Abstract: Systems and methods may provide location-based security using multipoint cryptography. The method may include receiving, by a controller, an original message for secure delivery to a mobile terminal. The method may also include generating, by the controller, a plurality of messages to be delivered to the mobile terminal using geographic diversity. The method may further include sending, by the controller, the plurality of messages to geographically diverse transmitters for transmission to the mobile terminal.

Abstract: A method of storing and retrieving a set of original data (E1, . . . , En) in and from a plurality of remote servers (SP1, . . . , SPI+1), comprises a coding step which consists in creating a set of coded data (S1, . . . , SN) from the set of original data (E1, . . . , En), a storing step which consists in storing the set of coded data (S1, . . . , SN) into the plurality of remote servers (SP1, . . . , SPI+1). Each server (SP1, . . . , SPI+1) of the said plurality of servers stores only a respective part of the set of coded data (S1, . . . , SN) and the method comprises a step which consists in generating a table (T1, T2) which indicates which respective part of the set of coded data (S1, . . . , SN) is stored in which server of the said plurality of remote servers (SP1, . . . , SPI+1).

Abstract: A method to perform secure boolean search over encrypted documents is disclosed. Each document is characterized by a set of keywords, all the keywords characterizing all the documents forming an index, the index being translated in an orthonormal basis in which each keyword of the index corresponds to one and only one vector of the orthonormal basis, each document being associated with a resultant vector in the span of the orthonormal basis, the resultant vectors corresponding to all the documents being stored in an encrypted search server. The method includes steps of receiving a search query from a querier; transforming the search query in one query matrix; and determining a general result based on the result of the multiplication between the query matrix and the resultant vectors.

Abstract: For personalizing a smart card (SC) coupled with a communication device (CD) of a user being a subscriber of a first telecommunication network (TN1) and wishing to become a subscriber of a second telecommunication network (TN2), a first international identity (IMSI_1) and a first authentication key (AK_1) being stored in the smart card (SC), the smart card receives a message (MesP) from an application server (AS) connected to the first telecommunication network and the second telecommunication network, the message (MesN) comprising a personalization command (ComP) and an admin code (ACas), after that the application server has received a request (Req) of subscription change comprising an identifier (1dMNO2) of the second telecommunication network (TN2) and has established a secured session with a personalization server (PS) of the second telecommunication network (TN2) identified by the identifier (1dMNO2), and interprets the personalization command (ComP) to establish a secure session with the personalizatio

Abstract: A method and apparatus for personalizing a smart card (SC) in a communication device of a subscriber of a first telecommunication network (TN), who wishes to become a subscriber of a second TN, is disclosed. A first identity and authentication key (AK) are stored in the SC. A first application server (AS) in the first TN receives a request of subscription change comprising an identifier of the second TN, establishes a secured session with a second AS of the second TN, and sends a message comprising the first identity and AK to the second AS so the SC can access the second TN. The second AS sends a second message including a personalization command, admin code, second identity and second AK to the communication device, which executes the personalization command to replace the first identity and AK with the second identity and the second AK if the admin code is valid.

Abstract: A method of storing and retrieving a set of original data (E1, . . . , En) in and from a plurality of remote servers (SP1, . . . , SPI+1), comprises a coding step which consists in creating a set of coded data (S1, . . . , SN) from the set of original data (E1, . . . , En), a storing step which consists in storing the set of coded data (S1, . . . , SN) into the plurality of remote servers (SP1, . . . , SPI+1). Each server (SP1, . . . , SPI+1) of the said plurality of servers stores only a respective part of the set of coded data (S1, . . . , SN) and the method comprises a step which consists in generating a table (T1, T2) which indicates which respective part of the set of coded data (S1, . . . , SN) is stored in which server of the said plurality of remote servers (SP1, . . . , SPI+1).

Abstract: A method and system for initial personalization of a smart card coupled with a communication device of a user who is not yet a subscriber of any telecommunication network are disclosed. A temporary international identity and a temporary authentication key are stored in the smart card and in a home location register connected to a roaming entity of a telecommunication network. A series of signals are exchanged between the smart card, the roaming entity, an application server and a personalization server to establish a secure session between the smart card and the personalization server. During the secure session, the smart card receives a message containing an initial international identity from the personalization server, and replaces the temporary international identity and the temporary authentication key by the initial international identity and the initial authentication key.

Abstract: This method comprises the steps of: —choosing (1) a security parameter n,—segmenting (2) the file in n chunks S1, . . . , Sn, —randomly choosing (3) n2 coefficients aij for i=1, . . . , n and j=1, . . . , n,—verifying (3) that the vectors ai1, . . . , ain, for i=1, . . . , n, are linearly independent, otherwise generating the coefficients again, —computing (4) n linear combinations Ci=ai1S1+ . . . +aijSj+ . . . +ain·Sn, for i=1, n,—choosing (5) n storage service providers Oi, . . . , On among said plurality of storage service provider, —generating (6a; 6b; 6c) n file identifiers ID?1, . . . , ID?n designating said file (F),—storing (6a; 6b; 6c) the combination Ci at the storage service provider Oi in association with the file identifier ID?i, for i=1, . . . , n,—storing the file identifier ID?i and the provider identifier Oi, for i=1, . . . , n, in a file descriptor corresponding to the file (F), this file descriptor being stored in a local memory (LM),—storing the set of coefficients ai,1, . . .

Abstract: A method and apparatus for personalizing a smart card coupled with a communication device of a user who is a subscriber of a first telecommunication network and wishes to become a subscriber of a second telecommunication network is disclosed. A first authentication key is stored in both the smart card and in an first application server included in the first telecommunication network. A secure session is established with a second application server included in the second telecommunication network via the first telecommunication network by negotiating with the first application server and the second application server in order that the smart card and the second application server agree on an second authentication key. Shared values and shared functions according to a secure multiparty computation protocol are used to compute a second authentication key which replaces the first authentication key in the smart card.

Abstract: Server-assisted secure function evaluation (SFE) is performed with input consistency verification for two parties that want to evaluate a function. The server computes a garbled circuit corresponding to the function. A predefined bit of the 0-secret of wire i in the garbled circuit is set to a random bit bi and a predefined bit of the 1-secret of wire i in the garbled circuit is set to bi. The server communicates with each party using an Oblivious Transfer (OT) to provide encrypted versions of the respective inputs of each party. Each party receives the encrypted wire secret of the other party and the garbled circuit for computation of a respective output and stores the predefined bit of a wire of interest of the other party. A given party can verify input consistency by the other party over at least two executions by comparing the values stored by the given party for the at least two executions with corresponding values obtained from the server.

Abstract: A system and method for enabling searchable encryption of encrypted documents stored by a client on one or more storage providers includes a broker server in communication with the client and the one or more storage providers. The broker server is adapted to transfer the encrypted documents between the client and the one or more storage providers and to maintain information indicating where the encrypted documents are transferred. The broker server further stores information for at least one encrypted index for the encrypted documents and a test function for a searchable encryption mechanism used to encrypt the at least one encrypted index.

Abstract: For personalizing a smart card (SC) coupled with a communication device (CD) of a user being a subscriber of a first telecommunication network (TN1) and wishing to become a subscriber of a second telecommunication network (TN2), a first international identity (IMSI—1) and a first authentication key (AK—1) being stored in the smart card (SC), the smart card receives a message (MesP) from an application server (AS) connected to the first telecommunication network and the second telecommunication network, the message (MesN) comprising a personalization command (ComP) and an admin code (ACas), after that the application server has received a request (Req) of subscription change comprising an identifier (1dMNO2) of the second telecommunication network (TN2) and has established a secured session with a personalization server (PS) of the second telecommunication network (TN2) identified by the identifier (1dMNO2), LR2 and interprets the personalization command (ComP) to establish a secure session with the personaliz

Abstract: A method to perform secure boolean search over encrypted documents is disclosed. Each document is characterized by a set of keywords, all the keywords characterizing all the documents forming an index, the index being translated in an orthonormal basis in which each keyword of the index corresponds to one and only one vector of the orthonormal basis, each document being associated with a resultant vector in the span of the orthonormal basis, the resultant vectors corresponding to all the documents being stored in an encrypted search server. The method includes steps of receiving a search query from a querier; transforming the search query in one query matrix; and determining a general result based on the result of the multiplication between the query matrix and the resultant vectors.

Abstract: A method and system for initial personalization of a smart card coupled with a communication device of a user who is not yet a subscriber of any telecommunication network are disclosed. A temporary international identity and a temporary authentication key are stored in the smart card and in a home location register connected to a roaming entity of a telecommunication network. A series of signals are exchanged between the smart card, the roaming entity, an application server and a personalization server to establish a secure session between the smart card and the personalization server. During the secure session, the smart card receives a message containing an initial international identity from the personalization server, and replaces the temporary international identity and the temporary authentication key by the initial international identity and the initial authentication key.

Abstract: This method comprises the steps of: —choosing (1) a security parameter n,—segmenting (2) the file in n chunks S1, . . . , Sn, —randomly choosing (3) n2 coefficients aij for i=1, . . . , n and j=1, . . . , n,—verifying (3) that the vectors ai1, . . . , ain, for i=1, . . . , n, are linearly independent, otherwise generating the coefficients again,—computing (4) n linear combinations Ci=ai1S1+ . . . + aijSj+ . . . + ain·Sn, for i=1, n,—choosing (5) n storage service providers Oi, . . . , On among said plurality of storage service provider,—generating (6a; 6b; 6c) n file identifiers ID?1, . . . , ID?n designating said file (F),—storing (6a; 6b; 6c) the combination Ci at the storage service provider Oi in association with the file identifier ID?i, for i=1, . . . , n,—storing the file identifier ID?i and the provider identifier Oi, for i=1, . . . , n, in a file descriptor corresponding to the file (F), this file descriptor being stored in a local memory (LM),—storing the set of coefficients ai,1, . . .

Abstract: A method and apparatus for personalizing a smart card (SC) in a communication device of a subscriber of a first telecommunication network (TN), who wishes to become a subscriber of a second TN, is disclosed. A first identity and authentication key (AK) are stored in the SC. A first application server (AS) in the first TN receives a request of subscription change comprising an identifier of the second TN, establishes a secured session with a second AS of the second TN, and sends a message comprising the first identity and AK to the second AS so the SC can access the second TN. The second AS sends a second message including a personalization command, admin code, second identity and second AK to the communication device, which executes the personalization command to replace the first identity and AK with the second identity and the second AK if the admin code is valid.

Abstract: A system and method for enabling searchable encryption of encrypted documents stored by a client on one or more storage providers includes a broker server in communication with the client and the one or more storage providers. The broker server is adapted to transfer the encrypted documents between the client and the one or more storage providers and to maintain information indicating where the encrypted documents are transferred. The broker server further stores information for at least one encrypted index for the encrypted documents and a test function for a searchable encryption mechanism used to encrypt the at least one encrypted index.

Abstract: A method for providing enhanced security in cloud computing architecture by managing the types of interaction a server should be allowed, thus preventing decryption of private data. A client may encrypt data using an order preserving encryption (OPE) algorithm. One application of the method and system is a browser-based webmail application where a client may receive email from one or more servers then store the received email that has been associated with OPE data, on a separate server that is not used to send or receive email.

Abstract: Server-assisted secure function evaluation (SFE) is performed with input consistency verification for two parties that want to evaluate a function. The server computes a garbled circuit corresponding to the function. A predefined bit of the 0-secret of wire i in the garbled circuit is set to a random bit bi and a predefined bit of the 1-secret of wire i in the garbled circuit is set to bi. The server communicates with each party using an Oblivious Transfer (OT) to provide encrypted versions of the respective inputs of each party. Each party receives the encrypted wire secret of the other party and the garbled circuit for computation of a respective output and stores the predefined bit of a wire of interest of the other party. A given party can verify input consistency by the other party over at least two executions by comparing the values stored by the given party for the at least two executions with corresponding values obtained from the server.

Abstract: A method and apparatus for personalizing a smart card coupled with a communication device of a user who is a subscriber of a first telecommunication network and wishes to become a subscriber of a second telecommunication network is disclosed. A first authentication key is stored in both the smart card and in an first application server included in the first telecommunication network. A secure session is established with a second application server included in the second telecommunication network via the first telecommunication network by negotiating with the first application server and the second application server in order that the smart card and the second application server agree on an second authentication key. Shared values and shared functions according to a secure multiparty computation protocol are used to compute a second authentication key which replaces the first authentication key in the smart card.