Abstract: The subject matter discloses a computerized system for securing data, comprising a first node, comprising a first memory storage configured to store a first share of a cryptographic key and a communication module, a second node, in communication with the first node, comprising a second memory storage configured to store a second share of the cryptographic key, wherein the first share and the second share of the cryptographic key are required to perform a cryptographic operation using a multi-party computation (MPC) process, wherein the second node further comprises a control unit configured to change an operation mode of the second share from enable to disable, wherein the disable operation mode prevents performing the cryptographic operation using the MPC process.

Abstract: The present invention disclosed a method operable on a multiparty signing system for performing a multiparty signing act on a digital content. The multiparty signing system disclosed in the present invention comprises at least two multiparty signing servers configured with methods to perform the multiparty signing act of a digital content to sign. The multiparty signing system can be configured to perform the multiparty signing act by a private signing key split to at least two key shares, wherein each key share is held by each of the at least two multiparty signing servers. The multiparty signing system is also configured to communicate with at least one computerized node employed to conduct an approval process for approving the multiparty signing act. The approval process can be configured to conduct the approval process by employing a secure multiparty computation, wherein the approval process is configured to utilize secret shares held by the at least one computerized node.

Abstract: A method for signing a message, comprising performing a first Multi-Party Computation (MPC) process by multiple parties to compute a pseudorandom function, an input of the first MPC process comprises shares of a private signing key, each share is held by each party, the message is an input value to the pseudorandom function. The output of the first MPC process comprises multiple pairs of shares, each party holding a pair of shares, wherein each pair comprises a first value used for the MPC signing process and a second verifying value used for verifying correctness of the values provided by the multiple parties for the MPC signing process, and computing the signature on the message by performing an MPC signing protocol on the message, the MPC signing protocol receives as input shares of the output of the pseudorandom function from the multiple parties, and the message to be signed.

Abstract: The claimed subject matter discloses system for securing a process of manufacturing an article, comprising a facility security node located in a manufacturing facility where the article is manufactured, a security server located remotely from the manufacturing facility, said security server communicates with the facility security node and comprises a key generation module configured to generate a certificate authority (CA) private key in a split manner, one share of the CA private key is stored at the security server and another share of the CA private key is stored at the manufacturing facility. The server also comprises a server Multi-Party Computation (MPC) module configured to perform an MPC process with an article MPC module stored at the article, the output of the MPC process is signing the certificate without reconstructing the entire CA private key.

Abstract: The subject matter discloses a method and a system for securely distributing a credential and encryption keys for physical devices. The system comprises a security server and a physical device. the physical device comprises a memory module configured to store a share of the credential, a communication module configured to exchange signals, and a processing module configured to execute calculations upon request received on a wireless manner via the communication module from the security server, the calculations are transmitted to the security server to execute a multi-party computation process. The multi-party computation process outputs two shares of the credential, a first share is stored in the physical device. The physical device does not have access to the credential.

Abstract: The subject matter discloses a method operated on a computerizing system comprising generating two secret shares of at least some of the data fields in a database, loading data fields of the database into two database copies, wherein one secret share of the two secret shares is loaded into one database copy and another secret share of the two secret shares is loaded into another database copy, receiving a request to perform a query in the database, processing said query on the database copies, wherein the database fields employed by the query process and the query results remain secret during processing, and revealing the secret query results.

Abstract: The present invention discloses a method and system for securing digital transactions provided by a person operating a third-party computerized device designed to communicate with a multiparty signing system. The multiparty signing system may comprise a signing subsystem comprising a multiparty signing server designed to receive a request for digital signing and a first subset of end-user nodes designed to sign the digital transaction. The multiparty signing system may also comprise an approving subsystem designed for approving the digital transactions. The approving subsystem may comprise a coordinator and a second subset of end-user nodes for approving the digital transactions.

Abstract: The subject matter discloses a system for enforcing correctness of a derivation key, comprising multiple computerized nodes, comprising a storage module configured to store a share of a key used as an input of a function generating the derivation key, a communication module configured to exchange information between the multiple computerized nodes, and a processing module configured to receiving a request to create the derivation key, performing an MPC process between the multiple computerized nodes, said MPC process is performed multiple times, in each time the MPC process comprises receiving the key shares as input, randomly selecting a function, outputting the outputs of the selected function to the multiple computerized nodes, the multiple computerized nodes lack access to the selected function, the multiple computerized nodes perform computations on the received outputs and exchange outputs of the computations to estimate correction of the key shares inputted into the MPC process.

Abstract: The present invention discloses a method and system for securing digital transactions provided by a person operating a third-party computerized device designed to communicate with a multiparty signing system. The multiparty signing system may comprise a signing subsystem comprising a multiparty signing server designed to receive a request for digital signing and a first subset of end-user nodes designed to generate a group of key shares which can be utilized in MPC processes conducted by the multiparty signing server. The multiparty signing system may also comprise an approving subsystem designed for generating groups of key shares to approve the digital transactions. The approving subsystem may comprise a coordinator and a second subset of end-user nodes for generating groups of key shares. The multiparty signing server may be configured to receive from a third-party server a transaction to sign and to send a first request to the coordinator to receive a first group of key shares.

Abstract: The present invention discloses a system and method designed to secure computerized security processes via an MPC based biometric comparison. Such security processes can be operated between a computerized device operated by a user and a third-party server, or a third-party application executed by a computerized device. The MPC based biometric comparison process utilized to secure the security process can be operated by at least one server and in some cases, a computerized device operated by the user. Said servers may operate a Distributed Security Module, (DSM Server), designed to participate in multi-party computation (MPC) processes. The DSM server may be configured to use the MPC based biometric comparison process to compare a biometric data sample provided by the computerized device with a biometric data reference stored in the DSM server.

Abstract: The subject matter discloses a computerized system for authenticating a person requesting access to a physical entity. The system comprises a controller configured to control access to the physical entity, said controller is connected to a biometric acquisition device configured to acquire biometric data of the person. The controller comprises a communication module configured to communicate wirelessly with an electronic device used by the person. The system also comprises a computerized server communicating with the controller or the person's electronic device, said server is configured to provide validation indication of the person using the biometric data and an MPC process performed between at least two of the controller, server and the person's device.

Abstract: The subject matter discloses a method for providing identity to a software module, comprising splitting a secret key using a split multi-party computation (MPC) process between the software module and a security server and storing one share of the secret key in the software module and another share of the secret in the security server, the security server receiving a request from the software module to access a resource, in response to the request, the security server encrypts a message, said encrypted message is obtained by the software module, the software module initiates a decryption multi-party computation (MPC) process to decrypt the message encrypted by the security server using according to the shares of the secret key, the security server receives the decrypted secret and the public key and the security server signs a certificate associated with the requested resource and the software module and sends the certificate to the software module.

Abstract: The subject matter discloses a computerized system for securing data, comprising a first node, comprising a first memory storage configured to store a first share of a cryptographic key and a communication module, a second node, in communication with the first node, comprising a second memory storage configured to store a second share of the cryptographic key, wherein the first share and the second share of the cryptographic key are required to perform a cryptographic operation using a multi-party computation (MPC) process, wherein the second node further comprises a control unit configured to change an operation mode of the second share from enable to disable, wherein the disable operation mode prevents performing the cryptographic operation using the MPC process.

Abstract: The subject matter discloses a computerized system, comprising a computerized device communicating with a third party server, that comprises a memory unit that stores a representation of a Boolean circuit and a processing unit for calculating a result of the Boolean circuit according to a string used as input for the Boolean circuit and calculating a first predefined function on the result of the Boolean circuit. The system also comprises a first auxiliary server communicating with the computerized device, the first auxiliary server comprises a processing unit for calculating a second predefined function on the result of the Boolean circuit received from the computerized device and a second auxiliary server communicating with the computerized device comprises a processing unit for comparing the result of the first predefined function and the result of the second predefined function.

Abstract: The subject matter discloses a method operated on a computerizing system comprising generating two secret shares of at least some of the data fields in a database, loading data fields of the database into two database copies, wherein one secret share of the two secret shares is loaded into one database copy and another secret share of the two secret shares is loaded into another database copy, receiving a request to perform a query in the database, processing said query on the database copies, wherein the database fields employed by the query process and the query results remain secret during processing, and revealing the secret query results.