Systems, methods, and non-transitory computer-readable media can determine a first dataset provided by a first party, wherein the first dataset includes a set of vectors that are each associated with a user identifier. A second dataset provided by a second party can be determined, wherein the second dataset includes a set of vectors that are each associated with a user identifier. One or more vectors in the first dataset can be matched to vectors in the second dataset based on a secure multi-party computation without revealing respective graph information of the first party or the second party. Respective mappings between vectors in the first dataset to a set of shared universal identifiers can be provided to the first party. Respective mappings between vectors in the second dataset to the set of shared universal identifiers can be provided to the second party.

Techniques for secure public exposure of digital data include extracting first digital data comprising one or more batches, each batch comprising a plurality of no more than a number T of packets, each packet containing a plurality of a number n of bits. A random binary matrix A consisting of T rows and n columns is generated. For a first batch, a first random n-bit temporary key is generated. For a packet in the first batch, a first packet vector key is generated based on random non-overlapping pairs of bit positions for both the temporary key and for a first packet-corresponding row of matrix A. An encrypted packet is generated for the packet based on the packet and the first packet vector key. The encrypted packet is exposed publicly.

Methods and apparatus to enable a distinction between “new” and “used” digital content and to enable a market in used digital content files between mobile phone terminals and an electronic store, securely, by means of a wireless telephony network and a server complex to handle contents right management, transaction reporting, inventory, content delivery, payment, and billing. A server receives a signal generated by a wireless user device that was sent over a wireless telephony network. The signal indicates an election for returning at least one previously purchased digital content item. The server deletes user rights for the at least one digital content item identified by the received signal and sends information to the user device that generated the signal. Access to the associated digital content item at the user device is removed according to the sent information.

Some embodiments are directed to an electronic cryptographic device configured to determine a cryptographic key. The cryptographic device has a physically unclonable function, a debiasing unit, and a key reconstruction unit. The PUF is configured to produce a first noisy bit string during an enrollment phase and a second noisy bit string during a reconstruction phase. The debiasing unit (120) is configured to determine debiasing data from the first noisy bit string during the enrollment phase. The debiasing data marks bits in the first noisy bit string as retained or discarded. The key reconstruction unit is configured to determine the cryptographic key from bits in the second noisy bit string marked as retained by the debiasing data, the cryptographic key being independent from bits in the second noisy bit string marked as discarded by the debiasing data.

A system and method for opportunistic cryptographic key management includes generating a security capability assessment on a first electronic device based on security capabilities of the device, selecting a key management mode based on the security capability assessment, generating a cryptographic key based on the key management mode, and storing the cryptographic key based on the key management mode.

The various implementations described herein include methods, devices, and systems for detecting motion and persons. In one aspect, a method is performed at a smart home system that includes a video camera, a server system, and a client device. The video camera captures video and audio, and wirelessly communicates, via the server system, the captured data to the client device. The server system: (1) receives and stores the captured data from the video camera; (2) determines whether an event has occurred, including detected motion; (3) in accordance with a determination that the event has occurred, identifies video and audio corresponding to the event; and (4) classifies the event. The client device receives information indicative of the identified events, displays a user interface for reviewing the video and audio stored by the remote server system, and displays the at least one classification for the event.

A method for dynamic encryption and signing, a terminal and a server are provided. The method includes that: at least one key and at least one signature are generated through native data; a first predetermined key index and a first random signature index are selected during session connection; a first key and a first signature are located from the at least one key and the at least one signature according to the first key index and the first signature index; session request data is signed with the first signature, and the session request data is encrypted with the first key and sent to a server; and session response data signed with a second random signature and encrypted with a second random key is received from the server after decryption and signature verification by the server over the session request data succeed.

An optical device for a quantum random number generator comprising: a source of phase randomised pulses of light, the source of phase randomised pulses of light further comprising a plurality of gain-switched lasers, each gain-switched laser having an output, and each gain-switched laser being configured to emit a stream of pulses such that the phase of each pulse in the stream of pulses is randomised, and an optical pulse combiner, the optical pulse combiner being configured to receive streams of pulses from the output of each gain-switched laser, combine the streams of pulses with one another into a combined stream of pulses and direct the combined stream of pulses into at least one output of the optical pulse combiner, the at least one output of the optical pulse combiner being the output of the source of phase randomised pulses of light; wherein the source of phase randomised pulses of light is configured such that the streams of pulses of light emitted by the plurality of gain-switched lasers are temporally offset relative to one another, a phase measurement element, the phase measurement element being configured to receive the combined stream of pulses from the output of the source of phase randomised pulses of light; and an optical detector, the optical detector being optically coupled to the phase measurement element.

Methods, systems, and media for secure authentication of users using one or more biometric recognition systems are provided. In some embodiments, the method comprises: receiving an indication that a biometric identifier is to be used to authenticate a user to a service; receiving (i) the biometric identifier of the user from a capture device and (ii) knowledge-based secondary information associated with the user from an input device; determining a Voronoi cell identifier that corresponds to the biometric identifier; calculating a hash of the Voronoi cell identifier and the knowledge-based secondary information; transmitting the hash to a server device for verification; in response to transmitting the hash to the server device, receiving a response indicating whether the hash matches a previously stored hash that was stored in the server device; and determining whether to automatically authenticate the user to the service based on the response from the server device.

Disclosed in some examples are methods, systems, devices, and machine-readable mediums that provide for techniques for scrambling and/or updating meta-data that enable an efficient internal copyback operation. In some examples, improved data distribution techniques decouple the scrambling key from a physical address to allow for copyback operations while maintaining data distribution requirements across a memory device. The controller may generate a seed value that is used by a scrambling algorithm to scramble the host-data and meta-data prior to the data being written. The seed value is then encoded and written to the page with encoded versions of the scrambled user data and meta-data—the random seed is written without scrambling the random seed.