Abstract: An evaluation device receives input of latent variables of a variational autoencoder, clusters the input latent variables, and assigns, for each cluster, a label indicating the cluster to latent variables belonging to the cluster. After that, the evaluation device performs learning of a classifier so as to accurately classify the latent variables based on the assigned label, performs an adversarial attack resistance evaluation for the classifier after learning, and outputs a result of the resistance evaluation. Thus, the evaluation device can perform an adversarial attack resistance evaluation even for a variational autoencoder that uses unlabeled data as input data.

Abstract: An approach is disclosed for processing NFTs on a blockchain platform. A request for processing an NFT is received on the blockchain platform, by a requestor. The NFT is accessed by chunks C (C1, C2, . . . , Cn) from at least two blobbers B (B1, B2, . . . , Bn). The NFT is reconstructed from the chunks C (C1, C2, . . . , Cn) to process the request. The supported requests include creating, viewing, purchasing, transferring ownership, setting permissions for reveal of data at a future date, adding, updating, deleting, moving, copying, and renaming data assets. The NFT may be transferred from one blockchain platform to a different blockchain platform, and may be initially used as a fundraising vehicle by the creator with no data asset initially and later uploaded to the blobbers.

Abstract: A semiconductor device includes: a detector that detects unauthorized access; and a reconfiguration unit that, in response to detection of the unauthorized access by the detector, reconfigures a reconfiguration area where a circuit that defines an operation was present to a state in which the circuit does not execute an operation based on the circuit.

Abstract: A computer-implemented method of distributing a shared secret on a blockchain network. The method comprises mapping a plurality of inputs to elliptic curve points of an elliptic curve of an elliptic curve cryptography system. In a first encryption step, a plurality of the elliptic curve points are encrypted by a public key of a public-private key pair and decryptable by the corresponding private key of the public-private key pair. In a second encryption step, a plurality of parts of one input to a second encryption step are multiplied by terms of a series known to participants. In a secret sharing step, a plurality of shares of an input to a secret sharing step are distributed to a plurality of said participants, and an input is accessible to a threshold number of shares and is inaccessible to less than a threshold number of shares.

Abstract: Encryption is performed at the field level within a data object, in response to an encryption indicator. Encrypted fields are nulled or zeroed out and the encrypted values are stored in encryption metadata with a path identifying the locations of the encrypted fields. An encrypted data key is appended with a decryption identifier and stored in the encryption metadata. The encrypted data object may be reformatted while encrypted. The encrypted data key is extracted from the encryption metadata and the decryption identifier is used to identify a master key used to decrypt the encrypted data key. The data key is used to decrypt the encrypted values and the decrypted values are stored in the fields identified by the paths.

Abstract: An authentication system includes at least one processor configured to register user information on a user who is to visit a predetermined location, and scheduled time information on scheduled time at which the user is to visit the predetermined location, in association with each other in a storage, execute, when someone visits the predetermined location, authentication based on visitor information on the someone, the user information, visit time information on time at which the someone visits the predetermined location, and the scheduled time information.

Abstract: A method comprises: tokenizing, at a first device, a search query; creating search requests and send to delegate devices, each search request including a public key encrypted message containing the tokenized search query and index identifiers of indices to be searched; computing search responses to the search requests, each search response comprising a partial trapdoor computed per token per identifier; transmitting the search responses to the first device; recombining, at the first device, the search responses per identifier per token; performing a ranked set of queries against the indices; and returning the search results in order of relevancy.

Abstract: A method for obtaining a secured routing functionality in a white-boxes based cluster which comprises a plurality of standalone white-boxes, wherein at least two of the standalone white-boxes were manufactured by different manufacturers, and wherein the method comprising identifying a serial number (S/N) associated with each white-box to be included in that cluster, determining pre-defined properties of each respective white-box based on the identification, and installing each of the white-boxes together with a respective computing platform software comprising a software agent provided by the manufacturer of that white-box.

Abstract: Apparatuses, systems, and techniques for supporting fairness of multiple context sharing cryptographic hardware. An accelerator circuit includes a copy engine (CE) with AES-GCM hardware configured to perform both encryption and authentication of data transfers for multiple applications or multiple data streams in a single application or belonging to a single user. The CE splits a data transfer of a specified size into a set of partial transfers. The CE sequentially executes the set of partial transfers using a context for a period of time (e.g., a timeslice) for an application. The CE stores in a secure memory for the application one or more data for encryption or decryption (e.g., a hash key, a block counter, etc.) computed from a last partial transfer. The one or more data for encryption or decryption are retrieved and used when data transfers for the application is resumed by the CE.

Abstract: A system, method, device, and platform for managing data. Data associated with a user is automatically retrieved from one of a number of sources. The data is automatically confirmed as applicable to a user. The data is added to a data set associated with the user. A determination is made whether the data set is complete after adding the data to the data set. One or more tokens are created based on the data set of the user.

Abstract: A method includes receiving a first transaction request and a second transaction request including identification of a first trust action and a second trust action requested to be performed with respect to an electronic document. A first trust service provider and a second trust service provider, different from the first trust service provider, are selected to perform the requested first trust action and the second trust action, respectively. Performance of the first trust action and the second trust action on the same electronic document is coordinated with the selected first trust service provider and the second trust action provider. A first proof and a second proof are obtained confirming performance of the requested first trust action and the requested second trust action by the respective trust service providers.

Abstract: A network function service invocation method includes sending, by a first network function network element, a first request message to an authorization network element, wherein the first request message is used to request permission to invoke a first network function service provided by a second network function network element, performing, by the authorization network element, identity authentication on the first network function network element, generating, by the authorization network element, a token when determining that the identity authentication succeeds, wherein the token is used to indicate that the first network function network element has the permission to invoke the first network function service of the second network function network element, and sending, by the authorization network element, a token to the first network function network element.

Abstract: Systems, methods, and apparatuses are described for authenticating a user device and/or user application. A user device may receive, based on a first authentication request, a plurality of messages sent over a plurality of channels of communication (e.g., a message to a URL address associated with the user device and a binary Short Message Service (SMS) message). Based on information from the messages, the user device may transmit a second authentication request.

Abstract: Securing pods in a container orchestration environment is provided. A container runtime interface command is verified to perform an orchestration action on a set of containers comprising an application workload that corresponds to a service based on matching the container runtime interface command to a rule contained in a trusted execution environment contract included in a pod sandbox virtual machine of a trusted execution environment. It is determined whether the container runtime interface command to perform the orchestration action on the set of containers is valid based finding a matching rule in the trusted execution environment contract. In response to determining that the container runtime interface command to perform the orchestration action on the set of containers is valid, the container runtime interface command is executed to perform the orchestration action on the set of containers in the pod sandbox virtual machine of the trusted execution environment.

Abstract: Hierarchical scanning begins with communicating probes over the Internet to ports and networks addresses to determine publicly accessible devices. Based on responses to those probes, follow-up probes are determined to obtain additional information about the publicly accessible devices. The probes are transmitted from a system that is external to the networks corresponding to the network addresses. This provides an external view of the scanned networks and facilitates a probing paradigm that scales beyond a few networks.

Abstract: A system includes a memory device and a processor, operatively coupled with the memory device, to perform operations including receiving, from a device via a brokering agent, a request to provide an encrypted version of a set of secrets data corresponding to a target state of the device, determining whether to authorize the request in view of the brokering agent, and in response to authorizing the request, providing the encrypted version of the set of secrets data and permission to transition to the target state.

Abstract: Methods of securely storing and providing data in a data storage system, and a corresponding system are described. A method comprises the steps of: connecting the security module to a remote host only within a predetermined remote access time window, wherein said remote access time window is stored on the security module; receiving a file transfer request from the remote host to the security module; authenticating the file transfer request; receiving the file and caching the file within the security module; isolating the remote host from the security module; connecting the security module and the data storage device; transferring the cached file from the security module to be stored in the data storage device; and isolating the security module and the data storage device once file transfer is complete. This provides a secure system where a data storage device is controllably connected to a remote host.

Abstract: The invention provides methods and systems which enable additional functionality to be inserted into blockchain scripts with ease and in an effective and manner. According to one embodiment, the invention provides a blockchain-implemented method comprising the steps of arranging a plurality or selection of scripting language primitives to provide, upon execution, the functionality of a high-level scripting language primitive, wherein the scripting language is associated with a blockchain protocol; inserting the plurality of scripting language primitives at least once into a script; and inserting the script into blockchain transaction (Tx). The high-level scripting language primitive may perform, for example, an arithmetic operation such as multiplication or division. The scripting language primitives may be called op-codes, words or commands, and are native to the scripting language. The scripting language may be Script, and the blockchain protocol may be a version of the Bitcoin protocol.

Abstract: An example operation may include one or more of receiving, by each of one or more peripheral peers of a blockchain network, a sequence of new blocks from an orderer peer, calculating hashes for the sequence of new blocks, adding the hashes to a merkle tree, determining the merkle tree is different than merkle trees from a majority of peripheral peers, determining that one or more blocks that correspond to the different merkle trees from the majority of peripheral peers are different from the sequence of new blocks, and in response ceasing committing blocks to the blockchain network.

Abstract: An approach is disclosed for running a first smart contract on a first blockchain platform which restricts access to a client's funds appropriated to a second smart contract running on a second blockchain platform. A transaction is received by invoking the first smart contract authorizing the second smart contract. In response to receiving an indication of a successful completion of the first smart contract, a plurality of client's authorization tickets are sent to the second smart contract which restricts access to the client's funds appropriated to the second smart contract running on the second blockchain platform. The invoked smart contract receives the set of authorization information and records the set of authorization information. After receiving a set of authenticated authorization tickets exceeding a predetermined threshold, the funds are atomically eliminated on the first blockchain platform and a converted funds generated on the second blockchain platform.