A system and method for authentication, authorization, and access management based on personally identifiable information and data sets pertaining to individual identity and its attributes within independent computer systems and digital networks.

This invention pertains to secure communications between multiple parties and/or secure computation or data transmission between multiple computers or multiple vehicles. This invention provides a secure method for three or more parties to establish one or more shared secrets between all parties. In some embodiments, there are less than 40 parties and in other embodiments there are more than 1 million parties that establish a shared secret. In some embodiments, establishing a shared secret among multiple parties provides a method for a secure conference call. In some embodiments, a shared secret is established with multiple computer nodes across the whole earth to help provide a secure Internet infrastructure that can reliably and securely route Internet traffic. In some embodiments, a shared secret is established so that self-driving vehicles may securely communicate and securely coordinate their motion to avoid collisions. In some embodiments, a shared secret is established with multiple computer nodes that participate as a network, performing blockchain computations.

A processing apparatus includes at least one processor configured to function as: an input unit that receives encrypted data based on homomorphic encryption; and a process execution unit that executes a predetermined process by using the encrypted data while maintaining a secret state and includes one or more processing units. At least one of the processing units is a multiplication corresponding processing unit for executing a calculation corresponding to a processing of multiplying plaintext data by a predetermined multiplier. The multiplication corresponding processing unit generates a first calculation result based on a first multiplier component of the predetermined multiplier that is not used in a calculation of encrypted data, generates a second calculation result by executing a calculation to encrypted data in a ciphertext space corresponding to multiplication of the plaintext data by a second multiplier component of the predetermined multiplier other than the first multiplier component, and outputs the first calculation result and the second calculation result in association with each other.

Disclosed are devices, systems and methods for performing secure transactions in an aircraft are disclosed. Embodiments of the disclosed technology enable low cost carriers to provide payment verification for on-board purchases via the in-flight entertainment system. An exemplary method for performing secure transactions in an aircraft includes transmitting, by a user device in the aircraft using a wireless protocol, a first authentication factor and a request for one or more on-board services; receiving, from an on-board transceiver using the wireless protocol, an authentication token (a) comprising a one-time code and (b) encrypted using an asymmetric cryptographic algorithm; transmitting, using the asymmetric cryptographic algorithm, a second authentication factor comprising (a) the authentication token and (b) a text message transmitted from the user device; and receiving a confirmation of a delivery of the one or more on-board services.

Systems and methods for developing a novel public/private key pair having unique properties are disclosed, whereby standard data security operations in existing data security infrastructures return a data integrity validation result—but do not provide the intended data security of such infrastructures. These novel keys are referred to as degenerate keys and may be used to replace the public and private keys in existing public/private key cryptosystems. Because degenerate key data integrity validation may leverage existing data security infrastructures that are already widely-implemented, such examples may be applied immediately and configured to seamlessly transition from integrity only modes back to secure modes. In some instances, the degenerate key examples described herein may be employed during a software testing and/or factory validation stage of product development to allow for data integrity validation before burning in a developer's active (i.e., non-degenerate) key to the product, thereby pairing the software to the hardware.

A device includes a memory and a processor. The processor is to execute the instruction to: receive, from a user device, a username of a user and a string; retrieve a first Message Authentication Code (MAC) and a salt from a database in response to receiving the username and the string; send the first MAC, the salt, and one or more parameters to a Hardware Security Module (HSM); receive, from the HSM, a message indicating whether the first MAC matches a second MAC that the HSM generates based on the one or more parameters and the salt. In addition, the processor to perform one of: authenticate the user when the message indicates that the first MAC matches the second MAC; or not authenticate the user when the message indicates that the first MAC does not match the second MAC.

A method for attestation of Control Flow Integrity (CFI) of an application running on an end entity whereby an asymmetric key pair is generated by a Key Management Module (KMM) comprising a private key and a public key, then the public key is signed with a device key unique to the end entity thereby generating a public key certificate which attests to the private key being in possession of the end entity. The asymmetric key pair is based on the executing code of the application and the device key. The attestation claims regarding CFI of the application are signed by the private key in a dedicated signature module.

A method for performing a fully homomorphic encryption on a plain text is disclosed. The method includes computing a first subfunction based on a first computationally intractable problem and the plain text to generate a first section of a cipher text. The method also includes computing a second subfunction based on a second computationally intractable problem and the plain text to generate a second section of the cipher text. The method further includes generating a fully homomorphic function by integrating the first subfunction and the second subfunction. The method further includes encrypting the plain text to a fully homomorphic cipher text using the fully homomorphic function.

A mobile network gateway receives, from a user equipment device (UE), a session request for a session between the UE and an application hosted by a hosting device, where the session request includes an application identifier (ID) associated with the application. The mobile network gateway identifies a network slice of a mobile network based on the application ID and an ID associated with the UE, and retrieves a security profile from memory based on the application ID and the identified network slice. The mobile network gateway establishes a secure tunnel between the gateway and the hosting device using the retrieved security profile, and forwards data units associated with the requested session between the UE and the hosting device via the secure tunnel.

The invention is a cryptographic pseudonym mapping method for an anonymous data sharing system, the method being adapted for generating a pseudonymised database (DB) from data relating to entities and originating from data sources (DS.sub.i), wherein the data are identified at the data sources (DS.sub.i) by entity identifiers (D) of the respective entities, and wherein the data are identified in the pseudonymised database (DB) by pseudonyms (P) assigned to the respective entity identifiers (D) applying a one-to-one mapping, irrespective of the originating data source. According to the invention, one mapper (M) and one key manager (KM) are applied, and a respective pseudonym (P) is generated by the mapper (M), for each encrypted entity identifier (C.sub.i) encrypted by the data source (DS.sub.i), utilizing the mapping cryptographic key (h.sub.i) corresponding to the particular data base (DS.sub.i).