Abstract: Computation efficiency of distributed secure implementation of the computation of a (sum of) products of values Vi, Wi from different servers on a distributed computing system is improved by generation of coefficients of a first and second polynomials P, Q by a first server. The first polynomial P has all numbers Xi from a first data set on the first server as roots. The second polynomial Q has values Q(Xi)=Vi for the numbers Xi from the first data set. The first server transmits coefficients of the polynomials to a second server in encrypted form. The second sever computes encrypted values <P(Xi?)> and <Q(Xi?)> of the polynomials for a number Xi? in a second set from the encrypted coefficients. The second server computes an encrypted binary value <di> from the encrypted value <p(Xi?) of the first polynomial p and computes an encrypted value of a product <di Q(Xi?) Wi>.

Abstract: The computation efficiency of distributed secure implementation of the computation of a (sum of) products of values Vi, Wi from different servers on a distributed computing system is improved by generation of coefficients of a first polynomial and second polynomial by a first server. The first polynomial P has all numbers Xi from a first data set on the first server as roots. The second polynomial Q has values Q(Xi)=Vi for the numbers Xi from the first data set. The first device transmits coefficients of the first and second polynomial P, Q to a second server in encrypted form. The second sever computes encrypted values <P(Xi?)> and <Q(Xi?)> of the first and second polynomial P, Q for a number Xi? in a second set from the encrypted coefficients.

Abstract: A result of application of a test to information about a user (U) is securely transmitted between a source of information (A) and a destination of information (B) via an intermediary device (C). The source of information can be, for example, a database of personal data, and the destination of information (B) a server of a service provider performing services depending on an age limit. The intermediary device (C) minimizes the information that is made available to the source (A) and the destination (B) about the purpose of the test and the underlying data. To this end, the intermediary device (C) executes a secure comparison protocol with the source (A), whereby the encrypted result is additionally blinded, for example, with a blinding that comes from the user. The intermediary device (C) decrypts the blinded encrypted result, so that a blinded result is left. The destination B removes the blinding, preferably on the basis of blinding information of the user.

Abstract: A method for enabling a client in a user device to securely evaluate a linear branching program. The program may include decision nodes and end-labels. A decision node is associated with a comparison computation for comparing a first value with a second value and a decision rule that links the outcome of the comparison computation to a further decision node or end-label. The method includes transforming the comparison computation into encrypted evaluation sequences on the basis of an additive homomorphic cryptosystem. An evaluation sequence of a decision node includes a sequence of numbers in which the outcome of a comparison computation at a node is embedded; and, evaluating evaluation sequences, evaluating including detecting presence of a predetermine value in an evaluation sequence of a node and determining an evaluation sequence of a further node or an end-label on the basis of the detection of the predetermined value.

Abstract: A recommender system provides recommendation scores based on stored ratings for media items, for example to assist control of selection of a media item for rendering by a terminal. Data representing stored rating values for media items is stored in a storage system for use to compute the recommendation scores. A processing system records an input rating value for a first one of the media items in the storage system, based on measured activity or input of a user. Furthermore information is acquired about a group of users in the company of which the input rating value applies for the user. This information is recorded in combination with the rating value. The processing system may compute a recommendation score for a second group of users from the stored rating values, dependent on a comparison of the second group of users and the recorded information about the group.

Abstract: The recommender system uses a processing system configured to determine recommendation scores using a collaborative rating process. Collaborative rating process involves determining correlations between ratings for media items provided by a current user for which a recommendation score has to be computed and by further users, and computing recommendation scores from ratings for other media items from ratings from the further users, dependent on the correlation.

Abstract: Methods and systems are described for enabling secure delivery and watermarking of at least part of a content item X using a split-key cryptosystem comprising encryption and decryption algorithms E and D, a key generating algorithm for generating encryption and decryption keys e, d, a split-key algorithm for splitting e into i different split-encryption keys e1, e2, . . . , ei and/or for splitting d into k different split-decryption keys d1, d2, . . . , dk respectively wherein i, k?1 and i+k>2; wherein executing i consecutive encryption operations and k consecutive decryption operations on content item X using said split-encryption and split-decryption keys respectively, generates a fully decrypted content item X (Ddk(Ddk-1( . . . (Dd2(Dd1(Eei(Eei-1( . . . (Ee2(Ee1(X)) . . . ))=X).

Abstract: A data object is encoded in a redundant code. The redundant code defines a decoding scheme for reconstructing the data object from a sub-set of the encoded data parts. At least the sub-set of the encoded data parts is encrypted using a homomorphic encryption scheme, which allows equivalents of the arithmetic operations of a reconstruction process to be performed on encrypted encoded data parts. The data parts are stored distributed over a plurality of source terminals of a communication network, for use by a target terminal of the communication network. Upon a retrieval command from the target terminal, an upload management module determines which source terminals are available and the upload management module determines causes a selected set of terminals to transmit the encrypted encoded data parts each via its own connection to the network to a decoder server.

Abstract: A result of application of a test to information about a user (U) is securely transmitted between a source of information (A) and a destination of information (B) via an intermediary device (C). The source of information can be, for example, a database of personal data, and the destination of information (B) a server of a service provider performing services depending on an age limit. The intermediary device (C) minimizes the information that is made available to the source (A) and the destination (B) about the purpose of the test and the underlying data. To this end, the intermediary device (C) executes a secure comparison protocol with the source (A), whereby the encrypted result is additionally blinded, for example, with a blinding that comes from the user. The intermediary device (C) decrypts the blinded encrypted result, so that a blinded result is left. The destination B removes the blinding, preferably on the basis of blinding information of the user.

Abstract: A method for enabling a client in a user device to securely evaluate a linear branching program. The program may include decision nodes and end-labels. A decision node is associated with a comparison computation for comparing a first value with a second value and a decision rule that links the outcome of the comparison computation to a further decision node or end-label. The method includes transforming the comparison computation into encrypted evaluation sequences on the basis of an additive homomorphic cryptosystem. An evaluation sequence of a decision node includes a sequence of numbers in which the outcome of a comparison computation at a node is embedded; and, evaluating evaluation sequences, evaluating including detecting presence of a predetermine value in an evaluation sequence of a node and determining an evaluation sequence of a further node or an end-label on the basis of the detection of the predetermined value.

Abstract: Devices are provided with secret information to indicate which other devices are eligible to establish communication sessions. Information leaks about the eligibility of devices are prevented when no communication sessions are established. Each device makes a set of preference information items publicly available. Each preference information item selects an eligible device in cloaked way. Each protected information item contains protected information such as an encrypted random number that can be decrypted only by the eligible device. When a request to establish a communication is processed by a first and second device, the first and second device indicate which of their preference information items should be used. The devices then each attempt to decrypt the protected information from the other one's indicated preference information item and each combines the result with the protected information used to make the preference information item that it indicated to the other.

Abstract: A data object is encoded in a redundant code. The redundant code defines a decoding scheme for reconstructing the data object from a sub-set of the encoded data parts. At least the sub-set of the encoded data parts is encrypted using a homomorphic encryption scheme, which allows equivalents of the arithmetic operations of a reconstruction process to be performed on encrypted encoded data parts. The data parts are stored distributed over a plurality of source terminals of a communication network, for use by a target terminal of the communication network. Upon a retrieval command from the target terminal, an upload management module determines which source terminals are available and the upload management module determines causes a selected set of terminals to transmit the encrypted encoded data parts each via its own connection to the network to a decoder server.

Abstract: Methods and systems are described for enabling secure delivery of a content item from a content source to a content receiving device associated with a decryption module configured for use with a split-key cryptosystem comprising encryption and decryption algorithms E and D, a cipher algorithm for generating encryption and decryption keys e,d on the basis of secret information S and a split-key algorithm for splitting e and/or d into i different split-encryption keys e1, e2, . . . , ei and/or k different split-decryption keys d1, d2, . . . , dk respectively, such that Ddk(Ddk-1( . . . (Dd2(Dd1(Eei(Eei-1( . . . (Ee2(Ee1(X)) . . . ))=Ddk(Ddk-1( . . . (Dd2(Dd1(Xe1, e2, . . .

Abstract: A recommender system provides recommendation scores based on stored ratings for media items, for example to assist control of selection of a media item for rendering by a terminal. Data representing stored rating values for media items is stored in a storage system for use to compute the recommendation scores. A processing system record an input rating value for a first one of the media items in the storage system, based on measured activity or input of a user. Furthermore information is acquired about a group of users in the company of which the input rating value applies for the user. This information is recorded in combination with the rating value. The processing system may compute a recommendation score for a second group of users from the stored rating values, dependent on a comparison of the second group of users and the recorded information about the group for which it applies.

Abstract: The recommender system uses a processing system configured to determine recommendation scores using a collaborative rating process. Collaborative rating process involves determining correlations between ratings for media items provided by a current user for which a recommendation score has to be computed and by further users, and computing recommendation scores from ratings for other media items from ratings from the further users, dependent on the correlation. To handle groups, information is determined by identifying a plurality of users is determined that concurrently use a user terminal, and group correlation values for use in the collaborative rating process are computed from rating values from individual ones of the users in the group. Synthetic rating values for the group may be computed from a sum of rating values of the members and then used to compute the correlation.

Abstract: Method for shared secret verification in secure data exchange, in which at least two parties, indicated as Alice and Bob, each have a secret and seek to determine whether they share the same secret or not without disclosing the secret itself to each other or any third party. Alice picks a random number RA, encrypts it using Bob's public key, adds the value of her secret, and sends the result K to Bob. Bob receives K, subtracts his secret, and decrypts that using his private key, generating L. Bob performs a one-way function on L and sends the result M to Alice. Alice takes her original RA, performs the same function and verifies whether the result equals the received M. Alice sends her original RA to Bob. Bob receives the RA and verifies whether it equals L, allowing Bob to determine if Alice shares the same secret.

Abstract: System for outputting a choice recommendation to one or more users based on earlier choices made by them. A data record is made per choice per user, each data record including a representation of the user, a representation of the choice and a representation of any other user involved with that choice, such as other users that watched a program with the user. The data record may include a representation of the user, a representation of the choice and a representation of no more than one other user involved with that choice, where more records are made when more other users are involved. The data record may include a representation of an environment linked to the choice, e.g. of a localization and/or hardware and/or software linked to the choice. The recorded representation of other users involved with the choice, such as other users that watched a program with the user, is used later to compute the choice recommendation.

Abstract: Devices are provided with secret information to indicate which other devices are eligible to establish communication sessions. Information leaks about the eligibility of devices are prevented when no communication sessions are established. Each device makes a set of preference information items publicly available. Each preference information item selects an eligible device in cloaked way. Each protected information item contains protected information such as an encrypted random number that can be decrypted only by the eligible device. When a request to establish a communication is processed by a first and second device, the first and second device indicate which of their preference information items should be used. The devices then each attempt to decrypt the protected information from the other one's indicated preference information item and each combines the result with the protected information used to make the preference information item that it indicated to the other.

Abstract: Method for shared secret verification e.g. to be applied in secure data exchange, in which at least two parties, hereinafter indicated as Alice and Bob, each have a secret while their challenge is to find out whether they share the same secret or not, however, without disclosing the secret itself to each other or to any third party. The method comprises the following steps. In step 1, Alice picks a random number RA, encrypts it using Bob's public key PUB, adds the value of her secret SA, and sends the result K to Bob. In step 2 Bob receives K, subtracts his secret SB, and performs a decryption using his own private key PRB. In step 3 Bob performs the one-way function H on L and sends the result M to Alice. In step 4 Alice receives M, takes her original random number RA, performs the same one-way function H and verifies whether the result equals the received M. In step 5 Alice sends her original random number RA to Bob.