A secure cloud-based node-locking service with built-in attack detection to eliminate fuzzing, cloning and other attacks is disclosed. White-box base files are securely stored on the cloud service and are not vulnerable to accidental leakage. A secure cloud-based dynamic secret encoding service reduces the risk of exposure of unprotected secrets and other sensitive data.

A secret key estimation device is provided for determining an estimate of at least one secret key used during a number of executions of a cryptographic function used by at least one cryptographic algorithm. The number of executions of the cryptographic function is at least equal to two. The secret key estimation device comprises an analysis unit for determining a plurality of sets of leakage traces from a side-channel information acquired during the number of executions of the cryptographic function. Each set of leakage traces corresponds to an execution of the cryptographic function and comprising at least one leakage trace. The secret key estimation device further comprises a processing unit configured to determine a statistical distribution of the acquired plurality of sets of leakage traces. The statistical distribution is dependent on a leakage function, the leakage function being represented in a basis of functions by a set of real values. The secret key estimation device is configured to determine the secret key from the statistical distribution of the plurality of sets of leakage traces using an estimation algorithm according to the maximization of a performance metric.

A computer implemented method allows the storage of tracked data records in a blockchain in order to incentivize airlines, ground handlers, IT Suppliers and airports to invest in tracking points for tracking baggage. The usage of tracking data records is determined by a smart contract. The smart contract causes a specific entry in a wallet and each entry represents the usage of tracking data records.

Various examples are directed to systems and methods for securing a data storage device. A storage controller may receive a read request directed to the data storage device. The read request may comprise address data indicating a first address of a first storage location at the data storage device. The storage controller may request from the data storage device a first encrypted data unit stored at the first memory element and a first encrypted set of parity bits, such as Error Correction Code (ECC) bits, associated with the first storage location. An encryption system may decrypt the first encrypted set of parity bits to generate a first set of parity bits based at least in part on an a first location parity key for the first address.

Digital or “smart” contracts execute in a blockchain environment. Any entity (whether public or private) may specify a digital contract via a contract identifier in a blockchain. Because there may be many digital contracts offered as virtual services, the contract identifier uniquely identifies a particular digital contract offered by a virtual machine, vendor or supplier. The blockchain is thus not burdened with the programming code that is required to execute the digital contract. The blockchain need only include or specify the contract identifier (and perhaps one or more contractual parameters), thus greatly simplifying the blockchain and reducing its size (in bytes) and processing requirements.

Sequences to synchronize devices and related methods are disclosed herein including an access address generator to cryptographically generate a first bit sequence, an access address selector to read a first portion of the first bit sequence and read a second portion of the first bit sequence, the second portion different than the first portion, an access address analyzer to identify a first access address from a first section of the first portion based on a first criteria, the first criteria a function of a first autocorrelation function and identify a second access address from a second section of the second portion based on a second criteria, the second criteria a function of a second autocorrelation function.

Generally described, one or more aspects of the present application correspond to techniques for creating encrypted block store volumes of data from unencrypted object storage snapshots of the volumes. These encryption techniques use a special pool of servers for performing the encryption. These encryption servers are not accessible to users, and they perform encryption and pass encrypted volumes to other block store servers for user access. The encryption context for the volumes can be persisted on the encryption severs for as long as needed for encryption and not shared with the user-facing servers in order to prevent user access to encryption context.

A cryptographically enforced data exchange is disclosed that enables an exchange of customer travel records between a plurality of travel providers while preserving customer privacy. The disclosed system receives customer travel data from publishers, and communicates a portion of the customer travel data to one or more subscribers in response to determining a customer match, without disclosing any protected data elements between the publisher and the subscriber.

The disclosure relates to an enhanced data security system and method thereof. In some embodiments, the method includes receiving the transactional credential dataset from a user application. The transactional credential dataset is provided by a user to the user application. The method further includes storing the transactional credential dataset in nodes of a graphical embedding storage model. The nodes further store historical credential datasets of the user. Further, the method includes determining a correlation among the historical credential datasets using an artificial neural network (ANN) model and detecting a pattern of the transactional credential dataset based on the correlation. The ANN model is trained based on credential datasets provided by users stored in the nodes of the graphical embedding storage model.

A technique for computationally-efficient privacy-preserving homomorphic inferencing against a decision tree. Inferencing is carried out by a server against encrypted data points provided by a client. Fully homomorphic computation is enabled with respect to the decision tree by intelligently configuring the tree and the real number-valued features that are applied to the tree. To that end, and to the extent the decision tree is unbalanced, the server first balances the tree. A cryptographic packing scheme is then applied to the balanced decision tree and, in particular, to one or more entries in at least one of: an encrypted feature set, and a threshold data set, that are to be used during the decision tree evaluation process. Upon receipt of an encrypted data point, homomorphic inferencing on the configured decision tree is performed using a highly-accurate approximation comparator, which implements a “soft” membership recursive computation on real numbers, all in an oblivious manner.