Abstract: Systems, methods and apparatuses to configure a computing device for identification and authentication are described. For example, a key management server (KMS) has a certificate generator and is coupled to a registration portal. A copy of secret implemented into a secure component during its manufacture in a factory is stored in the KMS. After leaving the factory, the component can be assembled into the device. The portal receives registration of the component and a hash of software of the device. The certificate generator generates, independent of the device, public keys of the device, using the copy of the secret stored in the KMS and hashes of the software received via the registration portal, and then sign a digital certificate of the public key of the device. Authentication of the device can then be performed via the private key of the device and the certified public key.

Abstract: A facility for updating software installed on a media device in connection with installation of the media device in customer premises is described. Outside the customer premises, the facility transfers a later-issued version of the software installed on the media device from a server to a portable storage device. Within the customer premises, the facility transfers the later-issued version of the software installed on the media device from the portable storage device to the media device for installation on the media device.

Abstract: A computing device includes a non-volatile memory (NVM) interface and a processor. The NVM interface is to communicate with an NVM. The processor is to store in the NVM at least a Type-Length-Value (TLV) record including one or more encrypted fields and one or more non-encrypted fields, the non-encrypted fields including at least a validity indicator of the TLV record, to read the TLV record from the NVM, and to invalidate the TLV record by modifying the validity indicator stored in the non-encrypted fields, without decryption of any of the encrypted fields.

Abstract: Methods, systems, and devices for memory operations are described. First scrambling sequences may be generated for first addresses of a memory device after an occurrence of a first event, where the first addresses may be associated with commands received at the memory device. Portions of the memory array corresponding to the first address may be accessed based on the first scrambling sequences. After an occurrence of a subsequent event, second scrambling sequences may be generated for the first addresses, where the second scrambling sequences may be different than the first set of scrambling sequences. After the occurrence of the subsequent event, the portions of the memory array may be accessed based on the second scrambling sequences.

Abstract: A system and method for identifying authorized job step programs. The process identifies a plurality of job step programs. It then identifies authorized program facility (APF) authorized programs from the plurality of job step programs. An output table of APF authorized program is generated. This table is used to submit at least one batch job using the output table. A list identifying which parameters in a parameter string contain an address for each APF program in the output table is generated. This list is then provided for program testing.

Abstract: Aspects of the subject disclosure may include, for example, obtaining, from a user device, a master-slave agreement and a first network configuration for a federated blockchain network, transmitting to a cloud service provider (CSP) node the first network configuration, generating first credentials, and transmitting the first credentials to the CSP node. The CSP node configures a first group of blockchain nodes according to the first network configuration and the first credentials. Further embodiments include transmitting the first credentials to a public server that sends it to a public blockchain node and an indication to generate a portion of the federated blockchain network. The public blockchain node configures a second group of blockchain nodes according to a second network configuration based on a public blockchain smart contract. The federated blockchain network comprises the first group of blockchain nodes and the second group of blockchain nodes. Other embodiments are disclosed.

Abstract: A method and system are described for storing and retrieving an encrypted master encryption key at multiple distinct physical servers in such a way as to prevent discovery of the master encryption key by any single one of the multiple holders. A retrieval mechanism is provided that facilitates a simple retrieval of the multiple pieces of the master encryption key from the multiple holders. The described system utilizes a combination of encryption algorithms, data storage, and transmission methods to carry out the new way of retrieving and storing the master encryption key.

Abstract: Techniques for sanitizing personally identifiable information (PII) from audio and visual data are provided. For instance, in a scenario where the data comprises an audio signal with speech uttered by a person P, these techniques can include removing/obfuscating/transforming speech-related PII in the audio signal such as pitch and acoustic cues associated with P's vocal tract shape and/or vocal actuators (e.g., lips, nasal air bypass, teeth, tongue, etc.) while allowing the content of the speech to remain recognizable. Further, in a scenario where the data comprises a still image or video in which a person P appears, these techniques can include removing/obfuscating/transforming visual PII in the image or video such as P's biological features and indicators of P's location/belongings/data while allowing the general nature of the image or video to remain discernable. Through this PII sanitization process, the privacy of individuals portrayed in the audio or visual data can be preserved.

Abstract: The present disclosure provides a method for anti-tampering apparatus servicing data implemented by a calculation device connected to a target device, the method comprising: identifying a contract identification code and obtaining a contract package file and a contract authentication code from at least one remote device; obtaining a microservice file corresponding to the target device from the remote device when a device embedded code of the calculation device is matching the contract authentication code; performing the microservice file to enable the target device according to the contract package file and generate an execution report; publishing the execution report to the remote device to obtain an acceptance certification code; and combining and hashing the device embedded code, the contract authentication code and the acceptance certification code to generate a hash value, and sending the hash value to a blockchain.

Abstract: Disclosed are various embodiments for augmented intelligent machine for systematic attribution of data security. A set of global regulations is received by the system. Next, at least one decision rule for mapping one or more data elements is output based at least in part on the set of dynamic global regulations. A data input is received from at least one data source. Next, the data input is parsed to determine at least one sensitive data elements. Then, a confidentiality level of at least one sensitive data element is determined. The ingesting table is joined with a drive mapping data set. Finally, at least one security policy is applied to a type of data input based at least in part on the drive mapping data set or the confidentiality level.

Abstract: Forensic analysis on consistent system footprints relates to a system and method for rootkit detection based on forensic analysis performed on consistent system footprints, such as application events, application network communications and application files. The system includes a security system periodically monitoring one or more applications of a computing system. The security system includes a threat detection unit for collecting and storing system memory dumps, a machine learning module trained on clean and infectious memory dump, a similarity scanner to identify similarity between suspicious memory block and consistent system footprints, and a forensic analyzer to perform forensic analysis and detect infection, if any, based on the similarity found. The suspicious memory block is identified by the threat detection unit based on the analysis performed by the machine learning model. Upon rootkit detection an alert and forensic analysis report are generated.

Abstract: Systems and methods for power system switching element (PSSE) anomaly detection are disclosed. An example PSSE anomaly detection unit may include a power system switching element position estimator (PSSEPE) and a comparison unit. The PSSEPE may be configured to receive a set of measurements and a set of control commands associated with a PSSE, calculate an anomaly confidence score based on the set of measurements and the set of control commands, and estimate a calculated PSSE position based on the set of measurements and the set of control commands. The comparison unit may be configured to receive the calculated PSSE position from the PSSEPE, receive the set of measurements and the set of control commands from the PSSEPE, receive a reported PSSE position associated with the PSSE, and determine a PSSE anomaly decision based on a difference between the reported PSSE position and the calculated PSSE position.

Abstract: Systems, methods, and apparatuses relating to circuitry to implement an instruction to create and/or use data that is restricted in how it can be used are described. In one embodiment, a hardware processor comprises a decoder of a core to decode a single instruction into a decoded single instruction, the single instruction comprising a first input operand of a handle including a ciphertext of an encryption key (e.g.

Abstract: Systems and methods for providing secure motherboard replacement techniques are described. In one embodiment, an Information Handling System (IHS) may include computer-executable instructions to, during a bootstrap process, obtain a remodeled vendor tracking certificate from a replacement motherboard in which the remodeled vendor tracking certificate comprising inventory information associated with a previous motherboard, and determine that the vendor tracking certificate includes information indicating that the replacement motherboard has replaced a previous motherboard.

Abstract: A computer-implemented method of providing proof that a data item of a blockchain transaction exists on a blockchain, wherein the method comprises: obtaining, from a requesting party, target data item of a target blockchain transaction; obtaining the target blockchain transaction; obtaining a target Merkle proof for the target blockchain transaction, wherein a corresponding target Merkle root is contained within a block of the blockchain, and wherein obtaining the target Merkle proof comprises calculating an index of a target transaction identifier of the target blockchain transaction within a leaf layer of a corresponding target Merkle tree; and outputting at least the target Merkle proof for use by the requesting party as proof that the target data item exists as part of the target blockchain transaction on the blockchain.

Abstract: A server system sends, via a linearly ordered communication orbit, to computational machines at a first subset of nodes in a computer network, a set of local environment verification tests and a set of mappings that map results of the local environment verification tests into a set of risk scores. Requests sent by the server system cause the computational machines at the plurality of nodes to: locally evaluate the set of local environment verification tests to produce test results, and locally map the test results using the set of mappings into a set of risk scores. Queries sent by the server cause the computational machines at the plurality of nodes to return to the server system at least a portion of the test results and risk scores. The server, identifies, based on the received test results and risk scores, computational machines and/or control categories having risk scores satisfying predefined criteria.

Abstract: This disclosure relates to systems and methods for enabling the use of secret digital or electronic information without exposing the sensitive information to unsecured applications. In certain embodiments, the methods may include invoking, by a client application executing in an open processing domain, a secure abstraction layer configured to interface with secret data protected by a secure processing domain. Secure operations may be securely performed on the secret data by the secure abstraction layer in the secure processing domain based on an invocation from a client application running in the open processing domain.

Abstract: Disclosed herein are systems and methods for storing patient medical information on a local processing device, anonymizing a portion of that medical information and storing it on a second processing device, exposing that anonymized medical information to a third processing device coupled to the second processing device through a network, and restricting users of the third processing device to only accessing HIPAA compliant medical information. Alarms are included for indicating the improper transfer of HIPAA data.

Abstract: Various implementations described herein may refer to a compliance platform for use with identity data. In one implementation, a method may include receiving a compliance data package from a user, where the compliance data package includes encrypted evidence data corresponding to digital identity data of the user. The method may also include encrypting the compliance data package using a first cryptographic key. The method may further include generating a user key shard, a requestor key shard, and a regulator key shard based on the first cryptographic key. The method may include generating an unlock data package that includes the requestor key shard and encrypting the unlock data package using a second cryptographic key. The method may also include transmitting the user key shard, the encrypted unlock data package, and the encrypted compliance data package to the user. The method may include transmitting the regulator key shard to a regulator.

Abstract: A method begins by identifying a plurality of encoded data slices requiring rebuilding. The method continues by determining an amount of memory required for rebuilding the plurality of encoded data slices and allocating memory in one or more storage units for the rebuilding the plurality of encoded data slices as reserve memory. The method continues by obtaining a plurality of rebuilt encoded data slices associated with the plurality of encoded data slices requiring rebuilding and storing the plurality of rebuilt encoded data slices in the reserve memory.

Abstract: An apparatus includes a cryptographic key for encrypting content to be written to a storage media. The apparatus includes a control circuit configured to determine that the storage media has been physically moved, and, based on the determination that the storage media has been physically moved, erase the storage media by deleting the cryptographic key.

Abstract: In an approach for enabling communication between offline devices to perform secure transaction, a processor sends information in an optically recognizable first code including a response type, an identity of the first device and a type of optical reader associated with the first device. A processor receives encoded information in an optically recognizable second code. A processor extracts a user identifier and the one-time password associated with the registered second device. A processor determines that a user certificate associated with the user identifier exists in a local repository. A processor validates the one-time password associated with the registered second device with the user certificate using a public certificate associated with the first device, the one-time password associated with the registered second device and the one-time password seed. A processor authenticates the user.

Abstract: The present disclosure is related to systems and methods for hashing-based assessment of electronic clinical trial outcomes. Such systems and methods may advantageously enable secure, rapid, efficient, and cost-effective reuse of pre-built eCOA assessments for clinical trials. In an aspect, the present disclosure provides a computer-implemented method for validation of an electronic clinical trial outcome assessment (eCOA), comprising: (a) obtaining an assessment of an eCOA, the assessment comprising a plurality of files generated by performing a first validation of the eCOA; (b) obtaining a first hash value associated with the assessment of the eCOA, the first hash value generated by hashing the plurality of files of the assessment of the eCOA; (c) hashing the plurality of files of the assessment of the eCOA to generate a second hash value; and (d) validating the eCOA when the second hash value is equal to the first hash value.

Abstract: A method, apparatus and computer program product for privacy-preserving homomorphic inferencing. In response to receipt of encrypted data, a ciphertext of real numbers is generated. Each real number has an associated sign that is desired to be maintained. A mask is then identified, preferably via an iterative algorithm that works on a trial and error basis to locate an appropriate solution. The mask comprises set of values randomly distributed over a given positive range and that remain positive after encoding under a fixed-point arithmetic and with a low scale value. Under homomorphic encryption, the ciphertext is then multiplied by the mask to generate a result comprising values corresponding to the real numbers in the ciphertext and that maintain their associated signs. The result is provided as a response to the encrypted data.

Abstract: An aspect of the present disclosure relates to one or more data decryption techniques. In embodiments, an input/output operation (IO) stream including one or more encrypted IOs is received by a storage array. Each encrypted IO is assigned an encryption classification. Further, each encrypted IO is processed based on its assigned encryption classification.

Abstract: A method for compressing a flow of CAN-bus messages, which comprises: (A) during a training stage: (a) determining at least one series-type pattern; (b) defining a compressed series-type command for each of said patterns, each command comprising parameters of: (b.1) a timestamp of a first message; (b.2) a message-ID; (b.3) a type of pattern; (b.4) an indication of a field within the messages; (b.5) a parameter value at the first message; (b.6) period between messages; and (b.7) number of messages; (B) during a compression stage: (c) dividing a record of CAN-bus messages into groups of a same message-ID; (d) within each group, finding messages of a same pattern; (e) for each series, forming a compressed command in a form as defined with values for at least several parameters; and (C) during a decompression stage: (f) using the series-type compressed commands to reconstruct the content of the series of messages.

Abstract: One or more aspects of the present disclosure relate to enhancing modular device snapshot-to-encryption-key associations. In embodiments, an input/output (IO) workload can be received at a storage array. The IO workload can include an IO request to write encrypted data on the storage array. The IO request's metadata can also be parsed for information such as snap parameters. Further, an encryption key identifier (ID) can be received from a host, and snapshots of a storage unit can be created with the parsed information and the key ID.

Abstract: Provided herein may be an electronic device and a method of operating the same. The electronic device may include a memory device including a replay protected memory block (RPMB) configured to store security data, a memory controller configured to control the memory device, and a host device configured to verify, using a password, an external device coupled thereto wherein the memory controller controls the memory device to read, when the external device is verified, the security data, and wherein the host device is further configured to encrypt the read security data, and transmit, to the verified external device, the encrypted security data, a decryption key for decrypting the encrypted security data, and an RPMB key for accessing the security data.

Abstract: Technologies for secure device configuration and management include a computing device having an I/O device. A trusted agent of the computing device is trusted by a virtual machine monitor of the computing device. The trusted agent securely commands the I/O device to enter a trusted I/O mode, securely commands the I/O device to set a global lock on configuration registers, receives configuration data from the I/O device, and provides the configuration data to a trusted execution environment. In the trusted I/O mode, the I/O device rejects a configuration command if a configuration register associated with the configuration command is locked and the configuration command is not received from the trusted agent. The trusted agent may provide attestation information to the trusted execution environment. The trusted execution environment may verify the configuration data and the attestation information. Other embodiments are described and claimed.

Abstract: Methods and systems are described for facilitating blockchain operations based on network congestion. The system may facilitate blockchain operations by generating recommendations for blockchain operations based on values for one or more blockchain operation characteristics that are determined based on a likelihood that a given blockchain operation will be completed in a timely manner. The system thus ensures accounts for transient congestion in a blockchain network, while also minimizing a burden on a user device attempting to perform a blockchain operation.

Abstract: The present disclosure involves systems, software, and computer implemented methods for integrated data privacy services. An example method includes receiving a request to initiate a data privacy integration protocol for applications in a multiple-application landscape. Voting responder group configurations are identified that group the applications into multiple voting responder groups for performing voting for the protocol. A voting request for the protocol is sent to applications in a first voting responder group. Data privacy integration protocol votes are received from the applications in the first voting responder group and a determination is made as to whether any application in the first voting responder group provided a veto vote for the protocol. If at least one application in the first voting responder group provided a veto vote for an object, the protocol is ended for the object without sending a voting request to applications in a second voting responder group.

Abstract: Methods and systems disclosed herein describe a universal access layer that allows a plurality of applications to obtain data and/or information from a plurality of heterogeneous data stores. The universal access layer may include one or more application data objects to validate requests, transform a format of the request, determine which data stores comprise the requested data and/or information, encrypt the request, combine responses into a single response, and retransform the response prior to sending it to the requesting application. By using the universal access layer, applications may improve the speed with which they access data and/or information from the plurality of heterogeneous data stores.

Abstract: An encryption key generating method and apparatus based on homomorphic encryption, and a ciphertext operation method and apparatus using the generated encrypt key are disclosed. The method of generating an encryption key for performing encryption based on homomorphic encryption includes receiving data, generating a first encryption key and a second encryption key used for encrypting the data based on a secret key, and transmitting the first and second encryption keys.

Abstract: An intrusion detection apparatus, including: a printed circuit board (PCB), including: an electrical switch, the electrical switch including: conductive pads positioned on a top layer of the PCB, and a conductive ground ring positioned on the top layer and surrounding the conductive pads; and a mechanical pin coupled to a first portion of a chassis of the information handling system at a first end of the mechanical pin, the mechanical pin including a conductive gasket positioned at a second end of the mechanical pin, the first end opposite to the second end, wherein the ground ring provides an intrusion signal when a foreign conductive object is in contact with the ground ring to indicate a presence of the foreign conductive object.

Abstract: A physically unclonable function (PUF) cell array includes a first PUF cell in a first column in a first direction, a second PUF cell in a second column, and a first power rail. The first PUF cell includes a first set of conductive structures that include a first conductive structure extending in the second direction and a second conductive structure extending in the first direction. The second PUF cell includes a second set of conductive structures that include a third conductive structure extending in the second direction and a fourth conductive structure extending in the first direction. The first power rail overlapping a first boundary of the first and second PUF cell. At least the first and third conductive structure, or the second and the fourth conductive structure are symmetric to each other with respect to a central line of at least the first or second PUF cell.

Abstract: A method and system for determining a risk of a cybersecurity event related to a user. Initial user-related data associated with user interactions are collected, comprising user-device, user-network and user-resource interaction data. A unique user profile is determined and defines the digital identity of the user based on the initial user-related data. A first risk processing engine collects, in real time and repeatedly, a real-time user-related data associated with real-time user interactions and detects an anomaly in user's behavior based on the collected real-time user-related data and the digital identity of the user. A second risk processing engine collects complementary data associated with the user (dark web or digital exposure data) to determine a risk profile of the user, and determines the risk of the cybersecurity event based on the anomaly in the user's behavior and the complementary data, in real-time over a complete period of use of resources.

Abstract: A physical unclonable function (PUF) can be implemented on a transistor of an integrated circuit device to generate PUF data. A potential difference is supplied across a gate insulator to induce a conductive breakdown in the gate insulator material. Location of the conductive breakdown within the gate insulator and in relation to the source node and drain node can be highly unpredictable, randomly resulting in a higher gate-source current or higher gate-drain current, respectively. The gate-source or gate-drain current can be measured and digitized to generate the PUF data value from the transistor. Moreover, PUF data values generated from multiple transistors can be highly non-correlated and useful for a random data sequence for cryptographic applications and other security applications.

Abstract: A method of forming a structure is provided. The method includes supporting a substrate within a reaction chamber of a semiconductor processing system, flowing a silicon precursor and a germanium precursor into the reaction chamber, and forming a silicon-germanium layer overlaying the substrate with the silicon containing precursor and the germanium precursor. Concentration of the germanium precursor within the reaction chamber is increased during the forming of the silicon-germanium layer overlaying the substrate. Methods of forming film stack structures, semiconductor device structures, and semiconductor processing systems are also described.

Abstract: In examples, a non-transitory computer-readable storage medium stores executable code, which, when executed by a processor, causes the processor to receive a semiconductor package image, the image including semiconductor package surface codes, the codes including a semiconductor package identifier. The executable code causes the processor to transmit at least one of the semiconductor package identifier, the codes, or the image. The executable code causes the processor to receive information associated with the semiconductor package identifier. The executable code causes the processor to output the information via at least one of a display coupled to the processor, a speaker coupled to the processor, or the wireless transceiver.

Abstract: The invention describes a method for determining a storage location of a database object of a specific version, wherein indexes for each version of the database object are stored in a trie having a root node corresponding to the specific version, the method comprising: determining a trie corresponding to the specific version by accessing the root node of the trie corresponding to the specific version; determining an object identifier of the database object by traversing the trie corresponding to the specific version using a secondary key related to the database object as search key; determining the storage location of the database object by traversing the trie corresponding to the specific version using the determined object identifier as search key.

Abstract: Methods and systems for identifying personally identifiable information (PII) are disclosed. In some aspects, frequency maps of fields storing known PII information are generated. The frequency maps may count occurrences of unique bigrams in the PII fields. A field of interest may then be analyzed to generate a second frequency map. Correlations between the first frequency maps and the second frequency map may be generated. If one of the correlations meets certain criterion, the disclosed embodiments may determine that the field of interest does or does not include PII. Access control for the field of interest may then be based on whether the field includes PII. In some aspects, a storage location of data included in the field of interest may be based on whether the field includes PII.

Abstract: A copy of a blockchain is stored. The stored copy of the blockchain is copied from a blockchain in a distributed blockchain ledger. An event associated with the blockchain in the distributed ledger is identified. In response identifying the event associated with the blockchain in the distributed ledger, a compromise of the blockchain in the distributed ledger is identified, such as, identifying one or more blocks of the blockchain that have been compromised. In a second embodiment, a request to add a new block to a blockchain is identified. In response identifying the request to add the new block to the blockchain, a consensus vote to add the new block to the blockchain is monitored. A determination is made to determine if the consensus vote is below a threshold. In response to the consensus vote being below the threshold, an audit of the blockchain is completed.

Abstract: Embodiments of this application provide application processing methods and apparatuses. One method includes: receiving a startup request from a first client device, where the startup request is used to start an application. Loading, in a high-level language execution environment of an enclave, a manifest file of the application and a dependency relationship between an enclave entrypoint function of the application and a static dependency class, and loading a static dependency class of the enclave entrypoint function of the application based on the manifest file and the dependency relationship between the enclave entrypoint function and the static dependency class.

Abstract: Flash peripheral device may include a kernel in logical communication with a bootloader where the kernel, when initialized, is adapted to upload in at least one hardware controller via the bootloader. Flash peripheral device may also include at least one firmware protocol in logical communication with the kernel and configured to initialize at least one hardware driver of the at least one hardware controller. Flash peripheral device may also include an operation application in logical communication with the kernel and provided with a legacy set of instructions and at least one updated set of instructions. The operation application executes and runs the at least one updated set of instructions when the at least one updated set of instructions is flashed to the operation application or executes and runs the legacy set of instructions when the at least one updated set of instructions fails to be flashed to the operation application.

Abstract: Mechanisms are provided for fully homomorphic encryption enabled graph embedding. An encrypted graph data structure, having encrypted entities and predicates, is received and, for each encrypted entity, a corresponding set of entity ciphertexts is generated based on an initial embedding of entity features. For each encrypted predicate, a corresponding predicate ciphertext is generated based on an initial embedding of predicate features. A machine learning process is iteratively executed, on the sets of entity ciphertexts and the predicate ciphertexts, to update embeddings of the entity features of the encrypted entities and update embeddings of predicate features of the encrypted predicates, to generate a computer model for embedding entities and predicates. A final embedding is output based on the updated embeddings of the entity features and predicate features of the computer model.

Abstract: Power and electromagnetic fault injection vulnerabilities in an integrated circuit (IC) can be characterized sampling one or more integrated timing sensors in real-time or by equivalent-time sampling. To achieve equivalent-time sampling, a series of fault injection attempts are performed. An array of timing sensors implemented in part of the IC capture a measure of relative propagation delay, which fluctuates proportionally with instantaneous voltage. Increased voltage fluctuation can indicate elevated probability of faults in digital logic. Related apparatus, systems, techniques and articles are also described.

Abstract: An authentication system for authenticating an authentication-target apparatus by transmitting challenge data from an authenticating apparatus to the authentication-target apparatus and transmitting response data from the authentication-target apparatus to the authenticating apparatus. The authentication-target apparatus updates ae secret key and an encrypted original key stored in a memory using a new secret key and a new encrypted original key, derives an authentication key based on an original key, and generates the response data based on a challenge data received from the authenticating apparatus and the authentication key. The authentication apparatus derives an authentication key based on identification information of the authentication-target apparatus and an authentication original key, generates response data for verification based on the challenge data and the authentication key, and obtains an authentication result.

Abstract: The present invention is proposed to solve the above problems and is directed to providing a UWB system comprising: a memory in which a UWB ranging factor definition program is embedded; and a processor which executes the program, wherein the processor predefines UWB ranging factors to define an encryption key in consideration of a unique m-byte key characteristic for each set of a vehicle and a device.

Abstract: The invention is a method of use for a VPN, customized via programming, that controls access without requiring any personal user information, and conveys only files encrypted using Diffie-Hellman AES-256-GCM encryption processes. Conveyed files are stored only in encrypted form and can only be displayed in real time by a user, and once viewed, only the encrypted file remains. The method also includes a means of end-to-end file deletion that leaves no remnants of the deleted file behind.

Abstract: Systems and methods for key generation between a first user computing device and a second user computing device without requiring direct communication during key generation. The method using a plurality of third-party providers and a first private table and a second private table. The method including: performing by the second user computing device: receiving indexes each associated with a value in the second private table, each index received from the respective third-party provider sharing those values, each index associated with a value that matches an indexed value in the first private table received by the respective third-party provider from the first user computing device; and generating a common key by combining the indexed values of the second private table.