A key management unit causes key data being managed to be stored, with prescribed timing, in a second address that is different from a first address that indicates the location in which the key data is stored, and updates the first address of key address management information to the second address. A cryptographic processing unit transmits, to the key management unit address, request information requesting the address of the key data for carrying out a cryptographic process on a prescribed message. Upon receipt of the address request information, the key management unit acquires the address of the key data from key address management information and transmits the address to the cryptographic processing unit. Upon receipt of the address, the cryptographic processing unit accesses the address to use the key data to carry out a cryptographic process on the message.

An electronic device and method of generating a Physically Unclonable Function (“PUF”) value is disclosed. An OTP memory with a plurality of OTP cells that can be reliably and deterministically programmed with a minimum and a maximum program voltage being selected for pre-conditioning. All OTP cells can be programmed at least once around the minimum program voltage to hide the program status. Data to be programmed into the OTP can be a fixed, time-varying voltage or data from an entropy source. The programmed OTP data can be masked for weak bits and further randomized to generate PUF output by compressing a bit stream into a single bit, e.g., single parity bit. The PUF output can be through a hash function and/or to generate keys.

Systems and methods for determining cryptographic operation masks for improving resistance to external monitoring attacks. An example method may comprise: selecting a first input mask value, a first output mask value, and one or more intermediate mask values; based on the first output mask value and the intermediate mask values, calculating a first transformation output mask value comprising two or more portions, wherein concatenation of all portions of the first transformation output mask value produces the first transformation output mask value, and wherein exclusive disjunction of all portions of the first transformation output mask value is equal to the first output mask value; and performing a first masked transformation based on the first transformation output mask value and the first input mask value.

A medical data communication apparatus includes a data acquisition unit configured to acquire medical data of a subject output from a medical device from the medical device, the medical device being connected for communication with the medical data communication apparatus without an external network intervening therebetween; a modification unit configured to modify the medical data based on a modification instruction received from a server, the server being connected for communication with the medical data communication apparatus through an external network, the modification instruction being for modifying specific information in the medical data; and an output unit configured to output the medical data modified by the modification unit to the external network based on a request from the server.

An example private processing pipeline may include: a masked decryption unit to perform a masked decryption operation transforming input data into masked decrypted data; a masked functional unit to produce a masked result by performing a masked operation on the masked decrypted data; and a masked encryption unit to perform a masked encryption operation transforming the masked result into an encrypted result.

A method and apparatus for obtaining a privacy set intersection are provided. The method may include: encrypting a privacy set of an intersection initiator by using a homomorphic encryption algorithm to generate a cipher text, a cipher text function, a public key, and a private key of the intersection initiator; delivering the cipher text, the cipher text function, and the public key of the intersection initiator to an intersection server; receiving a to-be-decrypted function value of a privacy set of the intersection server from the intersection server; and decrypting the to-be-decrypted function value of the privacy set of the intersection initiator by using the private key, to obtain an intersection element of the privacy set of the intersection initiator and the privacy set of the intersection server.

An authentication system and an authentication method are provided. The electronic device of the authentication system includes a controller, a processor and a key module, wherein the processor performs an application program. In a binding phase, the application device generates a digest file according to key factor information and a selection strategy, and stores the digest file in a digest table of the electronic device. In a checking phase, the application program determines whether the controller corresponds to a binding device according to the digest file and the key factor information. If the controller corresponded to the binding device, in an authentication phase, the controller performs an authentication operation of a U2F service with a server device according to the digest file corresponding to the binding device in response to a pressing of the key module.

According to an embodiment, an encryption processing device includes a memory and one or more processors. The memory stores a plurality of divided masks to be applied to an input sentence on which mask processing is performed in unit of processing of a predetermined size corresponding to a size of data obtained by dividing target data of encryption processing into a plurality of pieces, the divided masks having a same size as that of data obtained by further dividing the data of the unit of processing. The one or more processors are configured to: read out the plurality of divided masks from the memory at different respective timings, and generate a plurality of first masks by using the read-out divided masks at different respective timings; and execute arithmetic processing on intermediate data of the encryption processing using the plurality of first masks at different respective timings.

Secure data analytics is provided via a process that identifies sensitive data fields of an initial dataset and mappings between the sensitive data fields and other data fields of the dataset, where analytics processing is to be performed on the initial dataset, then, based on an expectation of data fields, of the initial data set, to be used in performance of the analytics processing and on the identified sensitive data fields, selects and applies a masking method to the initial dataset to mask the sensitive data fields and produce a masked dataset, provides the masked dataset to an analytics provider with a request for the analytics processing, and receives, in response, a generated analytics function, generated based on the masked dataset, that is configured to perform the analytics processing, and invokes the generated analytics function against the initial dataset to perform the analytics processing on the initial dataset.

Example systems and methods for biometric authentication that can bridge fuzzy extractors with deep learning and achieve the goals of preserving privacy and providing recoverability from zero are disclosed. Embeddings comprising a face or speaker embedding in a non-Hamming distance space can be processed to create a personal reliable bit map and a reliable locality-sensitive hash (LSH) for mapping the non-Hamming distance space to a Hamming distance space. A fuzzy extractor can be applied to create metadata that can be stored on a computing device. A secret can be recovered from the metadata and can be used for identification.