Abstract: Collaborative multiparty homomorphic encryption comprising receiving a linear common public key collaboratively generated by a plurality of parties as a sum of linear public key shares associated with the respective plurality of parties. Each of two ciphertexts may be encrypted with the linear common public key and the two ciphertexts may be combined by a non-linear computation to generate a result ciphertext encrypted by a non-linear public key. The result ciphertext may be re-encrypted with a re-linearization key to swap encryption keys from the non-linear public key to a linear public key. The re-encrypted result ciphertext may be distributed to the plurality of parties to each partially decrypt the re-encrypted result ciphertext by a linear secret key share associated with the party, which in combination fully decrypts the result by a linear common secret key that is a sum of the secret key shares of the respective plurality of parties.

Abstract: A system may be configured to prepare and use prediction models for predicting existence of fingerprints among encrypted traffic. Some embodiments may: obtain a machine learner configured to identify statistical differences between pseudo-randomness associated with encrypted user data and higher-entropy randomness associated with a set of other data; determine at least a portion of a path traversed by the encrypted user data in the network based on the identification; and secure the network based on the determination.

Abstract: Systems and methods for generating min-increment counting bloom filters to determine count and frequency of device identifiers and attributes in a networking environment are disclosed. The system can maintain a set of data records including device identifiers and attributes associated with device in a network. The system can generate a vector comprising coordinates corresponding to counter registers. The system can identify hash functions to update a counting bloom filter. The system can hash the data records to extract index values pointing to a set of counter registers. The system can increment the positions in the min-increment counting bloom filter corresponding to the minimum values of the counter registers. The system can obtain an aggregated public key comprising a public key. The system can encrypt the counter registers using the aggregated shared key to generate an encrypted vector. The system can transmit the encrypted vector to a networked worker computing device.

Abstract: A secure strong mapping computing system is a secure joining system including a plurality of secure computing apparatuses. The plurality of secure computing apparatuses include a first vector joining unit 11n, a first permutation calculation unit 12n, a first vector generation unit 13n, a second vector joining unit 14n, a first permutation application unit 15n, a second vector generation unit 16n, a first inverse permutation application unit 17n, and a first vector extraction unit 18n.

Abstract: A secure joining system is a secure joining system including a plurality of secure computing apparatuses. The plurality of secure computing apparatuses include a first vector joining unit, a first permutation calculation unit, a first vector generation unit, a second vector joining unit, a first permutation application unit, a second vector generation unit, a first inverse permutation application unit, a first vector extraction unit, a second permutation application unit, a third vector generation unit, a second inverse permutation application unit, a second vector extraction unit, a modified second table generation unit, a third permutation application unit, a fourth vector generation unit, a shifting unit, a third inverse permutation application unit, a bit inversion unit, a third vector extraction unit, a modified first table generation unit, a first table joining unit, and a first table formatting unit.

Abstract: A device, method or executable instructions that include receiving, over a network, an authentication request from a user device for performing a function utilizing a first authentication method, obtaining network intelligence data for a mobile network over the network, and identifying a risk for each of multiple authentication methods in response to analyzing device security behavior and the network intelligence data. Further embodiments include identifying a first risk for the first authentication method and identifying a second risk for the function, determining the first risk is higher than the second risk, and identifying a second authentication method that is associated with the second risk. Additional embodiments include notifying the user device of the second risk for the function, and providing a recommendation to the user device to utilize the second authentication method to perform the function. Other embodiments are disclosed.

Abstract: A system for split keys for wallet recovery includes an interface configured to receive a request to recover a user private key, and a processor configured to provide a request to a credential issuing authority for a first encrypted recovery key share, wherein the request includes a first identification credential, receive the first encrypted recovery key share from the credential issuing authority, provide a request to a trusted organization for a second encrypted recovery key share, wherein the request includes a second identification credential, receive the second encrypted recovery key share from the trusted organization, combine the first encrypted recovery key share and the second encrypted recovery key share to determine a recovered encryption key, and determine the user private key using the recovered encryption key.

Abstract: According to one embodiment, a secure computing method includes setting a coefficient selected from a ring of integers Q based on first data X, generating n pieces of first fragment data from the first data X based on the coefficient, causing a learning model held in the computing device to learn the first fragment data, generating n pieces of second fragment data from second data Z based on the coefficient, performing, by each of the n computing devices, inference based on the second fragment data using the learning model, and obtaining decoded data dec by decoding k pieces of inference result data. The coefficient is set to make each of the n pieces of first fragment data less than a maximum value of the ring of integers Q.

Abstract: An electronic device generates a first key pair associated with the electronic device. A first secret key of the first key pair is generated based on device properties including identification information of the electronic device. The electronic device transmits a communication request to a verifier device. The electronic device generates zero-knowledge information which is based on the generated first secret key. A first public key of the first key pair is stored in the verifier device. The electronic device transmits the zero-knowledge information to the verifier device for a verification of the transmitted communication request. The verification of the communication request is based on the first public key. The electronic device receives verification information from the verifier device based on the transmitted zero-knowledge information and a successful verification of the verification of the transmitted communication request.

Abstract: Disclosed is a method for constructing an auditable and privacy-preserving collaborative deep learning platform based on a blockchain-empowered incentive mechanism, which allows trainers of multiple similar models to cooperate for training deep learning models while protecting confidentiality and auditing correctness of shared parameters. The invention has the following technical effects. Firstly, the encryption method used by model trainers protects the confidentiality of sharing parameters; furthermore, the updated parameters are decrypted through the cooperation of all participants, which reduces the possible disclosure of parameters. Secondly, the encrypted parameters are stored in the blockchain, and are only available to participants and authorized miners who are responsible to update parameters.

Abstract: A device and a network can authenticate using a subscription concealed identifier (SUCI). The device can store (i) a plaintext subscription permanent identifier (SUPI) for the device, (ii) a network static public key, and (iii) a key encapsulation mechanism (KEM) for encryption using the network static public key. The network can store (i) a device database with the SUPI, (ii) a network static private key, and (iii) the KEM for decryption using the network static private key. The device can (i) combine a random number with the SUPI as input into the KEM to generate a ciphertext as the SUCI, and (ii) transmit the ciphertext/SUCI to the network. The network can (i) decrypt the ciphertext using the KEM to read the SUPI, (iii) select a key K from the device database using the SUPI, and (iv) conduct an Authentication and Key Agreement (AKA) with the selected key K.

Abstract: Some embodiments are directed to a computation device configured for batch-wise multiparty verification of a computation which has been performed multiple times. The computations being multiparty computations that are cryptographically shared between the computation device and multiple other computation devices. The computation device is configured to perform the computation a further time to obtain a randomizing computation on a randomizing set of values.

Abstract: Provided is a system that includes at least one processor programmed or configured to provision a client device for access to an online source of information, transmit a private encryption key of a public/private encryption key pair to a software agent of the client device, receive a first hash value from the software agent, wherein the first hash value is generated using the private encryption key, receive a second hash value from the software agent, determine whether to allow access to the online source of information by the software agent based on the first hash value and the second hash value received from the software agent, process a request to access the online source of information involving the software agent, and store a data record associated with a data transaction involving the online source of information in a data structure. Methods and computer program products are also provided.

Abstract: Resource user authentication and authorization is provided. An authentication code is generated based on using a retrieved attribute-based encryption user key as a secret key for a keyed-hash message authentication code digital signature over a set of header fields of a protected resource access request received from a client device of a resource user via a network. The generated authentication code is compared with an authentication code read within an embedded header field of the protected resource access request. It is determined whether a match exists between the generated authentication code and the authentication code read within the embedded header field. In response to determining that a match does exist, the resource user is authenticated. Decryption of an encrypted protected resource corresponding to the protected resource access request is performed using the retrieved attribute-based encryption user key corresponding to the resource user in response to authentication of the resource user.

Abstract: Cryptographically identifying a device to a service includes: providing the cloud service with a cryptographically signed token, the token being embedded in the device when the device was manufactured, the token including first information and second information. The cloud service verifies the token using a public key associated with the second information and determines a user using the first information. The device receives, from the cloud service, provisioning information customized for the user and including a client certificate for communicating with the cloud service.

Abstract: Methods and systems generate seeds for public-private key pairs by determining a timestamp value associated with a process design kit (PDK) when a user of the PDK triggers a tool of the PDK while designing an integrated circuit device to have a physical unclonable function device (PUF). The methods and systems generate a first value by mapping the timestamp value to data of the user, generate a second value by mapping the timestamp value to configuration data of the PDK, and generate a third value by mapping the timestamp value to layout data of the PDK. A random number is then generated by applying a function to the first value, the second value, and the third value. A public-private encryption key pair is generated using the random number as a first seed number and using a second number generated by the number generation device as a second seed number.

Abstract: Methods and systems for managing cryptographic keys in on-premises and cloud computing environments and performing multi-party cryptography are disclosed. A cryptographic key can be retrieved from a hardware security module by a key management computer. The key management computer can generate key shares from the cryptographic key, and securely distribute the key shares to computer nodes or key share databases. The computer nodes can use the key shares in order to perform secure multi-party cryptography.

Abstract: Conventionally, biometric template protection has been achieved to improve matching performance with high levels of security by use of deep convolution neural network models. However, such attempts have prominent security limitations mapping information of images to binary codes is stored in an unprotected form. Given this model and access to the stolen protected templates, the adversary can exploit the False Accept Rate (FAR) of the system. Secondly, once the server system is compromised all the users need to be re-enrolled again. Unlike conventional systems and approaches, present disclosure provides systems and methods that implement encrypted deep neural network(s) for biometric template protection for enrollment and verification wherein the encrypted deep neural network(s) is utilized for mapping feature vectors to a randomly generated binary code and a deep neural network model learnt is encrypted thus achieving security and privacy for data protection.

Abstract: A computing system can include a plurality of clients located outside a cloud-based computing environment, where each of the clients may be configured to encode respective original data with a respective unique secret key to generate data hypervectors that encode the original data. A collaborative machine learning system can operate in the cloud-based computing environment and can be operatively coupled to the plurality of clients, where the collaborative machine learning system can be configured to operate on the data hypervectors that encode the original data to train a machine learning model operated by the collaborative machine learning system or to generate an inference from the machine learning model.

Abstract: To efficiently determine intermediate data for use with an aggregate function while keeping confidentiality, a bit decomposition unit generates a share of a bit string by bit decomposition and concatenation of key attributes. A group sort generation unit generates a share of a first permutation, which performs a stable sort of the bit string in ascending order. A bit string sorting unit generates a share of a sorted bit string obtained by sorting the bit string with the first permutation. A flag generation unit generates a share of a flag indicating a boundary between groups. A key aggregate sort generation unit generates a share of a second permutation, which performs a stable sort of the negation of the flag in ascending order. A de-duplication unit generates shares of de-duplicated key attributes. A key sorting unit generates shares of sorted key attributes by sorting the de-duplicated key attributes.