A system and a method are disclosed for securing sensitive data for transaction requests using tokenization and encryption. A secure transfer system secures sensitive information of transaction requests. The secure transfer system may receive a transaction request file and generate a modified transaction request file by tokenizing values in the received file. For each transaction request in the file, the system may store a representation of the untokenized values in a datastore in conjunction with an identifier of the transaction request. This identifier may be generated from the tokenized values. The secure transfer system may use the identifier to query the datastore for the representation of the untokenized values. The system may decrypt encrypted values in the representation to generate a transaction request file of detokenized values, which may be provided to an automated clearing house to fulfill the transaction requests.

Methods, systems, and apparatuses for defending against cryptographic attacks using clock period randomization. The methods, systems, and apparatuses are designed to make side channel attacks and fault injection attacks more difficult by using a clock with a variable period during a cryptographic operation. In an example embodiment, a clock period randomizer includes a fixed delay generator and a variable delay generator, wherein a variable delay generated by the variable delay generator is based on a random or pseudorandom value that is changed occasionally or periodically. The methods, systems, and apparatuses are useful in hardware security applications where fault injection and/or side channel attacks are of concern.

Some embodiments provide systems and methods for confidentially and securely provisioning data to an authenticated user device. A user device may register an authentication public key with an authentication server. The authentication public key may be signed by an attestation private key maintained by the user device. Once the user device is registered, a provisioning server may send an authentication request message including a challenge to the user device. The user device may sign the challenge using an authentication private key corresponding to the registered authentication public key, and may return the signed challenge to the provisioning server. In response, the provisioning server may provide provisioning data to the user device. The registration, authentication, and provisioning process may use public key cryptography while maintaining confidentiality of the user device, the provisioning server, and then authentication server.

A control system for conducting an election may include a voter client configured to be used by a voter to cast a vote for a candidate, a registrar server, and a moderator server. The moderator server may be configured to obscure the identity of the voter. The registrar server may be configured to randomly assign a ballot to the obscured voter. The registrar server may be configured to encrypt the ballot. The moderator server may be configured to transmit the encrypted ballot to the voter client. The voter client may be configured to decrypt the encrypted ballot to recover the ballot. The voter client, in response to the voter selecting a desired candidate, may be configured to generate a ballot associated with a vote. The voter client may be configured to encrypt the ballot using a public key of the registrar server and a public key of the moderator server.

Embodiments are directed to generating and training a distributed machine learning model using data received from a plurality of third parties using a distributed ledger system, such as a blockchain. As each third party submits data suitable for model training, the data submissions are recorded onto the distributed ledger. By traversing the ledger, the learning platform identifies what data has been submitted and by which parties, and trains a model using the submitted data. Each party is also able to remove their data from the learning platform, which is also reflected in the distributed ledger. The distributed ledger thus maintains a record of which parties submitted data, and which parties removed their data from the learning platform, allowing for different third parties to contribute data for model training, while retaining control over their submitted data by being able to remove their data from the learning platform.

Biometric data such as iris, facial, or fingerprint data may be obtained from a user. A public code may be generated from the biometric data, but does not obtain any of the biometric data or information that can be used to identify the user. The public code includes information that can be used to extract from the biometric data a biometric code that is suitable for bitwise comparison. Neither the underlying biometric data nor information from which the biometric data may be determined is stored as only the public code and the actual biometric feature of the user is required to generate the biometric code.

A non-interactive protocol is provided for evaluating machine learning models such as decision trees. A client can delegate the evaluation of a machine learning model such as a decision tree to a server by sending an encrypted input and receiving only the encryption of the result. The inputs can be encoded as vector of integers using their binary representation. The server can then evaluate the machine learning model using a homomorphic arithmetic circuit. The homomorphic arithmetic circuit provides an implementation that requires fewer multiplications than a Boolean comparison circuit. Efficient data representations are then combined with different algorithmic optimizations to keep the computational overhead and the communication cost low. Related apparatus, systems, techniques and articles are also described.

Cryptographic methods and systems for key exchange, digital signature and zero-knowledge proof. In the digital signature scenario, there is provided a method of signing a digital document, comprising: obtaining a private cryptographic key associated with the signer; obtaining a digital asset from the digital document; selecting a base data element; computing a plurality of signature data elements from (i) the digital asset, (ii) the base data element and (iii) the private cryptographic key; and transmitting the digital document and the plurality of signature data elements to a recipient over a data network. Provenance of the digital document is confirmable by the recipient carrying out a predefined computation involving the digital document, the signature data elements, a plurality of noise variables and a public cryptographic key corresponding to the private cryptographic key associated with the signer. In the zero-knowledge proof scenario, the digital asset plays the role of a challenge data element.

The present invention provides an improved system and method for using cryptography to secure computer-implemented choice mechanisms. In several preferred embodiments, a process is provided for securing participants' submissions while simultaneously providing the capability of validating their submissions. This is referred to as a random permutation. In several other preferred embodiments, a process is provided for securing participants' advance instructions while simultaneously providing the capability of validating their advance instructions. This is referred to as a secure advance instruction. Applications include voting mechanisms, school choice mechanisms, and auction mechanisms.

A method for obfuscating data at-transit can include receiving, at a first component on a chip, an instruction request for communicating a first data to a second component on the chip. The first component can be a processor and the second component can be an associated memory. The method can further include, determining a sequence of data arranged to obfuscate the first data while including valid bits of the first data, wherein the sequence of data indicates what is to be conveyed across lines on the chip during each time slot over a window of time controlled by a clock signal on the chip; and providing, over the window of time, the first data to the second component across the lines on the chip according to the sequence of data.