Abstract: A low latency relinearization process can be performed in an FPGA cluster for accelerating homomorphic encryption. The low-latency process performs an early calculation of matrix rows to make the summation result available earlier in the relinearization to reduce waiting of subsequent operations.

Abstract: Examples described herein provide a method including determining a model location of a physical model by an augmented reality (AR) control application; operating the AR control application to display a holographic body overlaying the physical model via a display device, wherein the holographic body is aligned with the physical model such that a portion of the physical model representing an anatomical structure appears aligned with the holographic body in a predetermined anatomical position; maintaining alignment of the holographic body overlaying the physical model on the display device in real-time while a user interacts with the physical model using a physical medical instrument to simulate a predetermined procedure; and providing haptic feedback to the user during the predetermined procedure.

Abstract: Systems and memory devices are disclosed for fully homomorphic encryption (FHE). The system may include a processing unit including: a data memory for storing coefficients for a polynomial; a twiddle factor (TF) memory for storing TF values associated with the polynomial; a TF register connected to the TF memory; a plurality of first registers connected to the data memory; a plurality of first MUXs connected to the first registers; a plurality of second registers connected to the plurality of first MUXs; a plurality of Butterfly (BF) cores connected to the plurality of the second registers and the TF register; wherein each of the plurality of BF cores is configured to, responsive to a control signal, perform a Butterfly Transform (BFT) operation based on two coefficients from the data memory and a TF value from the TF memory.

Abstract: A field-programmable gate array (FPGA) cluster, comprising a plurality of FPGA devices, can be used to accelerate homomorphic encryption functionality. In particular, the FPGA cluster can accelerate the relinearization process used in homomorphic encryption by using multiple FPGA devices to perform portions of the relinearization process in parallel. Further, the use of the FPGA cluster provides sufficient memory resources to allow data used by the relinearization process, namely the keyswitch keys, to be stored on-chip.

Abstract: A field-programmable gate array (FPGA) cluster, comprising a plurality of FPGA devices, can be used to accelerate homomorphic encryption functionality. In particular, the FPGA cluster can accelerate the relinearization process used in homomorphic encryption by using multiple FPGA devices to perform portions of the relinearization process in parallel. Further, the use of the FPGA cluster provides sufficient memory resources to allow data used by the relinearization process, namely the keyswitch keys, to be stored on-chip.

Abstract: A low latency relinearization process can be performed in an FPGA cluster for accelerating homomorphic encryption. The low-latency process performs an early calculation of matrix rows to make the summation result available earlier in the relinearization to reduce waiting of subsequent operations.

Abstract: The present invention provides a heat management arrangement for an electronic device, in particular for a handheld electronic device. The heat management arrangement comprises an active cooling means comprising a heat sink and at least one airflow channel configured for convective heat transport to an environment by an airflow. Furthermore, the heat management arrangement comprises a passive cooling means configured to be arranged between the heatsink and a surface of the electronic device and comprising a highly heat conductive substance. The passive cooling means is configured to contact the surface of the electronic device and to enhance heat conduction between the surface of the electronic device and the heat sink. In addition or alternatively, the passive cooling means is configured to enhance heat conduction between the surface of the electronic device and the airflow channel.

Abstract: A method and system for application security. The methods and systems of the present disclosure improve application security and may be used to secure a host application and operating system from malicious fast applications. A request to access resources of the computing device is received from an application adapter of a fast application operating within a host application on the computing device. In response to a determination that the request is associated with resources included in a permission list of the fast application, the unique user identifier (UID) of the application adapter to the UID of the host application is translated by the operating system, which determines whether to allow the request based on the UID of the host application. Otherwise, the operating system determines whether to allow the request based on the UID of the application adapter.

Abstract: Systems and memory devices are disclosed for fully homomorphic encryption (FHE). The system may include a processing unit including: a data memory for storing coefficients for a polynomial; a twiddle factor (TF) memory for storing TF values associated with the polynomial; a TF register connected to the TF memory; a plurality of first registers connected to the data memory; a plurality of first MUXs connected to the first registers; a plurality of second registers connected to the plurality of first MUXs; a plurality of Butterfly (BF) cores connected to the plurality of the second registers and the TF register; wherein each of the plurality of BF cores is configured to, responsive to a control signal, perform a Butterfly Transform (BFT) operation based on two coefficients from the data memory and a TF value from the TF memory.

Abstract: A method and system for application security. The methods and systems of the present disclosure improve application security and may be used to secure a host application and operating system from malicious fast applications. A request to access resources of the computing device is received from an application adapter of a fast application operating within a host application on the computing device. In response to a determination that the request is associated with resources included in a permission list of the fast application, the unique user identifier (UID) of the application adapter to the UID of the host application is translated by the operating system, which determines whether to allow the request based on the UID of the host application. Otherwise, the operating system determines whether to allow the request based on the UID of the application adapter.

Abstract: The disclosed systems, structures, and methods are directed to a computer system including a PCIe protection controller as a part of a PCIe root complex that includes at least one root port. Each root port is configured to optionally connect to at least one endpoint device, and each endpoint device is designated as a secure endpoint device or a nonsecure endpoint device. The PCIe protection controller is configured to control outbound traffic to protect secure endpoint devices from access from any nonsecure components of the computer system. The PCIe protection controller may be further configured to control inbound traffic to prevent access to secure memory by nonsecure endpoint devices. The PCIe protection controller may be dynamically configured at runtime to designate endpoint devices as either secure or nonsecure.

Abstract: Methods and devices for secure data sharing with granular access control are described. A modified attribute-based encryption (ABE) scheme is used to perform cryptographically-enforced ABE using attributes of a file access policy. A sender sends to a receiver a file encrypted using a file encryption key, the file encryption key encrypted using ABE based on a file access policy set by the sender, and a set of private ABE keys decryptable using a key stored in a trusted execution environment (TEE) of the receiver. The private ABE keys are decrypted by the receiver TEE when the file is accessed, decrypting a file encryption key only when the attributes of the receiver access action satisfy the file access policy. The decrypted file encryption key grants access to the file contents via a trusted viewer application. A user password may also be required and cryptographically enforced as part of the ABE decryption.

Abstract: The present disclosure is drawn to systems and methods for implementing authentication protocols based on trusted execution environments. Each of a principal device, an identity provider server and a service provider server are associated with a respective trusted execution environment. Authentication protocols are provided for registering the principal device to the identity provider server; authenticating the principal device to the identity provider server; and authenticating the principal device to a service provider server.

Abstract: A method for dynamically configuring multiple processors based on needs of applications includes receiving, from an application, an acceleration request message including a task to be accelerated. The method further includes determining a type of the task and searching a database of available accelerators to dynamically select a first accelerator based on the type of the task. The method further includes sending the acceleration request message to a first acceleration interface located at a configurable processing circuit. The first acceleration interface sends the acceleration request message to a first accelerator, and the first accelerator accelerates the task upon receipt of the acceleration request message.

Abstract: A method for verifying a property of plaintext using ciphertext is disclosed. In an embodiment, a computing device may receive the ciphertext at a trusted execution environment (TEE) of the computing device. The TEE may decrypt the ciphertext to generate the plaintext using a private encryption key of an encryption key pair. The encryption key pair comprises a public encryption key and the private encryption key. The TEE may generate a digitally signed validation result by encrypting the validation result using a private signing key of a signing key pair. The signing key pair comprises a public signing key and the private signing key. The private key is retrieved from secure memory of the computing device, and the secure memory may only be accessible by the TEE. The computing device may then transmit the digitally signed validation result.

Abstract: Methods and devices for secure data sharing with granular access control are described. A modified attribute-based encryption (ABE) scheme is used to perform cryptographically-enforced ABE using attributes of a file access policy. A sender sends to a receiver a file encrypted using a file encryption key, the file encryption key encrypted using ABE based on a file access policy set by the sender, and a set of private ABE keys decryptable using a key stored in a trusted execution environment (TEE) of the receiver. The private ABE keys are decrypted by the receiver TEE when the file is accessed, decrypting a file encryption key only when the attributes of the receiver access action satisfy the file access policy. The decrypted file encryption key grants access to the file contents via a trusted viewer application. A user password may also be required and cryptographically enforced as part of the ABE decryption.

Abstract: A method for dynamically configuring multiple processors based on needs of applications includes receiving, from an application, an acceleration request message including a task to be accelerated. The method further includes determining a type of the task and searching a database of available accelerators to dynamically select a first accelerator based on the type of the task. The method further includes sending the acceleration request message to a first acceleration interface located at a configurable processing circuit. The first acceleration interface sends the acceleration request message to a first accelerator, and the first accelerator accelerates the task upon receipt of the acceleration request message.

Abstract: Systems, devices, and methods for hybrid secret sharing are disclosed. In accordance with embodiments, a computing device may encrypt the secret message using a first encryption key to generate an encrypted secret message. The computing device may also split a second encryption key into a plurality of key shares in accordance with a threshold number. The threshold number is less than or equal to the number of the plurality of key shares. Then, the computing device may transmit a plurality of messages. Each message of the plurality of messages comprises the encrypted secret message and one of the plurality of key shares.

Abstract: The present disclosure is drawn to systems and methods for implementing authentication protocols based on trusted execution environments. Each of a principal device, an identity provider server and a service provider server are associated with a respective trusted execution environment. Authentication protocols are provided for registering the principal device to the identity provider server; authenticating the principal device to the identity provider server; and authenticating the principal device to a service provider server.

Abstract: A computer-implemented method of performing inter-process communication includes a first process in a first operating system (OS) level container in a user space sending a message to a buffer process. The message is addressed to a second process in a second OS-level container in the user space. The buffer process communicates the message to the second process. A device for performing the computer-implemented method is also provided.