A method for device authentication comprises receiving, by processing hardware of a first device, a message from a second device to authenticate the first device. The processing hardware retrieves a secret value from secure storage hardware operatively coupled to the processing hardware. The processing hardware derives a validator from the secret value using a path through a key tree, wherein the path is based on the message, wherein deriving the validator using the path through the key tree comprises computing a plurality of successive intermediate keys starting with a value based on the secret value and leading to the validator, wherein each successive intermediate key is derived based on at least a portion of the message and a prior key. The first device then sends the validator to the second device.

A transaction authorization apparatus includes a processor in communication with a communications interface. The processor is configured to receive a request for a transaction requested by a user with whom a plurality of user devices are associated, to obtain respective transaction measurements from at least some available devices from among the plurality of user devices, and to confirm approval of the request for the transaction in response to confirmation that the transaction measurements satisfy a multi-device authorization policy associated with the transaction.

Provided are an image file distribution apparatus, an image file recovery apparatus, an image file distribution method, an image file recovery method, an image file distribution program, an image file recovery program, and a recording medium storing the program which can prevent a relatively large increase in the amount of data of an image file even when an (k, n) secret sharing scheme with high security is used. For example, distributed tag information is obtained from tag information of the image file by a (k, n)-threshold secret sharing scheme. For example, distributed image data is obtained from image data by a (k, L, n)-threshold ramp secret sharing scheme. For example, the distributed tag information and the distributed image data are combined to obtain combined data. Since the amount of data in the tag information is small, the use of the (k, n) secret sharing scheme does not cause a large increase in the amount of data. Since the (k, L, n)-threshold ramp secret sharing scheme does not cause a large increase in the amount of data, an increase in the total amount of data in the image data is relatively small.

As disclosed herein a computer system for secure database backup and recovery in a secure database network has N distributed data nodes. The computer system includes program instructions that include instructions to receive a database backup file, fragment the file using a fragment engine, and associate each fragment with one node, where the fragment is not stored on the associated node. The program instructions further include instructions to encrypt each fragment using a first encryption key, and store, randomly, encrypted fragments on the distributed data nodes. The program instructions further include instructions to retrieve the encrypted fragments, decrypt the encrypted fragments using the first encryption key, re-encrypt the decrypted fragments using a different encryption key, and store, randomly, the re-encrypted fragments on the distributed data nodes. A computer program product and method corresponding to the above computer system are also disclosed herein.

The various implementations described herein include methods, devices, and systems for detecting motion and persons. In one aspect, a method is performed at a smart home system that includes a video camera, a server system, and a client device. The video camera captures video and audio, and wirelessly communicates, via the server system, the captured data to the client device. The server system: (1) receives and stores the captured data from the video camera; (2) determines whether an event has occurred, including detected motion; (3) in accordance with a determination that the event has occurred, identifies video and audio corresponding to the event; and (4) classifies the event. The client device receives information indicative of the identified events, displays a user interface for reviewing the video and audio stored by the remote server system, and displays the at least one classification for the event.

A method of providing a distributed scheme for executing a RAM program, without revealing any information regarding the program, the data and the results, according to which the instructions of the program are simulated using SUBLEQ instructions and the execution of the program is divided among a plurality of participating computational resources such as one or more clouds, which do not communicate with each other, while secret sharing all the program's SUBLEQ instructions, to hide their nature of operation and the sequence of operations. Private string matching is secretly performed by comparing strings represented in secret shares, for ensuring the execution of the right instruction sequence. Then arithmetic operations are performed over secret shared bits and branch operations are performed according to the secret shared sign bit of the result.

Techniques are disclosed for providing a notification that a person is at a particular location. For example, a resident device may receive from a user device an image that shows a face of a first person, the image being captured by a first camera of the user device. The resident device may also receive, from another device having a second camera, a second image showing a portion of a face of a second person, the second camera having a viewable area showing a particular location. The resident device may determine a score indicating a level of similarity between a first set of characteristics associated with the face of the first person and a second set of characteristics associated with the face of a second person. The resident device may then provide to the user device a notification based on determining the score.

A method of performing an equality check in a secure system, including: receiving an input v having a known input property; splitting the input v into t secret shares v.sub.i where i is an integer index and t is greater than 1; splitting an input x into k secret shares x.sub.i where i is an integer index and k is greater than 1; splitting the secret shares x.sub.i into a s chunks resulting in s.Math.k chunks y.sub.j where j is an integer index; calculating a mapping chain t times for each secret share v.sub.i, wherein the mapping chain including s.Math.k affine mappings F.sub.j, wherein y.sub.j and F.sub.j−1(y.sub.j−1) are the inputs to F.sub.j and the F.sub.0(y.sub.0)=v.sub.i; and determining if the outputs have a known output property indicating that the input x equals a desired value.

The present invention relates to a data storage and retrieval system. The system includes a at least one client device; and at least one-server. The server includes at least one memory, a processor and a log store. The client data is divided into different blocks and stored in the server. Different logs are generated for each block and stored in the log store. The storage in the server are audited for ensuring their integrity. The present invention also relates to a method used to store and retrieve data form the above system. The present invention also relates to a method used to initialize empty buffers in a storage of a system.

Computer-implemented systems and methods are disclosed herein for use within secure multi-party computation. A system and method are used for storing an operation preference and a cryptographic preference. A data set is stored based on the operation preference and the cryptographic preference. A determination is made that processing the query involves performing an allowable operation on the data set based on the operation preference.