Patent application number | Description | Published |
20090247567 | BENZOPYRAN AND BENZOXEPIN PI3K INHIBITOR COMPOUNDS AND METHODS OF USE - Benzopyran and benzoxepin compounds of Formulas I and II, and including stereoisomers, geometric isomers, tautomers, solvates, metabolites and pharmaceutically acceptable salts thereof, are useful for inhibiting lipid kinases including p110 alpha and other isoforms of PI3K, and for treating disorders such as cancer mediated by lipid kinases. Methods of using compounds of Formulas I and II for in vitro, in situ, and in vivo diagnosis, prevention or treatment of such disorders in mammalian cells, or associated pathological conditions, are disclosed. | 10-01-2009 |
20110076291 | BENZOXEPIN PI3K INHIBITOR COMPOUNDS AND METHODS OF USE - Benzoxepin compounds of Formula I, and including stereoisomers, geometric isomers, tautomers, solvates, metabolites and pharmaceutically acceptable salts thereof, wherein: Z | 03-31-2011 |
20110076292 | BENZOXAZEPIN PI3K INHIBITOR COMPOUNDS AND METHODS OF USE - Benzoxazepin compounds of Formula I, including stereoisomers, geometric isomers, tautomers, solvates, metabolites and pharmaceutically acceptable salts thereof, wherein: Z | 03-31-2011 |
20110130363 | BENZOPYRAN AND BENZOXEPIN PI3K INHIBITOR COMPOUNDS AND METHODS OF USE - Benzopyran and benzoxepin compounds of Formulas I and II, and including stereoisomers, geometric isomers, tautomers, solvates, metabolites and pharmaceutically acceptable salts thereof, are useful for inhibiting lipid kinases including p110 alpha and other isoforms of PI3K, and for treating disorders such as cancer mediated by lipid kinases. Methods of using compounds of Formulas I and II for in vitro, in situ, and in vivo diagnosis, prevention or treatment of such disorders in mammalian cells, or associated pathological conditions, are disclosed. | 06-02-2011 |
20120244149 | BENZOXAZEPIN PI3K INHIBITOR COMPOUNDS AND METHODS OF USE - Benzoxazepin compounds of Formula I, including stereoisomers, geometric isomers, tautomers, solvates, metabolites and pharmaceutically acceptable salts thereof, wherein: Z | 09-27-2012 |
20130012488 | BENZOXEPIN PI3K INHIBITOR COMPOUNDS AND METHODS OF USE - Benzoxepin compounds of Formula I, and including stereoisomers, geometric isomers, tautomers, solvates, metabolites and pharmaceutically acceptable salts thereof, are useful for inhibiting lipid kinases including p110 alpha and other isoforms of PI3K, and for treating disorders such as cancer mediated by lipid kinases. Methods of using compounds of Formula I for in vitro, in situ, and in vivo diagnosis, prevention or treatment of such disorders in mammalian cells, or associated pathological conditions, are disclosed. | 01-10-2013 |
20130123263 | BENZOPYRAN AND BENZOXEPIN PI3K INHIBITOR COMPOUNDS AND METHODS OF USE - Benzopyran and benzoxepin compounds of Formulas I and II, and including stereoisomers, geometric isomers, tautomer solvates, metabolites and pharmaceutically acceptable salts thereof, are useful for inhibiting lipid kinases including p110 alpha and other isoforms of PI3K, and for treating disorders such as cancer mediated by lipid kinases. Methods of using compounds of Formulas I and II for in vitro, in situ, and in vivo diagnosis, prevention or treatment of such disorders in mammalian cells, or associated pathological conditions, are disclosed. | 05-16-2013 |
20140336154 | BENZOPYRAN AND BENZOXEPIN PI3K INHIBITOR COMPOUNDS AND METHODS OF USE - Benzopyran and benzoxepin compounds of Formulas I and II, and including stereoisomers, geometric isomers, tautomers, solvates, metabolites and pharmaceutically acceptable salts thereof, are useful for inhibiting lipid kinases including p110 alpha and other isoforms of PI3K, and for treating disorders such as cancer mediated by lipid kinases. Methods of using compounds of Formulas I and II for in vitro, in situ, and in vivo diagnosis, prevention or treatment of such disorders in mammalian cells, or associated pathological conditions, are disclosed. | 11-13-2014 |
Patent application number | Description | Published |
20110269806 | 2-(2-HYDROXYBIPHENYL-3-YL)-1H-BENZOIMIDAZOLE-5-CARBOXAMIDINE DERIVATIVES AS FACTOR VIIA INHIBITORS - The present invention relates to novel inhibitors of Factors VIIa, IXa, Xa, XIa, in particular Factor VIIa, pharmaceutical compositions comprising these inhibitors, and methods for using these inhibitors for treating or preventing thromboembolic disorders, cancer or rheumatoid arthritis. Processes for preparing these inhibitors are also disclosed. | 11-03-2011 |
20130039906 | PYRAZOLO[3,4-c]PYRIDINE COMPOUNDS AND METHODS OF USE - Pyrazolo[3,4-c]pyridine compounds of Formula I, including stereoisomers, geometric isomers, tautomers, and pharmaceutically acceptable salts thereof, wherein R | 02-14-2013 |
20130079331 | BENZOXAZEPIN PI3K INHIBITOR COMPOUNDS AND METHODS OF USE - Benzoxazepin compounds of Formula I, including stereoisomers, geometric isomers, tautomers, solvates, metabolites and pharmaceutically acceptable salts thereof, wherein: Z | 03-28-2013 |
20130157298 | 2-(2-Hydroxybiphenyl-3-yl)-1H-Benzoimidazole-5-Carboxamidine Derivatives as Factor VIIA Inhibitors - The present invention relates to novel inhibitors of Factors VIIa, IXa, Xa, XIa, in particular Factor VIIa, pharmaceutical compositions comprising these inhibitors, and methods for using these inhibitors for treating or preventing thromboembolic disorders, cancer or rheumatoid arthritis. Processes for preparing these inhibitors are also disclosed. | 06-20-2013 |
20140005168 | 5-AZAINDAZOLE COMPOUNDS AND METHODS OF USE | 01-02-2014 |
20140058098 | BENZOXAZEPIN PI3K INHIBITOR COMPOUNDS AND METHODS OF USE - Benzoxazepin compounds of Formula I, including stereoisomers, geometric isomers, tautomers, solvates, metabolites and pharmaceutically acceptable salts thereof, wherein: Z | 02-27-2014 |
20140135308 | BENZOXEPIN PI3K INHIBITOR COMPOUNDS AND METHODS OF USE - Benzoxepin compounds of Formula I, and including stereoisomers, geometric isomers, tautomers, solvates, metabolites and pharmaceutically acceptable salts thereof, wherein: Z | 05-15-2014 |
20140288047 | BENZOXAZEPIN PI3K INHIBITOR COMPOUNDS AND METHODS OF USE - Benzoxazepin compounds of Formula I, including stereoisomers, geometric isomers, tautomers, solvates, metabolites and pharmaceutically acceptable salts thereof, wherein: Z | 09-25-2014 |
20140378453 | 2-(2-HYDROXYBIPHENYL-3-YL)-1H-BENZOIMIDAZOLE-5-CARBOXAMIDINE DERIVATIVES AS FACTOR VIIA INHIBITORS - The present invention relates to novel inhibitors of Factors VIIa, IXa, Xa, XIa, in particular Factor VIIa, pharmaceutical compositions comprising these inhibitors, and methods for using these inhibitors for treating or preventing thromboembolic disorders, cancer or rheumatoid arthritis. Processes for preparing these inhibitors are also disclosed. | 12-25-2014 |
20150094347 | BENZOXEPIN PI3K INHIBITOR COMPOUNDS AND METHODS OF USE - Benzoxepin compounds of Formula I, and including stereoisomers, geometric isomers, tautomers, solvates, metabolites and pharmaceutically acceptable salts thereof, wherein: Z | 04-02-2015 |
20150182537 | SERINE/THREONINE KINASE INHIBITORS - Compounds having the formula I wherein R | 07-02-2015 |
20160052933 | BENZOXAZEPIN PI3K INHIBITOR COMPOUNDS AND METHODS OF USE - Benzoxazepin compounds of Formula I, including stereoisomers, geometric isomers, tautomers, solvates, metabolites and pharmaceutically acceptable salts thereof, wherein: Z | 02-25-2016 |
Patent application number | Description | Published |
20100306543 | Method of efficient secure function evaluation using resettable tamper-resistant hardware tokens - An embodiment of the present invention provides a computer implemented method for the transfer of private information of one user to another user—a primitive known as Oblivious Transfer. An output from a strong pseudorandom function generation (SPRFG) is calculated by a first user's computing module based on first and second parameters: the first parameter specifying one of two secret keys; the second parameter being a value selected within the domain of the SPRFG by the first user. The first user is prevented from reading or learning the stored two secret keys. The output is transmitted to a computer of a second user which generates first and second encrypted values that are each based on an inverse SPRFG calculation using the first and second secret keys, respectively, and corresponding private values of the second user. The encrypted values are sent to a first computer of the first user that calculates one of the private values using a mathematical computation based on the second parameter and the one of the first and second encrypted values that corresponds to the one of the first and second key used. | 12-02-2010 |
20110010549 | Efficient key management system and method - A system for providing cost effective, secure key exchange from at least one first device to at least one second device through at least one proxy server is provided. The system includes a first key exchange message from the at least one first device to the at least one second device via the at least one proxy server. A second key exchange message from the at least one second device to the at least one first device via a media stream of the Internet is required to complete the computation of the session key. A method of securing a communication system is also set forth. The method includes the steps of providing a routing device for identifying a subscriber, and providing a master key exchange session, the master key exchange session including a key k to find a subscriber and a nonce r to answer a query to the subscriber, wherein the master key exchange session includes both the key k and the nonce r. | 01-13-2011 |
20110138184 | Efficient Techniques for Achieving Security Against Cheating Tamper-Resistant Tokens - An improved secure transaction system for facilitating secure transactions between devices in a network is set forth. The system includes a first device. A secure agent, adapted for encrypting and delivering a message on behalf of the first device, is provided. The secure agent has a secret key drawn at random from a large domain embedded in the agent by the first device. A second device, adapted to obtain the message, based on a session ID, from the secure agent, is provided. The second device can selectively test the truth of a corresponding message from the agent, based on querying of the first device. The testing is unknown and unpredictable to the secure agent during the transaction. In this manner, the first device and agent are kept separate to deter cheating. | 06-09-2011 |
20120076302 | Leakage-Resilient Garbled Circuit Generation Using Reduced Memory Hardware Token - A garbled circuit is generated for a client in a leakage-resilient manner with a reduced memory requirement. The garbled circuit is used for secure function evaluation between the client and a server. The garbled circuit is generated with a reduced storage requirement by obtaining a token from the server; querying the token gate-by-gate, wherein for each gate of the garbled circuit, the token generates new wire garblings and stores them with the client using a Stream Cipher and interacts with the leakage-protected area to generate a garbled table for the gate; and receiving the garbled circuit from the token. The token comprises a leakage-protected area. The Stream Cipher is leakage-resilient and can be a symmetric-key cryptographic primitive that has a secret key as an input and generates an unbounded stream of pseudorandom bits as an output. The number of evaluations of the Stream Cipher is kept to a substantial minimum. | 03-29-2012 |
20120079602 | Garbled Circuit Generation in a Leakage-Resilient Manner - Methods and apparatus are provided for generating a garbled circuit for a client in a leakage-resilient manner, for use in secure function evaluation between the client and a server. The garbled circuit is generated by obtaining a token from the server, wherein said token comprises a leakage-protected area; querying the token gate-by-gate, wherein for each gate of said garbled circuit, the token interacts with the leakage-protected area to generate a garbled table for the gate; and receiving the garbled circuit from the token. The client can interact with the server to obtain garbled inputs; and then evaluate the garbled circuit on the garbled inputs to obtain a garbled output. A final output can be obtained by matching the garbled output with an output table in the garbled circuit. | 03-29-2012 |
20120137117 | SYSTEM AND METHOD FOR PROVIDING SECURE VIRTUAL MACHINES - The present invention provides improved security in a virtual machine. By extending the capabilities of modern secure processors, privacy of computation is provided from both the owner of the equipment and other users executing on the processor, which is an advantageous feature for rentable, secure computers. In addition to the hardware extensions required to secure a virtualizable computer, an infrastructure for the deployment of such processors is also provided. Furthermore, a signaling flow to establish the various relationships between the owner, user and manufacturer of the equipment is disclosed. | 05-31-2012 |
20130152195 | Replay Attack Protection With Small State For Use In Secure Group Communication - A replay detection technique with “small state” (e.g., with relatively few bits of state information). A sending node generates a random number r | 06-13-2013 |
20130159724 | Method And Apparatus For A Scalable And Secure Transport Protocol For Sensor Data Collection - A new approach for a transport protocol for sensor data collection, such as a smart grid is described. In one embodiment of the invention, each server avoids keeping security and communication state per client through the notion of a secure “state-token”. The state token is issued with each server message and is subsequently attached to corresponding client messages delivered to the server. An implementation is provided in which the server encrypts and authenticates the associated session state, and then gives the resulting encryption for the client to temporarily store and return to the server with a next message. In this way, a server does not keep session state after sending the encryption back to a client and can quickly restore session state when the next message from the client arrives. | 06-20-2013 |
20130254557 | MESSAGE AUTHENTICATION CODE PRE-COMPUTATION WITH APPLICATIONS TO SECURE MEMORY - A method comprising the steps of creating a random permutation of data from a data input by executing at least one of a Pseudo-Random Permutation (PRP) and a Pseudo-Random Function (PRF), creating a first data block by combining the random permutation of data with a received second data block and executing an ε-differentially uniform function on the result of the combination, XORing the result of the ε-DU function evaluation with a secret key, and reducing the first data block to a first message authentication code. | 09-26-2013 |
20140095319 | Text-Based Communication Services Based On User-Specified Privacy Settings - A text-based communication service executes a collaborative data security protocol and/or pricing of services based at least in part on a user-specified privacy policy. The user-specified privacy policy may dictate, for example, a manner of filtering or encryption of user text and may be implemented in text-based communication services including, without limitation, webmail, social networking, web search and Instant Messaging services. | 04-03-2014 |
20140095860 | ARCHITECTURE FOR CLOUD COMPUTING USING ORDER PRESERVING ENCRYPTION - A method for providing enhanced security in cloud computing architecture by managing the types of interaction a server should be allowed, thus preventing decryption of private data. A client may encrypt data using an order preserving encryption (OPE) algorithm. One application of the method and system is a browser-based webmail application where a client may receive email from one or more servers then store the received email that has been associated with OPE data, on a separate server that is not used to send or receive email. | 04-03-2014 |
20140181224 | CAPABILITY-BASED COMMUNICATIONS - A capability-based communication mechanism is provided for controlling delivery of messages. A capability-based address is an address having one or more capability parameters associated therewith, where the one or more capability parameters associated with the capability-based address may be used to control delivery of messages to the capability-based address. A user or entity requests a capability-based address from a communication service provider. The communication service provider provides a capability-based address to the user or entity. The user or entity provides the capability-based address to one or more other users or entities. The delivery of messages to the user or entity with which the capability-based address is associated is controlled based on the one or more capability parameters associated with the capability-based address of the user or entity. | 06-26-2014 |
Patent application number | Description | Published |
20090140767 | Universal circuit for secure function evaluation - An exemplary method enables implementation of a universal circuit capable of emulating each gate of a circuit designed to calculate a function. A first selection module receives inputs associated with the function. It generates outputs that are an ordered series of the inputs. A universal module receives these outputs and generates another set of outputs. A second selection module receives the outputs from the universal module and generates final function outputs that are an ordered series inputs received from the universal module. The selection modules and universal module themselves are also aspects of the present invention. | 06-04-2009 |
20090175443 | Secure function evaluation techniques for circuits containing XOR gates with applications to universal circuits - An embodiment of the present invention provides a method that minimizes the number of entries required in a garbled circuit associated with secure function evaluation of a given circuit. Exclusive OR (XOR) gates are evaluated in accordance with an embodiment of the present invention without the need of associated entries in the garbled table to yield minimal computational and communication effort. This improves the performance of SFE evaluation. Another embodiment of the present invention provides a method that replaces regular gates with more efficient constructions containing XOR gates in an implementation of a Universal Circuit, and circuits for integer addition and multiplication, thereby maximizing the performance improvement provided by the above. | 07-09-2009 |
20090287929 | METHOD AND APPARATUS FOR TWO-FACTOR KEY EXCHANGE PROTOCOL RESILIENT TO PASSWORD MISTYPING - A system and method for two factor key exchange protocol resilient to password mistyping is disclosed. This authentication process is based on two factors including both electronically stored (long keys) and human supplied credentials (password or biometrics). The disclosed system and method ensures security in the presence of mistyping. The system includes receiving a message from a client signifying a request to establish a secure connection and sending a first random number to the client. The method continues with receiving a string and authorization code with parameters comprising the first random number and the string where the string includes an identifier, a short key and a second random number encrypted with a public key. The method continues with decrypting the string with a private key verifying the authentication code, verifying the short key and session key derivation by both server and client. | 11-19-2009 |
20100058070 | Message authentication code pre-computation with applications to secure memory - A method comprising the steps of creating a random permutation of data from a data input by executing at least one of a Pseudo-Random Permutation (PRP) and a Pseudo-Random Function (PRF), creating a first data block by combining the random permutation of data with a received second data block and executing an ε-differentially uniform function on the result of the combination, XORing the result of the ε-DU function evaluation with a secret key, and reducing the first data block to a first message authentication code. | 03-04-2010 |
20130031371 | Software Run-Time Provenance - An executing first computing module verifies the run-time provenance of an unverified second computing module. A signed certificate identifying an author of the second computing module is received at the first computing module. An association between the signed certificate and the second computing module is verified. A first provenance certificate and associated private key signed by the first computing module and identifying a runtime provenance of the second computing module is then generated, and the first provenance certificate is published to the second computing module. A chain of signed certificates, including provenance certificates and a static identification certificates, can be published. Each provenance certificate in the chain verifies the integrity of a layer of execution, and the plurality of static identification certificates identifies a respective author of the computing module associated with each layer of software. The provenance of the second computing module can be recursively traced through the published chain of certificates. | 01-31-2013 |
Patent application number | Description | Published |
20140019953 | CLIENT-SIDE SCRIPT BUNDLE MANAGEMENT SYSTEM - A method of operation of a bundle management system includes: generating a resource bundle with client-based script code based on a client device condition of a potential client device; generating a condition map correlating the client device condition to the resource bundle; generating a bundle set including the resource bundle based on a developer version of the client-based script code; uploading the condition map to a web service system; and configuring the web service system to operate a web service corresponding to the developer version of the bundle set. | 01-16-2014 |
20140129966 | Progressive Rendering of Data Sets - In one embodiment, a computing device identifies a first number of content objects to render for display along an axis within an area of a graphical user interface based on an assumed dimension of every content object and a maximum dimension of the area along the axis. The computing device renders the first number of content objects for display along the axis within the area, and determines a difference between the assume dimensions and actual dimensions of the rendered content objects along the axis. The computing device adjusts the assumed dimension based on the difference, and identifies a second number of content objects to render for display along the axis within the area based on the assumed dimension as adjusted and the maximum dimension of the area along the axis. And the computing device renders the second number of content objects for display along the axis within the area. | 05-08-2014 |
20140149921 | Using Clamping to Modify Scrolling - In one embodiment, a method includes receiving user input to scroll within a GUI on a touch screen. The user input includes a touch gesture having a path that includes a starting point and one or more other points on the touch screen. The computing device determines regions of the touch screen defined with respect to the starting point. A first one of the regions corresponds to a first scrolling axis, and a second one of the regions corresponds to a second scrolling axis perpendicular to the first scrolling axis. If the path corresponds to the first region, then the computing device scrolls within the GUI according to the user input linearly and parallel to the first scrolling axis. If the path corresponds to the second region, then the computing device scrolls within the GUI according to the user input linearly and parallel to the second scrolling axis. | 05-29-2014 |
20140149922 | Infinite Bi-Directional Scrolling - In one embodiment, a method includes providing for display to a user content including multiple content objects that each have a boundary defining a two-dimensional area. A two-dimensional scroll region for user scrolling within the content is determined. The two-dimensional scroll region is independent of the two-dimensional areas of the content objects. User input to scroll within the content in one or both of the two dimensions across one or more of the boundaries is received. The method includes scrolling within the content according to the user input, the scrolling being continuous across the boundaries. | 05-29-2014 |
Patent application number | Description | Published |
20110167272 | Secure Multi-UIM aka key exchange - An apparatus in one example, where the apparatus comprises a communication device component that performs an authentication key agreement protocol by receiving a first random nonce (RAND) and an authentication token, wherein the communication device component is configured with a shared secret key. The communication device component generates a derivation key by applying a pseudo random function to the RAND and the shared secret key. The communication device component generates a first set of session keys based on a second random nonce (RANDC) and the derivation key where the first set of session keys are used in encrypting communications. | 07-07-2011 |
20110216902 | Computation of garbled tables in garbled circuit - An efficient encryption system for improving the computation speed of a garbled circuit is set forth. The garbled circuit includes a number of garbled Boolean gates having first and second garbled Boolean gate input wires. The system includes a first key ki on a first garbled gate input wire. A second key kj is also provided on a second garbled gate input wire. A programmable function is provided for combining the first key ki and the second key kj to obtain an encrypted output key. A method for expediting encryption and decryption of a garbled circuit having a number of encryptions for a garbled table of a garbled gate is also set forth. The method includes the steps of: forming the garbled table with a number of secret keys by applying a function to the secret keys to produce less than twice the number of secret keys as the number of encryptions for the garbled table, and evaluating the garbled table to decrypt an output key of the garbled table. | 09-08-2011 |
20110320803 | Light-weight security solution for host-based mobility & multihoming protocols - A transport connection system is set forth. The system includes a first device adapted to send and receive messages. A second device, adapted to send and receive message, is also provided. A message i generated by the first device includes a secret Ri- | 12-29-2011 |
20120070000 | Securing Two-Party Computation Against Malicious Adversaries - Methods and apparatus are provided for securing two-party computations against malicious adversaries. A method is provided for secure function evaluation. The disclosed method is performed by a garbled circuit evaluator for the transfer of private information, and comprises receiving from a constructor (i) s garbled circuits (GCs), wherein each of the GCs having a plurality of input wires; and (ii) commitments for each of the input wires, wherein the commitments comprise s | 03-22-2012 |
20120246743 | SYSTEM AND METHOD FOR ACCESSING PRIVATE DIGITAL CONTENT - Method for providing access to private digital content installed on a content server C(s), wherein a content manager server C(a) has a number of clients potentially interested in the private content; the method comprising the following steps performed at the content management server C(a):
| 09-27-2012 |
20120284523 | MAC Aggregation Resilient To Denial-Of-Service Attacks For Use In A Multi-Node Data Network - An improved MAC aggregation technique is disclosed that yields an aggregate MAC much shorter than the concatenation of constituent MACs while achieving improved resilience to denial-of-service (DoS) attacks. The aggregate MAC is constructed in a manner wherein upon instance of channel impairments or malicious attack (e.g., from a rogue node or man-in-the-middle attacker), only a portion of the aggregate MAC will include corrupted data, at least a portion of the aggregate MAC thereby including valid verifiable data. A source of corruption of the aggregate MAC may be ascertained based on indicia of which constituent MACs are included in the valid portion; and constituent MACs that are wholly included in the valid portion may be declared valid. | 11-08-2012 |
20140040614 | SECURE FUNCTION EVALUATION FOR A COVERT CLIENT AND A SEMI-HONEST SERVER USING STRING SELECTION OBLIVIOUS TRANSFER - Methods and apparatus are provided for secure function evaluation for a covert client and a semi-honest server using string selection oblivious transfer. An information-theoretic version of a garbled circuit C is sliced into a sequence of shallow circuits C | 02-06-2014 |
20140040620 | Secure Function Evaluation Between Semi-Honest Parties - Methods and apparatus are provided for secure function evaluation between a semi-honest client and a semi-honest server using an information-theoretic version of garbled circuits (GC). An information-theoretic version of a garbled circuit C is sliced into a sequence of shallow circuits C | 02-06-2014 |
20140056306 | MAC Aggregation With Message Multiplicity For Use In A Multi-Node Data Network - A MAC aggregation technique utilizing a large field addition operation is disclosed. The large field addition operation defines the addition of two or more MACs mod p, where the two or MACs may comprise constituent MACs or aggregate MACs, and where p is a prime number that is large relative to the size of the MACs. The disclosed MAC aggregation technique yields an aggregate MAC much shorter than the concatenation of constituent MACs while achieving security even in the case where constituent MACs may be aggregated in duplicate. | 02-27-2014 |
20140095861 | Input Consistency Verification for Server Assisted Secure Function Evaluation - Server-assisted secure function evaluation (SFE) is performed with input consistency verification for two parties that want to evaluate a function. The server computes a garbled circuit corresponding to the function. A predefined bit of the 0-secret of wire i in the garbled circuit is set to a random bit b | 04-03-2014 |
20140105393 | Input Consistency Verification for Two-Party Secure Function Evaluation - Secure function evaluation SFE) with input consistency verification is performed by two parties to evaluate a function. For each execution, the first party computes a garbled circuit corresponding to the function and uses an Oblivious Transfer protocol to provide wire secrets that are an encrypted version k | 04-17-2014 |
20140108435 | SECURE PRIVATE DATABASE QUERYING SYSTEM WITH CONTENT HIDING BLOOM FITERS - Secure private database querying on a database for a query having a formula evaluation on at least two keywords A and B comprises: a server receiving a Bloom filter tree comprised of encrypted Bloom filters of encrypted keywords from the database, wherein each Bloom filter in the Bloom filter tree is separately masked by a random mask pad P; receiving an encrypted version of the keywords A and B from the client; and obtaining masked Bloom filter indices for the keywords A and B. The client and server participate in secure function evaluation (SFE) with the client. The server has an input comprising the masked Bloom filter indices for the keywords A and B and the client has an input comprising the random mask pad P. The secure function evaluation comprises: removing the random mask pad P from the masked Bloom filter indices input by the server; determining if there is a matching Bloom filter for each of the keywords A and B; and applying the formula evaluation to determine if the formula is satisfied. | 04-17-2014 |
20140129838 | METHOD AND APPARATUS FOR RESILIENT END-TO-END MESSAGE PROTECTION FOR LARGE-SCALE CYBER-PHYSICAL SYSTEM COMMUNICATIONS - To address the security requirements for cyber-physical systems, embodiments of the present invention include a resilient end-to-end message protection framework, termed Resilient End-to End Message Protection or REMP, exploiting the notion of the long-term key that is given on per node basis. This long term key is assigned during the node authentication phase and is subsequently used to derive encryption keys from a random number per-message sent. Compared with conventional schemes, REMP improves privacy, message authentication, and key exposure, and without compromising scalability and end-to-end security. The tradeoff is a slight increase in computation time for message decryption and message authentication. | 05-08-2014 |
20140189364 | Privacy-Preserving Database System - A database system includes a server, index server and client. In one embodiment the server randomly permutes the order of database records. The server provides to the index server an array of encryption keys by generating a random encryption key corresponding to each permuted database record. The server encrypts each permuted database record with its corresponding encryption key. The index server computes and encrypts a sum of each encryption key and a corresponding random mask and sends a permuted array of masked keys to the server. The index server provides to the client an encrypted database record, and the mask and key corresponding to the encrypted record. The client sends the encrypted sum of the mask and key to the server. The server decrypts the masked key with a public key and sends the decrypted key to the client. The client then recovers the record key and decrypts the record. | 07-03-2014 |
20150113275 | TAMPER-RESISTANT AND SCALABLE MUTUAL AUTHENTICATION FOR MACHINE-TO-MACHINE DEVICES - An authentication request message is sent from a first computing device to a second computing device, wherein the first computing device and the second computing device communicate via a machine-to-machine communication protocol, and wherein the authentication request comprises a token issued by the second computing device and stored in a key obfuscation block of the first computing device. A challenge message is received at the first computing device from the second computing device. In response to the challenge message, a session key is computed at the key obfuscation block of the first computing device, wherein the session key is computed based on a secret shared between the first computing device and the second computing device. Upon generating the session key, the first computing device extracts a value from the challenge message and generates an authentication delegate based on the extracted value. The authentication delegate is sent from the first computing device to a third computing device for verification to allow the first computing device access to the third computing device. | 04-23-2015 |
20150278549 | Anonymization of Streaming Data - Techniques are provided for anonymizing streamed data. In various embodiments data are anonymized by receiving a data element (p | 10-01-2015 |
20160044031 | PROTECTING AGAINST MALICIOUS MODIFICATION IN CRYPTOGRAPHIC OPERATIONS - A message and an identifying parameter associated with the message are obtained. The message comprises a plurality of units. A plurality of one-unit message authentication codes is generated, wherein each one-unit message authentication code corresponds to a respective unit of the plurality of units of the message, and wherein each one-unit message authentication code is generated based on the identifying parameter associated with the message, a given one of the plurality of units, and the position of the given unit in the message. Verification of each unit of the message may then be efficiently performed inside a method of secure computation such as, by way of example only, a garbled circuit. | 02-11-2016 |