Methods for secure random selection of t client devices from a set of N client devices and methods for secure computation of inputs of t client devices randomly selected from N client devices are described. Such random selection method may include determining an initial binary vector b of weight t by setting the first t bits to one: b.sub.i=1, 1≤i≤t, and all further bits to zero: b.sub.i=0, t<i≤N; each client device i (i=1, . . . , N) of the set of N client devices jointly generating a random binary vector b of weight t in an obfuscated domain on the basis of the initial binary vector b including: determining a position n in the binary vector; determining a random number r in {n, n+1, . . . N}; and, using the random number to swap binary values at positions n and r of the binary vector b.

Provided is a method for computer-aided obfuscation of program code, wherein a plurality of calculation steps is implemented in the program code, wherein predetermined calculation steps of the plurality of calculation steps are retrieved in a predetermined order with the execution of the program code, and at least some of the predetermined calculation steps are predefined calculation steps in which a respective first table that is stored in the program code and includes of a plurality of digital first tabular values is accessed in order to read a first tabular value required for the respective predefined calculation step from the first table. As part of the obfuscation of the program code, a dynamic mask formed by a plurality of digital mask values is used, wherein, for any predefined calculation step, another mask value is used to replace the first tabular value from the first table with a second tabular value.

Systems and methods for protecting block cipher computation operations, from external monitoring attacks. An example apparatus for implementing a block cipher may comprise: a first register configured to store a first pre-computed mask value represented by a combination of a first random value and a second random value; a second register configured to store an output mask value, wherein the output mask value is an inverse permutation function of the first random value; a third register configured to store a second pre-computed mask value represented by a combination the first pre-computed mask value and a permutation function of the output mask value; a fourth register configured to store an input mask value, wherein the input mask value is a combination of an expansion function of the first random value and a key mask value; a non-linear transformation circuit configured to apply the expansion function to a masked round state, perform a non-linear transformation of a combination of a masked key with an output of the expansion function, and apply the permutation function to the output of the non-linear transformation, wherein the non-linear transformation is defined using the input mask value stored in the fourth register and the output mask value stored in the second register; and two round feedback circuits configured to swap the masked round state produced by the non-linear transformation and combine the masked round state with the first pre-computed mask value stored in the first register and the second pre-computed mask value stored in the third register.

One or more instances in program code that references an identifier of the standard web object model program object property that is prevented by a web browser from being directly reassigned are identified. The one or more instances in the program code that references the identifier of the standard web object model program object property that is prevented by the web browser from being directly reassigned are modified with one or more corresponding replacement references that include a replacement identifier. The replacement identifier id defined in the program code as being associated with a new program object property defined to invoke the standard web object model program object property in addition to being defined to perform additional processing of a resource identifier associated with the invocation of the standard web object model program object property.

An apparatus configured to: receive a digital input signal; receive a processing-direction-signal that can have a forward-value or a backward-value; and provide a digital output signal. The apparatus comprising a processor configured to apply an involutional cryptographic function to the digital input signal by: for a first operation: apply a first step of the involutional cryptographic function to the digital input signal in order to implement a forward calculation to move to the next step in the sequence; and perform a plurality of further operations until the forward calculation of a last step is performed. Each further operation comprises: if the processing-direction-signal has a forward-value: then perform the forward calculation for the current step; or if the processing-direction-signal has a backward-value: then perform a backward calculation for the current step.

A system and method for provisioning confidential data such as unique credentials is described. The technique initializes a whitebox cryptographic software module to a particular PKI client to soft-lock whitebox cryptographic operations to the particular PKI client and uniquely encrypting the credentials with a node-locking key (NLK) derivable from a digital certificate.

The present invention relates to a method for a secure execution of a whitebox cryptographic algorithm applied to a message (m) and protected by countermeasures based on pseudo-random values, comprising the steps of: executing a pseudo-random function (PRP) generating pseudo-random output values and an encrypted main output value based on an encrypted input value (*Xi*) derived from said message, securing said cryptographic algorithm by applying to the cryptographic algorithm said countermeasures based on said generated pseudo-random output values retrieving, from said generated encrypted main output value, the input value or part of the input value, under an encrypted form (*Xi*), executing said secured cryptographic algorithm on said encrypted retrieved value.

Secure user authentication is provided by leveraging the use of quantum keys, steganography and random user keys/passcodes. Random user passcodes limit both the entity’s control over the user and potential exposure of the passcode to wrongdoers. From a security standpoint, use of quantum keys and quantum communication channels heightens security during transmission of keys, such that if a wrongdoer would attempt to hack the transmission, the quantum sequence would break, which would not only prevent the hack but also result in remedial actions, such as preventing the authentication-requiring event, providing alerts and the like. Further, use of steganography also heightens security by preventing exposure to the keys during transmission and/or while the authentication process is occurring on the display of the user’s mobile device.

Aspects of the disclosure relate to resource allocation and rebating during in-flight data masking and on-demand encryption of big data on a network. Computer machine(s), cluster managers, nodes, and/or multilevel platforms can request, receive, and/or authenticate requests for a big data dataset, containing sensitive and non-sensitive data. Profiles can be auto provisioned, and access rights can be assigned. Server configuration and data connection properties can be defined. Secure connection(s) to the data store can be established. Sensitive information can be redacted into a sanitized dataset based on one or more data obfuscation types. Crashed executor(s) can be detected and caged to prevent further use. Uncompleted task(s) for crashed executor(s) can be reassigned. The encrypted data can be transmitted, in response to the request, to a source, a target, and/or another computer machine and can be decrypted back into the sanitized dataset.

The present invention relates to a vehicle digital key sharing service method. The vehicle digital key sharing service method according to one embodiment includes a digital registration step in which a management server generates a terminal digital key and a vehicle digital key after user authentication in response to a digital key registration request through a dedicated application of a mobile terminal and the mobile terminal stores the terminal digital key in a secure world that is separated from a normal world and a digital key using step in which an authentication token is generated using the terminal digital key stored in the secure world when the mobile terminal approaches or tags a vehicle and a vehicle device locks or unlocks a door of the vehicle by activating the vehicle digital key, which is registered from the management server, to validate the authentication token.