A security system includes a physical sensor for determining presence of a first number of users within a detecting region, short-range readers for determining presence of a second number of authorized smart devices in response to ephemeral tokens, wherein the users may remain anonymous to the short-range readers, authentication servers for determining ephemeral tokens for smart devices in response to identifiers of the readers and the smart devices, a physical output device configured to provide a user detectable output, and a processor for determining whether the first number of users is different from the second number and for directing the physical output device to provide the user detectable output.

Methods, systems, and computer media provide attestation tokens that protect the integrity of communications transmitted from client devices, while at the same time avoiding the use of stable device identifiers that could be used to track client devices or their users. In one approach, client devices can receive anonymous certificates from a device integrity computing system signifying membership in a selected device trustworthiness group, and attestation tokens can be signed anonymously with the anonymous certificates using a group signature scheme. Client devices can include throttlers imposing limits on the quantity of attestation tokens created by the client device.

An anonymous credential authentication system receives an anonymous credential signature value indicating that setting proposition information using a credential is satisfied from a user device that has been issued the credential combined with multiple pieces of attribute information constituting personal information, generates signer authentication information that confirms a signer of the anonymous credential signature value using an opening key, and outputs the signer authentication information.

When a third party wants to redeem a user's personally identifiable information (PII), the third party presents to the system a token representing the PII, which indicates a request for the PII. The system seeks consent from the user for sending the PII to the third party. If the user grants consent, then the system prepares the PII for the third party. In some embodiments, the third party can initiate a telephone call with a dispatch to receive the PII. In some embodiments, the third party can receive the PII directly from the system.

A voting system comprising at least one voting machine comprising: at least one voting machine processor. The voting machine processor performing voting machine operations comprising: initializing a vote blockchain with a vote blockchain genesis block. The vote blockchain genesis block comprising a voting machine identifier and a voting machine identifier hash value; storing the vote blockchain in at least one voting machine memory; iteratively, for a plurality of voters: receiving a signal indicating at least one vote made by a voter; creating a data structure comprising the at least one vote and a hash value of a preceding block; determining a new block hash value of the data structure; appending a new block comprising the data structure and the new block hash value to the vote blockchain; and storing the vote blockchain in the at least one voting machine memory.

A third-party intermediary manages a protocol that prohibits the third-party intermediary from substantively accessing data content that, at least in part, underlies received protocol-compliant requests. By one approach, these teachings provide for preventing substantive access to data information that is included within the protocol-compliant request as one or more functions of data, parts of which data may be in tokenized or untokenized form, wherein the values of the functions are generated using secrets, at least one of which is unavailable to the third-party intermediary. By one approach, tokens comprised of data in tokenized form are generated using secrets, at least one of which is unavailable to the third-party intermediary.

An example operation may include one or more of authenticating a user, by a first system node, based on a first set of user credentials, computing, by the first system node, a second set of user credentials for a second system node, determining, by the first system node, if the second system node has a user with the second set of the user credentials, and responsive to the second system node not having the user with second set of the user credentials, deleting, by the first system node, an existing user of the second system node.

A method is disclosed. An authentication node may receive a plurality of encrypted match values, wherein the plurality of encrypted match values were formed by a plurality of worker nodes that compare a plurality of encrypted second biometric template parts derived from a second biometric template to a plurality of encrypted first biometric template parts derived from a first biometric template. The authentication node may decrypt the plurality of encrypted match values resulting in a plurality of decrypted match values. The authentication node may then determine if a first biometric template matches the second biometric template using the plurality of decrypted match values. An enrollment node may be capable of enrolling a biometric template and storing encrypted biometric template parts at worker nodes.

Authentication is a key procedure in information systems. Conventional biometric authentication system is based on a trusted third-party server which is not secure. The present disclosure provides a privacy preserving multifactor biometric authentication for authenticating a client without the third-party authentication server. The server receives a plurality of encrypted biometric features from the client, encrypted using Fully Homomorphic Encryption. Further, the server evaluates the plurality of encrypted biometric features to obtain a client identifier value and a plurality of encrypted resultant values. The server encrypts each of the plurality of resultant values based on a time based nonce and the client identifier value. The encrypted authentication tags and the corresponding resultant values are aggregated by the server and transmitted to the client. The client decrypts the resultant value and the authentication tag and transmits to the server. The server authenticates the client after verifying the received information.

A voting system comprises at least one voting machine comprising: at least one voting machine processor performing voting machine operations comprising initializing a vote blockchain with a vote blockchain genesis block, the vote blockchain genesis block comprising a voting machine identifier and a genesis block hash value; creating a data structure comprising a plurality of votes and a hash value of a preceding block; determining a new block hash value of the data structure; appending a new block comprising the data structure and the new block hash value to the vote blockchain; and storing the vote blockchain in the at least one voting machine memory.