This document relates to hardware protection of differential privacy techniques. One example obtains multiple instances of encrypted telemetry data within a secure enclave and processes the encrypted telemetry data to obtain multiple instances of unencrypted telemetry data. The example also processes, within the secure enclave, the multiple instances of unencrypted telemetry data to obtain a perturbed aggregate. The example also releases the perturbed aggregate from the secure enclave.

Universal tags linked to the content of a data file are sporadically/periodically generated for protecting the authenticity of the data file and/or the owner/creator of a digital file. New universal tags are generated by altering one or more keys/seeds used to generate the universal tag. Once a current universal key is generated, the current universal tag is registered on a distributed ledger of at least on distributed trust computing network, thus superseding the registration of a last-in-time/previous universal tag to thereby become the effective validation means for (i) an authenticity of the data file, and/or (ii) the user associated with the data file (e.g., rightful possessor and/or creator of the digital file).

A process for linking a key to a component is disclosed herein along with apparatus that implements the process and related compositions of matter. In various aspects, the key may be a password, hash, key, encryption key, decryption key, seed value, unlock code, or other alphanumeric identifier, and the component includes a computer in networked communication, and may further include a specific user of the computer. The process may include the process step of identifying the component using environmental variables associated with the component, and the process step of forming a representation of the key unique to said component. The representation is tested to determine that the identified component is the source of the representation, in various aspects. Accordingly, the process may include the process step of testing the representation against previous representations thereby determining the representation is not statistically duplicative of previous representations, and the process may include the process step of testing the representation against possible representations from said component where the possible representations are unique to the component.

A method for performing a matrix multiplication operation being secure against side-channel attacks according to one embodiment, which is performed by a computing device comprising one or more processors and a memory storing one or more programs to be executed by the one or more processors, includes shuffling an order of execution of multiplication operations between elements of a first matrix and elements of a second matrix for a matrix multiplication operation between the first matrix and the second matrix; and performing the matrix multiplication operation based on the shuffled order of execution.

A system provides integrity validation of authorization codes using cryptographic hashes. In particular, the system may use various types of input data to generate a randomized hash value which may be associated with a user, device, or set of data (e.g., an authorization code). For instance, the input data may include historical log data, location and/or geolocation data, contextual data, salt values, or the like. In this way, the system may generate a hash value that is randomized while adding meaning that is unique to the user, device, or data with which the randomized hash value is associated.

A method for obfuscating data at-transit can include receiving a request for communicating data, determining a sequence of data at-transit for a window of time; and providing the sequence of the data at transit for performing communications across interconnect to another component. The described method can be carried out by an obfuscation engine implemented in an electronic system such as within a secure element. A secure element can include a processor and a memory. The obfuscation engine can be part of the processor, part of the memory, or a stand-alone component.

Some embodiments provide systems and methods for confidentially and securely provisioning data to an authenticated user device. A user device may register an authentication public key with an authentication server. The authentication public key may be signed by an attestation private key maintained by the user device. Once the user device is registered, a provisioning server may send an authentication request message including a challenge to the user device. The user device may sign the challenge using an authentication private key corresponding to the registered authentication public key, and may return the signed challenge to the provisioning server. In response, the provisioning server may provide provisioning data to the user device. The registration, authentication, and provisioning process may use public key cryptography while maintaining confidentiality of the user device, the provisioning server, and then authentication server.

A physically unclonable function (PUF) device comprises a plurality of conductors, at least some of which are arranged so that they interact electrically and/or magnetically with one another. A media surrounds at least a portion of each of the conductors, and circuitry applies an electrical challenge signal to at least one of the conductors and for receiving an electrical output from at least one of the other conductors to generate an identifying response to the challenge signal that is unique to the device.

Systems, and associated methods, involving both a trusted and an untrusted device where sensitive data or keys are shared between those devices are disclosed. A disclosed method includes storing a key in a secure memory on a first device, receiving sensitive data via a user interface on a second device, generating a set of white box encryption instructions based on the key using a white box encryption generator on the first device, generating a complete data representation of the set of white box encryption instructions using a secure processor on the first device, transmitting the complete data representation from the first device to the second device, and encrypting the sensitive data using the complete data representation on the second device. The complete data representation is not Turing complete and is not executable with respect to the second device.

A randomization element includes a logic input for inputting a logic signal, a logic output for outputting the input logic signal at a delay and a randomization element. The randomization elements introduces the delay between said logic input and said logic output and operates selectably in static mode and in dynamic mode in accordance with a mode control signal. A logic circuit may be formed with randomization elements interspersed amongst the logic gates, to obtain protection against side channel attacks by inputting a selected control sequence into the randomization elements.