The subject matter discloses a method for securing personal information, comprising securing the personal information stored on a data server using a cryptographic secret, said cryptographic secret is unique to a user, storing a first share of the cryptographic secret on a secret storage server communicating with the data server and a second share of the cryptographic secret on a computerized device controlled by the user, detecting a request from the data server to perform an action on the personal information, transmitting the request to the computerized device controlled by the user to use the second share of the cryptographic secret to decrypt the personal information, decrypting the personal information using the first share and the second share, without storing both the first share and the second share in a single device concurrently and performing the action on the personal information on the data server.

A method and system for enabling peer-to-peer (P2P) communication between a first device and a second device is disclosed. According to one embodiment, a P2P communication system includes a first peer agent serving a first peer, a second peer agent serving a second peer, and a rendezvous server. The rendezvous server updates a first IP address for the first peer agent to the second peer agent and a second IP address for the second peer agent to the first peer agent. The first peer agent and the second peer agent communicate with the rendezvous server by dropping and retrieving a plurality of dead-drop packages. A first dead-drop package of the plurality of dead-drop packages comprises a first alias that is known only to the first peer and the second peer. A second dead-drop package of the plurality of dead-drop packages comprises a second alias that is different from the first alias.

A cryptographic anonymization method, apparatus, and system are disclosed. An example apparatus includes a server configured to receive encrypted usage information and an identifier from an application operating on a user terminal and trans-cypher the encrypted usage information from a first encryption scheme to a second encryption scheme to create second encrypted usage information without decrypting the encrypted usage information. The server is also configured to convert and encrypt the identifier to an encrypted unique identifier. The server is further configured to compare the second encrypted usage information to a taxonomy of data labels using rules. For each match of at least some of the second encrypted usage information to a data label, the server is configured to add the encrypted unique identifier to the matching data label. The server uses the data labels and/or the encrypted unique identifier for serving advertisements to the user.

A computer implemented system for anonymous electronic verification of location credentials including at least one processor and data storage is described in various embodiments. The system includes cryptographic mechanisms and electronic communication between one or more computing systems that in concert, provide verification of a prover's location credentials in accordance to logical conditions of a verifier's policy without providing additional information to a verifier entity.

Among other things, we describe systems and method for implementing data security in an autonomous vehicle system. The systems and methods can include inter-process communication security via key management, in which asymmetric cryptography and other validation techniques are used to validate data received from sensors. The systems and method can also include penetrative testing, in which valid sensor inputs are modified and transmitted throughout a distributed network through one or more sensors.

Methods and systems for implementing a moving target defense are described. The moving target defense can comprise obfuscating a protocol identifier within a packet. The protocol identifier can be replaced with a faux protocol identifier. Additionally, diversion headers can be inserted into to the packet, thereby creating additional layers of complexity.

A distributed data storage system and method are disclosed. The system comprises a data router and a rules engine. The rules engine comprises a data repository encoding a plurality of data storage rules, each rule specifying an applicable attribute and a data storage outcome, the data storage outcome being selected from a set including a data processing action to be applied to data prior to storage and a designation of storage location. The data router includes an input interface, an output interface and a processor, the data router being configured to receive a data storage request, including data to be stored, via the input interface, determine from the rules engine applicable attributes corresponding to attributes of the data storage request and retrieve any associated data storage outcomes, the processor of the data router being configured, in dependence on any retrieved data storage outcomes, to divide the data into a plurality of fragments and to cause, via the output interface, storage of the data fragments whereby at least selected ones of the fragments are stored in different data stores.

An example system receives certificate requests from clients. Each request can indicate a number of computerized devices needing certificates; a timestamp indicating when the request was transmitted; and a client identifier. The system includes a Quality of Service (QoS) manager that: distributes the requests from the clients across client queues, each of the client queues corresponding to a particular client; and divides requests into smaller subgroups of entries corresponding to a subset of the computerized devices needing certificates. The system can also transmit retrieved entries from the client queues to a certificate management service.

A method for registering the identity of a rendering apparatus, the method comprising generating a passphrase using a processor of the rendering apparatus, attesting to the validity of the passphrase at user equipment or submitting the passphrase to the user equipment, encrypting a rendering apparatus identity using a cryptographic session key agreed on the basis of the passphrase, and transferring the rendering apparatus identity from the user equipment to a user apparatus

An information processing system 100 comprising at least one first node 1, second nodes 2 for providing a public key change assistance service, and a blockchain 3, wherein the first node 1 comprises a new public key creation unit 151, a second node group selection unit 152, an old and new key information request unit 153, a draft contract preparation unit 154, a signature request unit 155, a first signature execution unit 156, and a registration unit 157; each second node 2 comprises an old and new key information transmission unit 251, a second signature execution unit 252, and a draft contract return unit 253; the draft contract preparation unit 154 randomly determines the order of new public keys as transmission destinations; and the signature request unit 155 and the first signature execution unit 156 perform signature request and execution, respectively, so that the order of the nodes that sign a draft transaction contract is random.