This disclosure relates to a method for vertical federated learning. In multiple participation nodes deployed in a multi-way tree topology, an upper-layer participation node corresponds to k lower-layer participation nodes. After the upper-layer participation node and the k lower-layer participation nodes exchange public keys with each other, the upper-layer participation node performs secure two-party joint computation with the lower-layer participation nodes with a first public key and second public keys as encryption parameters to obtain k two-party joint outputs of a federated model. Further, the upper-layer participation node aggregates the k two-party joint outputs to obtain a first joint model output corresponding to the federated model. As such, a multi-way tree topology deployment-based vertical federated learning architecture is provided, improving the equality of each participation node in a vertical federated learning process.

A computer-implemented method can include: constructing and initializing Pseudo Random Generator Resources using a multiplicity of secret seed values or secret data values known to a first and second communication device; deriving a session key based, at least in part, on the secret seed, secret data values, Multi-Factor Authentication methods, or Pseudo Random Number Generator Resource generated output; receiving from the first communications device, at the second communications device, data encrypted with the session key or Deterministic Chaos obfuscation methods; and decrypting the data at the second communications device using the session key or Deterministic Chaos de-obfuscation methods.

In one form, a method for a client to conduct a secure communication with a server includes negotiating a selected cryptographic algorithm for use in a new session with the server. A new server public key and the selected cryptographic algorithm is received from the server a using a data payload signed by an embedded key pair. A new client key pair including a new client public key and a new client private key is generated using the selected cryptographic algorithm. The new client public key is sent to the server. At least one server data payload is received from the server during the new session encrypted by a new session key generated from the new client public key.

Aspects of the present disclosure relate to transaction security techniques. In examples, a resource platform causes a set of executable verification instructions associated with an authorization processor to be executed by a user computing device. The verification instructions may be encrypted by the authorization processor for decryption by the user computing device. The verification instructions may generate verification information associated with the user computing device. In some instances, the verification information may be encrypted for decryption by the authorization processor. The encrypted verification instructions may be provided to the authorization processor (e.g., via the resource platform), such that the authorization processor may provide an indication to the resource platform as to whether the verification is verified. Accordingly, if the verification information is verified a transaction associated with the resource platform may proceed or, as another example, the user computing device may be granted access to information.

Aspects of the present disclosure relate to transaction security techniques. In examples, a resource platform causes a set of executable verification instructions associated with an authorization processor to be executed by a user computing device. The verification instructions may be encrypted by the authorization processor for decryption by the user computing device. The verification instructions may generate verification information associated with the user computing device. In some instances, the verification information may be encrypted for decryption by the authorization processor. The encrypted verification instructions may be provided to the authorization processor (e.g., via the resource platform), such that the authorization processor may provide an indication to the resource platform as to whether the verification is verified. Accordingly, if the verification information is verified a transaction associated with the resource platform may proceed or, as another example, the user computing device may be granted access to information.

An authentication and encryption protocol is provided that can be implemented within a single clock cycle of an integrated circuit chip while still providing unbreakable encryption. The protocol of the present invention is so small that it can co-exist on any integrated circuit chip with other functions, including a general purpose central processing unit, general processing unit, or application specific integrated circuits with other communication related functionality.

Aspects of the present disclosure provide systems, methods, and computer-readable storage media that support secure training of machine learning (ML) models that preserves privacy in untrusted environments using distributed executable file packages. The executable file packages may include files, libraries, scripts, and the like that enable a cloud service provider configured to provide ML model training based on non-encrypted data to also support homomorphic encryption of data and ML model training with one or more clients, particularly for a diagnosis prediction model trained using medical data. Because the training is based on encrypted client data, private client data such as patient medical data may be used to train the diagnosis prediction model without exposing the client data to the cloud service provider or others. Using homomorphic encryption enables training of the diagnosis prediction model using encrypted data without requiring decryption prior to training.

Solutions of verifying a plurality of public parameters from a Trusted Centre (TC) in an identity-based encryption and signature system prior to encrypting a plaintext message by a sender having a sender identity string. The method may include identification of the Trusted Centre by a TC identity string, the Trusted Centre having a master public encryption key based on the TC identity string; determination if the sender has a sender private key and the public parameters for the Trusted Centre including the master public key of the Trusted Centre and a bilinear map; and verification of the public parameters using the TC identity string prior to encrypting the plaintext message into a ciphertext by comparing values of the bilinear map calculated with variables comprising the sender private key and the master public key. The ciphertext may include an authentication component for authenticating the sender once the ciphertext is received and decrypted by the recipient using the identity string of the sender and the private key of the recipient. Enables a signature scheme from the same parameters and private keys, the signature is forged using the private key of the signer, the message and the public parameters, the verification is done using the public parameters, the identity of the signer, the signature and the message.

According to a first aspect, there is provided a computer-implemented method of cryptographically linking multiple documents, having multiple electronic signature requirements, via a sequence of blockchain transactions, the method comprising: computing document signature data satisfying a first signature requirement for an existing document, the first signature requirement defined in a blockchain transaction containing or referencing the existing document; wherein the document signature data signs a portion of a linking transaction containing or referencing a supplementary document, the linking transaction comprising an input for validly spending a spendable output of the blockchain transaction, whereby the document signature cryptographically links the supplementary document with the existing document; and wherein the signed portion comprises multiple outputs of the linking transaction; wherein a first of the multiple signed outputs is spendable and associated with the existing document, the signed portion defining a second signature requirement for the existing document; and wherein a second of the multiple signed outputs is spendable and associated with the supplementary document, the signed portion defining a signature requirement for the supplementary document.

According to a first aspect, there is provided a computer-implemented method of cryptographically linking multiple documents, having multiple electronic signature requirements, via a sequence of blockchain transactions, the method comprising: computing document signature data satisfying a first signature requirement for an existing document, the first signature requirement defined in a blockchain transaction containing or referencing the existing document; wherein the document signature data signs a portion of a linking transaction containing or referencing a supplementary document, the linking transaction comprising an input for validly spending a spendable output of the blockchain transaction, whereby the document signature cryptographically links the supplementary document with the existing document; and wherein the signed portion comprises multiple outputs of the linking transaction; wherein a first of the multiple signed outputs is spendable and associated with the existing document, the signed portion defining a second signature requirement for the existing document; and wherein a second of the multiple signed outputs is spendable and associated with the supplementary document, the signed portion defining a signature requirement for the supplementary document.