In one embodiment, a set of feature vectors can be derived from any biometric data, and then using a deep neural network (DNN) on those one-way homomorphic encryptions (i.e., each biometrics' feature vector) an authentication system can determine matches or execute searches on encrypted data. Each biometrics' feature vector can then be stored and/or used in conjunction with respective classifications, for use in subsequent comparisons without fear of compromising the original biometric data. In various embodiments, the original biometric data is discarded responsive to generating the encrypted values. In another embodiment, the homomorphic encryption enables computations and comparisons on cypher text without decryption of the encrypted feature vectors. Security of such privacy enable biometrics can be increased by implementing an assurance factor (e.g., liveness) to establish a submitted biometric has not been spoofed or faked.

An anonymous secure messaging method and system for securely exchanging information between a host computer system and a functionally connected cryptographic module. The invention comprises a Host Security Manager application in processing communications with a security executive program installed inside the cryptographic module. An SSL-like communications pathway is established between the host computer system and the cryptographic module. The initial session keys are generated by the host and securely exchanged using a PKI key pair associated with the cryptographic module. The secure communications pathway allows presentation of critical security parameter (CSP) without clear text disclosure of the CSP and further allows use of the generated session keys as temporary substitutes of the CSP for the session in which the session keys were created.

Methods and systems for using block chain technology to verify transaction data are described herein. A computing platform may receive data about events related to transactions, personal or corporate information, supply chains, and other relevant information about a person or corporate entity. The event information may be received, aggregated, and processed to determine metadata about the person or corporate entity. The metadata may indicate, for example, a trustworthiness of the person or corporate entity for various purposes. Such event information and/or metadata may be stored as transactions in a block chain that may be accessible by counterparties to a potential transaction involving the person or corporate entity. The automated event processing computing platform may further use automated techniques to implement smart transactions between the person/entity and counterparty based on the trust metadata.

Systems and techniques for securing vehicle privacy in a driving infrastructure are described herein. A vehicle may contact a group identification (ID) issuer to register itself. A group ID may be received from the group ID issuer to indicate acceptance as a member. The vehicle may then contact the driving infrastructure to attach to the driving infrastructure using the group ID to identify the vehicle. In response, the vehicle receives an attachment ID from the driving infrastructure. Here, the attachment ID is used to secure communications between the vehicle and the driving infrastructure.

The present invention relates to a system and corresponding method for creating an identity safe in which a user's identity and other data (such as payment data) is securely stored. An identity safe service provider receives from the user's device (e.g., smartphone) at least two forms of the user's identity (e.g., driver's license and passport). The identity safe and third party service providers verify the user's identity data. The identity safe service provider generates a public key and a private key associated with the user, the private key being sent to and retained by the user's secure smartphone keychain. The identity safe service provider encrypts and signs the verified user identity data with the private/public key pair, and adds that data to a blockchain ledger as a new entry. The new entry is cryptographically linked to a prior entry on the blockchain ledger to form the identity safe, which is immutable and incorruptible. An online service provider may subsequently verify the signature and decrypt the user's identity data with the user's private/public key pair to authenticate the user.

Disclosed embodiments facilitate healthcare system security and interoperability. In some embodiments, a first entity may receive, in response to a transaction at a first time, encrypted information blocks pertaining to the transaction from one or more second entities. Each encrypted information block may be received from a distinct second entity and may comprise at least one sub-block decryptable by the first entity. The first entity may decrypt the decryptable sub-blocks and augment a multi-dimensional blockchain. The multi-dimensional blockchain may be augmented with a multi-dimensional block formed by linking at least one of the encrypted information blocks received from the one or more second entities to a current block being added to a blockchain associated with the transaction and maintained by the first entity. The first entity may then enable access to the multi-dimensional blockchain for at least one of the one or more second entities.

Embodiments allow comparison of key figures (e.g., costs, lead times) between different entities in a privacy-preserving manner, utilizing secure multi-party computation (MPC) approaches implemented by a central service provider. The central service provider receives encrypted key figure data from each of multiple players in a peer group. In one embodiment the central service provider executes a secure computation protocol comprising a semi-homomorphic encryption scheme exhibiting an additive homomorphic property. The central service provider returns to each player, a statistical measure (e.g., top quartile, bottom quartile) allowing comparison with the other players' key figures while preserving privacy. Alternative embodiments may return to the players, a statistical measure calculated from a Boolean or arithmetic circuit implemented at the central server using other secure computation approaches (e.g., garbled circuits, secret sharing, or (semi or fully) homomorphic encryption. Embodiments may find value in maintaining privacy of key figure data shared between competitors for benchmarking.

Systems, methods, and software are disclosed herein to generate a customized view of a blockchain transaction. A blockchain of block entries requested by a plurality of users from user devices is maintained in a distributed network of nodes. The block entries each comprise a plurality of data portions that are each associated with an access level. A request to view one or more data portions of a block entry is received which includes an access code associated with at least one access level. The access code in the request is evaluated with the blockchain of block entries to identify one or more data portions associated with the access level. A customized view of the block entry is generated which includes the one or more data portions associated with the access level.

Pseudonym digital certificates (160p) are generated for devices (110/150) by a Pseudonym Certificate Authority (PCA), which communicates with devices via another entityregistration authority (RA)so that the PCA and RA cannot associate certificates with devices. Each certificate is associated with a public signature key, and with a public encryption key used by PCA to encrypt the certificate to hide it from the RA. Both keys are derived by PCA from a single key. For example, the signature key can be derived from the public encryption key rather than generated independently. However, high security is obtained even when the PCA does not sign the encrypted certificate. Reduced bandwidth and computational costs are obtained as a result. Other embodiments are also provided.

Apparatus and method for providing unique device identification values for a network accessible device. In accordance with some embodiments, a unique device identifier value is generated in response to a data exchange operation with a network accessible device. The identifier value is subsequently transmitted by the device as a unique device identifier value in conjunction with the transmitting of a request for a subsequent data exchange operation with the device.