Systems and methods for cryptography based on 128 bit integers include: receiving a complex input, the input including a 128-bit number; encrypting by: setting an imaginary part of the input to a predetermined value; encrypting the input using a Fourier transform and a scaling factor; adding a first noise and a second noise to the encrypted input, wherein the second noise obfuscates the first noise; and decrypting by: receiving the encrypted input with added first noise and second noise; estimating a standard deviation of the first noise based on an imaginary part of the received encrypted complex input; computing a standard deviation of the second noise based on the standard deviation of the first noise and a predetermined parameter; and decrypting the encrypted message using an inverse Fourier transform, the first noise, and the second noise.

A protected stream manager includes one or more subsystems to receive a content stream in a virtual environment, obfuscate the content stream, and prioritize use of a processor to process the content stream.

A covert channel construction method in a blockchain network includes: sharing, by a first terminal and a second terminal, a secret key and transaction information, and generating a blockchain network address by using the secret key and a standard public key address generation algorithm, wherein the transaction information comprises a permutation mapping table and an information capacity of a single transaction; sending, by the first terminal, information by using an information hiding method, and performing simultaneously, by the first terminal and the second terminal, transaction recording; and monitoring, by the first terminal and the second terminal, whether an account transaction of the blockchain network address exists in a blockchain, if yes, extracting, by the second terminal, the information by using an information extraction method, and after extracting the information, replying to the information by using the information hiding method, thereby enabling communication parties to safely transmit information.

A secure cloud-based node-locking service with built-in attack detection to eliminate fuzzing, cloning and other attacks is disclosed. White-box base files are securely stored on the cloud service and are not vulnerable to accidental leakage. A secure cloud-based dynamic secret encoding service reduces the risk of exposure of unprotected secrets and other sensitive data.

A mechanism is provided in a first client for approximate linkage of datasets over quasi-identifiers. The mechanism receives a generalization logic data structure representing sets of values for each quasi-identifier in a first dataset of the first client. For each record in the first dataset, the mechanism generates at least one generalization of a value of a given quasi-identifier in the first dataset based on a selected generalization logic data structure corresponding to the given quasi-identifier and generates a generalized record for each of the at least one generalization to form a first generalized dataset. The mechanism sends the first generalized dataset to a semi-trusted third party for approximate linkage of the first dataset with a second dataset of a second client, receives an approximate join result from the semi-trusted third party, performs post-processing on the approximate join result, and determines a final linkage result based on the post-processing.

A system white box device utilized in conjunction with an intelligent terminal is provided. The system white box device includes a controller, a memory, and an SIM unit. The controller provides support for management of the memory and call of the SIM unit. The memory provides a physical medium for storing data and an application of the intelligent terminal. The SIM unit provides security support for operation of the application and the system of the intelligent terminal.

A tamper-resistant memory is formed by placing a solid-state memory array between metal wiring layers in the upper portion of an integrated circuit (back-end of the line). The metal layers form a mesh that surrounds the memory array to protect it from picosecond imaging circuit analysis, side channel attacks, and delayering with electrical measurement. Interconnections between a memory cell and its measurement circuit are designed to protect each layer below, i.e., an interconnecting metal portion in a particular metal layer is no smaller than the interconnecting metal portion in the next lower layer. The measurement circuits are shrouded by the metal mesh. The substrate, metal layers and memory array are part of a single monolithic structure. In an embodiment adapted for a chip identification protocol, the memory array contains a physical unclonable function identifier that uniquely identifies the tamper-resistant integrated circuit, a symmetric encryption key and a release key.

Some embodiments are directed to a keyed message authentication code (MAC) device (100) for computing a keyed MAC for an input message using encoded representations. The keyed MAC device may be configured to apply a sequence of compressions functions, at least one of which takes a state as input in an encoded representation.

An application white box device utilized in conjunction with an intelligent terminal is provided. The application white box device includes a controller, a memory, and a SIM unit. The controller provides support for management of the memory and call of the SIM unit. The memory provides a physical medium for storing data and an application of the intelligent terminal. The SIM unit provides support for encryption and security authentication of the data and the application access of the intelligent terminal.

Systems and methods may be used for providing more secure authentication attempts by implementing authentication systems with credentials that include interspersed noise symbols in positions selected, for example by a user. These systems and methods secure against eavesdroppers such as shoulder-surfers or man-in-the middle attacks as it is difficult for an eavesdropper to separate the noise symbols from legitimate credential symbols. Some systems and methods may use a subset of a credential with the interspersed noise symbols.