Abstract: A method for implementing a secure multiparty inner product computation between two parties using an SPDZ protocol involves having a first party and a second party compute, for i=1, . . . , k, a vector (I)=(II) based on a vector (x={x1, . . . , xN}), and a vector (w={W1, WN}), respectively, where (I)=(X2i-1X2i) (III)=W2i-1W2i, N is the total number of elements in the vectors k=N/2. The vectors (I), and (III) are securely shared between the parties. The parties then jointly compute SPDZ protocol Add([w2i], [x2i-1]) and Add([w2i], [x2i-1]) to determine shares [w2i-1+x2i] and [w2i+x2i-1] respectively, and then compute, for i=1, . . . , k, inner product shares [di] by performing SPDZ protocol Mult([w2i-1+x2i], [w2i+x2i-1]). SPDZ protocol ([Add d1], . . . , [dk], -(IV), . . . , -(V), -(VI), -, (VII)) is then performed to determine the inner product.

Abstract: A searchable symmetric encryption (SSE) system and method of processing inverted index is provided. The SSE system includes genKey, buildSecureIndex, genToken, and search operations. A compress X is integrated into at least one of the buildSecureIndex and search operations. The compress then X takes each entry of an encrypted index, compresses entry of the encrypted index into a compressed entry, and then processes the compressed entry with a function. The function comprises a linked list function and on array function. The search operation decompresses the processed entry and output the decompressed entry. The SSE comprises a client device and a server. The genKey, buildSecureIndex, and genToken operations are integrated into the client device and the search operation is integrated into the server.

Abstract: A method for secure multiparty computation of an inner product includes performing multiparty additions to generate a first sum share and a second sum share between two shares of alternating elements from corresponding pairs of elements in a first vector and a second vector, performing multiparty multiplications with at least one other node to generate inner product pair shares corresponding to products of the first sum shares and the second sum shares corresponding to pairs of elements in the first and second vectors, and performing another multiparty addition of each inner product pair share with a first negated shares of pair products corresponding to pairs of elements in the first vector and a second negated shares of pair products corresponding to pairs of elements in the second vector to generate a share of an inner product of the first and second vectors.

Abstract: A DSSE architecture network enables multi-user such as data owners and data users to conduct privacy-preserving search on the encrypted PHIs stored in a cloud network and verify the correctness and completeness of retrieved search results simultaneously is provided. The data owners and data users may be patients, HSPs, or combination thereof. An IoT gateway aggregates periodically collected data into a single PHI file, extract keywords, build an encrypted index, and encrypt the PHI files before the encrypted index and PHI files are transmitted to a cloud network periodically for storage thus enable the DSSE architecture network to achieve a sub-linear search efficiency and forward privacy by maintaining an increasing counter for each keyword at the IoT gateway. Since the PHI files are always transmitted and added/stored into the cloud storage over the cloud network, file deletion, file modification is eliminated.

Abstract: A method of authenticating a client device to access a user account stored on a remote server includes creating the user account based on a blockchain address of a blockchain wallet, transmitting a login request for logging into the user account from the client device to the remote server, and transmitting a random challenge from the remote server to the client device when the remote server receives the transmitted login request. The random challenge is associated with the user account and no other user account. The method further includes signing the random challenge with the client device, the signature based on a private key of the blockchain wallet, transmitting the signed random challenge and the blockchain address to the remote server, and verifying that the signed random challenge corresponds to the transmitted random challenge with the remote server using a public key of the blockchain wallet and the random challenge.

Abstract: A method for performing a fuzzy search in encrypted data includes receiving an encrypted search token corresponding to a search keyword with an untrusted server computing device and generating inner product values based on a function-hiding inner product encryption operation of the encrypted query vectors encrypted node vectors in an encrypted tree stored in the memory of the untrusted server computing device. The method further includes transmitting, with the untrusted server computing device, the encrypted keyword stored in the leaf node to a client computing device in response to the first inner product value exceeding a first predetermined similarity threshold corresponding to a similarity of the first query vector to the leaf node vector, the fuzzy search not revealing plaintext contents for any of a keyword stored in the leaf node, the search keyword, or a fuzziness parameter.

Abstract: A method for network-connected tool operation with user anonymity includes generating a first cryptographic key that is stored in a memory in the power tool, generating a first encrypted serial number for the power tool based on an output of an encryption function using the first cryptographic key applied to a non-encrypted serial number for the power tool stored in the memory, and generating usage data based on data received from at least one sensor in the power tool during operation of the power tool. The method further includes transmitting the usage data in association only with the first encrypted serial number from the power tool to a maintenance system to enable usage data collection that prevents identification of the power tool as being associated with the usage data.

Abstract: A method for implementing a secure multiparty inner product computation between two parties using an SPDZ protocol involves having a first party and a second party compute, for i=k, a vector (I)=(II) based on a vector (x={1, . . . , xN}), and a vector (w={W1, WN}), respectively, where (I)=(X2i?X2i) (III)=W2i?1W2i, N is the total number of elements in the vectors k=N/2. The vectors (I), and (III) are securely shared between the parties. The parties then jointly compute SPDZ protocol Add([w2i], [x2i?1]) and Add([w2i], [x2i?1]) to determine shares [w2i?1+x2i] and [w2i+x2i?1] respectively, and then compute, for i=1, . . . , k, inner product shares [di] by performing SPDZ protocol Mult([w2i31 1+x2i], [w2i+x2i?1]). SPDZ protocol ([Add d1],. . . , [dk], ?(IV), . . .

Abstract: A method for secure multiparty computation of an inner product includes performing multiparty additions to generate a first sum share and a second sum share between two shares of alternating elements from corresponding pairs of elements in a first vector and a second vector, performing multiparty multiplications with at least one other node to generate inner product pair shares corresponding to products of the first sum shares and the second sum shares corresponding to pairs of elements in the first and second vectors, and performing another multiparty addition of each inner product pair share with a first negated shares of pair products corresponding to pairs of elements in the first vector and a second negated shares of pair products corresponding to pairs of elements in the second vector to generate a share of an inner product of the first and second vectors.

Abstract: A method for searching encrypted data includes identifying, with a client, a plurality of values within a predetermined search range in a search index stored within a memory of the client, each value in the plurality of values being present in a plaintext representation of at least one encrypted file in a plurality of encrypted files stored in a server. The method further includes generating and transmitting at least one search query to the server through a data network, and receiving, with the client, at least one response from the server through the data network, the response including the encrypted keyword corresponding to the value in the plurality of values and an identifier of at least one file in the plurality of encrypted files stored on the server that includes the value.

Abstract: A method for performing a fuzzy search in encrypted data includes receiving an encrypted search token corresponding to a search keyword with an untrusted server computing device and generating inner product values based on a function-hiding inner product encryption operation of the encrypted query vectors encrypted node vectors in an encrypted tree stored in the memory of the untrusted server computing device. The method further includes transmitting, with the untrusted server computing device, the encrypted keyword stored in the leaf node to a client computing device in response to the first inner product value exceeding a first predetermined similarity threshold corresponding to a similarity of the first query vector to the leaf node vector, the fuzzy search not revealing plaintext contents for any of a keyword stored in the leaf node, the search keyword, or a fuzziness parameter.

Abstract: A DSSE architecture network enables multi-user such as data owners and data users to conduct privacy-preserving search on the encrypted PHIs stored in a cloud network and verify the correctness and completeness of retrieved search results simultaneously is provided. The data owners and data users may be patients, HSPs, or combination thereof. An IoT gateway aggregates periodically collected data into a single PHI file, extract keywords, build an encrypted index, and encrypt the PHI files before the encrypted index and PHI files are transmitted to a cloud network periodically for storage thus enable the DSSE architecture network to achieve a sub-linear search efficiency and forward privacy by maintaining an increasing counter for each keyword at the IoT gateway. Since the PHI files are always transmitted and added/stored into the cloud storage over the cloud network, file deletion, file modification is eliminated.

Abstract: A method for shared key generation with authentication in a gateway node includes generating, generating a first set of pseudo-random data corresponding to expected transmissions from a first node that communicates with a second node through a shared communication medium, identifying, with the gateway node, bits transmitted from the second node based on a signals received by the gateway node corresponding to simultaneous transmissions from the first node and the second node, identifying, with the gateway node, expected bit values for the bits from the second node based on a combination of shared secret data stored in a memory of the gateway node with another set of random or pseudo-random data generated by the second node, and authenticating the second node in response to the plurality of bits transmitted from the second node matching the plurality of expected bit values.

Abstract: A method for network-connected tool operation with user anonymity includes generating a first cryptographic key that is stored in a memory in the power tool, generating a first encrypted serial number for the power tool based on an output of an encryption function using the first cryptographic key applied to a non-encrypted serial number for the power tool stored in the memory, and generating usage data based on data received from at least one sensor in the power tool during operation of the power tool. The method further includes transmitting the usage data in association only with the first encrypted serial number from the power tool to a maintenance system to enable usage data collection that prevents identification of the power tool as being associated with the usage data.

Abstract: A searchable symmetric encryption (SSE) system and method of processing inverted index is provided. The SSE system includes genKey, buildSecureIndex, genToken, and search operations. A compress X is integrated into at least one of the buildSecureIndex and search operations. The compress then X takes each entry of an encrypted index, compresses entry of the encrypted index into a compressed entry, and then processes the compressed entry with a function. The function comprises a linked list function and on array function. The search operation decompresses the processed entry and output the decompressed entry. The SSE comprises a client device and a server. The genKey, buildSecureIndex, and genToken operations are integrated into the client device and the search operation is integrated into the server.

Abstract: A password-less authentication system is described herein. Also described are the devices used for such a system and the method and process implemented. The system employs asymmetric cryptography to enable users to log in to various systems or services on different platforms or computers by the aid of a mobile device. Users' credentials are kept privately in the mobile device, and not leaked to the network or any web service. In addition, the web service can verify users' authentication request by solely public information of users' credentials.

Abstract: A method of shared key generation between three nodes through a shared communication medium includes performing, with a processor in a first node communicatively connected to a second node and a third node through a shared communication medium, a one-way function using a first shared key between the first node and the second node stored in a memory of the node and a predetermined counter as inputs to generate a first plurality of pseudo-random bits. The method includes generating, with the processor and a transceiver in the first node, a second shared key between the first node and the third node by transmitting each bit in the first plurality of pseudo-random bits to the third node through the shared communication medium simultaneously to transmission of random bits from the third node to the first node.

Abstract: A method for searching encrypted data includes identifying, with a client, a plurality of values within a predetermined search range in a search index stored within a memory of the client, each value in the plurality of values being present in a plaintext representation of at least one encrypted file in a plurality of encrypted files stored in a server. The method further includes generating and transmitting at least one search query to the server through a data network, and receiving, with the client, at least one response from the server through the data network, the response including the encrypted keyword corresponding to the value in the plurality of values and an identifier of at least one file in the plurality of encrypted files stored on the server that includes the value.

Abstract: A method for verification of search results in an encrypted search process includes transmitting a search query including the encrypted keyword from a client to a server, and receiving a response to the search query and a first plurality of hash values from at least one hash tree from the server. The method further includes generating, a first message authentication code (MAC) based on the response, generating a first regenerated root node hash value using the first MAC, the first plurality of hash values, and a predetermined hash function, and generating an output message with the client indicating that the response is invalid in response to the first regenerated root node hash value not matching a predetermined first root node hash value stored in the memory of the client.

Abstract: A method for searching encrypted data includes identifying, with a client, a plurality of values within a predetermined search range in a search index stored within a memory of the client, each value in the plurality of values being present in a plaintext representation of at least one encrypted file in a plurality of encrypted files stored in a server. The method further includes generating and transmitting at least one search query to the server through a data network, and receiving, with the client, at least one response from the server through the data network, the response including the encrypted keyword corresponding to the value in the plurality of values and an identifier of at least one file in the plurality of encrypted files stored on the server that includes the value.