A method for hyper security encoding includes receiving data to be encrypted, and padding the data to be encrypted with padding data to avoid un-obfuscated bits after encryption. The method also includes encrypting, with a Mojette Transform, the data to be encrypted after the data to be encrypted is padded with the padding data, and outputting a result of the encryption as encrypted data.

A master device issues memory burst transaction requests via an interconnection bus to fetch data from a slave device. A cipher engine is coupled to the interconnection bus and decrypts the fetched data to produce plaintext data for the master device. The cipher engine selectively operates according to a stream cipher operation mode, or a block cipher operation mode. The cipher engine is configured to stall a read data channel of the interconnection bus between the slave device and the master device in response to the cipher engine switching from the block cipher operation mode to the stream cipher operation mode. The read data channel is reactivated in response to a last beat of a read burst of the plaintext data produced by the cryptographic engine.

A method for data analysis according to an embodiment includes acquiring, from a client device, a ciphertext for a precomputation result generated by applying some of a plurality of operations for performing an analysis algorithm based on target data to the target data, and generating an encrypted computation result for remaining operations of the plurality of operations by using the ciphertext.

Systems and methods for encrypted content management are provided and include generating a user private key, a user public key, and a symmetric encryption key. A group private key, a group public key, and a group symmetric encryption key are generated and the group private key is encrypted with the group symmetric encryption key. A first shared-secret key is generated based on the user public key and the group private key using a diffie-hellman exchange algorithm. The group symmetric encryption key is encrypted using the first shared-secret key to generate an escrow key. Plaintext data is encrypted using a content symmetric key. A second shared-secret key is generated based on an ephemeral private key and the group public key using a diffie-hellman exchange algorithm. The content symmetric key is encrypted using the second shared-secret key.

The systems and methods disclosed herein transparently provide data security using a cryptographic file system layer that selectively intercepts and modifies (e.g., by encrypting) data to be stored in a designated directory. The cryptographic file system layer can be used in combination with one or more cryptographic approaches to provide a server-based secure data solution that makes data more secure and accessible, while eliminating the need for multiple perimeter hardware and software technologies.

A method for communicating between a client application and a license-governing application. The method includes receiving a request at a content application from the client application to access media content from the license-governing application, generating a message at the content application to the license-governing application to request client authentication, and receiving at the content application a client authorization token from the license-governing application. A message is generated at the content application to the client application to request user authentication, and the content application receives an authorization code from the client application. The method further includes generating a message at the content application to the license-governing application with the authorization code to request an access token, receiving the access token at the content application from the license-governing application, and granting access at the content application to the media content based on the access token.

A technique for computationally-efficient privacy-preserving homomorphic inferencing against a decision tree. Inferencing is carried out by a server against encrypted data points provided by a client. Fully homomorphic computation is enabled with respect to the decision tree by intelligently configuring the tree and the real number-valued features that are applied to the tree. To that end, and to the extent the decision tree is unbalanced, the server first balances the tree. A cryptographic packing scheme is then applied to the balanced decision tree and, in particular, to one or more entries in at least one of: an encrypted feature set, and a threshold data set, that are to be used during the decision tree evaluation process. Upon receipt of an encrypted data point, homomorphic inferencing on the configured decision tree is performed using a highly-accurate approximation comparator, which implements a “soft” membership recursive computation on real numbers, all in an oblivious manner.

Examples are described for dynamically encrypting and/or decrypting a file formed of multiple blocks of ordered data. In one example, a method of dynamically encrypting a file to enable partial decryption of the file includes generating, using a secret key and one or more initialization vectors, a keystream for the multiple blocks of ordered data, encrypting the multiple blocks of ordered data of the file by performing a logical operation of the keystream with the multiple blocks of ordered data in a one-to-one correspondence, and building a file index of the file to identify location information of the multiple blocks of ordered data. The method may further include dynamically decrypting at least a portion of the file by decrypting at least one selected block of encrypted data of the file using a portion of the keystream, the portion of the keystream corresponding to the at least one selected block.

Decoding a partially encrypted data stream may include receiving and scanning the partially encrypted data stream. Scanning the partially encrypted data stream may include identifying an encrypted portion sentinel in the partially encrypted data stream subsequent to a first portion, identifying an encrypted portion in the partially encrypted data stream subsequent to the encrypted portion sentinel, and generating a decrypted data portion by decrypting the encrypted portion. Decrypting the encrypted portion may include identifying an encrypted data portion in the encrypted portion, the encrypted data portion omitting an end encrypted portion sentinel, decrypting the encrypted data portion, and identifying an end encrypted portion sentinel in the encrypted portion subsequent to the encrypted data portion. Decoding the partially encrypted data stream may include including the decrypted data portion in the decrypted output data stream, and outputting the decrypted output data stream to a client device in the second network domain.

An embodiment of the present disclosure provides a data transmission method that transmits data in a clock-embedded manner, including: dividing the data into a plurality of data packets having a bit number of ‘a’; determining a transition code including information on a first transition facilitating data packet and a second transition facilitating data packet having the same high-order bits ([a−1:1]) among the data packets; converting the plurality of data packets into transition ensuring data packets by using the transition code; and transmitting the transition code and the transition ensuring data packets.