Methods, apparatuses, and embodiments related to improving security of data that is stored at a data store distributed over a computer network. In an example, source data to be protected is partitioned into multiple files, and each file is obfuscated, such as by being encrypted, to created multiple obfuscated data files. Information as to how each obfuscated data file was obfuscated is stored in an associated trace file. The multiple obfuscated data files are moved around a computer network via a data movement process that includes sending each of the multiple obfuscated data files to a different randomly selected computer, where the computer further obfuscates the obfuscated data the trace file, and sends the further obfuscated data and trace file to a next randomly selected computer.

A method for execution by a dispersed storage and task (DST) processing unit includes obtaining audit records for an audit object and determining when the audit object is complete. When the audit object is complete, aggregating the audit records of the audit object within the audit object by generating the audit object to include the audit records; generating identifier (ID) information and generating integrity information. Fields of the audit object are populated with the audit records, the ID information, and the integrity information and a name of the audit object is determined for storage of the audit object and the name of the audit object in a dispersed storage network (DSN).

A method, system and computer-usable medium for adaptively remediating multivariate risk, comprising: detecting a violation of a multivariate security policy, the multivariate security policy comprising a plurality of variables; identifying a variable from the plurality of variables associated with a cause of the violation; associating an entity with the variable associated with the cause of the violation; and, adaptively remediating a risk associated with the entity.

The present invention relates to a method and a system for providing a cloud-based application security service. The system for providing the cloud-based application security service according to the present invention includes: a client device including a compiler, an execution package composition unit, an uploader, and a downloader; and a cloud device including an execution package decomposition unit, a security library providing unit, a security library application unit, and an execution package recomposition unit, thereby, based on a cloud, providing convenience in security application and rapid action against hacker attacks.

This application describes systems and methods for using a garbled circuit and a physical unclonable function (PUF) value to authenticate a device. During enrollment, the device and at least one computer collaboratively construct multiple garbled circuits corresponding to bits of an enrollment PUF value generated by PUF circuitry coupled to the device. During authentication, the device and at least one computer evaluate the multiple garbled circuits using an authentication PUF value. Using the results of this evaluation, the at least one computer compares the enrollment PUF value with the authentication PUF value and determines a distance between them. The at least one computer may authenticate the device when the calculated distance is less than a threshold value.

Provided are an operation method and a secure terminal for performing the method. The operation method may include receiving, from a user terminal, a plain text on which an external encoding operation is to be performed, performing the external encoding operation on the plain text, and transmitting the external encoding operated plain text to the user terminal, and the operation method may include receiving, from a user terminal, a cryptogram in which a white-box cryptography operation is performed on an external encoding operated plain text; performing an external decoding operation on the cryptogram; and transmitting the external decoding operated cryptogram to the user terminal.

A computing device is provided configured to compute a data function on a function-input value comprising an electronic storage storing a table network configured for the data function and an electronic processor coupled to the storage and configured to compute the data function by applying the table network, wherein the device is configured to obtain the function-input value as an encoded input value, the encoded input value combines the function-input value together with a state-input value encrypted together into a single value, the table network is configured to take as input the encoded input value and produce as output an encoded output value, the encoded output value combines a function-output value together with a state-output value encrypted data function together into a single value, wherein the function-output value equals the result of applying the data function to the function-input value, and the state-output value equals the result of applying a state function to the state-input value.

This disclosure relates to systems and methods for managing protected electronic content using proxy reencryption techniques. Rights management architectures are described that may, among other things, provide end-to-end protection of content keys from their point of origination at a content creator and/or content service to end user devices. Proxy reencryption techniques consistent with aspects of the disclosed embodiments may enable transformation of a ciphertext under one public key to a ciphertext containing the same plaintext under another public key. Consistent with embodiments disclosed herein, proxy reencryption processes may be implemented using indistinguishability obfuscation and puncturable public-key encryption schemes, functional encryption, and/or white box obfuscation techniques.

A method of providing access to content at a first device, the method comprising: receiving an item of content, wherein at least part of the item of content is encrypted, the encrypted at least part of the item of content being decryptable using at least one decryption key; in a first software client: obtaining a transformed version of the at least one decryption key; performing a decryption operation on the encrypted at least part of the item of content based on the at least one decryption key to obtain an intermediate version of the at least part of the item of content, wherein said performing the decryption operation uses a white-box implementation of the decryption operation that forms part of the first software client and that operates using the transformed version of the at least one decryption key; and performing an encryption operation on at least a portion of the intermediate version based on at least one encryption key to obtain re-encrypted content, wherein said performing the encryption operation uses a white-box implementation of the encryption operation that forms part of the first software client; and providing, to a digital rights management client that executes on the first device, (a) a rights object that enables the digital rights management client to obtain one or more second decryption keys corresponding to the at least one encryption key, the one or more second decryption keys enabling the digital rights management client to decrypt the re-encrypted content and (b) the re-encrypted content.

The invention is directed to a system that enables an authentication process that involves secure multi-party computation. The authentication process can be performed between a user device operated by a user and an access device. The user device and the access device may conduct the authentication process such that enrollment information and authentication information input by the user is not transmitted between the devices. Instead, the user device may determine and utilize obfuscated values associated with the authentication information. The user device may also determine an obfuscated authentication function that can be utilized to determine an authentication result without revealing enrollment information and authentication information associated with the user. The user can be authenticated based on the authentication result.