Abstract: According to an example, key splitting may include utilizing a masked version of a master key that is masked by using a mask.

Abstract: Examples disclosed herein relate to data objects associated with private set intersection (PSI). Some examples disclosed herein may enable identifying a set of server elements and a set of data objects. Each data object of the set of data objects may be associated with at least one server element of the set of server elements. Some examples further enable sending the set of server elements and the set of data objects to a client computing device that has a set of client elements. A private set intersection (PSI) between the set of server elements and the set of client elements may be inaccessible by the client computing device, and a subset of the set of data objects that are associated with the PSI may be accessible by the client computing device.

Abstract: Examples relate to Input/Output (I/O) data encryption and decryption. In an example, an encryption/decryption engine on an Integrated Circuit (IC) of a computing device obtains at least one plaintext data. Some examples determine, by the encryption/decryption engine, whether the at least one plaintext data is to be sent to a memory in the computing device or to an I/O device. Some examples apply, when the at least one plaintext data is to be sent to the I/O device and by the encryption/decryption engine, an encryption primitive of a block cipher encryption algorithm to the at least one plaintext data to create output encrypted data, wherein an initialization vector that comprises a random number is applied to the encryption primitive.

Abstract: In one implementation, a redactable document signature system includes an encoding engine, a reordering engine, and a signature engine. The encoding engine is to access a plurality of subdocuments of a document, to generate a plurality of commitment values from the plurality of subdocuments, and to generate a plurality of dummy values. Each dummy value is indistinguishable from a commitment value. The reordering engine is to define an order of the plurality of commitment values and the plurality of dummy values independent of an order of the subdocuments. The signature engine is to calculate a signature value for the document using the plurality of commitment values and the plurality of dummy values according to the order.

Abstract: A technique includes receiving a request to initialize a region of a memory. Content that is stored in the region is encrypted based at least in part on a stored nonce value and a key. The technique includes, in response to the request, performing cryptographic-based initialization of the memory, including altering the stored nonce value to initialize the region of the memory.

Abstract: A method of establishing a secure channel between a human user and a computer application is described. A secret unique identifier (“PIN”) is shared between a user and an application. When the user makes a request that involves utilizing the PIN for authentication purposes, the application renders a randomly selected identifier. The randomly selected identifier is in a format that is recognizable to a human but is not readily recognizable by an automated agent. The randomly selected identifier is then presented to the human user. The user identifies the relationship between the randomly selected identifier and the PIN. If the user's input reflects the fact that the user knows the PIN, then the user is authenticated.

Abstract: A blockchain includes blocks that each store a hash value computed using a hash function from data of the block. Another hash value is computed for each block using a different hash function, and added to the block within the blockchain. New blocks subsequently added to the blockchain have hash values computed using just the different hash function.

Abstract: In one implementation, a redactable document signature system includes an encoding engine, a reordering engine, and a signature engine. The encoding engine is to access a plurality of subdocuments of a document, to generate a plurality of commitment values from the plurality of subdocuments, and to generate a plurality of dummy values. Each dummy value is indistinguishable from a commitment value. The reordering engine is to define an order of the plurality of commitment values and the plurality of dummy values independent of an order of the subdocuments. The signature engine is to calculate a signature value for the document using the plurality of commitment values and the plurality of dummy values according to the order.

Abstract: In one implementation, a redactable document signature system includes an encoding engine, a reordering engine, and a signature engine. The encoding engine is to access a plurality of subdocuments of a document, to generate a plurality of commitment values from the plurality of subdocuments, and to generate a plurality of dummy values. Each dummy value is indistinguishable from a commitment value. The reordering engine is to define an order of the plurality of commitment values and the plurality of dummy values independent of an order of the subdocuments. The signature engine is to calculate a signature value for the document using the plurality of commitment values and the plurality of dummy values according to the order.

Abstract: Examples disclosed herein relate to data objects associated with private set intersection (PSI). Some examples disclosed herein may enable identifying a set of server elements and a set of data objects. Each data object of the set of data objects may be associated with at least one server element of the set of server elements. Some examples further enable sending the set of server elements and the set of data objects to a client computing device that has a set of client elements. A private set intersection (PSI) between the set of server elements and the set of client elements may be inaccessible by the client computing device, and a subset of the set of data objects that are associated with the PSI may be accessible by the client computing device.

Abstract: Examples relate to Input/Output (I/O) data encryption and decryption. In an example, an encryption/decryption engine on an Integrated Circuit (IC) of a computing device obtains at least one plaintext data. Some examples determine, by the encryption/decryption engine, whether the at least one plaintext data is to be sent to a memory in the computing device or to an I/O device. Some examples apply, when the at least one plaintext data is to be sent to the I/O device and by the encryption/decryption engine, an encryption primitive of a block cipher encryption algorithm to the at least one plaintext data to create output encrypted data, wherein an initialization vector that comprises a random number is applied to the encryption primitive.

Abstract: A blockchain includes blocks that each store a hash value computed using a hash function from data of the block. Another hash value is computed for each block using a different hash function, and added to the block within the blockchain. New blocks subsequently added to the blockchain have hash values computed using just the different hash function.

Abstract: A method of establishing a secure channel between a human user and a computer application is described. A secret unique identifier (“PIN”) is shared between a user and an application. When the user makes a request that involves utilizing the PIN for authentication purposes, the application renders a randomly selected identifier. The randomly selected identifier is in a format that is recognizable to a human but is not readily recognizable by an automated agent. The randomly selected identifier is then presented to the human user. The user identifies the relationship between the randomly selected identifier and the PIN. If the user's input reflects the fact that the user knows the PIN, then the user is authenticated.

Abstract: A technique includes receiving a request to initialize a region of a memory. Content that is stored in the region is encrypted based at least in part on a stored nonce value and a key. The technique includes, in response to the request, performing cryptographic-based initialization of the memory, including altering the stored nonce value to initialize the region of the memory.

Abstract: In one implementation, a physical version of a document is converted to a digital representation of the physical version and a new certificate is computed for the digital representation of the physical version. The new certificate is computed based on the digital representation of the physical version, at least one processing step performed on the digital representation, and a prior certificate computed for a prior digital representation indicative of the physical version. In another implementation, a document is validated.

Abstract: Implementations are directed, for example, to a method that includes receiving, at a data storage system from a client, a key search token that has not been used to encrypt data records or keywords associated with the data records. The key search token is independent of an encryption key used to encrypt the data records associated with the key search token. The method further includes determining an encrypted data record associated with the key search token, and transmitting the determined encrypted data record to the client. Implementations of the client are also provided.

Abstract: According to an example, key splitting may include utilizing a masked version of a master key that is masked by using a mask.

Abstract: In one implementation, a redactable document signature system includes an encoding engine, a reordering engine, and a signature engine. The encoding engine is to access a plurality of subdocuments of a document, to generate a plurality of commitment values from the plurality of subdocuments, and to generate a plurality of dummy values. Each dummy value is indistinguishable from a commitment value. The reordering engine is to define an order of the plurality of commitment values and the plurality of dummy values independent of an order of the subdocuments. The signature engine is to calculate a signature value for the document using the plurality of commitment values and the plurality of dummy values according to the order.

Abstract: A method for submatch extraction may include receiving an input string, receiving a regular expression. The method may further include converting the regular expression with capturing groups into ordered binary decision diagrams (OBDDs) to extract submatches.

Abstract: A method of establishing a secure channel between a human user and a computer application is described. A secret unique identifier (“PIN”) is shared between a user and an application. When the user makes a request that involves utilizing the PIN for authentication purposes, the application renders a randomly selected identifier. The randomly selected identifier is in a format that is recognizable to a human but is not readily recognizable by an automated agent. The randomly selected identifier is then presented to the human user. The user identifies the relationship between the randomly selected identifier and the PIN. If the user's input reflects the fact that the user knows the PIN, then the user is authenticated.