A secure operating environment for a telecommunication device is disclosed, where a trusted execution environment (TEE) can establish both first secure communication (SC) channel between the TEE and a security-enabled SIM card, and a second SC between a service provider entity and Trustlet application, which is a component of the TEE of the telecommunication device. The telecommunication device may include a processor(s), an identification module, and a memory including the TEE and a normal operating environment (NOE). The TEE can be operated by the one or more processors to establish the first SC channel, authenticate a service identifier of the identification module, and establish the second SC channel, prior to an execution of the NOE.

Presented here is a system to enable secure communication between a first and a second communicator on a communication channel. The system can use multiple rotating cryptographic keys that are rotating according to a predetermined schedule to encrypt the communication between the first and the second communicator. The system can record the authority associated with the communication channel on a block chain. To determine whether the first and the second communicator have the authority to access the communication channel, the system can compute the authority of the first and the second communicator by checking the block chain from an initial block to a last block. The system can encrypt multiple communications sent via the communication channel using the multiple rotating cryptographic keys and can send the communications via the communication channel.

An encryption device comprises: a storage module for pre-storing an encryption key which is necessary for encryption processing; a pre-processing function unit which applies a pre-processing function to plaintext which converts an input value which in general may possibly not have a uniform distribution to an output value which has a uniform distribution; and an encryption unit which outputs encrypted text which is obtained by encrypting by order-preserving encryption, using the encryption key, the plaintext to which the pre-processing function is applied, and in which an order is maintained. This pre-processing function adds an arbitrarily selected random number to a value which is obtained by inputting an input value into a cumulative probability distribution function of an integer set with which the input value is associated, and treating same as an output value.

In one aspect, a compressive sampling encoder comprises matrix determination circuitry configured to determine a particular sampling matrix selected from a codebook comprising a plurality of sampling matrices. The compressive sampling encoder further comprises sampling circuitry coupled to the matrix determination circuitry and configured to apply the particular sampling matrix to a first signal to generate a second signal, and encryption circuitry configured to receive an identifier of the particular sampling matrix and to encrypt the identifier of the particular sampling matrix. The compressive sampling encoder provides at one or more outputs thereof the second signal and the encrypted identifier of the particular sampling matrix. Other aspects include a compressive sampling decoder, compressive sampling encoding and decoding methods, and associated computer program products.

The invention is a method for authenticating a device which comprises a chip and a body carrying the chip. The body comprises a graphical security feature. The method comprises the steps of: running a first physical unclonable function for generating a first response representative of the chip, extracting a first reference from the graphical security feature, authenticating the device by checking that said first response and first reference are linked by a preset mathematical function. The extracting step and the authenticating step are carried out by a machine distinct from the device.

The communication apparatus includes: a processing device that processes communication data to be transmitted to and received from a partner apparatus; a transmission unit that transmits the communication data to the partner apparatus; an internal state measurement unit that measures a state related to transmission of the communication data between the processing device and the transmission unit and a determination unit that determines a communication mode in communication with the partner apparatus from the state. The transmission unit transmits the communication data to the partner apparatus in the determined communication mode.

An intermediary system between an access network and a target may receive a communication originating from a client and directed to the target. The intermediary system may generate, based a subscriber identification module (SIM) security service, a secure communication. The intermediary system may provide the secure communication to the target.

In some aspects, a method for generating encoded plaintext data in a plaintext vector space includes obtaining a plurality of vectors of plaintext elements, where each plaintext element is an element of a first finite field. The method further includes encoding the plurality of vectors of plaintext elements to a vector of field elements, where each vector of plaintext elements is encoded to a respective field element of the vector of field elements, each of the field elements is an element of a second finite field, and the second finite field is a finite extension field of the first finite field. The method additionally includes encoding the vector of field elements into an element of the plaintext vector space to produce the encoded plaintext data for homomorphic encryption and computation.

A system for matrix-based public key homomorphic encryption, including a processor of a computing node configured to host a homomorphic encryption module and connected to at least one cloud server and a memory on which are stored machine-readable instructions that when executed by the processor, cause the processor to: acquire plaintext x required to be encrypted; select a size of a matrix and modulus n; select invertible matrix S over .sub.n, wherein .sub.n is a residue ring modulo n; compute an invertible matrix S.sup.1 over .sub.n; select two random secret keys (S, S.sup.1) and (K, K.sup.1) of a homomorphic encryption scheme (.sub.m), where S and K belong to a ring of Similarity calculation system, similarity calculation apparatus, similarity calculation method, and similarity calculation program