Methods and devices are provided for use in carrying out a transaction between a transaction device and a point of interaction. In connection therewith, a device for interacting with a point of interaction to carry out a transaction by a consumer includes a processor comprising a payment application and a system environment module, where the system environment module is configured to determine whether the payment application is eligible for a transaction. The device also includes an input in communication with the processor and configured to receive transaction data from a point of interaction in connection with the transaction, and an output in communication with the processor and configured to transmit transaction data to the point of interaction in connection with the transaction when the system environment module determines that the payment application is eligible for the transaction.

The invention provides a solution for secure input of a user's input into an electronic device. The invention comprises methods and apparatus for secure input of a user's identifier e.g. password or other code. An image of a keyboard is superimposed over a scrambled, operable keyboard within a display zone of a screen associated with an electronic device. The keyboard image depicts a non-scrambled keyboard, in that the keys depicted in the image are in an expected or standardised format or order eg QWERTY keyboard arrangement. The difference in positions of the keys depicted in the image, and those in the operable keyboard, provides a mapping which enables an encoded form of the identifier to be generated, such that the un-encoded version is never stored in the device's memory. Preferably, the image depicts a keyboard which is standard for the device which it is being displayed on. The device may be a mobile phone, a tablet computer, laptop, PC, payment terminal or any other electronic computing device with a screen. The underlying keyboard, which is at least partially obscured from the user's view by the image, may be generated at run time by a procedure call. Preferably, this procedure is native to the device ie part of a library which is provided as standard with the device.

Data can be protected in a centralized tokenization environment. A security value is received by a central server from a client device. The central server accesses a token table corresponding to the client device and generates a reshuffled static token table from the accessed token table based on the received security value. When the client device subsequently provides data to be protected to the central server, the central server tokenizes the provided data using the reshuffled static token table and stores the tokenized data in a multi-tenant database. By reshuffling token tables using security values unique to client devices, the central server can protect and store data for each of multiple tenants such that if the data of one tenant is compromised, the data of each other tenant is not compromised.

In various embodiments, a computer-readable memory medium coupled to a processor is disclosed. The memory medium is configured to store instructions which cause the processor to retrieve a seed value, receive a digital bit stream, receive a digital bit stream, generate a stream of random bits, using the seed value as a seed to a pseudo random number generator (PRNG), wherein the stream of random bits contains at least as many bits as the digital bit stream, shuffle bits of the stream of random bits to create a random bit buffer, generate an obfuscated digital bit stream by applying a first exclusive OR (XOR) to the digital bit stream and the random bit buffer, wherein the obfuscated digital bit stream has the same number of bits as the digital bit stream, and provide the obfuscated digital bit stream to the communications interface.

A zero knowledge communications protocol is provided that can unconditionally secure communications sent through a communications network by encrypting all messages, continuously sending noise messages through the network, and routing all network activity through an anonymity network. This combination of components prevent an eavesdropper on the network from garnering any information about when a communication is sent, the contents and statistics of a communication, the sender, or the intended recipient of the communication.

A method for executing by a circuit a substitution operation such that an output data may be selected in a substitution table using an input data as an index. The substitution operation may be performed using a new masked substitution table. The input data may be combined by XOR operations with a new value of a first mask parameter, and the output data may be combined by XOR operations with a new value of a second mask parameter. The new masked substitution table may be generated by computing the new value of the first mask parameter by applying XOR operations to a previous value of the first mask parameter and to a first input mask, computing the new value of the second mask parameter by applying XOR operations to a previous value of the second mask parameter and to a second input mask, and generating the new masked substitution table using a previous masked substitution table and the first and second input masks.

A logging device configured to store log messages, includes a storage device having a plurality of log entry locations which can be ordered as a sequence, an encryption device configured to generate the encrypted log messages from log messages, an authentication code generator configured to generate an authentication code from the encrypted log message, a key evolving device, a state storage device configured to store state variables for use by the encryption device, the authentication code generator and/or the key evolving device. Furthermore, a verification device configured to verify log entries stored in log entry locations of the storage device is also described. A method for storing log entries in log entry locations of a storage device of a logging device as well as to a method for verifying the integrity of log entries stored in log entry locations of a storage device is also described.

System and method to protect the privacy of ADS-B messages transmitted by aircraft. The system includes one or more ground stations with a ground station control unit and a ground ADS-B transponder for receiving an ADS-B message. The ground station control unit includes an aircraft position determination module for retrieving an aircraft position included in the ADS-B message; an operating conditions module for determining the fulfillment of operating conditions including determining if the aircraft position is an actual aircraft position; and a fake aircraft position generator for computing one or more fake aircraft positions. The ground station control unit broadcasts one or more fake ADS-B messages including the fake aircraft positions if the operating conditions are met. With this system only trusted receivers can obtain the real position of the aircraft.

A computer-implemented method comprises: committing a transaction amount t of a transaction with a commitment scheme to obtain a transaction commitment value T, the commitment scheme comprising at least a transaction blinding factor r_t; encrypting a combination of the transaction blinding factor r_t and the transaction amount t with a second public key PK_2_B of a recipient of the transaction, wherein: the recipient is further associated with a first public key PK_1_B as an address for receiving the transaction amount t; and transmitting the transaction commitment value T and the encrypted combination to a recipient node associated with the recipient for the recipient node to verify the transaction.

In accordance with some embodiments, an apparatus for privacy protection is provided. The apparatus includes a first housing portion and a second housing portion arranged to receive and enclose one or more personal communication devices. The apparatus further includes at least one sound attenuation layer disposed in the second housing portion, the at least one sound attenuation layer absorbs sound. The apparatus also includes a noise generator to provide one or more noise signal streams and audio output device(s), which are at least partially supported by the first housing portion and coupled to the noise generator to receive the one or more noise signal streams. The audio output device(s) are operable to output noise signal based on the one or more noise signal streams and direct the noise signal at the one or more personal communication devices placed adjacent the at least one sound attenuation layer.