Systems, methods, and non-transitory computer-readable media can determine a first dataset provided by a first party, wherein the first dataset includes a set of vectors that are each associated with a user identifier. A second dataset provided by a second party can be determined, wherein the second dataset includes a set of vectors that are each associated with a user identifier. One or more vectors in the first dataset can be matched to vectors in the second dataset based on a secure multi-party computation without revealing respective graph information of the first party or the second party. Respective mappings between vectors in the first dataset to a set of shared universal identifiers can be provided to the first party. Respective mappings between vectors in the second dataset to the set of shared universal identifiers can be provided to the second party.

A distributed database encrypts a table using a table encryption key protected by a client master encryption key. The encrypted table is replicated among a plurality of nodes of the distributed database. The table encryption key is replicated among the plurality of nodes, and is stored on each node in a respective secure memory. In the event of node failure, a copy of the stored key held by another member of the replication group is used to restore a node to operation. The replication group may continue operation in the event of a revocation of authorization to access the client master encryption key.

Systems and methods for controlling record relationship changes in a content management system. The content management system may have several layers of access controls, which may include a layer of access control at the object level, a layer of access control at the row level and a layer of access control at the field level. Access may be controlled at the object level by a user's security profile, at the object record level (or row level) by the user's role, and/or at the object field level by the user's role or a state in a document lifecycle. A secure inbound relationship attribute may be used to control record relationship changes. Actions for creating, deleting and reassigning are permitted only when the inbound relationship is editable according to the secure inbound relationship attribute.

An apparatus and method for mapping user-associated data to an identifier. The apparatus includes a processor configured to store a plurality of user identifiers. User identifiers may be determined by way of user or by machine-learning modules or the like. Apparatus receives user-associated data from a user to be stored in a resource data storage system. User-associated data may include a plurality of data sets to be mapped to an identifier. Mapping a data set to an identifier may be user determined or use a machine-learning module. Apparatus is configured to update the immutable sequential listing associated with the data set with the mapped identifier.

Apparatuses, systems, methods, and software are disclosed for authorization delegation. In a participant device a derivative key is generated in dependence on a received key. An authenticity check value for a delegation information block is generated in dependence on the delegation information block and the received key. The derivative key is derived in dependence on the delegation information block and the received key. An extended certificate chain is created comprising a received certificate chain appended with a local certificate, which comprises the delegation information block and the authenticity check value.

A first party uses a secret key to encrypt information, which is then sent through an untrusted connection to a second party. The second party, however, cannot decrypt the information on its own, and it relays the encrypted information through a secure network. The secure network includes one or more nodes linking the first and second parties through one or more trusted connections (“hops”); each hop features uses of a shared secret key unique to that hop. The first party's connection to the network (domain) receives the information relayed through the secure network by the second party, it decrypts that information according to the secret key of the first party, and it then retransmits the decrypted information to the second party using the secure hops. Techniques are provided for sharing a private session key, federated credentials, and private information.

Embodiments of this application provide key update methods and apparatuses in the field of communications technologies. A communications system includes a terminal and a core network device. The terminal can access the core network device using both a first access technology and a second access technology. The first connection and the second connection have a shared key. Key update for the first connection is performed in obtaining a first key identifier that identifies a first key obtained by performing the key update for the first connection. In response to determining that the second connection is in a connected state, the shared key for the second connection and a second key identifier that identifies the shared key are retained. The shared key is kept using for the second connection before performing key update for the second connection.

The performance of quantum key distribution by systems and methods that use wavelength division multiplexing and encode information using both wavelength and polarization of photons of two or more wavelengths. Multi-wavelength polarization state encoding schemes allow ternary-coded digits, quaternary-coded digits and higher-radix digits to be represented by single photons. Information expressed in a first radix can be encoded in a higher radix and combined with a string of key values to produce a datastream having all allowed digit values of that radix in a manner that allows eavesdropping to be detected without requiring the sender and receiver to exchange additional information after transmission of the information.

Computation efficiency of distributed secure implementation of the computation of a (sum of) products of values Vi, Wi from different servers on a distributed computing system is improved by generation of coefficients of a first and second polynomials P, Q by a first server. The first polynomial P has all numbers Xi from a first data set on the first server as roots. The second polynomial Q has values Q(Xi)=Vi for the numbers Xi from the first data set. The first server transmits coefficients of the polynomials to a second server in encrypted form. The second sever computes encrypted values <P(Xi′)> and <Q(Xi′)> of the polynomials for a number Xi′ in a second set from the encrypted coefficients. The second server computes an encrypted binary value <di> from the encrypted value <p(Xi′) of the first polynomial p and computes an encrypted value of a product <di Q(Xi′) Wi>.

A method for establishing a fully private, information secure interconnection between a source and a destination over a data network with at least a portion of a public infrastructure. The method comprising at the source creating n shares of a source data according to a predetermined secret sharing scheme, and encrypting the n shares using (n, k) secret sharing. Further, defining for at least one node vi a directed edge (Vi1, Vi2) that has a k−1 capacity. All outgoing links of vi are connected to vi2. Additionally, using a maximum flow algorithm to define the maximum number of shares outgoing from vi2, and therefore from vi, on each outgoing link. The number of shares forwarded by node vi does not exceed the number of maximum shares that were defined by the maximum flow algorithm.