A system, method and apparatus for routing traffic in ad-hoc networks. A routing blockchain network processes routing node information proposals received from manager nodes of network clusters. Performance metrics of one or more nodes in the system are verified using distributed ledger techniques and provided to the manager nodes as updates to each manager node's routing information. The manager nodes further determine routing paths for ad-hoc communication requests based on an authentication event that defines conditions necessary to route traffic streams in association with a particular resource.

A biometric capture is performed to capture multiple regions of a biometric modality of interest, such as regions of a user's face. A complex representation of the user's biometric data is generated, such that each data point within the complex representation is based on biometric information from multiple of the captured regions. Information that later allows reconstruction of the complex representation from another capture of the user's biometric information is stored in a public code that does not include any of the underlying biometric data from the user or information that can be used to derive the underlying biometric data.

Some embodiments enable distributing data (e.g., recorded video, photographs, recorded audio, etc.) to a plurality of users in a manner which preserves the privacy of the respective users. Some embodiments leverage homomorphic encryption and proxy re-encryption techniques to manipulate the respective data so that selected portions of it are revealed according to an identity of the user currently accessing the respective data.

According to one embodiment, an execution unit is described, which includes a mask generation circuit configured to generate a mask by multiplying a mask generation vector by blocks of codewords of a plurality of cyclic codes, a masking circuit configured to mask data to be processed by means of the mask, and an arithmetic logic unit configured to process the masked data by means of additions and rotations.

The present invention relates to a device having a central processing unit, RAM memory and at least two hardware elementary operations, using registers of greater size than the one of the central processing unit, said device being such that construction of at least one part of RAM memory is managed only by the hardware elementary operations, hardware elementary operations themselves and masking of inputs/outputs/intermediary data are monitored by software instructions, said software instructions being able to address different cryptographic functionalities using said hardware elementary operations according to several ways depending on each concerned functionality, said software instructions being further able to address several levels of security in the execution of the different functionalities.

There is provided a device for protecting a cryptographic program implemented in a cryptographic computing device, the cryptographic computing device includes one or more processors, the cryptographic program comprising instructions and being associated with an initial execution order of the instructions. The device comprises a compiler to compile the cryptographic program, which provides an intermediate representation of the cryptographic program comprising instructions and variables used to execute the instructions. The device is configured to: determine a graph of dependencies comprising nodes and edges, each node of the graph representing an instruction of the intermediary representation, and each edge of the graph representing a variable of the intermediary representation; mask the graph of dependencies by replacing each variable of the graph of dependencies with a masked variable, the processing unit determining the masked variable by applying a masking scheme to the variable, which provides a masked graph of dependencies; determine at least a set of independent instructions using the masked graph of dependencies; determine an execution order for each set of independent instructions from the initial execution order, the execution order representing the order of execution of the set of independent instructions by at least one of the one or more processors.

Methods and image processing devices for encoding and decoding private data are proposed. The method for encoding private data includes to receive an original video frame, mask at least one private area in the original video frame to generate a protected video frame, generate a first encoded frame by encoding the protected video frame, and generate at least one output bitstream for streaming or storage according to the first encoded frame. The method for decoding private data includes to receive at least one input video bitstream to obtain a first encoded bitstream and a second encoded bitstream, decode the first encoded bitstream to generate a protected video frame including image data associated with at least one private area, and output the protected video frame to a display queue such that the at least one private area is displayed.

Some embodiments enable distributing data (e.g., recorded video, photographs, recorded audio, etc.) to a plurality of users in a manner which preserves the privacy of the respective users. Some embodiments leverage homomorphic encryption and proxy re-encryption techniques to manipulate the respective data so that selected portions of it are revealed according to an identity of the user currently accessing the respective data.

A network authentication system comprises user equipment (UE), a service network (SN) and a home network (HN). The HN generates an expected user response (XRES) based on an identifier of the UE and generate an indicator, and sends the part of XRES and the indicator to the SN. The SN receives the part of XRES and indicator, and receives a user response (RES) from the UE. The SN then compares the RES with the XRES base on the indicator, and sends a confirmation message to the HN when the comparison succeeds.

A computer-implemented method for information protection comprises: committing a transaction amount of a transaction with a first commitment scheme to obtain a transaction commitment value, committing a change of the transaction with a second commitment scheme to obtain a change commitment value, the first commitment scheme comprising a transaction blinding factor, and the second commitment scheme comprising a change blinding factor; encrypting a first combination of the change blinding factor and the change with a first key; transmitting the transaction blinding factor, the transaction amount, and the transaction commitment value to a recipient node associated with a recipient for the recipient node to verify the transaction; in response to that the recipient successfully verifies the transaction, obtaining an encrypted second combination of the transaction blinding factor and the transaction amount encrypted with a second key.