Abstract: Systems, methods, and computer-executable instructions for secure data analysis using encrypted data. An encryption key and a decryption key are created. The security of encryption using the encryption key and the decryption key are based upon factoring. A computation key is created based upon the encryption key. Data is encrypted using the encryption key. The encrypted data and the computation key are provided to a remote system. The remote system is requested to perform data analysis on the encrypted data. An encrypted result of the data analysis is received from the remote system. The encrypted result of the data analysis is decrypted with the decryption key.

Abstract: Systems, methods, and computer-executable instructions for homomorphic data analysis. Encrypted data is received, from a remote system, that has been encrypted with an encryption key. A number of iterations to iterate over the encrypted data is determined. A model is iterated over by the number of iterations to create an intermediate model. Each iteration updates the model, and the model and the intermediate model encrypted with the encryption key. The intermediate model is provided to the remote system. An updated model based upon the intermediate model is received from the remote system. The updated model is iterated over until a predetermined precision is reached to create a final model. The final model is provided to the remote system. The final model is encrypted with the encryption key.

Abstract: Operating upon encrypted data with a particular data scope. A base encryption key is established and associated with the particular data scope, and then stored in a base encryption key store. That base encryption key store might be managed by an application or service that stores base encryption keys for multiple data scopes. A proxy encryption key acts as a kind of proxy for the base encryption key. The proxy encryption key may be used for frequent operations on encrypted data within the particular data scope. Thus, the principles described herein act as a frequency amplifier that allows key-based operations upon the particular data scope to be performed at much higher frequencies than otherwise would be possible by operating directly using the base encryption key.

Abstract: Data formatting rules to convert data from one form to another form are automatically determined based on a user's edits. A machine learning heuristic is applied to a user's edits to determine a data formatting rule that may be applied to data. For example, a user may make edits that add/remove characters from data, concatenate data, extract data, rename data, and the like. The machine learning heuristic may be automatically triggered in response to an event (e.g. after a predetermined number of edits are made to a same type of data) or manually triggered (e.g. selecting a user interface option). The data formatting rule may be applied to other data and the results of the formatting reviewable by the user. Based on further edits/reviews, the data formatting rule may be updated. The data formatting rules may be stored for later use.

Abstract: A device establishes a key recovery policy and generates a key that is protected based on the key recovery policy. The key recovery policy indicates which combinations of other entities can recover the protected key. The device generates different shares of the protected key, each share being a value that, in combination with the other share(s), allows the protected key to be recovered. Each share is associated with a particular leaf agent, the device encrypts each share with the public key of the leaf agent associated with the share and provides the encrypted share to a service. When recovery of the protected key is desired, a recovering authority can generate the protected key only if the recovering authority receives decrypted shares from a sufficient one or combination of leaf agents as indicated by the recovery policy.

Abstract: This description relates to secure, efficient, confidential, and/or outsourced blockchain networks, which can enable a group of mutually distrusting participants to securely share state and then agree on a linear history of operations on that shared state.

Abstract: A device establishes a key recovery policy and generates a key that is protected based on the key recovery policy. The key recovery policy indicates which combinations of other entities can recover the protected key. The device generates different shares of the protected key, each share being a value that, in combination with the other share(s), allows the protected key to be recovered. Each share is associated with a particular leaf agent, the device encrypts each share with the public key of the leaf agent associated with the share and provides the encrypted share to a service. When recovery of the protected key is desired, a recovering authority can generate the protected key only if the recovering authority receives decrypted shares from a sufficient one or combination of leaf agents as indicated by the recovery policy.

Abstract: Systems, methods, and computer-executable instructions for homomorphic data analysis. Encrypted data is received, from a remote system, that has been encrypted with an encryption key. A number of iterations to iterate over the encrypted data is determined. A model is iterated over by the number of iterations to create an intermediate model. Each iteration updates the model, and the model and the intermediate model encrypted with the encryption key. The intermediate model is provided to the remote system. An updated model based upon the intermediate model is received from the remote system. The updated model is iterated over until a predetermined precision is reached to create a final model. The final model is provided to the remote system. The final model is encrypted with the encryption key.

Abstract: Systems, methods, and computer-executable instructions for secure data analysis using encrypted data. An encryption key and a decryption key are created. The security of encryption using the encryption key and the decryption key are based upon factoring. A computation key is created based upon the encryption key. Data is encrypted using the encryption key. The encrypted data and the computation key are provided to a remote system. The remote system is requested to perform data analysis on the encrypted data. An encrypted result of the data analysis is received from the remote system. The encrypted result of the data analysis is decrypted with the decryption key.

Abstract: Operating upon encrypted data with a particular data scope. A base encryption key is established and associated with the particular data scope, and then stored in a base encryption key store. That base encryption key store might be managed by an application or service that stores base encryption keys for multiple data scopes. A proxy encryption key acts as a kind of proxy for the base encryption key. The proxy encryption key may be used for frequent operations on encrypted data within the particular data scope. Thus, the principles described herein act as a frequency amplifier that allows key-based operations upon the particular data scope to be performed at much higher frequencies than otherwise would be possible by operating directly using the base encryption key.

Abstract: A digital ledger built upon a blockchain to provide users with the ability to securely, accurately, and verifiably share state information between distrustful parties is provided herein. The Verifiable Outsourced Ledger is hosted in a networked environment, accessible by multiple parties, and maintains an immutable view of the transactions submitted by authorized parties and a continuous view of the states shared between the parties that the parties can replicate independently locally to verify the integrity of the ledger.

Abstract: Heartbeat consensus forming for the state of a digital ledger built upon a blockchain to provide users with the ability to securely, accurately, and verifiably share state information between distrustful parties is provided herein. The digital ledger is hosted in a networked environment, accessible by multiple parties. Heartbeat transactions allow clients, who are not in direct communication with one another and may distrust one another, to verify the integrity of the digital ledger via consensus. The consensus is readily verifiable by each client on its own machine and allows the ledger to be recovered to an agreed-to state in the event of a fault initiated by a client or the host of the ledger, whether malicious or otherwise. The digital ledger is freely movable to different hosts in the event of a fault.

Abstract: Methods, systems, and computer-readable media are directed towards receiving, at an untrusted component, a query for a data store. The query includes a plurality of data operations. The data store is accessible by the untrusted component. A first proper subset of data operations is determined from the plurality of data operations that do not access sensitive data within the data store. A second proper subset of data operations is determined from the plurality of data operations that access sensitive data within the data store. The first proper subset of data operations is executed, at the untrusted component, to create first results. The second proper subset of data operations is sent to a trusted component for execution. Second results based on the sending the second proper subset of data operations are received from the trusted component. Results to the query are returned based on the first results and the second results.

Abstract: The subject disclosure is directed towards encryption and deduplication integration between computing devices and a network resource. Files are partitioned into data blocks and deduplicated via removal of duplicate data blocks. Using multiple cryptographic keys, each data block is encrypted and stored at the network resource but can only be decrypted by an authorized user, such as domain entity having an appropriate deduplication domain-based cryptographic key. Another cryptographic key referred to as a content-derived cryptographic key ensures that duplicate data blocks encrypt to substantially equivalent encrypted data.

Abstract: A computer-implementable method includes providing an instruction set architecture that comprises features to generate diverse copies of a program, using the instruction set architecture to generate diverse copies of a program and providing a virtual machine for execution of one of the diverse copies of the program. Various exemplary methods, devices, systems, etc., use virtualization for diversifying code and/or virtual machines to thereby enhance software security.

Abstract: A cloud computing service to securely process queries on a database. A security device and method of operation are also disclosed. The security device may be provisioned with a private key of a subscriber to the cloud service and may have processing hardware that uses that key, sequestering the key and encryption processing in hardware that others, including operating personnel of the cloud service, cannot readily access. Processing within the security device may decrypt queries received from the subscriber and may encrypt responses for communication over a public network. The device may perform functions on clear text, thereby limiting the amount of clear text data processed on the cloud platform, while limiting bandwidth consumed in communicating with the subscriber. Such processing may include formatting data, including arguments in a query, in a security protocol used by the cloud platform.

Abstract: Programs running on an open architecture, such as a personal computer, are vulnerable to inspection and modification. This is a concern as the program may include or provide access to valuable information. As a defense, the actual location of data can be hidden throughout execution of the program by way of periodic location reordering and pointer scrambling, among other things. These techniques serve to complicate static data flow analysis and dynamic data tracking thereby at least deterring program tampering.

Abstract: A secure cloud computing platform. The platform has a pool of secure computing devices such that each can be allocated to a customer as with other computing resources. Each secure computing device may be configured by a customer with a key and software for performing operations on sensitive data. The customer may submit data, defining a job for execution on the platform, as cyphertext. The secure computing device may perform operations on that data, which may include decrypting the data with the key and then executing the software to perform an operation on cleartext data. This operation, and the data on which it is performed, though in cleartext, may be inaccessible to the operator of the cloud computing platform. The device may operate according to a secure protocol under which the software is validated before loading and the device is provisioned with a key shared with the customer.

Abstract: Systems, methods, and/or techniques (“tools”) are described herein that relate to automated secure pairing for devices, and that relate to parallel downloads of content using devices. The tools for pairing the devices may perform authentication protocols that are based on addresses and on keys. The address-based authentication protocol may operate on address book entries maintained by the devices. The key-based authentication protocol may operate using a key exchange between the devices.

Abstract: The subject disclosure is directed towards using trusted hardware to achieve secure data processing over a network. For a given set of data store operations, some operations are directed to sensitive data (e.g., encrypted data fields). These operations are compiled into a set of expressions invoking trusted hardware code configured to evaluate these expressions using corresponding data centric primitive programs. Because the trusted hardware is configured to maintain key data for encrypting/decrypting the sensitive data, the sensitive data is not accessible by an untrusted component while the sensitive data is decrypted.