The invention is a cryptographic pseudonym mapping method for an anonymous data sharing system, the method being adapted for generating a pseudonymised database (DB) from data relating to entities and originating from data sources (DS.sub.i), wherein the data are identified at the data sources (DS.sub.i) by entity identifiers (D) of the respective entities, and wherein the data are identified in the pseudonymised database (DB) by pseudonyms (P) assigned to the respective entity identifiers (D) applying a one-to-one mapping, irrespective of the originating data source. According to the invention, one mapper (M) and one key manager (KM) are applied, and a respective pseudonym (P) is generated by the mapper (M), for each encrypted entity identifier (C.sub.i) encrypted by the data source (DS.sub.i), utilizing the mapping cryptographic key (h.sub.i) corresponding to the particular data base (DS.sub.i).

A control method includes: receiving transaction data that includes (i) peer information used for connecting a first peer among peers in a P2P system to another peer among the peers and (ii) a signature added to the peer information by the first peer; verifying the received transaction data using the signature included in the transaction data; and storing the transaction data into the distributed ledger when the verifying is successful.

A method performed by a first IP multimedia system, IMS, node, for handling authentication of a user equipment, UE, in a communication network. The method includes receiving a request from a second IMS node to retrieve an authentication vector. The request includes a private identifier generated from a subscription permanent identifier. The method further includes sending a request to retrieve an indication, where the request includes a subscription permanent identifier, receiving the indication, and generating the authentication vector using the received indication. In addition, the method includes sending the generated authentication vector to the second IMS node for authenticating the UE.

A method, system, and computer program product generate, with a payment network, a first value (a) and a second value (ga), the second value (ga) based on the first value (a) and a generator value (g); generate, with the payment network, a plurality of random merchant numbers (mi) for a respective plurality of merchant banks; determine, with the payment network, a merchant product (M) based on a product of the plurality of random merchant numbers (mi); generate, with the payment network, a public key (pki) based on the second value (ga), the merchant product (M), and the random merchant number (mi) and a random key (rki) based on the merchant product (M) and the random merchant number (mi) for each respective merchant bank; and communicate, with the payment network, the public key (pki) and the random key (rki) to at least one respective merchant bank.

Techniques for sharing secrets over one or more computer networks using proxies are provided. In one technique, a proxy server receives, from a client device, over a computer network, a request for a secret. In response to receive the request, the proxy server causes a tunnel to be created with a resource server that is separate from the client device, retrieves the secret from a secrets repository, and causes the secret to be transmitted through the tunnel to the resource server.

Privacy-preserving leakage-deterring public-key encryption techniques are provided. A sender system sends to an authority system a commitment to leakage-deterring-data, and proves in zero-knowledge that the sender system has access to an opening to the commitment. The sender system receives a signature corresponding to a signed commitment to the leakage-deterring-data and an identifier of the sender system. The sender system encrypts a message to a receiver system by applying a one-time pad to the message using a one-time-pad key, and encrypts the result of the application with the public key of the receiver system. The sender system encrypts the one-time-pad key with an attribute-based encryption scheme with a public key of an oblivious decryptor system. The sender system forms a ciphertext from a combination of the encrypted message and the encrypted one-time-pad key and sends the ciphertext to the receiver system.

The disclosure details the implementation of an apparatus, method, and system comprising a portable device configured to communicate with a terminal and a network server, and execute stored program code in response to user interaction with an interactive user interface. The portable device contains stored program code configured to render an interactive user interface on a terminal output component to enable the user the control processing activity on the portable device and access data and programs from the portable device and a network server.

An interactive multi-party system for collaboratively performing homomorphic operations, such that no party has access to unencrypted data or an unencrypted operator. A first party device may add noise to encrypted data and an encrypted linear operator to generate noisy encrypted data and a noisy encrypted operator, and transmit the noisy encrypted data and operator to a second party device possessing a secret decryption key for the encryption. The second party device may decrypt the noisy encrypted data and noisy encrypted operator to generate unencrypted noisy data and an unencrypted noisy operator, solve the linear operation using the unencrypted noisy data and an unencrypted noisy operator to generate a noisy solution, encrypt the noisy solution to the linear operation, and transmit it to the first party device. The first party device may then cancel the noise of the encrypted noisy solution to generate the encrypted solution to the linear operation.

Various embodiments of the present disclosure relate to authentication and proxying using token management and packet communication techniques that allow end points to use a unique token to access content from the destination server without the destination server obtaining identifying information from the end point. In an example, a method comprises receiving a request for content from a client device, producing a hash value based on a current token in the request, determining whether the current token resides at a location associated with the hash value, and in response to determining that the current token does not reside at the location, attempting to authenticate the client device using the current token. Accordingly, each unique token can be tracked by the one or more proxy servers to ensure one-time use only from an authorized, authenticated end point.

In a client server environment a method of securely storing data; said method comprising generating a data element at a second location; transmitting the data element to a first location separate and remote from the second location; encrypting the data element at the first location thereby to form an encrypted data element; transmitting the encrypted data element to the second location separate and remote from the first location and storing the encrypted data element at the second location; and wherein the second location is constituted as a client device. Also disclosed in a client server environment an apparatus for secure storage of data; said apparatus comprising a first processor at a first location which encrypts data utilising a key; said apparatus further comprising a second processor located at a second location remote from the first location; the data, after encryption, moved over a network to the second processor and stored in association with the second processor until the data is required for execution of an application on the first processor at which time the data is moved back from the second processor to the first processor and the first processor applies the key to a decryption algorithm to decrypt the data for use by the application executing on the first processor. In preferred forms the second location/second processor are constituted by a client device.