Disclosed are hybrid authentication systems and methods that enable users to seamlessly sign-on between cloud-based services and on-premises systems. A cloud-based authentication service receives login credentials from a user and delegates authentication to an on-premises authentication service proxy. The login credentials can be passed by the cloud-based authentication service to the on-premises authentication service proxy, for instance, as an access token in an authentication header. The access token can be a JavaScript Object Notation (JSON) Web Token (JWT) token that is digitally signed using JSON Web Signature. Some embodiments utilize a tunnel connection through which the cloud-based authentication service communicates with the on-premises authentication service proxy. Some embodiments leverage an on-premises identity management system for user management and authentication. In this way, there is no need for a cloud-based system to separately maintain and manage a user identity management system and/or having to sync with an on-premises identity management system.

A method for evaluating data is based on a computational model, the computational model comprising model data, a training function and a prediction function. The method includes training the computational model by: receiving training data and training result data for training the computational model, and computing the model data from the training data and the training result data with the training function. The method includes predicting result data by: receiving field data for predicting result data; and computing the result data from the field data and the model data with the prediction function. The training data may be plaintext and the training result data may be encrypted with a homomorphic encryption algorithm, wherein the model data may be computed in encrypted form from the training data and the encrypted training result data with the training function. The field data may be plaintext, wherein the result data may be computed in encrypted form from the field data and the encrypted model data with the prediction function.

A system for performing a service by using biometric information is disclosed. A system according to the present disclosure comprises an electronic device, a first server and a second server, and a control method of the system comprises the steps of: allowing the electronic device to acquire first biometric information; allowing the electronic device to acquire first encrypted data, in which the first biometric information is encrypted, by using the acquired first biometric information and a first encryption key, and to transmit same to the first server, allowing the first server to acquire second encrypted data, in which the first encrypted data is encrypted, by using the first encrypted data received from the electronic device and a second encrypted key, and first user identification information corresponding to the first biometric information, and to transmit same to the second server; allowing the second server to match the second encrypted data and the first user identification information corresponding to the biometric information, which are received from the first server, and to store same; allowing the second server to acquire authentication information on the basis of the matched second encrypted data and first user identification information, and to transmit same to the first server, and allowing the first server to register the authentication information on the biometric information.

Described herein are systems and methods for a providing Ledger as a Service (LaaS). Blockchain technology helps bring potential solutions to the distributed ledger problem, with a linear record structure to record transaction history. However, there are different types of blockchain techniques (e.g., Hyperledger, Ethereum, Quorum), and users/developers need to know the explicit features of each technique and align with the required APIs. Ledger as a Service can allow users to an develop applications more efficiently, and can allow users to easily migrate applications among different blockchain techniques and platforms (e.g., between Hyperledger and Ethereum). LaaS can also allow for simplified transactions with a blockchain, and can additionally provide simplified communication between blockchains of different types.

An information processing device (100) has: an acquisition unit (131) which acquires, from a second terminal device (50) of a second user, an encryption search index, which is a search keyword encrypted by searchable encryption using a shared key and a verification key acquired from a first terminal device (10) of a first user who owns a document, and an identifier of the second user who searches for the document; a test unit (132) which checks a database, in which the encrypted-document index of an encrypted keyword of the document generated in the first terminal device (10), an encrypted document associated with the encrypted-document index, and a test key and a re-encryption key corresponding to the second user are registered, and tests the encryption search index by using the test key based on the identifier of the second user; and a generation unit (133, 134) which encrypts the encrypted document, which has been searched for by using the tested encryption search index, by the re-encryption key based on the identifier of the second user to generate a search result.

A verifier device in one embodiment is configured to communicate over one or more networks with a client device and a server device. The verifier device participates in a three-party handshake protocol with the client device and the server device in which the verifier device and the client device obtain respective shares of a session key of a secure session with the server device. The verifier device receives from the client device a commitment relating to the secure session with the server device, and responsive to receipt of the commitment, releases to the client device additional information relating to the secure session that was not previously accessible to the client device. The verifier device verifies correctness of at least one characterization of data obtained by the client device from the server device as part of the secure session, based at least in part on the commitment and the additional information.

According to some embodiments, systems and methods are provided for revoking one or more of a plurality of entities in a vehicular public-key infrastructure. The systems and methods balance privacy and efficiency by distributing activation codes according to various approaches, including a direct request approach, a fixed-size subset approach, and a variable-size subset approach.

This application provide quantum key distribution methods, devices, and storage media. In an implementation, a method comprises: determining, based on a first mapping, a first quantum key of N first quantum keys corresponding to an i.sup.th node on a target routing path; determining, based on a second mapping, a second quantum key of N second quantum keys corresponding to the i.sup.th node; and generating, by the i.sup.th node based on the first quantum key corresponding to the i.sup.th node and the second quantum key corresponding to the i.sup.th node, a third quantum key corresponding to the i.sup.th node on the target routing path.

Methods, systems, and devices are provided for authenticating API messages using PKI-based authentication techniques. A client system can generate a private/public key pair associated with the client system and sign an API message using the private key of the private/public key pair and a PKI-based cryptographic algorithm, before sending the signed API message to a server system. The server system (e.g., operated by a service provider) can authenticate the incoming signed API message using a proxy authenticator located in less trusted zone (e.g., a perimeter network) of the server system. In particular, the proxy authenticator can be configured to verify the signature of the signed API message using the public key corresponding to the private key and the same cryptographic algorithm. The authenticated API message can then be forwarded to a more trusted zone (e.g., an internal network) of the server system for further processing.

The present disclosure relates to a method and device for performing an elliptic curve cryptography computation comprising: twisting, by a first device based on a first index of quadratic or higher order twist (d), a first point (P′KB) on a first elliptic curve over a further elliptic curve twisted with respect to the first elliptic curve to generate a twisted key (PKB); transmitting the twisted key (PKB) to a further device; receiving, from the further device, a return value (ShS) generated based on the twisted key (PKB); and twisting, by the first device based on the first index of quadratic or higher order twist (d), the return value (ShS) over the first elliptic curve to generate a result (ShS′) of the ECC computation.