Abstract: An encryption processing system includes: a first device; second devices; and a third device, wherein the first device generates synthesis keys by selecting public keys of the second devices; generates an intermediate text from confidential texts generated by encrypting secret information by using public keys of the second devices having decryption authority; generates ciphertexts by further encrypting the intermediate text using the synthesis keys; and makes public the ciphertexts, each of the second devices verifies validity of the ciphertexts; generates decryption key fragments by using an own private key; and makes public the decryption key fragments, the third device verifies validity of the decryption key fragments; generates a decryption key by combining decryption key fragments; generates the Intermediate text by decrypting one of the ciphertexts; and makes public the intermediate text, and the second device decrypts the intermediate text using the own private key; and restores the secret information.

Abstract: The disclosure provides a blockchain-based data processing method, a blockchain-based data processing apparatus, an electronic device, and a medium, and relates to a field of blockchain technologies. The method includes: obtaining a delay transaction request and triggering execution of the delay transaction request; during the execution of the delay transaction request, homomorphically encrypting determined data to be disclosed with a delay, to generate delay transaction data containing encrypted delay data, and storing the delay transaction data on an uplink; and when set delay disclosure conditions are met, decrypting the delay transaction data.

Abstract: In a secure end-to-end transmission of data between a first device and a second device via a message broker, the following are performed: a sharing of an entropy pool between the first device and the second device via the message broker, by means of signalling messages, any payload of which is encrypted asymmetrically and which comprise a message signature; and a transmission of subsequent messages between the first device and the second device via the message broker, each said subsequent message comprising a header and a payload, the header comprising an identifier of an authentication key obtained from the shared entropy pool and an identifier of a symmetrical encryption key obtained from the shared entropy pool, the payload being encrypted symmetrically by means of the symmetrical encryption key, and the whole formed by the header and the payload being authenticated by means of a message authentication code obtained by means of the authentication key and inserted in the header.

Abstract: Limiting access to native device capabilities. A method includes, at a container application installed at the computing device, the container application configured to execute hosted script based applications, identifying a hosted application to execute. The method further includes, at the container application, obtaining information identifying a limited set of capabilities from among the native device capabilities indicating which of the native device capabilities the hosted application has been granted access to. The method further includes, at the container application, executing the hosted application and enforcing limits on the hosted application such that the hosted application is only able to access the native device capabilities identified in the limited set of capabilities.

Abstract: This disclosure relates to generating location event measurements. In one aspect, a method includes presenting, by a client device, a digital component comprising geofence data that defines one or more physical locations corresponding to the digital component. In response to presenting the digital component, a trusted program of the client device stores, in a presentation event data structure, a presentation event data element specifying the geofence data. The trusted program detects, based on location information indicating a current location of the client device and the geofence data that the client device is within one of the one or more physical locations. In response to detecting that the client device is within one of the one or more physical locations, an event report is transmitted to a reporting system for the digital component. The event report indicates that a location event for the digital component has occurred.

Abstract: Systems and methods for providing secure single sign-on authentication and management of encrypted vault in a fully cloud-based zero-knowledge environment. A user on a client device attempts to use a network resource. The user is directed to login to the identity provider. The identity provider authenticates the user through a login process. If the user is identified to be a valid user, the identity provider sends the user an attestation sign-on key to confirm the user is valid. The client device sends the attestation sign-on key to a vault service provider, which verifies the attestation using a configured public key. The client device retrieves a data decryption key and an encrypted data key, which are stored in different entities in the system. The encrypted data key is decrypted on the client device using the data decryption key.

Abstract: Techniques for encrypting data using a randomly selected data block from a set of data are described herein. An index indicates a subset of data within a data object. The data block is selected based at least in part on the index, an input to a cryptographic operation is generated from the data block, and the input to the cryptographic operation is provided to the cryptographic operation.

Abstract: In an example embodiment, a system for allowing one or more password errors may store a correct password for a user and receive an attempted login from a user device. The attempted login may include (1) an attempted password with one or more errors and (2) metadata. The system may assign a metadata risk score to the metadata, assign a password risk score to the attempted password, aggregate the scores, and grant or deny access to the user based on the aggregated score and a predetermined threshold.

Abstract: Various embodiments relating to an electronic device are described, and according to an embodiment, the electronic device may comprise a communication module which performs wireless communication; at least one processor which is electrically connected to the communication module; and a memory which stores instructions which cause at least one processor to receive or transmit data via communication with an external electronic device using the communication module on the basis of a first operating system and to process the received data or data to be transmitted to the external electronic device using a designated key on the basis of a second operating system, at the time of execution thereof.

Abstract: An approach is provided that receives a password that corresponds to a user identifier. A number of hashing algorithms are retrieved with the specific hashing algorithms that are retrieved being based on the received user identifier. The password is hashed using each of retrieved hashing algorithms resulting in a number of hash results. The hash results are combined with the combining of the hash result eventually resulting in a combined hash result. An expected hash result that corresponds to the user identifier is retrieved and compared to the combined hash result. The password is verified based on the results of the comparison.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for reducing latency in network communications and data presentation. In one aspect, a user session is initiated in which data related to an account is presented to the user. A user group to which the given user has been assigned is identified. A first dataset related to the account is selected based on the user group. A second dataset related to the account is selected based on types of data previously requested by various other users in the user group. A user interface for the account is updated to present at least a portion of the first dataset. Latency in updating the user interface is reduced when presenting additional portions of the first dataset or the second dataset by providing, to the client device, the second dataset prior to receiving a request for the second dataset.

Abstract: Systems and methods for applying an application layer policy to a transport layer security request are provided. A device, intermediary to one or more clients and one or more servers, can receive a transport layer security (TLS) request to establish a TLS connection between a client of the one or more clients and a server of the one or more servers. The TLS request can include an application layer request to a resource of the server. The device can apply an application layer policy to the application layer request of the TLS request. The device can determine, responsive to applying the application layer policy, whether to one of accept or reject at least the application layer request of the TLS request.

Abstract: The present disclosure provides systems and methods for authenticating photographic data. In one embodiment, a method comprises providing an image authentication application for use on a client device, the application configured to control image capture and transmission; receiving an image data file from the application at the authentication server comprising a photographic image captured by the application and metadata associated therewith; applying a watermark to the photographic image to create a watermarked image; applying date and time information to the tagged image; applying location information to the tagged image; creating a web address associated with the image data file; uploading the photographic image, the tagged image, or both to the web address; and transmitting an authenticated image file to the client device, the authenticated image file comprising one or more of: the watermarked image, the photographic image, the date and time information, geographic information, and the web address.

Abstract: Briefly, example methods, apparatuses, and/or articles of manufacture are disclosed that may be implemented, in whole or in part, using one or more computing devices to facilitate and/or support one or more operations and/or techniques for electronic authentication infrastructure, such as implemented, at least in part, via one or more electronic communications.

Abstract: An interactive display system enables a user to compose a graph pattern for a temporal graph on a display screen. The system comprises a canvas that provides an interactive editing surface. The editor receives an input a set of user interactions, such as the drawing of lines and boxes, the specifying of attributes, and the like, that together compose a graph pattern. During the graph pattern composition, the user may retrieve other graph patterns (e.g., from a data store) and integrate them into the pattern being composed. Once the graph pattern is composed (or as it is being composed), the system converts the graphical pattern into a text-based representation, such as a computer program in a particular graph programming language, which is then used for subsequent processing and matching in a cybersecurity threat discovery workflow. The pattern (program code) also is stored to disk, from which it may be retrieved and converted back into its graphical view on the screen, e.g., for further editing and revision.

Abstract: A network topology is provided that includes multiple data centers for building blockchain blocks. The data centers can process different subgroups of blocks, and then send updates to one another with information about new blocks. Additionally, some data centers may protect sensitive block body information, and instead may only share block headers.

Abstract: A memory device embodiment may include an array of non-volatile memory cells including a protected memory region. The protected memory region may include a dedicated sub region established by a host. The memory device embodiment may also include a memory controller configured to wipe the protected memory region or execute other security functions by issuing an authenticated data write command to the dedicated sub region of the protected region. Issuing the authenticated data write command may include signing the command with a key shared with the host that established the sub region.

Abstract: A decentralized certificate module generates a unique key pair. The decentralized certificate module creates a certificate signing request (CSR) based at least on a public key of the unique key pair. The decentralized certificate module signs the CSR with pre-installed system data to generate a signed trust certificate. The decentralized certificate module initiates a secure communication that includes the signed trust certificate.

Abstract: A method and system are provided for transferring digital assets in a digital asset network. Network users can be centrally enrolled and screened for compliance. Standardized transfer processes and unique identifiers can provide a transparent and direct transfer process. Digital assets can include sufficient information for ensuring that a value will be provided, including one or more digital signatures, such that value can be made immediately available to recipients.

Abstract: A method for handling biometric templates is disclosed for an authenticating device applying biometric authentication. The method comprises acquiring a set of biometric data associated with a prospect user, and acquiring a decryption key (associated with an encrypted biometric template associated with an enrolled user of the authenticating device) from a key carrying device external to the authenticating device responsive to the key carrying device being in a vicinity of the authenticating device. The method also comprises retrieving, from a storage medium, at least a part of the encrypted biometric template associated with the enrolled user, decrypting the retrieved part of the biometric template using the acquired decryption key and performing an attempt to authenticate the prospect user as the enrolled user based on a comparison between the acquired set of biometric data and the decrypted part of the biometric template.