-device- 1) to the cloud service 20, and then synchronizing the first network node 10 (client-device- 1) with the other network nodes 30 (client-device-j) in communication with the cloud service 20;

(ii) generating a string (si) by the first network node 10 (client-device- 1) and transmitting to each server node;

(iii) generating, at each of the one or more server nodes 20A-N, a response as a function of the string (si) and a sub-key (Ki) allocated to each server node; (iv) receiving the response from each of the one or more server nodes 20A-N;

(v) generating, at the first network node 10 (client-device- 1), a password (PW) for the other network nodes 30 (client-device-j) to use to access the sensitive information (m);

(vi) instructing, by the first network node 10 (client-device- 1), the one or more server nodes 20A-N to share the string (si) to the other network nodes 30 (client- device-j);

(vii) responding back with confirmation responses by the other network nodes 30 (client-device-j) to the one or more server nodes 20A-N using the password (PW) and the string (si);

(viii) processing the confirmation responses by the one or more server nodes 20A- N to generate a corresponding response;

(ix) deriving a root key (RK) by the other network nodes 30 (client-device-j) from the corresponding response for decrypting the sensitive information (m) at the other network nodes 30 (client-device-j);

(x) authenticating the other network nodes 30 (client-device-j) with at least one of the one or more server nodes 20A-N using the root key (RK); and

(xi) transmitting the sensitive information (m) from the at least one of the one or more server nodes 20A-N to the other network nodes 30 (client-device-j) to be decrypted thereat (client-device-j) to provide the sensitive information (m) in decrypted form.

According to an embodiment, the registration of the first network node 10 (client-device- 1) to the cloud service 20 is implemented as follows:

(i) the first network node 10 (client-device- 1) generates a random string (si) and a random number (ri), and calculates:

Ai=Hl(PW\ \si)^(ri), i=l, n Then, the first network node 10 (client-device- 1) sends Ai to the one or more server nodes 20A-N in the cloud service 20;

(ii) each of the one or more server nodes 20A-N, generates a long term DH key: (public key: Yi=g ^A (yi), secret key: yi) and uses its own random sub-key (ki) for calculating Bi : Bi=Ai ^A (ki) ; Then, each of the one or more server nodes 20A-N sends (Bi,Yi) to the first network node 10 (client-device- 1);

(iii) The first network node 10 (client-device- 1) computes:

Root key: RK = HKDF (Hl(PW), (B 1 ^A (l/rl) ||. . . (Bn ^A (l/rn))) = HKDF (Hl(PW), (Hl(PW||sl) ^A (kl) ... Hl(PW||sn) ^A (kn));

User generates random x, MasterKey: MK and computes:

X=g ^A (x); (longterm DH key)

Cl= AES-GCM(RK, x||X||Yi||si); i=l,. . ,,n

C2= AES-GCM(RK, MK||si); i=l,...,n

C3=AES-GCM(MK, m); m is sensitive data;

Finally, the first network node 10 (client-device- 1) sends (si, X, Cl, C2, C3, i=l , .. .,n) to the one or more server nodes 20A-N.

Each of the one or more server nodes 20A-N stores (si, X, Cl, C2, C3, counter = MaxNumber) in its local data memory.

The registration and upload process are thereby completed.

According to an embodiment, the synchronization of the first network node 10 (client- device-1) with the other network nodes 30 (client-device-j) of the cloud service 20 is provided below.

A user of any of the other network nodes 30 (client-device-j) uses a screen-lock password to perform authentication and synchronization processes of the encrypted sensitive data (m) provided by the first network node 10 (client-device- 1). The synchronization process is activated on the node side, for example by way of the username and password (PW) of the cloud service 20. The synchronization includes,

1 : After activating this service, the one or more server nodes 20A-N send the string (si) to the other network nodes 30 (client-device-j), then counter = counter - 1;

2: User inputs the PW. Then, a software application (“app”) on the other network nodes 30 chooses random r and computes: Ai = Hl (si, PW) ^A r); Then, the other network nodes 30 sends Ai to the one or more server nodes 20A-N;

3: The one or more server nodes 20A-N compute Bi = (A0 ^A (ki) and send (Cl, Bi) to the other network nodes 30 (client-device-j);

4: The other network nodes 30 (client-device-j) compute:

RK= HKDF(H1(PW), (Bl) ^A (l/r)||. . (Bn) ^A (l/r));

Decryption : x||X||¥i||si = AES-GCM(RK,C1), i=l, ..., n; Verify the correctness of si if correct, then :

The other network nodes 30 use (x, X, Yi) to perform the authentication and decryption with the corresponding one or more server nodes 20A-N ;

1. the other network nodes 30 (client-device-j) select random nl and computes Nl=g ^A (nl), and send Nl to the one or more server nodes 20A-N.

2. the one or more server nodes 20A-N select random tl and challengel, and compute Tl=g ^A (tl), and send (Tl, challengel) to the other network nodes 30 (client-device-j).

3. the other network nodes 30 (client-device-j) compute master key and session keys: ms = Yi ^A (x) + Yi ^A (nl) + Tl ^A (x) + Tl ^A (nl);

KMAC = HKDF(ms, UID||ServerID||X||Yi||Nl ||T1 ||”MAC”); Authentication Message:

MAC1 = HMAC(KMAC,

Challenge 11 |N 11 |T 11 |UID| | ServerID| |” Authentication”)

KENC = HKDF(ms, UID||ServerID||X||Yi||Nl ||T1 ||”ENC”); K _E nc as session encry ption/decry ption key; the other network nodes 30 (client-device-j) generate a random Challenge2, and sends (MAC1, challenge2) to the one or more server nodes 20A-N.

The one or more server nodes 20A-N compute the same master key:

• ms = X ^A (yi) + Nl ^A (yi) + X ^A (tl) + Nl ^A (tl);

• KMAC = HKDF(ms, UID||ServerID||X||Yi||Nl ||T1 ||”MAC”);

• KENC = HKDF(ms, UID||ServerID||X| |Yi||Nl ||T1 ||”ENC”);

• Verify the Authentication Message MAC 1 : first, computes MAC 1 ’ = HMAC(KMAC, challengel | |N 11 |T 11 |UID| | ServerID| |” Authentication”); then compare MACF and MAC1, if “=“ and counter > 0, then accept. Otherwise, if counter > 0, then go to step 1 ; Else, reject, out of system;

If accepted, then compute : MAC2 = HMAC(KMAC, Challenge2| |N 11 |T 11 |UID| | ServerID| |” Authentication”) o Enc_C2 = AES-GCM(KENC, C2 ||Challengel ||Challenge2); o Enc_C3 = AES-GCM(KENC, C2 ||Challengel ||Challenge2)

Finally, the one or more server nodes 20A-N set the Counter = 0 and send (MAC2, ENC_C2, ENC_C3) to the other network nodes 30 (client-device-j);

2) The other network nodes 30 (client-device-j) verify the Authentication Message MAC2: first, computes MAC2’ = HMAC(KMAC, challenge2||Nl | |T11 |UID| | ServerID| |” Authentication”); Then compare MAC2’ and MAC2, if“=“, accept.

3) If accept, then using KENC and RK decrypts Enc_C2, Enc_C3 :

• C2 = AES_GCM(KENC, ENC_C2) ;

• C3 = AES_GCM(KENC, ENC_C3) ;

• MK = AES_GCM(RK, C2) ;

• m = AES_GCM(MK, C3)

Finally, the other network nodes 30 (client-device-j) obtain the sensitive data (m) encrypted by the first network node 10 (client-device- 1), the synchronization process is completed.

FIG. 8 is an illustration of an exemplary system 800 in which the various architectures and functionalities of the various previous examples may be implemented. As shown, the system 800 includes at least one processor 804 that is connected to a bus 802, wherein the system 800 may be implemented using any suitable protocol, such as PCI (Peripheral Component Interconnect), PCI-Express, AGP (Accelerated Graphics Port), HyperTransport, or any other bus or point-to-point communication protocol (s). The system 800 also includes a data memory 806.

Control logic (software) and data are stored in the data memory 806 which may take the form of random-access memory (RAM). In the description, a single semiconductor platform may refer to a sole unitary semiconductor-based integrated circuit or chip. It should be noted that the term single semiconductor platform may also refer to multi-chip modules with increased connectivity which simulate on-chip modules with increased connectivity which simulate on-chip operation, and make substantial improvements over utilizing a conventional central processing unit (CPU) and bus implementation. Of course, the various modules may also be situated separately or in various combinations of semiconductor platforms per the desires of the user.

The system 800 may also include a secondary storage 810. The secondary storage 810 includes, for example, a hard disk drive and a removable storage drive, representing a floppy disk drive, a magnetic tape drive, a compact disk drive, digital versatile disk (DVD) drive, recording device, universal serial bus (USB) flash memory. The removable storage drive at least one of reads from and writes to a removable storage unit in a well-known manner.

Computer programs, or computer control logic algorithms, may be stored in at least one of the memory 806 and the secondary storage 810. Such computer programs, when executed, enable the system 800 to perform various functions as described in the foregoing. The memory 806, the secondary storage 810, and any other storage are possible examples of computer-readable media.

In an embodiment, the architectures and functionalities depicted in the various previous figures may be implemented in the context of the processor 804, a graphics processor coupled to a communication interface 812, an integrated circuit (not shown) that is capable of at least a portion of the capabilities of both the processor 804 and a graphics processor, a chipset (i.e., a group of integrated circuits designed to work and sold as a unit for performing related functions, etc.).

Furthermore, the architectures and functionalities depicted in the various previous figures may be implemented in the context of a general computer system, a circuit board system, a game console system dedicated for entertainment purposes, an application-specific system. For example, the system 800 may take the form of a desktop computer, a laptop computer, a server, a workstation, a game console, an embedded system.

Furthermore, the system 800 may take the form of various other devices including, but not limited to a personal digital assistant (PDA) device, a mobile phone device, a smart phone, a television, etc. Additionally, although not shown, the system 800 may be coupled to a network (e.g., a telecommunications network, a local area network (LAN), a wireless network, a wide area network (WAN) such as the Internet, a peer-to-peer network, a cable network, or the like) for communication purposes through an I/O interface 808.

It should be understood that the arrangement of components illustrated in the figures described are exemplary and that other arrangement may be possible. It should also be understood that the various system components (and means) defined by the claims, described below, and illustrated in the various block diagrams represent components in some systems configured according to the subject matter disclosed herein. For example, one or more of these system components (and means) may be realized, in whole or in part, by at least some of the components illustrated in the arrangements illustrated in the described figures.

In addition, while at least one of these components are implemented at least partially as an electronic hardware component, and therefore constitutes a machine, the other components may be implemented in software that when included in an execution environment constitutes a machine, hardware, or a combination of software and hardware.

Although the disclosure and its advantages have been described in detail, it should be understood that various changes, substitutions and alterations can be made herein without departing from the spirit and scope of the disclosure as defined by the appended claims.