A method for securing the communications between a publisher and a subscriber in an Internet of things networks. An example method includes receiving a challenge vector from a subscriber and determining a response vector using a physically unclonable function (PUF) for each challenge value in the challenge vector to generate a response value. The response vector it is sent to the subscriber.

This invention provides systems and methods to make communication networks more resilient, stealthier and robust. This invention discloses systems and methods wherein either a communications user equipment (UE) with multiple types of wireless links, potentially operating in different frequency bands, or an apparatus which performs communications routing functions, changes the communications routing in pseudo-random manner.

Aspects of the current subject matter are directed to performing privacy-preserving analytics over sensitive data without sharing plaintext data. According to an aspect, a system includes at least one data processor and at least one memory storing instructions which, when executed by the at least one data processor, result in operations including: receiving, from each of a plurality of clients, a utility score and a partial noise value; performing, based on the received utility scores and the partial noise values, a secure multi-party computation of a privacy-preserving statistic, the performing of the secure multi-party computation of the privacy-preserving statistic further comprising determining a noisy utility score for each data value in a domain of output values and selecting a highest noise utility score from the determined noisy utilities scores; and providing, based on the selected highest utility score, an output value for the privacy-preserving statistic.

A system and method that utilize an encryption engine endpoint to encrypt data in a data storage system are disclosed. In the system and method, the client controls the encryption keys utilized to encrypt and decrypt data such that the encryption keys are not stored together with the encrypted data. Therefore, once data is encrypted, neither the host of the data storage system, nor the encryption engine endpoint have access to the encryption keys required to decrypt the data, which increases the security of the encrypted data in the event of, for example, the data storage system being accessed by an unauthorized party.

Methods and systems disclosed herein describe obfuscating plaintext cryptographic material stored in memory. A random location in an obfuscation buffer may be selected for each byte of the plaintext cryptographic material. The location of each byte of the plaintext cryptographic material may be stored in a position tracking buffer. To recover the scrambled plaintext cryptographic material, the location of each byte of the plaintext cryptographic material may be read from the position tracking buffer. Each byte of the plaintext cryptographic material may then be read from the obfuscation buffer and written to a temporary buffer. When each byte of the plaintext cryptographic material is recovered, the plaintext cryptographic material may be used to perform one or more cryptographic operations. The scrambling techniques described herein reduce the likelihood of a malicious user recovering plaintext cryptographic material while stored in memory.

Provided is a process that includes: obtaining a fictitious data entry associated with a field present in a plurality of records associated with an online resource; sending a query to a monitoring application, the query specifying the fictitious data entry and a request to determine whether a second repository of compromised data includes the fictitious data entry; in response to the query, receiving query results indicating that the second repository of compromised data includes the fictitious data entry; in response to the received indication that the second repository of compromised data includes the fictitious data entry, identifying at least some of the first set of one or more repositories that store the data entry; designating other data entries within the at least some of the first set of one or more repositories as potentially having been breached; and storing the designation in memory.

A communication apparatus communicates with an electronic apparatus, accepts input of connection information including first information, which is identification information of a first network to be used for wireless communication with an external apparatus, and second information, which is security information for connecting to the first network, and transmits the connection information to the electronic apparatus. The communication apparatus, when acceptance of the connection information starts, displays a first display region for accepting input of the first information and displays the first information acquired from the electronic apparatus in the first display region, and when acceptance of the connection information starts, displays a second display region for accepting input of the second information and displays dummy information in the second display region without acquiring the second information.

A secure keyboard resource executed in a network device detects a user input, and generates a user input data structure representing the user input relative to input options presented to the user, the user input data structure based on the secure keyboard resource identifying a position of the user input relative to the input options. The secure keyboard resource sends the user input data structure to one or more executable destination resources, having requested supply of the user input data structure responsive to a user selection, only via a corresponding data path providing the destination resource with access to the user input data structure, for execution of a service by the one or more executable destination resources based on the user input data structure. The secure keyboard resource thus minimizes spying by limiting access of the user input data structure to the destination resource via the data path.

A secret parallel processing device reducing communication amount includes: a randomization unit that obtains a non-randomized input sequence and outputs a randomized sequence obtained by joining the non-randomized sequence and a dummy record sequence formed of a disclosed value and subjecting the joined sequences to random replacement processing and concealed random replacement data obtained by concealing used random replacement data; a calculation unit that obtains the non-randomized sequence, the randomized sequence, and the dummy record sequence, applies a predetermined function to the sequences, and generates an output checksum for each sequence by using calculation procedure data used in the processing of applying the function; and a correctness verification unit that obtains the output checksum for each sequence and the concealed random replacement data, assesses the output checksum for each sequence, and outputs a final test result determining whether the predetermined function has been correctly applied on the non-randomized sequence.

A method and computer-readable storage medium for a computer system to perform an encryption scheme is disclosed that is capable of encrypting big data that includes complex data, including image data, sensor data, and text data, and supporting both symmetric and asymmetric-key handling. The encryption scheme uses double hashing using two different consecutively-applied hash functions. With double hashing, the encryption scheme eliminates the threat of known cryptanalysis attacks and provides a highly secure ciphering scheme. Also, the ciphertext header generated in the encryption scheme enables efficient cloud data sharing. A user can share the encrypted data later by re-encrypting the seed and sharing a new ciphertext header without the need of re-encrypting the data or changing the secret or private key. Thus, the encrypted data stays as is in the cloud, and only the seed is encrypted and shared as needed.