Systems, methods, and computer-readable media for achieving privacy for both data and an algorithm that operates on the data. A system can involve receiving an algorithm from an algorithm provider and receiving data from a data provider, dividing the algorithm into a first algorithm subset and a second algorithm subset and dividing the data into a first data subset and a second data subset, sending the first algorithm subset and the first data subset to the algorithm provider and sending the second algorithm subset and the second data subset to the data provider, receiving a first partial result from the algorithm provider based on the first algorithm subset and first data subset and receiving a second partial result from the data provider based on the second algorithm subset and the second data subset, and determining a combined result based on the first partial result and the second partial result.

Disclosed are systems, methods, devices, and computer-readable media for offloading lattice-based cryptographic operations to hybrid cloud computing system. In one embodiment, a method is disclosed comprising receiving a first network request from a client device via a secure application programming interface (API), the request including unencrypted data; encrypting the unencrypted data using an algorithm that generates homomorphically encrypted data; issuing a second network request to a second API of a cloud platform, the second network request including the encrypted data; receiving a response from the cloud platform in response to the second network request; and transmitting, in response to the first network request, a result to the client device based on the response, the result obtained by decrypting an encrypted output returned by the cloud platform.

A communication system including a first device (1a, 1a′) and a second device (1b, 1b′). The first device (1a, 1a′) comprises a memory storing first-device-specific identification data and the second device (1b, 1b′) comprises a memory storing second-device-specific identification data. The first device (1a, 1a′) is configured to receive a copy of the second-device-specific identification data and to store the copy in the memory of the first device (1a, 1a′) and the second device (1b, 1b′) is configured to receive a copy of the first-device-specific identification data and to store the copy in the memory of the second device (1b, 1b′). The first device (1a, 1a′) is configured to derive a first encryption key from the first-device-specific identification data and the received copy of the second-device-specific identification data. The second device is configured to derive the first encryption key from the second-device-specific identification data and the received copy of the first-device-specific identification data. The first device (1a, 1a′) encrypts transmission data using the first encryption key and transmits the encrypted transmission data to the second device (1b, 1b′). The second device (1b, 1b′) receives the encrypted transmission data from the first device (1a, 1a′) and decrypts the encrypted transmission data using the first encryption key.

Methods and apparatus are disclosed for enabling digital content from a content provider (12, 5 14) to be provided via a communication network (10) from intermediate digital content stores (16) to user-devices (18). According to one aspect, the method comprises the content provider (12, 14) providing digital content encrypted using a cryptographic encryption key to an intermediate digital content store (16), the cryptographic encryption key being a public key of a key-pair and having an associated private key. In response to a request from a user-device (18) to the content provider (12, 14) for the digital content, a cryptographic session key is shared between the content provider (12, 14) and the requesting user-device (18). The content provider (12, 14) provides to the intermediate digital content store (16) the cryptographic re-encryption key and indications of the requested digital content and of the user-device (18).

A method for supporting sharing of travel history of travelers in airports includes receiving, by a trusted entity of the distributed ledger system, a registration request from a traveler via a traveler application. The registration request provides personal information of the traveler to the trusted entity. The method further includes generating, by the trusted entity, a public key for the traveler using an identity-based encryption mechanism and sending, from the trusted entity to the global identity blockchain, a registration transaction with respect to the traveler. The registration transaction comprises the public key of the traveler. The method further includes recording a travel history that includes all travel tickets of the traveler, wherein a Merkle tree of all the travel tickets of the traveler is generated. The Merkle tree has a Merkle root, and the Merkle root of the Merkle tree is stored in the global identity blockchain.

A messaging system for exchanging messages between nodes in a network via a broker that uses a publish-subscribe message protocol, which nodes have object identifications (IDs). Messages between the nodes are routed using the object IDs of the nodes. Secure communication is provided using authentication according to digital certificates being used as first and second tiers by a commissioning broker and a data broker, respectively, in which the second tier certificate used by the data broker has a shorter lived expiration time.

A packet transmission method includes that a host obtains a packet, and when a transmission path of the packet is to be pass through a wide area network, the host determines whether to perform optimization on the packet for transmission in the wide area network and performs optimization on the packet for transmission in the wide area network.

Systems and methods for a security network integrating security system and network devices are disclosed. A system may comprise a gateway and first and second security panels, each located at a premises. The first and second security panels may be connected, via respective first and second wireless communication protocols, to respective first and second security system components. The first and second security panels may receive respective first and second security data from the respective first and second security system components. The gateway may be configured to receive, via the first and second wireless communication protocols, the respective first and second security data. The gateway may be configured to transmit at least one of the first security data and the second security data to a security server located external to the premises.

In an approach to attesting control over network devices, responsive to receiving a first signal from a client, wherein the first signal initiates a network connection between the client and a server, a first certificate is sent to the client that contains a common name that is an internet protocol (IP) address. A second certificate is sent to the client that contains a common name that is a uniform resource locator (URL) of the server. Responsive to receiving a second signal from the client that the first certificate and the second certificate are trusted, the client is connected with the server.

Systems and methods for electronically creating and modifying a fitness plan are disclosed. The method may include receiving electronic user data, collecting electronic fitness data, and displaying a suggestion for a fitness activity based on the electronic user data and the electronic fitness data.