A communication network can include a random number beacon broadcasting a random number stream to multiple computing devices. At least two of those computing devices can generate private keys for secured communication based a subset of random numbers from the random number stream. Other devices do not have access to these private keys even though they have access to the subset of random numbers by virtue of receiving the broadcasted random number stream. The subset of random numbers can be extracted based on a predetermined time known only to the two or more devices, and/or the subset of random numbers can be extracted following detection of a predetermined number sequence in the random number stream known only to the two or more devices. Following a similar concept, a computing device can generate private cryptographic keys from a public random number stream.

An apparatus comprises an input register comprising an input polynomial, a processing datapath communicatively coupled to the input register comprising a plurality of compute nodes to perform a number theoretic transform (NTT) algorithm on the input polynomial to generate an output polynomial in NTT format. The plurality of compute nodes comprises at least a first butterfly circuit to perform a series of butterfly calculations on input data and a randomizing circuitry to randomize an order of the series of butterfly calculations.

A system and method for operating a terminal such as an automated teller machine or other type of self-service terminal having a primary partition of a hard disk encrypted with a disk encryption key (DEK). At the initial installation and after every boot, a pre-boot manager encrypts the DEK with a new key encryption key (KEK) and then splits the encrypted DEK into a plurality of encrypted DEK parts. The pre-boot manager next stores the plurality of encrypted DEK parts in randomized storage locations on an unallocated portion of a hard disk and encrypts a list of the randomized storage locations of the plurality of encrypted DEK parts with the KEK and storing the encrypted list in a location on the unallocated portion of the hard disk. Finally, the pre-boot manager stores the KEK, optionally in an obfuscated format, in a location on the unallocated portion of the hard disk.

Devices that conceal transmission(s) transmitted to and/or reveal transmission(s) received from these devices comprising at least one executable coded cipher key(s) at least one executable coded encryption key (ECEK) device that securitizes transmission(s) that uses executable coded key(s), and at least one executable coded decryption key (ECDK) device that reveals transmission(s) such that a combined device is a RDDS/ECDK device that transmits randomized data with data sub-channels and with ECEKs; and that also utilizes at least one executable coded cipher key(s), such that transmission(s) sent to an encrypter/decrypter memory that stores transmission(s) while the transmission(s) is concealed and/or revealed. When concealing/revealing operation(s) are completed the transmission(s) is sent to at least one transmitter such that the concealing/revealing operation of the transmission(s) is controlled and manipulated by the executable coded cipher key(s), wherein the executable coded cipher key(s) remain in the computer memory long enough to achieve securitization completion.

A fully homomorphic encryption method based on modular operation, the method including: acquiring a plaintext of any numerical value data type in an encryption process and converting the plaintext to a corresponding plaintext system plaintext according to an encryption requirement; performing an encryption operation on each number in the system plaintext, and combining ciphertexts acquired by the encryption operation to obtain a corresponding ciphertext combination; performing a ciphertext operation on the ciphertext combination using a ciphertext source code, a ciphertext radix-minus-one complement, and a ciphertext complement code based on modular encryption; and using modular division to decrypt a result of the ciphertext operation to obtain a decrypted plaintext.

Devices that conceal transmission(s) transmitted to and/or reveal transmission(s) received from these devices comprising at least one executable coded cipher key(s) at least one executable coded encryption key (ECEK) device that securitizes transmission(s) that uses executable cipher coded key(s), and at least one executable coded decryption key (ECDK) device that reveals transmission(s) such that a combined device is a RDDS/ECDK device that transmits randomized data with data sub-channels and with ECEKs; and that also utilizes at least one executable coded cipher key(s), such that transmission(s) sent to an encrypter/decrypter memory that stores transmission(s) while the transmission(s) is concealed and/or revealed. When concealing/revealing operation(s) are completed the transmission(s) is sent to at least one transmitter such that the concealing/revealing operation of the transmission(s) is controlled and manipulated by the executable coded cipher key(s), wherein the executable coded cipher key(s) remain in the computer memory long enough to achieve securitization completion.

A method for mapping an input message to a message authentication code (MAC) by a white-box implementation of a keyed cryptographic operation in a cryptographic system that includes using a white-box implementation of the block cipher in a MAC.

Systems and methods for privacy-preserving data loss detection include performing a sweep of online information for a candidate data leakage to generate an online data set; performing an analysis of the online data set to determine that the online information is a candidate data leakage; the host encrypting the data communication and providing the host-encrypted data communication to a software agent at the enterprise; in response to receiving the host-encrypted data communication, the software agent encrypting a database of enterprise information and re-encrypting the host-encrypted data communication, and providing the same to the host; the host decrypting a host-encrypted aspect of the re-encrypted data communication to generate a software agent-encrypted data communication; determining whether a match exists between the encrypted database of information and the software agent-encrypted data communication; and based on whether the match exists, the software agent taking a first action or the host taking a second action.

Methods, systems, and apparatus, including computer programs encoded on computer storage media, for secure data transmission using natural language. One of the methods includes: obtaining sensitive information for a user; obtaining a natural language key for the user, wherein the natural language key for the user includes one or more natural language tokens; generating decoding data for the sensitive information for the user, wherein generating the decoding data comprises: for each place in the sensitive information for the user: assigning a respective one of the natural language tokens in the natural language key for the user to the value at the place, and generating one or more respective dummy natural language tokens for each value of the respective set of possible values for the place other than the value at the place; and providing the decoding data for use in decoding the natural language key into the sensitive information.

A value corresponding to an input for a cryptographic operation may be received. The value may be masked by multiplying the value with a first number modulo a prime number. The cryptographic operation may subsequently be performed on the masked value.