The disclosure details the implementation of an apparatus, method, and system comprising a portable device configured to communicate with a terminal and a network server, and execute stored program code in response to user interaction with an interactive user interface. The portable device contains stored program code configured to render an interactive user interface on a terminal output component to enable the user the control processing activity on the portable device and access data and programs from the portable device and a network server.

The disclosure details the implementation of an apparatus, method, and system comprising a portable device configured to communicate with a terminal and a network server, and execute stored program code in response to user interaction with an interactive user interface. The portable device contains stored program code configured to render an interactive user interface on a terminal output component to enable the user the control processing activity on the portable device and access data and programs from the portable device and a network server.

The disclosure details the implementation of an apparatus, method, and system comprising a portable device configured to communicate with a terminal and a network server, and execute stored program code in response to user interaction with an interactive user interface. The portable device contains stored program code configured to render an interactive user interface on a terminal output component to enable the user the control processing activity on the portable device and access data and programs from the portable device and a network server.

The application relates to a method for computing a probabilistic encryption scheme for encrypting a data item in an electronic device including: computing a plurality of random bit strings in a computation cluster; sending the computed plurality of random strings to the electronic device; generating a random string (r.sub.E) for using in the encryption scheme in the electronic device using a subset of the plurality of the random strings computed in the computation cluster and encrypting the data item using the random string computed in the electronic device. The present application also relates to a corresponding system and corresponding computer program product including one or more computer readable media having computer executable instructions for performing the steps of the method.

Methods, systems, and devices are provided for authenticating API messages using PKI-based authentication techniques. A client system can generate a private/public key pair associated with the client system and sign an API message using the private key of the private/public key pair and a PKI-based cryptographic algorithm, before sending the signed API message to a server system. The server system (e.g., operated by a service provider) can authenticate the incoming signed API message using a proxy authenticator located in less trusted zone (e.g., a perimeter network) of the server system. In particular, the proxy authenticator can be configured to verify the signature of the signed API message using the public key corresponding to the private key and the same cryptographic algorithm. The authenticated API message can then be forwarded to a more trusted zone (e.g., an internal network) of the server system for further processing.

According to an example aspect of the present invention, there is provided a cryptoprocessor comprising physical unclonable function circuitry comprising at least one physical unclonable function, and at least one processing core configured to process a challenge received from outside the cryptoprocessor by at least deriving a response to the challenge by providing the challenge as input to the physical unclonable function circuitry, using the response as an encryption key to encrypt a second encryption key, and by causing the encrypted second encryption key to be provided to a party which issued the challenge.

Systems and methods with multiple different modes for bidirectional data transfer of messages encrypted with Random Cipher Pads (RCPs) are disclosed. A direct mode is from one single endpoint to another endpoint in a peer-to-peer fashion. A throughput mode may be configured as a communication between endpoints with a cryptographic data server (CDS) managing communications and additional encryption between the endpoints. The CDS further encrypts the messages such that there is a peer-to-peer encryption between the source endpoint and the CDS and a different peer-to-peer encryption between the CDS and destination endpoints. The throughput mode may also be configured as a broadcast communication between a sender and multiple destinations, each with its own different RCP encryption. A router-to-router mode may be thought of as a specific type of peer-to-peer transfer where the peers on each end are routers, servers, Virtual Private Network servers, and gateways rather than user endpoints.

A point-to-point Virtual Private Network (VPN) tunnel is established for facilitating fully cloaked transmission of a data packet from a source endpoint device to a destination endpoint device. The data packet includes a payload portion, an inner header, and an outer header. An ‘end-to-end key’, a ‘next-hop-destination key’ and a plurality of ‘next-hop’ keys are calculated. The end-to-end key is used at the source endpoint device and the destination endpoint device respectively to encrypt and decrypt the payload portion. The next-hop keys are used to encrypt the inner header during the hop-to-hop communication from one intermediary node to another, along the incrementally constructed path connecting the source endpoint device with the destination endpoint device. The encryption of the payload portion is maintained throughout the hop-to-hop communication regardless of the number of intermediary nodes traversed by the data packet en route to the destination endpoint device.

Embodiments disclosed herein describe computing private set intersection (PSI) between various parties using delegation to other devices and in one round of interaction (request and response). The various parties involved and their associated computing devices are referred to herein as participants. The protocol is forward-secure and completely hides the data of participants from an eavesdropper. Because the protocol only uses a single round of interaction, it is more efficient and does not require each participant to have servers that remain online continuously.

Techniques are provided for secure message passing. A sender process has a clear (non-encrypted) text message to pass to a recipient process as an encrypted message. The sender generates a message encryption key (MEK) for encrypting the message and sends the MEK to a first intermediary process, which encrypts the MEK. The sender uses the MEK to encrypt the message and passes both the encrypted message and the encrypted MEK to a second intermediary process. The second intermediary verifies that the sender is authorized to send messages and retains the encrypted message and the encrypted MEK. The second intermediary passes the encrypted message and the encrypted MEK to the recipient, which requests decryption of the encrypted MEK from the first intermediary. The first intermediary then decrypts the MEK and returns it to the recipient. Finally, the recipient decrypts the message using the MEK.