Abstract: Embodiments disclosed herein describe computing calculations based on two overlapping private sets between various parties. To conduct the calculation, an intersection of the overlapping private sets data lists is conducted without revealing the underlying data. A homomorphic encryption is conducted on the intersecting data elements to allow them to be compared.

Abstract: Systems, methods, and apparatuses of using biometric information to authenticate a first device of a user to a second device are described herein. A method includes storing, by the first device, a first key share of a private key and a first template share of a biometric template of the user. The second device stores a public key, and one or more other devices of the user store other key shares and other template shares. The first device receives a challenge message from the second device, measures biometric features of the user to obtain a measurement vector, and sends the measurement vector and the challenge message to the other devices. The first device receives partial computations, generated using a respective template share, key share, and the challenge message, from the other devices, uses them to generate a signature of the challenge message and send the signature to the second device.

Abstract: A keyboard is disclosed. The keyboard may comprise a biometric sensor configured for authenticating a user; a docking station configured for receiving a security device; and a processor configured for facilitating communication between the biometric sensor and the security device docked in the docking station with a computing device coupled to the keyboard.

Abstract: A method may include transmitting, at a mobile device executing a keyboard application, a request for a user specific data value to a computing device; receiving, from the computing device, an authentication request with a challenge message; encrypting the challenge message with a private key associated with the keyboard application; transmitting the encrypted challenge message to the computing device for authentication by the computing device; receiving the user specific data value from the server based on the server successfully authenticating the encrypted challenge message; and presenting the user specific data value in the keyboard application on the mobile device.

Abstract: Privacy protection methods, systems, and apparatus, including computer programs encoded on computer storage media, are provided. One of the methods is performed by a first computing device and includes: obtaining a plurality of object IDs, wherein the plurality of object IDs include a target object ID; sending the plurality of object IDs to a second computing device storing a plurality of pieces of data respectively associated with the plurality of object IDs for the second computing device to generate a plurality of ciphertexts respectively based on the plurality of pieces of data; and executing a cryptography protocol with the second computing device to obtain a ciphertext corresponding to the target object ID from the plurality of ciphertexts generated by the second computing device, wherein the target object ID is unknown to the second computing device.

Abstract: Disclosed herein are systems and methods that use blockchain technology to protect power system data. For example, a receiving device may receive a smart contract. The receiving device may obtain the encrypted power system measurements from the smart contract via distributed ledger. The receiving device may decrypt the power system measurements from the smart contract using a private key of the receiving device. The receiving device may display the decrypted power system measurements on a display of the receiving device.

Abstract: This is a system and method for homomorphic encryption comprising: a key generation module configured to generate a secret key, a public key and a bootstrapping key; a private-key encryption module configured to generate a first ciphertext using the secret key; a public-key encryption module configured to generate a second cyphertext using the public key; a private-key decoding module configured to decode a first ciphertext, a second ciphertext and an encrypted analytic result; a homomorphic computational module configured to perform an analytical operation, according to an analytical operation request on the first ciphertext and the second ciphertext without decrypting the first ciphertext and the second ciphertext using the bootstrapping key; and, wherein the encrypted analytical result is provided by the homomorphic computational module and are encrypted with the secret key.

Abstract: Identifying and protecting against a computer security threat while preserving privacy of individual client devices using differential privacy for text documents. In some embodiments, a method may include receiving, at the remote server device, text documents from one or more local client devices, generating, at the remote server device, a differential privacy document vector for each of the text documents, identifying, at the remote server device, a computer security threat to a first one of the one or more local client devices using the differential privacy document vectors, and, in response to identifying the computer security threat, protecting against the computer security threat by directing performance, at the first local client device or the remote server device, of a remedial action to protect the first local client device from the computer security threat.

Abstract: Autonomous devices and systems, methods, and program products for authorizing and performing autonomous devices transactions are disclosed. An autonomous device can be configured to generate a first hash value of a chain of hash values by applying a hash algorithm to first data including first new data and a first previous hash value of the chain of hash values, the first previous hash value computed by applying the hash algorithm to first previous data. The device can transmit to a transaction computer system the first hash value and the first new data. The device can generate and transmit to the transaction computer system a first signed electronic transaction request comprising first transaction data comprising a sending account identifier associated with the autonomous device, a destination account identifier, a transaction amount, and a timestamp. The device can digitally sign the transaction request using a private key of an asymmetric key pair.

Abstract: Techniques are disclosed relating to authenticating communications. A computer system may generate a master private key usable to derive user-specific private keys for a plurality of users hosted by a particular application. The computer system may generate master public configuration information usable to derive user-specific public keys for the plurality of users. The computer system may send that configuration information to a directory service accessible to applications that communicate with the particular application. The computer system may receive, from the particular application, a request for a user-specific private key for one of the plurality of users. The request may include an identifier of the user. The computer system may perform a key derivation function to generate a particular user-specific private key based on the master private key and the identifier of the user. The computer system may send the particular user-specific private key to the particular application.

Abstract: The invention presents a solution in which blockchain Transactions are created to implement the functionality of a logic gate. The invention may be implemented on the Bitcoin platform or an alternative blockchain platform. The transaction includes a locking script which comprises instructions selected so as to implement the functionality of a logic gate such as OR, AND, XOR, NOT and so on. In some examples, the instructions may be provided in a hashed form. When the script is executed (because a second transaction is attempting to spend the output associated with the locking script) the inputs will be processed by the conditional instructions to provide an output of TRUE or FALSE. The second transaction is transmitted to the blockchain network for validation and, if determined to be valid, it will be written to the blockchain. Validation of the second transaction can be interpreted as a TRUE output. Thus, the locking script of the first transaction provides the functionality of the desired logic gate.

Abstract: Unauthorized and fraudulent use of a cloud computing system may be reduced or mitigated using a multi-threshold based method to identify fraudulent subscribers of the cloud. The multi-threshold based method may assign a fraud threshold to each resource of the cloud. The fraud thresholds of the multi-threshold based method may be adjusted based on one or more characteristics associated with one or more of the plurality of resources in the cloud. The one or more characteristics may include a capacity percentage associated with the plurality of resources, fraud distribution among the plurality of resources, cost of operation associated with the plurality of resources, anticipated or actual subscriber growth rate associated with the plurality of resources and/or anticipated or actual subscriber fraud risk associated with the plurality of resources.

Abstract: Plural Internet of Things (IoT) gateways detect, secure against and remediate malicious code with an autonomous communication of tokens between the IoT gateways on a time schedule. Detection of an invalid token or a token communication outside of a scheduled time indicates that malicious code may have interfered with token generation or communication. Once malicious code is verified on an IoT gateway, the failed gateway is quarantined from the passing of the token and functions of the failed IoT gateway are assigned to other IoT gateways.

Abstract: The present disclosure provides systems and methods for improving provision of secret data on programmable devices. An appliance receives physical unclonable function (PUF) data pertaining to an integrated circuit. Secret data is provided to the appliance from a secret vault. Public and private PUF keys are derived based upon the PUF data. Further, ephemeral public and private keys are derived by the appliance. The public and private PUF keys, along with the ephemeral public and private keys are used to establish a secure channel for programming the secret data on the programmable device.

Abstract: Methods, apparatus and computer software products implement embodiments of the present invention that include defining, for a given software category, respective, disjoint sets of communication ports that are used by each of a plurality of software systems in the given software category, including at least first and second disjoint sets. A set of port scans are identified in data traffic transmitted between multiple nodes that communicate over a network, each of the port scans including an access, in the data traffic, of a plurality of the communication ports on a given destination node by a given source node during a predefined time period. Upon detecting a port scan by one of the nodes including accesses of at least one of the communication ports in the first set and at least one of the communication ports in the second set, a preventive action is initiated.

Abstract: An approach is provided for privacy-sensitive sharing of navigation-based content between vehicles (e.g., autonomous vehicles, drones, devices, etc.). The approach involves initiating a pairing of a first vehicle with at least one second vehicle. The approach also involves determining a privacy level associated with the pairing. The approach further involves determining a granularity level for sharing the navigation-based content of the first vehicle with the at least one second vehicle based on the privacy level. The approach further involves granting an access right to the at least one second vehicle to access the navigation-based content at the determined granularity level. The at least one second vehicle is then guided based on the navigation-based content of the first vehicle at the determined granularity level.

Abstract: Concepts and technologies of network service control for anchoring client devices for network service access control are provided herein. In one aspect of the concepts and technologies disclosed herein, a system is provided and can include a processor and a memory storing computer-executable instructions that, upon execution of the processor, configure the processor to perform operations. The operations can include receiving an anchor instantiation command to anchor one or more client devices to an authorized service location. The anchor instantiation command can initiate an anchor instantiation time period. The operations can include determining, during the anchor instantiation time period, a plurality of anchor attributes associated with the one or more client devices at the authorized location.

Abstract: Embodiments herein relate to a method performed by a detecting node (101) in a communications network (100), for detecting that a wireless device, WD, (120) associated with a first domain of the communications network (100) has been communicating with a non-legitimate device (150). The non-legitimate device (150) is a device associated with a second domain of the communications network (100). The non-legitimate device (150) impersonates a network node (110, 111, 140) of a first domain of the communications network (100). The detecting node (101) obtains information regarding one or more protocol events related to the communication between the WD (120) and a first network node (110, 111, 140). The information comprises a time instance related to the one or more protocol events. The detecting node (101) determines, based on the time instance and a set of time limits related to the one or more protocol events, that the WD (120) has been communicating with the non-legitimate device (150).

Abstract: Embodiments of the invention are directed to techniques for enabling self-certification of an electronic device to result in the issuance of a security certificate that the electronic device may use to authenticate itself to another entity. In some embodiments, the device is caused to initiate the self-certification process upon determining that a status of a current security certificate is no longer valid. In some embodiments, an electronic device may communicate with a certificate authority, which may generate a set of policy data that indicates permissions for the electronic device. The electronic device may then generate an electronic record to be associated with the security certificate, which it may sign using a private key. The certificate authority may then verify the authenticity of the signed electronic record using a public key associated with the electronic device. The electronic record may be appended to some collection of records.

Abstract: A uniform protocol can facilitate secure, authenticated communication between a controller device and an accessory device that is controlled by the controller. An accessory and a controller can establish a pairing, the existence of which can be verified at a later time and used to create a secure communication session. The accessory can provide an accessory definition record that defines the accessory as a collection of services, each service having one or more characteristics. Within a secure communication session, the controller can interrogate the characteristics to determine accessory state and/or modify the characteristics to instruct the accessory to change its state.