Abstract: A first patient intervention is identified. The first patient intervention regards a first patient record that includes one or more attributes related to a first patient. The first patient intervention is transmitted to a first program split of a secure multi-party computation. A conflict is detected in the first patient intervention and an existing medical situation regarding the first patient. The conflict is detected by the first program split of the secure multi-party computation and by a third program split of the secure multi-party computation. Based on the detected conflict, a notification is generated by the first program split. The notification is based on the detected conflict. The notification based on the detected conflict is provided to a first client.

Abstract: The present invention provides a method, computer program product, and system of generating predicted reactions of a user. In some embodiments, the method, computer program product, and system include receiving an intelligence data store, receiving a current data object with a current query and at least one knowledge graph, identifying one or more patterns in the at least one knowledge graph, comparing using a deep neural net, the previous queries and associated one or more patterns with the current query and identified one or more patterns of the current data object, classifying the plurality data objects from the intelligence data store based on a closeness of the current query and identified one or more patterns with each of the previous queries and associated one or more patterns in the intelligence data store, and identifying, by the classification engine, potential dispositions based on the classification of the plurality of data objects.

Abstract: A secure cloud computing environment protects the confidentiality of application code from a customer while simultaneously protecting the confidentiality of a customer's data from intentional or inadvertent leaks by the application code. This result is accomplished without the need to trust the application code and without requiring human surveillance or intervention. A client secure virtual machine (SVM) is accessible by a client who supplies commands, operand data and application data. An appliance SVM has the application code loaded therein and includes an application program interface that accesses a memory area shared by both SVMs. All access to the appliance SVM is initially revoked by an ultravisor, except for the shared memory and an encrypted persistent storage. The appliance SVM stores the application data in the persistent storage. The ultravisor manages an SVM by maintaining exclusive control over a device tree used by the operating system of the SVM.

Abstract: A method for implementing a secure system to prevent adverse drug interactions and repeat prescriptions, for a patient, in a multi-party computing environment. The method includes receiving a patient identifier from a provider, authenticating an access by the provider, and retrieving a second patient identifier, wherein the second patient identifier corresponds to the received patient identifier, wherein the received patient identifier and the second patient identifier are different. The method further includes receiving an input from the provider that corresponds to the patient identifier, and accessing a database that contains a stored private ID, wherein the stored private ID is a combination of the received patient identifier and the retrieved second patient identifier, and wherein the database includes data relating to the patient. The method includes searching the database to obtain a search result based on the received input from the provider, and transmitting the search result to the provider.

Abstract: A service running on a server, for example as a cloud server, that services with a guarantee from a guarantor. The service includes receiving, from a user using a zero-knowledge protocol to ensure privacy of the user, a request for a service with an associated quality level for a fee. Next, the request for service received requires a guarantee of the service requiring additional assurances based on a rating quantity available by a guarantor of the service is identified. At least a portion of the rating quantity available by the guarantor of the service is received. A notification from the user that the service is unacceptable is received. In response to the notification and a verification that the associated quality level was not met, refunding at least a portion of the fee to the user from the guarantor of the service.

Abstract: Isolating and amplifying a conversation between selected participants is provided. A plurality of spectral masks is received. Each spectral mask in the plurality corresponds to a respective participant in a selected group of participants included in a conversation. A composite spectral mask is generated by additive superposition of the plurality of spectral masks. The composite spectral mask is applied to sound captured by a microphone to filter out sounds that do not match the composite spectral mask and amplifying remaining sounds that match the composite spectral mask.

Abstract: A trusted network based service running on a server, for example as a cloud server, includes receiving a request from a first user device and a second user device. The request includes one or more inputs to perform a transaction. Based upon the request, selecting one or more computational resources from a set of a plurality of computational resources using zero-knowledge verifiable computing. In response to receiving authorization from each of the computational resources that they are capable of performing the zero-knowledge verifiable computing transactions to carry out at least a portion of the request, executing the program using zero-knowledge verifiable computing to carry out the request using a zero-knowledge protocol to ensure privacy of the first user device and the second user device. Sending to the first user device and the second user device an output of the request.

Abstract: A trusted network based service running on a server, for example as a cloud server, includes receiving a request from a first user device and a second user device. The request includes one or more inputs to perform a stateless transaction based on combinational logic. An output of the combinational logic is a function of only the one or more inputs. Based upon the request, a program is selected from a set of a plurality of programs using zero-knowledge verifiable computing to carry out the transaction. The program is executed using zero-knowledge verifiable computing. The execution of the program out the transaction based on combinational logic with the one or more inputs using a zero-knowledge protocol to ensure privacy of the first user device and the second user device. The output of the combinational logic along with proof from the zero-knowledge protocol that the combinational logic was executed without alteration.

Abstract: Embodiments are disclosed for a method for private transfer learning. The method includes generating a machine learning model comprising a training application programming interface (API) and an inferencing API. The method further includes encrypting the machine learning model using a predetermined encryption mechanism. The method additionally includes copying the encrypted machine learning model to a trusted execution environment. The method also includes executing the machine learning model in the trusted execution environment using the inferencing API.

Abstract: A trusted computing environment may be dynamically certified by providing a selectable boot option that controls running a loadable boot image in one of a test mode and a production mode. The test mode may automate running a processing standard validation test to obtain a processing standard validation test result. Responsive to running the processing standard validation test with a successful test result, a record indicating the successful test result and the loadable boot image is stored within the trusted computing environment, utilizing a certification process. Responsive to running the production mode, the trusted computing environment and the loadable boot image may be loaded.

Abstract: A service running on a server includes a method running on a server, for example as a cloud server. The method begins with receiving from a user using a zero-knowledge protocol, each of a unique token associated with the user, an identifier of a statement to be rated, a vote related to the statement; and a pledged quantity tied to a reputation of the user and the vote. The vote either supports or opposes a veracity of the statement. Next, a confirmation is made to ensure that the unique token is associated with the user. A difference is determined between the pledge quantity and a numerical rating of the reputation of the user. In response to confirming the unique token is associated with the user and the difference is non-negative, updating a rating of the statement using zero-knowledge verifiable computing.

Abstract: A social networking system, computer program product, and methods with a Personal Avatar executing on a first server node and a zero knowledge Arbiter executing on a second server node in a network of the social networking system. The Personal Avatar communicates social networking system messages in a communication session using a zero knowledge protocol with the zero knowledge Arbiter executing on the second server node operating in zero knowledge and using zero knowledge verifiable computing to enforce usage conditions on social networking system messages communicated in a communication session with the zero knowledge Arbiter. The zero knowledge Personal Avatar communicates social networking system messages in a communication session using a zero knowledge protocol with the zero knowledge Arbiter. The methods ensure privacy of an end user of the social networking system.

Abstract: A method, computer system, and a computer program product for cognitive template question formation and execution is provided. The present invention may include receiving a dynamic template question. The present invention may also include mapping the received template question to a type. The present invention may then include mapping the received template question to a data source. The present invention may further include forming a template question based on the mapped template question. The present invention may also include triggering, in response to a triggering event, a query based on the formed template question. The present invention may then include executing the triggered query.

Abstract: A method, system, and computer program product for performing strong desensitization of sensitive data within a garbled circuit includes: compiling a predetermined program into a first program, where the compiled first program is encoded in a form of a garbled circuit, and where the predetermined program runs on sensitive data; and executing the first program, where executing the first program includes: executing an analytics function using tokenized data with a first set of sensitive information and analytics data with a second set of sensitive information, where the tokenized data originated from a data provider and the analytics data originated from an analytics provider; and generating an output of the first program using a result of the analytics function, where the output contains desensitized data.

Abstract: A method, system, and computer program product for performing strong desensitization of sensitive data within a garbled circuit includes: compiling a predetermined program into a first program, where the compiled first program is encoded in a form of a garbled circuit, and where the predetermined program runs on sensitive data; and executing the first program, where executing the first program includes: executing an analytics function using tokenized data with a first set of sensitive information and analytics data with a second set of sensitive information, where the tokenized data originated from a data provider and the analytics data originated from an analytics provider; and generating an output of the first program using a result of the analytics function, where the output contains desensitized data.

Abstract: Systems for cellular network authentication utilizing unlinkable anonymous credentials are disclosed. In embodiments, a computer program product is provided including a computer readable storage medium having program instructions embodied therewith. The program instructions are executable by a computing device to cause the computing device to: contact a mobile device network with a request to connect to the mobile device network; conduct an interactive credential issuance protocol with an Issuer of the mobile device network to generate an unlinkable anonymous credential; connect to the mobile device network based on a Verifier of the mobile device network verifying the computing device based on the unlinkable anonymous credential; and store a temporary mobile subscriber identity assigned to the mobile device by the mobile device network, wherein the temporary mobile subscriber identity is filled with a null value.

Abstract: Managing anonymous network connections. In one aspect managing anonymous network connections by providing anonymous authentication credentials to a plurality of devices in a hierarchical network, registering a first set of devices at a first data aggregator, determining that the first set of devices at the first aggregator numbers less than a first threshold value, registering the first set of devices with a second aggregator upstream in the hierarchy from the first aggregator, causing data from the first set of devices to be received at the second aggregator.

Abstract: A verifiable computing system is presented. A worker computing device of the verifiable computing system receives a primary program and a verification logic that are generated based on a target function. The worker computing device includes a main processor and a coprocessor. The main processor is configured to execute the primary program and the coprocessor is configured to implement the verification logic. Telemetry is collected from the main processor executing the primary program and provided to the coprocessor. The coprocessor implementing the verification logic uses the telemetry to generate a proof. The proof is provided to a verifying computing device for determining whether the primary program is tampered with.

Abstract: A first request to perform an entity resolution operation is received from a first client. The first request is related to a first record uploaded by the first client. The first record has one or more first attributes. The first record is stored in a secure data store. The first request is transmitted to a first program split of a secure multi-party computation. An entity resolution operation is performed by the first program split of the secure multi-party computation and by a third program split of the secure multi-party computation. The entity resolution operation is performed based on the received request. The entity resolution operation is related to the first record and one or more second records uploaded to the secure data store by a second client. The third program split of the secure multi-party computation operates in the secure data store.

Abstract: A secure processor-based enclave is used to protect to one or more software defined control functions or elements in a cloud environment, such as a hyperconverged cloud that includes compute nodes. One or more secure enclave(s) are instantiated within the environment. A control plane, such as an NFV-based control plane element, is hosted within the secure enclave, which itself is instantiated within may be virtualized or containerized. The control plane has an associated data plane, whose elements are across one or more of the compute nodes. One or more APIs provide connectivity between the control plane, and the various data plane elements that are located external to the secure enclave. The NFV-based control plane provides configuration information (e.g., a routing table) to the distributed data plane through the APIs. By hosting the control plane securely using in-memory workload protection, the approach insures integrity at load time, and it protects against compromise in real-time, e.g.