Abstract: Techniques are disclosed for transmitting a secure message over a public or untrusted network. The techniques include receiving a message and creating multiple hash values of the message. A sending device signs and encrypts the message and hash values, then encapsulates and transmits to the message and hash values a security server. The security server receives and de-encapsulates the message and hash values, decrypts the message and hash values, and verifies the signature. The security server verifies the hash values and determines whether any changes were made to the message during transmission. If verified, the security server processes the message for transmission to the recipient. The security server creates multiple hash values of the original message, signs and encrypts the message and the hash values, encapsulates the message and hash values and transmits to a recipient device for further verification and presentation to the recipient.

Abstract: A process for securely processing a search query for homomorphically encrypted search results is provided. The process includes receiving a search query from a requesting device, the search query including a request for encrypted data stored in a data store operably coupled to the one or more processors. The process further includes executing a search function to access a set of search results from the data store, the search results including homomorphically encrypted information, and determining, based upon the search query, a transmission encryption technique for secure transmission of the search results to the requesting device. The search results can be additionally encrypted using the transmission encryption technique to generate an additionally encrypted search response that includes the homomorphically encrypted information. The process can further include causing transmission of the additionally encrypted search response to the requesting device.

Abstract: A zero knowledge communications protocol is provided that can unconditionally secure communications sent through a communications network by encrypting all messages, continuously sending noise messages through the network, and routing all network activity through an anonymity network. This combination of components prevent an eavesdropper on the network from garnering any information about when a communication is sent, the contents and statistics of a communication, the sender, or the intended recipient of the communication.

Abstract: Techniques are disclosed for securing data stored on a minimally trusted third-party data store. The techniques include directing all messages for storing data and retrieving stored data through a security server. The security server can be configured to receive encrypted data for storage at a remote data store, decrypt the encrypted data, generate index information for the decrypted data, encrypt the index information, encrypt the decrypted data to produce re-encrypted data, digitally sign the re-encrypted data, and cause transmission of the re-encrypted data and the encrypted index information to the remote data store. To access stored data, the security server can be configured to receive a query for stored data, encrypt the query, cause transmission of the encrypted query to the remote data store, receive a copy of the stored data, process the copy of the stored data, and cause transmission of the stored data to the requesting computer.

Abstract: Techniques are disclosed for multi-hop security amplification. The techniques disclosed provide multi-hop security amplification by applying a secret sharing scheme to data as the data is routed within a network to an intended recipient device. In an embodiment, a sending device divides the data into shares based on a secret sharing scheme, and sends the shares to respective network nodes in a network. These network nodes then divide their respective shares into lower-level shares based on the secret sharing scheme, and route the lower-level shares to downstream network nodes for further routing to the intended recipient device. The intended recipient device receives some or all of the lower-level shares and reconstructs the data from the received lower-level shares. In an embodiment, the secret sharing scheme is a threshold-based secret sharing scheme, such as Shamir's secret sharing scheme.

Abstract: Techniques are disclosed for transmitting a secure message over a public or untrusted network. The techniques include receiving a message and creating multiple hash values of the message. A sending device signs and encrypts the message and hash values, then encapsulates and transmits to the message and hash values a security server. The security server receives and de-encapsulates the message and hash values, decrypts the message and hash values, and verifies the signature. The security server verifies the hash values and determines whether any changes were made to the message during transmission. If verified, the security server processes the message for transmission to the recipient. The security server creates multiple hash values of the original message, signs and encrypts the message and the hash values, encapsulates the message and hash values and transmits to a recipient device for further verification and presentation to the recipient.

Abstract: Techniques are disclosed for multi-hop security amplification. The techniques disclosed provide multi-hop security amplification by applying a secret sharing scheme to data as the data is routed within a network to an intended recipient device. In an embodiment, a sending device divides the data into shares based on a secret sharing scheme, and sends the shares to respective network nodes in a network. These network nodes then divide their respective shares into lower-level shares based on the secret sharing scheme, and route the lower-level shares to downstream network nodes for further routing to the intended recipient device. The intended recipient device receives some or all of the lower-level shares and reconstructs the data from the received lower-level shares. In an embodiment, the secret sharing scheme is a threshold-based secret sharing scheme, such as Shamir's secret sharing scheme.

Abstract: A zero knowledge communications protocol is provided that can unconditionally secure communications sent through a communications network by encrypting all messages, continuously sending noise messages through the network, and routing all network activity through an anonymity network. This combination of components prevent an eavesdropper on the network from garnering any information about when a communication is sent, the contents and statistics of a communication, the sender, or the intended recipient of the communication.