Abstract: Systems and methods may be used for establishing a link between user identifiers of different systems without disclosing specific user identifying information. One method includes generating a matching relationship based on double encrypted one or more first data sets of a first party system and double encrypted one or more second data sets of a second party system. The matching relationship indicates one or more links between match keys associated with the first party system and the match keys associated with the third party system. The method includes assigning bridge identifiers for user identifiers associated with the first party system and the user identifiers associated with the third party system based on the matching relationship.

Abstract: Embodiments described herein enable the generation of cryptographic material for ranging operations in a manner that reduces and obfuscates potential correlations between leaked and secret information. One embodiment provides for an apparatus including a ranging module having one or more ranging sensors. The ranging module is coupled to a secure processing system through a hardware interface to receive at least one encrypted ranging session key, the ranging module to decrypt the at least one encrypted ranging session key to generate a ranging session key, generate a sparse ranging input, derive a message session key based on the ranging session key, and derive a derived ranging key via a key derivation cascade applied to the message session key and the sparse ranging input, the derived ranging key to encrypt data transmitted during a ranging session.

Abstract: Computer code embedded in an electronic component (e.g., a processor, a sensor, etc.) of a medical device, such as a dialysis machine, can be authenticated by comparing a metadata signature derived from the computer code of the electronic component to a key derived from a pre-authenticated code associated with the electronic component. The metadata signature can be derived by running an error-check/error-correct algorithm (e.g., SHA256) on the computer code of the electronic component. A use of the metadata signature enables detection of any unauthorized changes to the computer code as compared to the pre-authenticated code.

Abstract: Execution of an application in an application-level sandbox is disclosed. A request to launch an application is received by an operating system executing on a device. A determination is made that a stored copy of the application should be executed within an application-level sandbox. The stored copy of the application is executed in the application-level sandbox.

Abstract: Embodiments of the present invention provide a system for providing enhanced cryptography based response mechanism for malicious attacks. The system is configured for generating one or more tracker seeds, storing the one or more tracker seeds in at least one entity system associated with an entity, identifying a malicious event associated with data in the at least one entity system, in response to identifying the malicious event, identifying an encryption algorithm and a key for the malicious event based on the one or more tracker seeds, and decrypting the data in the at least one entity system based on the encryption algorithm key pair.

Abstract: Methods and systems for communicating information are disclosed. An example method can comprise receiving information at a first device based on a first protocol. The information can be translated, at the first device, for communication to a second device based on a second protocol. A determination can be made as to whether the information matches a criterion associated with a transportation device. The information can be provided to the second device based on the second protocol and a determination that the information matches the criterion.

Abstract: An authentication and encryption protocol is provided that can be implemented within a single clock cycle of an integrated circuit chip while still providing unbreakable encryption. The protocol of the present invention is so small that it can co-exist on any integrated circuit chip with other functions, including a general purpose central processing unit, general processing unit, or application specific integrated circuits with other communication related functionality.

Abstract: An authentication and encryption protocol is provided that can be implemented within a single clock cycle of an integrated circuit chip while still providing unbreakable encryption. The protocol of the present invention is so small that it can co-exist on any integrated circuit chip with other functions, including a general purpose central processing unit, general processing unit, or application specific integrated circuits with other communication related functionality.

Abstract: A mechanism for providing secure feature and key management in integrated circuits is described. An example integrated circuit includes a secure memory to store a secret key, and a security manager core, coupled to the secure memory, to receive a digitally signed command, verify a signature associated with the command using the secret key, and configure operation of the integrated circuit using the command.

Abstract: A system and method for federated identity functionality for API integration can include creating an identity token associated with an application service; in association with the application service, configuring a linked service token of an external service; storing the linked service token in association with the identity token; invoking the application service which includes validating the identity token and performing an application programming interface (API) interaction with the external service using the linked service token.

Abstract: Various systems, mediums, and methods herein describe aspects of personal information platforms accessible with client devices over communication networks in data infrastructures. A system may determine data associated with a user. The system may determine a personal information platform (PIP) based on the data associated with the user, where the PIP is configured to identify a number of data types from the data associated with the user. The system may determine accesses for one or more entities to the number of data types based on one or more services provided by the one or more entities to the user. The system may cause a client device to display an indication of the PIP, where the indication provides the one or more accesses of the one or more entities.

Abstract: Digital or “smart” contracts execute in a blockchain environment. Any entity (whether public or private) may specify a digital contract via a blockchain. Because there may be many digital contracts offered as virtual services, the contract identifier uniquely identifies a particular decision table and/or the digital contract offered by a virtual machine, vendor or supplier. The blockchain is thus not burdened with the programming code that is required to execute the decision table and/or the digital contract. The blockchain need only include or specify the contract identifier (and perhaps one or more contractual parameters), thus greatly simplifying the blockchain and reducing its size (in bytes) and processing requirements.

Abstract: In certain embodiments, shares related to an output of a function having multiple shares of a secret as input may be computed. In some embodiments, with respect to initial key shares of a key that are collectively held by multiple parties, an output of an arithmetic function (performed on an initial key share of the initial key shares) may be received from each of the multiple parties. The outputs from the multiple parties may be provided as input for a Multi-Party Computation (MPC) process, where the MPC process outputs final key shares in connection with the outputs from the multiple parties being provided as input for the MPC process. With respect to each party of the multiple parties, a final key share of the final key shares may be sent to the party.

Abstract: A system, method, and non-transitory computer readable storage medium for privacy preserving routing of a data packet. The data packet may comprise a packet header and a data payload; the packet header comprising at least a homomorphically encrypted final destination address of a final destination device. An intermediate routing device may receive the data packet. At the intermediate routing device, in a non-TEE, homomorphic computations may be performed to determine a homomorphically encrypted address of a next intermediate routing device. At the intermediate routing device, in a TEE, one or more secret homomorphic decryption keys may be stored and used to decrypt the homomorphically encrypted address of the next address of the next intermediate routing device. The data packet may be transmitted to the decrypted address of the next intermediate routing device according to an updated packet header with the unencrypted address of the next intermediate routing device in the sequence.

Abstract: A system and process for performing a touchless key provisioning operation for a communication device. In operation, a key management facility (KMF) imports a public key and a public key identifier uniquely identifying the public key of the communication device. The public key is associated with an asymmetric key pair generated at the communication device during its factory provisioning and configuration. The KMF registers the communication device and assigns a key encryption key (KEK) for the communication device. The KMF then provisions the communication device by deriving a symmetric touchless key provisioning (TKP) key based at least in part on the public key of the communication device, encrypting the KEK with the symmetric TKP key to generate a key wrapped KEK, and transmitting the key wrapped KEK to the communication device for decryption by the communication device.

Abstract: The system can be for the management of access authorization using an immutable ledger comprising and can include a server having a computer readable medium in communications with an immutable ledger. A set of computer readable instructions can be included in the server and can be configured for: receiving a set of data, encrypting the set of data with a data-encryption-key and storing the encrypted data on the immutable ledger, creating a key tree having a node associated with a user, creating a key-encryption-key associated with the node and the user, and, distributing the key-encryption-key to the user wherein the key-encryption-key is configured to decrypt the data-encryption-key thereby providing access to the data for the user.

Abstract: Provided is an analysis device with which it is possible to find information relating to the intention and purpose of an attacker. The analysis device is provided with a purpose estimating means that estimates the purpose of behavior, based on predetermined behavior in the computer and knowledge information that includes the relation between the behavior and the purpose of executing the behavior.

Abstract: A system having multiple devices that can host different versions of an artificial neural network (ANN). In the system, inputs for the ANN can be obfuscated for centralized training of a master version of the ANN at a first computing device. A second computing device in the system includes memory that stores a local version of the ANN and user data for inputting into the local version. The second computing device includes a processor that extracts features from the user data and obfuscates the extracted features to generate obfuscated user data. The second device includes a transceiver that transmits the obfuscated user data. The first computing device includes a memory that stores the master version of the ANN, a transceiver that receives obfuscated user data transmitted from the second computing device, and a processor that trains the master version based on the received obfuscated user data using machine learning.

Abstract: Techniques are described to generate a first security key when a user equipment operating in an inactive state initiates a data transmission or a procedure to resume network connection. The first security key is generated based on a second security key associated with a first network node and a counter value, and the first security key is associated with a second network node and is used to generate user plane security keys to transmit data to or to receive data from one or more network nodes.

Abstract: A multi-hop mesh network includes a root network device and a first network device. The first network device is configured to establish a first direct wireless connection with the root network device and negotiate a first shared secret key with the root network device. The multi-hop network further includes a second network device configured to establish a second direct wireless connection with the first network device and negotiate a second shared secret key with the first network device.