Abstract: A method for use in a hybrid network ecosystem comprising an enterprise network and a reconciliation network, the method comprising generating, by at least one first computing node in the enterprise network or the reconciliation network, a first digital facilitator, wherein the first digital facilitator enables a first device to use a private key to access data associated with a distributed ledger operation. The method also comprises transmitting, via the reconciliation network, the data from the first computing device to a second computing device, wherein the first computing device and the second computing device are connected via the reconciliation network.

Abstract: Various methods and systems for securing imaging systems are provided. In one embodiment, a method for an imaging system comprises monitoring usage of the imaging system in real-time while a user is controlling the imaging system, detecting that the usage of the imaging system is an abnormal usage, and performing one or more corrective actions based on the abnormal usage. In this way, an imaging system may be secured from cyber-attacks that may attempt to maliciously execute in an abnormal context while appearing legitimate to typical security controls.

Abstract: Methods and systems disclosed herein describe obfuscating plaintext cryptographic material stored in memory. A random location in an obfuscation buffer may be selected for each byte of the plaintext cryptographic material. The location of each byte of the plaintext cryptographic material may be stored in a position tracking buffer. To recover the scrambled plaintext cryptographic material, the location of each byte of the plaintext cryptographic material may be read from the position tracking buffer. Each byte of the plaintext cryptographic material may then be read from the obfuscation buffer and written to a temporary buffer. When each byte of the plaintext cryptographic material is recovered, the plaintext cryptographic material may be used to perform one or more cryptographic operations. The scrambling techniques described herein reduce the likelihood of a malicious user recovering plaintext cryptographic material while stored in memory.

Abstract: In an aspect, a system for dynamic data injection is presented. A system includes a computing device. A computing device is configured to receive at least a digital media file. A digital media file includes at least a segment comprising a plurality of display quanta. A computing device is configured to select a portion of at least a segment of at least a digital media file as a function of a randomization engine. A computing device is configured to encode identifying data in a selected portion of at least a segment. Encoding includes modifying at least a display quanta of a plurality of display quanta of a selected portion of at least a segment. A computing device is configured to display at least a segment to a user.

Abstract: A database access, monitoring, and control system and method monitor database access, detect suspicious database activities, and react to suspicious database activities by initiating one or more control functions. In at least one embodiment, suspicious database activities include activities related to a number of rows of data retrieved in response to one or more queries within a predetermined threshold window of time. Data retrieval row count above a predetermined threshold that represents an anticipated maximum request for legitimate users can indicate a suspicious database activity. In at least one embodiment, the database access, monitoring, and control system and method detects suspicious database activities even if a data requestor has thwarted other security measures or if the data requestor has authorized access but is potentially accessing data inappropriately.

Abstract: According to an embodiment, an encryption processing device includes a memory and one or more processors. The memory stores a plurality of divided masks to be applied to an input sentence on which mask processing is performed in unit of processing of a predetermined size corresponding to a size of data obtained by dividing target data of encryption processing into a plurality of pieces, the divided masks having a same size as that of data obtained by further dividing the data of the unit of processing. The one or more processors are configured to: read out the plurality of divided masks from the memory at different respective timings, and generate a plurality of first masks by using the read-out divided masks at different respective timings; and execute arithmetic processing on intermediate data of the encryption processing using the plurality of first masks at different respective timings.

Abstract: In a general aspect, a method of protecting a software program against tampering can include: executing, by a processor of a user device, an executable code of the software program, the executable code comprising integrity check code sections; during execution of one of the integrity check code sections of the executable code, computing by the processor an integrity check result applied to a code segment of the executable code; transmitting by the processor to a server a message containing the integrity check result and an identifier of the code segment; and when the integrity check result does not correspond to a reference result for the code segment of a genuine version of the software program, receiving by the processor from the server a signal that prevents an operation of the software program from being executed by the processor.

Abstract: Aspects of the subject disclosure may include, for example, a processing system including a processor; and a memory that stores executable instructions that, when executed by the processing system, facilitate performance of operations, including requesting a license for software from first equipment of a license holder; receiving a passed ledger associated with the license from the first equipment of the license holder, wherein the passed ledger comprises a latest block; receiving a hash value for the latest block from a software vendor of the software; calculating a hash value for the latest block; and responsive to the hash value provided by second equipment of the software vendor matching the hash value calculated for the latest block: executing the software. Other embodiments are disclosed.

Abstract: Methods are provided for discovering related attributes with respect to an element in a customer data record, based on provided associations and for generating new associations between various elements of the customer data record. In these method, the context service system obtains, from a subscriber, a lookup request including a first blinded attribute. The first blinded attribute is obtained by applying an oblivious pseudo random function (OPRF) to a first element of a data record. The method further includes the context service system identifying at least one second blinded attribute associated with the first blinded attribute in a shared data partition of the context service system and providing, to the subscriber, at least one second element of the data record associated with the at least one second blinded attribute.

Abstract: The present invention relates to a computing device for executing a first cryptographic operation of a cryptographic process on useful input data, said computing device comprising a first processor, a second processor and a selection circuit wherein: —said selection circuit is configured: —for receiving, from an input bus, expanded input data obtained by interleaving dummy input data with said useful input data, —for determining positions of the dummy input data in said expanded input data, —and for extracting said dummy input data and said useful input data from the expanded input data based on said determined positions, —said first processor is configured for executing said first cryptographic operation of said cryptographic process on said extracted useful input data to obtain useful output data, —said second processor is configured for executing a second operation on said extracted dummy input data to obtain dummy output data, said computing device being configured for having said operations executed such

Abstract: A method, system and computer program product for reducing the amount of helper data that needs to be stored using two innovative techniques. The first technique uses bit-error-rate (BER)-aware lossy compression. By treating a fraction of reliable bits as unreliable, it effectively reduces the size of the reliability mask. With the view of practical costs of production-time error characterization, the second technique enables economically feasible across-temperature per-bit BER evaluation for use in a number of fuzzy extractor optimizations based on bit-selection to reduce overall BER (with or without subsequent compression) using room-temperature only production-time characterization. The technique is based on stochastic concentration theory and allows efficiently forming confidence intervals for average across-temperature BER of a selected set of bits.

Abstract: In general, the invention relates to a method for managing data. The method includes obtaining a data set from a local data system, identifying an audit tag associated with the data set, generating a table entry for a data registration table based on the data set and the audit tag, and storing the table entry in the data registration table, wherein the data registration table is stored in a data tracking service.

Abstract: An example private processing pipeline may include: a masked decryption unit to perform a masked decryption operation transforming input data into masked decrypted data; a masked functional unit to produce a masked result by performing a masked operation on the masked decrypted data; and a masked encryption unit to perform a masked encryption operation transforming the masked result into an encrypted result.

Abstract: Medical devices, systems, and methods related thereto a glucose monitoring system having a first display unit in data communication with a skin-mounted assembly, the skin-mounted assembly including an in vivo sensor and a transmitter. The first display unit and a second display unit are in data communication with a data management system. The first display unit comprises memory that grants a first user first access level rights and the second display unit comprises memory that grants a second individual second access level rights.

Abstract: Techniques are described for metadata processing that can be used to encode an arbitrary number of security policies for code running on a processor. Metadata may be added to every word in the system and a metadata processing unit may be used that works in parallel with data flow to enforce an arbitrary set of policies. In one aspect, the metadata may be characterized as unbounded and software programmable to be applicable to a wide range of metadata processing policies. Techniques and policies have a wide range of uses including, for example, safety, security, and synchronization. Additionally, described are aspects and techniques in connection with metadata processing in an embodiment based on the RISC-V architecture.

Abstract: A method includes monitoring user behavior in an enterprise system, identifying a given user of the enterprise system associated with a given portion of the monitored user behavior, determining a predicted impact of compromise of the given user on the enterprise system, generating a risk score for the given user based on the predicted impact of compromise and the given portion of the monitored user behavior, and identifying one or more remedial actions to reduce the risk score for the given user. The method also includes implementing, prior to detecting compromise of the given user, at least one of the remedial actions to modify a configuration of at least one asset in the enterprise system, the at least one asset comprising at least one of a physical computing resource and a virtual computing resource in the enterprise system.

Abstract: An information processing apparatus includes a processor that acquires an operation result on an input data by referring to a look-up table that stores an operation result of an operation process, including an obfuscating operation that includes ordering of bits, an exclusive-OR operation on a random number, and a multiplication on a Galois field, performed on data.

Abstract: The disclosed computer-implemented method for authenticating digital media content may include (i) receiving digital media content that has been captured by a capturing device and digitally signed through a cryptoprocessor embedded within the capturing device to provide an assurance of authenticity regarding how the capturing device captured the digital media content, and (ii) encoding an identifier of the received digital media content and a digital signature to an encrypted distributed ledger, the digital signature including at least one of a digital signature of the digital media content by the capturing device or a digital signature of the digital media content by an entity encoding the received digital media content such that the encoding becomes available for subsequent verification through the encrypted distributed ledger. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: An access control system controls access of a user to one or more operating functions of a technical installation. The access control system includes a receiving device configured to read access authorization data from a mobile data medium and an access control device configured to receive and validate the access authorization data from the receiving device. The receiving device continuously adds a dynamic portion to the access authorization data to create dynamic access authorization data and sends the dynamic access authorization data to the access control device. The access control device, in response to the dynamic access authorization data corresponding to a defined expectation, generates a release signal for those operating functions for which the access authorization data is valid.

Abstract: An indication of a mode of operation to be performed with a block cipher may be received. Logic associated with the block cipher may be configured based on the indicated mode of operation to be performed with the block cipher. Furthermore, an input data and a mask data may be received. The input data may be combined with the mask data to generate a masked input data based on the configured logic. The masked input data may be provided to the block cipher based on the configured logic and an output data may be generated with the block cipher based on the provided masked input data.