An application white box device utilized in conjunction with an intelligent terminal is provided. The application white box device includes a controller, a memory, and a SIM unit. The controller provides support for management of the memory and call of the SIM unit. The memory provides a physical medium for storing data and an application of the intelligent terminal. The SIM unit provides support for encryption and security authentication of the data and the application access of the intelligent terminal.

A system white box device utilized in conjunction with an intelligent terminal is provided. The system white box device includes a controller, a memory, and an SIM unit. The controller provides support for management of the memory and call of the SIM unit. The memory provides a physical medium for storing data and an application of the intelligent terminal. The SIM unit provides security support for operation of the application and the system of the intelligent terminal.

Some embodiments are directed to an electronic cryptographic device arranged to perform a cryptographic operation on input data obtaining output data. The cryptographic device stores an internal state as sets of shares. Fourier coefficients corresponding to the sets of shares satisfy a predetermined relationship among them. The cryptographic operation is performed by repeatedly updating the internal state.

Systems, apparatuses, methods, and computer program products are disclosed for hardware-level encryption. An example method includes receiving an instance of information/data by processing circuitry; and disassembling, by the processing circuitry, the instance of information/data into a plurality of sections. The processing circuitry assigns each section of the plurality of sections a location in an allocated portion of memory. The locations are determined based at least in part on a quantum obfuscation map (QOM). The QOM is generated based on one or more quantum obfuscation elements (QOEs) corresponding to a quantum state of a quantum particle. The processing circuitry then causes each of the plurality of sections to be stored at the corresponding assigned location in the allocated portion of the memory.

This disclosure relates to method and system for encrypting and decrypting a facial segment in an image with a unique server key. The method includes receiving an image from one of a plurality of users. The image includes a plurality of facial segments. The method further includes, for each facial segment from the plurality of facial segments, identifying a unique user associated with the facial segment using a facial recognition algorithm, encrypting the facial segment with a unique server key, generating a protection frame, unlockable with the unique server key, to cover the facial segment, and decrypting the facial segment while rendering the image for at least one of the plurality of users upon receiving the unique server key from the at least one of the plurality of users.

A method for execution by a processing module of a distributed storage includes transmitting a request to retrieve a set of encoded data slices (EDSs) to a plurality of storage nodes followed by receiving a threshold number of EDSs from one or more of the plurality of storage nodes, and decoding the EDSs to produce a transposed encrypted data segment. The method continues with the processing module partitioning the encrypted data segment into an encoded encryption key and encrypted data, performing a hash function on the encrypted data to produce a digest resultant and combining the digest resultant with the encoded encryption key to generate combined key data. The method then continues with decoding the combined key data to recover an encryption key and decrypting the encrypted data using the encryption key to recover a data segment.

The present invention relates to a method of generating a secure RSA key by a server comprising the steps of: •generating (S1) a private RSA key d and a RSA modulus integer N; •splitting (S2) the secret key integer d in j key shares d.sub.J of length n, with j in [1, J], J being an integer, and such that d=d.sub.1+d.sub.2+ . . . +d.sub.J mod phi(N), with each key share d.sub.j being equal to (d.sub.j.sup.(0) . . . d.sub.j.sup.(i) . . . d.sub.j.sup.(n/b−1)) with each key share component dj.sup.(i) in {0 . . . 2{circumflex over ( )}b−1} and i in [0, n/b−1], b being an integer inferior to n and phi the Euler's totient function; •encrypting (S3) with a fully homomorphic encryption (FHE) algorithm each key share component d.sub.j.sup.(i) of the private RSA key d by using a Fully Homomorphic Encryption secret key p.sub.s of a set S.sub.s comprising the index couple (i,j), to generate an encrypted key share component ed.sub.j.sup.(i) of said secure RSA key, said set S.sub.s being a set of integer couples, among a predetermined integer number u of disjoint sets {S.sub.1, S.sub.2 S.sub.s, S.sub.s+1, . . . S.sub.u} generated such that: U{S.sub.s}={(i,j) such that i in [0, n/b−1], j in [1, J]} and each said set among {S.sub.1, . . . S.sub.u} being associated with a Fully Homomorphic Encryption (FHE) secret key.

Some embodiments are directed to a computation device for performing a computation on at least a set of values. The values are stored in memory as a plurality of shares that define the value. An operation of the computation may be performed on a set of input values to obtain an output value. The output value may be defined by at least one shared share and at least one computed share. The at least one shared share may also define a further value, e.g., an output of a previously performed computation or an output of a further operation performed in parallel with the operation. The at least one computed share is computed from the at least one shared share and shares of the set of input values. A fault in the shared share affects the further value but a fault in the computed share, complicating share reduction attacks.

The disclosure relates to systems and methods for managing state using relatively small assistance from protected hardware. Obfuscated code segments may communicate with supporting protected hardware, store encrypted state values in main memory, and/or communicate via secure channels to secure platform hardware components. In various embodiments, consistent state may be achieved, at least in part, by computing secure tag information and storing the secure tag information in a secure and/or otherwise protected device register. Consistent with embodiments disclosed herein, the tag information may be used to derive keys used to encrypt and/or decrypt stored state information. Tag information may further be used in connection with verification operations prior to using the information to derive associated keys.

A novel architecture for a data sharing system (DSS) is disclosed and seeks to ensure the privacy and security of users' personal information. In this type of network, a user's personally identifiable information is stored and transmitted in an encrypted form, with few exceptions. The only key with which that encrypted data can be decrypted, and thus viewed, remains in the sole possession of the user and the user's friends/contacts within the system. This arrangement ensures that a user's personally identifiable information cannot be examined by anyone other than the user or his friends/contacts. This arrangement also makes it more difficult for the web site or service hosting the DSS to exploit its users' personally identifiable information. Such a system facilitates the encryption, storage, exchange and decryption of personal, confidential and/or proprietary data.