Systems and methods with multiple different modes for bidirectional data transfer of messages encrypted with Random Cipher Pads (RCPs) are disclosed. A direct mode is from one single endpoint to another endpoint in a peer-to-peer fashion. A throughput mode may be configured as a communication between endpoints with a cryptographic data server (CDS) managing communications and additional encryption between the endpoints. The CDS further encrypts the messages such that there is a peer-to-peer encryption between the source endpoint and the CDS and a different peer-to-peer encryption between the CDS and destination endpoints. The throughput mode may also be configured as a broadcast communication between a sender and multiple destinations, each with its own different RCP encryption. A router-to-router mode may be thought of as a specific type of peer-to-peer transfer where the peers on each end are routers, servers, Virtual Private Network servers, and gateways rather than user endpoints.

In some embodiments, systems, methods, and devices disclosed herein enable trusted sharing of private data and/or transactions via a distributed ledger, while maintaining data consistency properties. Some embodiments provide and utilize one or more independent and/or dependent channels. In particular, in some embodiments, one or more independent and/or dependent channels can exist on a single distributed ledger, wherein participants or nodes that are members of a particular channel can view and access the information in a given network transaction. To other participants or nodes not on the particular channel, however, only an encrypted or redacted version of the information can be viewable, thereby not disclosing the transaction information to such participants or nodes. In some embodiments, consistency properties may be preserved even in the presence of selective sharing of transaction information with proofs of validity.

A data management device according to an embodiment stores first encrypted data obtained by encrypting plain text data with a first public key of a first user device. The data management device stores a first re-encryption key for re-encrypting the first encrypted data without decrypting to obtain first re-encrypted data decryptable with a private key of a second user device. The data management device stores a conversion key generated from a first private key corresponding to the first public key and a second private key of the first user device. The data management device converts the first encrypted data into second encrypted data with the conversion key. The data management device The data management device converts the first re-encryption key into a second re-encryption key with the conversion key.

An intermediate servant device connected in a daisy chain configuration with a set of devices is described. The intermediate servant device may be configured to receive, from a previous servant device of the set of servant devices, a request for data, a first response to the request for data, and authentication information for the first response to the request for data. The intermediate servant device may be further configured to generate a second response to the request for data and determine authentication information for the second response based on the authentication information for the first response, the second response, and a key assigned to the intermediate servant device. The intermediate servant device may be further configured to output at least the authentication information for the second response, the first response, and the second response.

A device may monitor traffic associated with a user equipment (UE) on multiple interfaces of a network. The device may determine an identity associated with the UE or the traffic on the multiple interfaces by correlating identifiers associated with the UE or the traffic across the multiple interfaces. The identity may uniquely identify a subscriber associated with the UE or the traffic. The device may determine a set of elements to be used to decipher the traffic after determining the identity associated with the UE or the traffic. The device may decipher the traffic utilizing the set of elements after determining the set of elements.

This disclosure relates to systems and methods for managing protected electronic content using proxy reencryption techniques. Rights management architectures are described that may, among other things, provide end-to-end protection of content keys from their point of origination at a content creator and/or content service to end user devices. Proxy reencryption techniques consistent with aspects of the disclosed embodiments may enable transformation of a ciphertext under one public key to a ciphertext containing the same plaintext under another public key. Consistent with embodiments disclosed herein, proxy reencryption processes may be implemented using indistinguishability obfuscation and puncturable public-key encryption schemes, functional encryption, and/or white box obfuscation techniques.

A method including at each of a number of client devices receiving a data item, receiving a public key from a second computing system, encrypting the data item using the public key to produce a singly encrypted data item, engaging in an oblivious pseudorandom function protocol with a first computing system using the singly encrypted data item to produce a seed, generating an encrypted secret share using a threshold secret sharing function under which the encrypted secret share cannot be decrypted until a threshold number of encrypted secret shares associated with the same singly encrypted data item are received, and transmitting the encrypted secret share to the first computing system and at the first computing system receiving a number of encrypted secret shares from the number of client devices, processing the number of encrypted secret shares to produce processed data, and transmitting the processed data to a second computing system.

The present disclosure a method for a lattice-based homomorphic proxy re-encryption scheme. Conventional methods are attribute based and the attribute-based encryption schemes employ very expensive operations and generate long ciphertexts and secret keys (whose sizes also increase linearly with the size of the access policy), which makes them hard to implement in real-life applications. The present disclosure provides a unidirectional, single-hop HPRE scheme from the Learning With Errors (LWE) assumption which is Chosen Plaintext Attack (CPA) secure. Further, the present disclosure is based on the widely accepted BGV algorithm that supports both levelled FHE operations as well as arbitrary number of ciphertexts with unique and secure re-encryption key generation. Further, the present disclosure provides batch evaluation of ciphertexts, in order to enable re-encryption and evaluation of multiple ciphertexts.

The present invention concerns a method for confidentially processing the kinematic data of a vehicle, in particular a method for classifying this data in order to determine the driving style of the vehicle while respecting the confidentiality of the data in question. The data is encrypted by the vehicle by means of a symmetric encryption algorithm using a secret key generated by the vehicle. This secret key is encrypted by the vehicle by means of a homomorphic asymmetric encryption algorithm by using the public key of a vehicle service provider. The data encrypted by means of the secret key, and the homomorphically encrypted secret key, are transmitted by the vehicle to an access point that transcrypts them and transmits the homomorphically encrypted data to a calculation platform. The platform performs the confidential processing operation in the homomorphic domain and transmits the homomorphically encrypted results to the server of the vehicle service provider.

Systems and methods for using a cryptogram lockbox are disclosed. In one embodiment, in a merchant-specific cryptogram lockbox comprising at least one computer processor, a method for generating a cryptogram locally using a cryptogram lockbox may include: (1) receiving, from merchant backend, a request for a cryptogram comprising an account identifier received from a customer in a transaction; (2) generating a cryptogram for the account identifier using a limited use key for the account identifier; and (3) returning the cryptogram to the merchant backend. The merchant may conduct the transaction using the cryptogram.