A system and method for exchanging identity information and for correlating protected data across independent data systems connected through a network is disclosed. The system contains connectors in communication with protected data systems which house the protected data. Data is correlated between the protected data systems through coincident authentication of both systems by a user. Messages are exchanged which allow the identity exchange system to correlate data based on a session identifier from an authenticated session on one of the protected data systems.

A trusted branded email method and apparatus in one aspect detects branded electronic messages and performs validation before it is sent to a recipient. In another aspect, an electronic messages is branded by embedding branding assets and validation signatures. Algorithms that generate validation signatures are dynamically selected to further strengthen the security aspects. Branding assets are presented to a user using a distinct indicia that represents to the user that the branding assets are secure.

A non-transitory computer-readable storage medium comprising instructions stored thereon. When executed by at least one processor, the instructions may be configured to cause a computing system to at least receive a message, the message including a header, an encrypted symmetric key, and an encrypted body, decrypt the encrypted symmetric key using a private key to generate a decrypted symmetric key, decrypt the encrypted body using the decrypted symmetric key to generate a decrypted body, and store the header, the decrypted symmetric key, and the decrypted body in long-term storage.

Requests are submitted to a request processing entity where the requests include a cryptographic key to be used in fulfilling the request. The request processing entity, upon receipt of the request, extracts the key from the request and uses the key to perform one or more cryptographic operations to fulfill the request. The one or more cryptographic operations may include encryption/decryption of data that to be/is stored, in encrypted form, by a subsystem of the request processing entity. Upon fulfillment of the request, the request processing entity may perform one or more operations to lose access to the key in the request, thereby losing the ability to use the key.

Systems, methods, and computer-readable storage devices storing instructions for homomorphic encryption via finite ring isomorphisms are provided. An example method includes selecting a polynomial f(x) of exact degree n with small coefficients in a ring F.sub.q[x] and selecting a polynomial h(y) of exact degree n in a ring F.sub.q[y]. The method includes constructing an isomorphism from the ring F.sub.q[x]/(f(x)) to the ring F.sub.q[y]/(h(y)) and constructing an inverse isomorphism from the ring F.sub.q[y]/(h(y)) to the ring F.sub.q[x]/(f(x)). The method includes encrypting a message using said isomorphism from the ring F.sub.q[x]/(f(x)) to the ring F.sub.q[y]/(h(y)) and transmitting the encrypted message to a remote computer. The method also includes receiving one or more encrypted response messages from the remote computer based at least in part on the transmitted message and decrypting the one or more encrypted response messages.

A system includes an authentication server that executes authentication processing via one or more biometric authentication methods. The system detects, in response to a request for proxy work, authentication target data related to biometric information from data acquired at a location where the request for the proxy work is issued. The system executes additional authentication processing, by comparing feature data of biometric information corresponding to a proxy executor included in proxy setting and the detected authentication target data. The system manages a status of the proxy work to be executed in a case where the additional authentication processing is successful.

An intermediate servant device connected in a daisy chain configuration with a set of devices is described. The intermediate servant device may be configured to receive, from a previous servant device of the set of servant devices, a request for data, a first response to the request for data, and authentication information for the first response to the request for data. The intermediate servant device may be further configured to generate a second response to the request for data and determine authentication information for the second response based on the authentication information for the first response, the second response, and a key assigned to the intermediate servant device. The intermediate servant device may be further configured to output at least the authentication information for the second response, the first response, and the second response.

Systems and methods are disclosed for zero trust authentication. In certain embodiments, a method may comprise providing, from a client computing system to an identity provider (IdP) authority, an authentication nonce value generated by hashing a random value hashed along with a public key of the client computing system, and receiving, at the client computing system from the IdP authority, an authorization token including the authentication nonce value signed by a secret key of the IdP authority. The method may further comprise providing a message including the authorization token from the client computing system to a target computing system via an intermediary co-signer (ICS) configured to authenticate the message.

A process comprises transmitting, by a first device and through a first communication channel, a message comprising an identifier of the first channel, a first encrypted authentication value and at least one encrypted data value, the first authentication value being associated with the first device, receiving, by a second device, the message, decrypting, by a first circuit of the second device, the first encrypted authentication value, applying, by the first circuit of the second device, at least one non-invertible operation on the first decrypted authentication value, resulting in a verification value, comparing, by the first circuit of the second device, the verification value with the identifier of the first channel, and processing the at least one encrypted data value based on the comparison.

A method, system, and computer program product generate, with a payment network, a first value (a) and a second value (g.sup.a), the second value (g.sup.a) generated based on the first value (a) and a generator value (g); generate, with the payment network, a plurality of random merchant numbers (m.sub.i) for a respective plurality of merchant banks; determine, with the payment network, a merchant product (M) based on a product of the plurality of random merchant numbers (m.sub.i); generate, with the payment network, a public key (pk.sub.i) based on the second value (g.sup.a), the merchant product (M), and the random merchant number (m.sub.i) and a random key (rk.sub.i) based on the merchant product (M) and the random merchant number (m.sub.i) for each respective merchant bank; and communicate, with the payment network, the public key (pk.sub.i) and the random key (rk.sub.i) to at least one respective merchant bank.