Abstract: The present invention relates to method of securing a software code comprising at least one constant value, said method generating a secure software code and comprising the steps of: —determining (S1) by a processor in the software code a constant value to be protected, —inserting (S2) by the processor in the software code an indexed array of values such that the constant value to be protected can be determined from one value of the array, —replacing (S3) by the processor in the software code the constant value to be protected by a replacement variable, —inserting (S4) by the processor in the software code a first sequence of instructions which, when executed at runtime: •computes the index in the array of the value from which the constant value to be protected can be determined, •extracts from said array the value located at said computed index in said array, •from said extracted value, determines the constant value to be protected, •sets the value of said replacement variable equal to the determined constan

Abstract: Methods and systems are provided for supporting efficient and secure “Machine-to-Machine” (M2M) communications using a module, a server, and an application. A module can communicate with the server by accessing the Internet, and the module can include a sensor and/or an actuator. The module, server, and application can utilize public key infrastructure (PKI) such as public keys and private keys. The module can internally derive pairs of private/public keys using cryptographic algorithms and a first set of parameters. A server can authenticate the submission of derived public keys and an associated module identity. The server can use a first server private key and a second set of parameters to (i) send module data to the application and (ii) receive module instructions from the application. The server can use a second server private key and the first set of parameters to communicate with the module.

Abstract: The present invention relates to a method of securing a compiled software code (SC) comprising computer code instructions organized in a plurality of basic blocks, said method generating a secure software code (SSC) and comprising the steps of: •determining (S1) by a processor a portion of the software code to be protected, •inserting (S2) by the processor in a selected basic block of the software code a first sequence of instructions which when executed at runtime: computes an integrity check value on said portion of the software code to be protected and computes an index value based on said computed integrity check value, •inserting (S3) by the processor in the selected basic block of the software code an indexed array of memory addresses in which the address, when executing the secure software code, of a following basic block to be executed after the selected basic block is indexed by said index value, •inserting (S4) by the processor at the end of the selected basic block of the software code a jump instr

Abstract: A method of digital authentication and related devices are disclosed. The method includes providing a scanning application on a computing device prior to scanning a website feature, and scanning website feature, the website feature having been displayed on a web page of another computing device. The method includes sending information related to the scanned website features to a processing system; and using the information related to the scanned website features to authenticate the web page on the other computing device, and enable one or more web page components of the web page. The web page components include at least one of (a) automatically setting up a new account on the web page with user profile information, (b) completing a purchase on the web page, or (c) automatically logging the user into the website.

Abstract: A method of securing a computer at a docking station, where the docking station includes a physical lock for selectively engaging with a locking interface of the computer to prevent removal of the computer from the docking station, the method includes: during a period of time in which the computer is registering a presence of an authenticated user at the computer, maintaining the physical lock of the docking station in an unlocked state disengaged from the locking interface of the computer; and when the computer is entering a locked state in response to a departure of the authenticated user from the computer, signaling the physical lock of the docking station to engage with the locking interface of the computer to prevent removal of the computer from the docking station.

Abstract: A container from a first root of trust associated with a first root entity may be received. The container may correspond to a mapping of a resource of an integrated circuit that is associated with the first root entity. The container may be verified based on a key that corresponds to the first root of trust and that is stored in the integrated circuit at manufacturing of the integrated circuit. An identification may be made that an assignment of the resource from the container corresponds to assigning the resource from the first root of trust to a new root of trust. A new key corresponding to the new root of trust may be generated. Information corresponding to the new key may be stored into a memory of the integrated circuit. Furthermore, the new key may be used to delegate the resource to a subsequent container.

Abstract: A system and a method to detect malicious software written to an Ethernet solid-state drive (eSSD). The system includes an Ethernet switch, at least one SSD, and a baseboard management controller (BMC). The Ethernet switch receives write data from a communication network in response to a write command. The at least one SSD receives the write data from the Ethernet switch and stores the received write data. The BMC receives from the at least one SSD the received write data. The BMC determines whether the received write data contains malicious software. The received write data may be contained in a plurality of Ethernet packets in which case the BMC stores the received write data in a scan buffer in an order that is based on an assembled order of the received write data.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for processing blockchain-based guarantee information. One of the methods includes receiving a cyphertext of a digital document specifying a guarantee and one or more zero-knowledge proofs (ZKPs) related to one or more values associated with the guarantee; verifying the one or more ZKPs; upon successfully verifying the one or more ZKPs, storing the cyphertext to a blockchain based on performing a consensus algorithm; receiving a drawdown request of the guarantee from a first computing device associated with the beneficiary or a representative of the beneficiary; storing the drawdown request to the blockchain based on performing a consensus algorithm; and delivering a first message about the drawdown request to a second computing device associated with the first guarantor.

Abstract: Disclosed herein are methods, systems, and apparatus for processing blockchain-based guarantee information. One of the methods includes receiving a cyphertext of a digital document specifying a guarantee from a first computing device associated with a guarantor and one or more zero-knowledge proofs (ZKPs) related to one or more values associated with the guarantee; verifying that the one or more ZKPs are correct; storing the first cyphertext to a blockchain based on performing a consensus algorithm; receiving a first message from the first computing device associated with the guarantor, the first message including a request to cancel the guarantee; storing the request to cancel the guarantee in the blockchain; sending a second message to a second computing device associated with the beneficiary or a representative of the beneficiary; and receiving a third message from the second computing device associated with the beneficiary or the representative of the beneficiary.

Abstract: A method of social key recovery for a first communication device supporting blockchain technology with asymmetric cryptographic algorithm is disclosed. The method comprises transmitting a device identity of the first communication to a second communication on the blockchain, performing a verification operation with the second communication device, receiving a message including a verification code of the first communication device and a public key of the second communication device, from the second communication device, wherein the first message is encrypted with a public key of the first communication device, decrypting the message with a private key of the first communication device, to obtain the public key of the second communication device, and transmitting seed phrases encrypted with the public key of the second communication device for restoring a crypto wallet on the blockchain, to the second communication device.

Abstract: A software licensing verification and installation system includes a client computing system in signal communication with a service provider computing system. The client computing system is configured to generate a request for at least one software product. The service provider computing system is configured to determine hardware information and software information of the client computing system, to receive a client license provided by the client computing system corresponding to the at least one software product, and to verify the client license based on the hardware information and software information.

Abstract: A Factom protocol cost effectively separates any blockchain (such as the Bitcoin blockchain) from any cryptocurrency (such as the Bitcoin cryptocurrency). The Factom protocol provides client-defined Chains of Entries, client-side validation of Entries, a distributed consensus algorithm for recording the Entries, and a blockchain anchoring approach for security.

Abstract: This disclosure relates to providing a high availability computing service in a distributed system. In one aspect, a method includes sending, by a computing unit of multiple computing units that are each executing a respective copy of a computing task, a certificate request to a trusted certificate generator. The request includes authentication information. The authentication information includes a code hash of the computing task. The computing unit receives a certificate report including a public key certificate in a certificate chain generated for the code hash and a private key corresponding to the public key certificate. The public key certificate and the private key form a certificate pair. The certificate chain includes multiple certificates including the public key certificate and a root certificate corresponding to the public key certificate. The computing unit is used as a TLS server. The certificate pair is set as a certificate pair of the TLS server.

Abstract: Disclosed herein are methods, systems, and apparatus for processing blockchain-based guarantee information. One method includes receiving a cross-chain request for relaying a cyphertext of a digital document to a second blockchain network, the digital document specifies a guarantee from the guarantor and one or more predetermined conditions of executing the guarantee, wherein the guarantee is made by the guarantor to a beneficiary; storing the cross-chain request and the cyphertext to a first blockchain associated with the first blockchain network based on performing a consensus algorithm; receiving a message from a second computing device for relaying information between the first blockchain network and the second blockchain network, the message includes a confirmation that the guarantee is accepted by the beneficiary and stored on a second blockchain associated with the second blockchain network; and updating a status of the guarantee to indicate that the guarantee has been voided on the first blockchain.

Abstract: The present invention relates to a method to counter DCA attacks of order 2 and higher order applied on an encoded table-based (TCabi,j) implementation of block-cipher of a cryptographic algorithm to be applied to a message (m), said method comprising the steps of: —translating a cryptographic algorithm block-cipher to be applied on a message (m) into a series of look-up tables (Tabi,j),—applying secret invertible encodings to get a series of look-up tables (TCi,j),—computing message-dependent masking values, comprising the computation of at least two shares of masking value (mmask1, mmask2) for the input of the table network based on at least two different message derivation functions (F1, F2),—re-randomizing the tables (TCi,j) using the computed message-dependent masking values (mmask1, mmask2),—computing rounds to be applied on the message (m) based on the randomized network of tables (TCi,j).

Abstract: A managed directory service obtains a request to generate a first account of a first directory within a first network. In response to the request, the managed directory service creates the first account within the first directory. From the request, the managed directory service also obtains credential information of a second account of a second directory within a second network. The managed directory service updates the first account to include this credential information to enable the first account to be used to access the second directory within the second network.

Abstract: An example operation may include one or more of connecting, by an identity protection node, to a blockchain network comprised of a plurality of user nodes, assigning, by the identity protection node, two sets of credentials to users of the plurality of the user nodes, monitoring, by the identity protection node, transactions initiated by the plurality of the user nodes, in response to a detection of an unauthorized transaction initiated by a user node of the plurality of the user nodes, invoking, by the identity protection node, the second set of the credentials of a user associated with the unauthorized transaction, and executing, by the identity protection node, a smart contract to apply the second set of the credentials against the first set of the credentials.

Abstract: A wireless communication system enables one-sided authentication of a responder device (120) by an initiator device (110) and mutual authentication of both devices. Embodiments of the initiator may have a message unit (116) and a state machine (117). The initiator starts by acquiring a responder public key via an out-of-band action and sends an authentication request. The responder sends an authentication response comprising responder authentication data based on a responder private key and a mutual progress status indicative of the mutual authentication being in progress for enabling the responder device to acquire an initiator public key via a responder out-of-band action. The initiator state machine is arranged to provide a mutual authenticating state, engaged upon receiving the mutual progress status, for awaiting mutual authentication. Thereby long time-out periods during wireless communication are avoided, while also enabling the initiator to report communication errors to the user within a short time.

Abstract: An information computer system is provided for securely releasing time-sensitive information to recipients via a blockchain. A submitter submits a document to the system and a blockchain transaction is generated and submitted to the blockchain based on the document (e.g., the document is included as part of the blockchain transaction). An editor may edit the document and an approver may approve the document for release to the recipients. Each modification and/or approval of the document is recorded as a separate transaction on the blockchain where each of the submitter, editor, approver, and recipients interact with the blockchain with corresponding unique digital identifiers—such as private keys.

Abstract: Disclosed herein are systems and methods for detecting unauthorized alteration with regard to a certificate store. In one aspect, an exemplary method comprises, tracking changes in a file system or a system registry of an operating system of a device with regard to the certificate store, detecting an alteration or an attempted alteration with regard to the certificate and sending information about the alternation or the attempted alteration to an analysis module, obtaining information about at least one certificate with which a change in the file system or the system registry with regard to the certificate store is connected, and determining a class of the change, where the class of the change is determined from a portion of the respective system registry or the file system in which the change occurred and from an action associated with the change, and comparing the obtained information to similar information on known certificates.