Abstract: A method is set forth for signing and subsequently verifying a plurality of digital messages, including the following steps implemented using at least one processor-based subsystem: selecting parameters including an integer q, a relatively smaller integer p that is coprime with q, and a Gaussian function parameter; generating random polynomial f relating to p and random polynomial g relating to q; producing a public key that includes h, where h is equal to a product that can be derived using g and the inverse of f mod q; producing a private key from which f and g can be derived; storing the private key and publishing the public key; producing a plurality of message digests by hashing each of the digital messages with the public key; for each message digest, producing a digital signature using the message digest, the private key, and a Gaussian noise polynomial related to the Gaussian function parameter; and performing a batch verification procedure utilizing the plurality of digital signatures and the public

Abstract: According to one embodiment, a computerized method for acquiring updated predictive model is described. The updated predictive model is achieved through machine learning analyses of information by a training engine, which issues a control message in response to a discrepancy in a determination of the suspect object as malicious or non-malicious by a detection engine and a classification engine. The detection engine analyzes a content of a suspect object to determine whether the suspect object is malicious or non-malicious. Similarly, the classification engine analyses the suspect object based on the predictive model to determine whether the suspect object is malicious or non-malicious. The control message causes the training engine to update the predictive model based on machine learning analyses of information provided via the control message and to return an updated predictive model to the classification engine.

Abstract: A method of providing a login to website requested from a computing device, by a biometric information based authentication device which interworks with a control server, is provided. The method includes detecting a login request message transmitted from the computing device to a website server providing the website, extracting login session information from the login request message, outputting an authentication result with respect to received biometric information, and transmitting authentication information comprising the login session information and the authentication result to the control server. The login session information is transmitted from the control server to the website server to determine, by the website server, the login allowance of the website.

Abstract: A table key capable of decrypting a first table from a plurality of encrypted tables may be received. Each of the encrypted tables may include at least one pair of values corresponding to a challenge value and a response value. A request to authenticate a secondary device may be received and in response to the request to authenticate the secondary device, a challenge value obtained by using the table key to decrypt an entry in the first table may be transmitted to the secondary device. A second challenge value may be transmitted to the secondary device and a cryptographic proof may be received from the secondary device. The validity of the cryptographic proof received from the secondary device may be authenticated based on the second challenge value and the response value obtained by using the table key to decrypt the entry in the first table.

Abstract: An anomaly handling method using a roadside device is disclosed. The method includes receiving, from a vehicle, an anomaly detection notification, which includes level information indicating a level affecting safety, and a location of the vehicle. The method also includes obtaining a location of the roadside device and determining whether a distance between the location of the vehicle and the location of the roadside device is within a predetermined range. When the distance is within the predetermined range and shorter than a first predetermined distance, transmitting the received anomaly detection notification externally from the roadside device. When the distance is within the predetermined range and is longer than or equal to the first predetermined distance, changing to decrement a level indicated by the level information, and transmitting changed anomaly detection notification. When the distance is not within the predetermined range, not transmitting the received anomaly detection notification.

Abstract: A program analysis method according to an exemplary aspect of the present disclosure includes: generating an analysis-target abstract code that is data representing a mathematical model into which an inspection-target execution code is transformed; and determining whether or not the inspection-target execution code is a fraudulent program by executing at least processing of determining whether or not the analysis-target abstract code includes a known factor code that is data representing a mathematical model into which a known execution code is transformed, and processing of determining whether or not a state at an end of execution of the inspection-target execution code is included in success state information indicating a state in which an attack by a fraudulent program is successful.

Abstract: A method of accessing data at a device, wherein the data is stored remotely from the device or in removable storage. The method may the following steps: (i) sending a request from the device to access the data, the request including an identification code of a secure element or a memory card associated with the device, (ii) verifying, based at least partly on the identification code, whether access to the data is to be allowed or denied, and (iii) allowing or denying the device access to the data accordingly.

Abstract: Authorized access to a digital asset is obtained by associating an authentication tag with a physical object accessible to a user, by configuring the tag with a first dataset comprised of a random distribution of three-dimensional elements and with a second dataset comprised of machine-readable data elements, and by authorizing a mobile device to scan the elements. The first and second datasets together comprise an authentication key that uniquely identifies the object and, in turn, the user. The authentication key is scanned by a device in response to a prompt from the digital asset to obtain scanned key data. Predetermined key data and a device identifier indicative of the authorized device are stored in a database. Access to the digital asset is allowed when the scanned key data matches the stored predetermined key data, and when the device scanning the data is authorized.

Abstract: A plurality of system nodes coupled via a dedicated private network is described herein. The nodes offer an end-to-end solution for protecting against network-based attacks. The nodes can also execute applications locally at the request of a user device such that a user operating the user device can use the applications executed locally on the nodes as if the applications were executing locally on the user device. To protect user data, the nodes may not transmit any user data to the user device. Rather, a node can generate a graphical representation of the environment in which the applications are executed, and transmit the graphical representation to the user device. As the user performs actions that result in a change of a graphical view of the environment in which the applications are executed, the node can generate and transmit new graphical representations of the environment to the user device.

Abstract: A system and method is provided for a cryptographic primitive and authentication protocol comprised of micro-cavity resonators at optical wavelengths. A micro-cavity resonator is illuminated with an optical challenge signal and the cavity returns an output response that is dependent on the input signal. Digital signal processing is performed on the output signal to generate a corresponding digital representation. This process is repeated for variations of the input signal with its digital output being stored in a database. A user or object claiming an identity presents a token to the system. The system selects a subset of the available challenge-response pairs and presents the challenges to the token. The system compares the digitized responses with the original responses expected for that token. The system will approve or deny the claimed identity corresponding to the presented token.

Abstract: The present invention provides a method, system and computer program product for analyzing risks, for example associated with potential data leakage. Risk for activities may be measured as a function of risk components related to: persons involved in the activity; sensitivity of data at risk; endpoint receiving data at risk; and type the activity. Risk may account for the probability of a leakage event given an activity as well as a risk cost which reflects the above risk components. Manually and/or automatically tuned parameters may be used to affect the risk calculation. Risk associated with persons and/or files may be obtained by: initializing risk scores of persons or files based on a rule set; adjusting the risk scores in response to ongoing monitoring of events; identifying commonalities across persons or files; and propagating risk scores based on the commonalities.

Abstract: A first login request for the first service is received at a first server that provides a first service and from a terminal. Device identifier information of the terminal is generated by a hardware processor at the first server. The device identifier information of the terminal is associated, by the hardware processor at the first server, with first login state information. The first login state information indicates that the terminal has logged into the first server. The device identifier information and the first login state information are transmitted to a second server. The second server provides a second service that has a trusted login relationship with the first service.

Abstract: Examples relate to integrity reports. In an implementation, an entity for executing a function is launched, the entity operating one or more files for executing the function. In response to the entity being launched, an entity image integrity report is generated comprising, for one or more files operated by the entity, a reference to the file measurement in a first integrity report the first integrity report containing measurements of a plurality of files operable in one or more entities. Alternatively, in response to the entity being launched, an entity integrity report is generated comprising a file measurement for each of the files operated by the entity.

Abstract: The disclosed computer-implemented method for detecting and protecting against malicious software may include loading an untrusted application having a defined entry point into an emulated computing environment, executing a first instance of the untrusted application in the emulated computing environment beginning at the defined entry point, executing a second instance of the untrusted application beginning at a second entry point downstream from the defined entry point so as to bypass at least a portion of the untrusted application executed in the first instance, identifying the untrusted application as a potential threat based on information extracted from the second instance of the untrusted application, and performing a security action to protect against the untrusted application identified as a threat. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Provided are a security apparatus and an operation method thereof. The security apparatus comprises a core circuit which performs a security function by using an authentication key such as a secret key provided by a physically unclonable function (PUF). The security apparatus may receive event information indicating that the security apparatus is in a security-vulnerable state such as a case where the security apparatus is stolen or lost. In such case, a power management circuit can apply at least one electrical shock of overvoltage and overcurrent to the security apparatus to cause physical damage to the security apparatus, so that the core circuit does not perform the security function normally.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for processing blockchain data. One of the methods includes receiving a request from a blockchain node of the blockchain network to execute one or more software instructions in a trusted execution environment (TEE). One or more blocks infrequently accessed for executing the one or more software instructions are determined. Error correction coding of the one or more blocks in the TEE is performed to generate one or more encoded blocks. Each of the one or more encoded blocks are divided into a plurality of datasets based on the one or more software instructions. The plurality of datasets and a data storage arrangement are sent to blockchain network nodes, where the data storage arrangement indicates at least one of the plurality of datasets to be stored by each of the blockchain nodes.

Abstract: A method for preserving privacy in an HTTP communication between a client and a server includes: intercepting an HTTP request that is sent from the client to the server; extracting a cookie from the HTTP request, the cookie including a cookie name and a cookie value; splitting the cookie value into information segments; and modifying one or more of the information segments based on predefined modification rules.

Abstract: Privacy protection methods, systems, and apparatus, including computer programs encoded on computer storage media, are provided. One of the methods is performed by a second computing device and includes: receiving a data request for object data from a first computing device, wherein the object data is associated with an object and is stored in the second computing device; performing encryption of the object data using a public key associated with the object based on the data request to generate a first ciphertext; obtaining verification data based on the first ciphertext for verifying whether a ciphertext to be verified corresponds to the object data; and sending the verification data to the first computing device for the first computing device to execute a cryptography protocol with a third computing device based on the verification data.

Abstract: Methods and systems for managing and/or processing a blockchain to maintain data security for confidential and/or personal data are provided. According to certain aspects, the disclosed data security techniques may enable access sharing functionality utilizing the blockchain. For example, access sharing may be utilized to file documents, share policy information, and/or comply with an audit. The data security techniques disclosed herein also enable the use of smart contracts to transfer funds associated with payment obligations and/or other forms of blockchain based payments, comply with anti-money laundering requirements, report industry data, validate interest payments and/or maintain agent sales data. Data security may be achieved through the use of public key/private key encryption techniques.

Abstract: A device and method for user authentication. The device for authentication includes an extraction unit configured to extract a signal feature of a brainwave signal of a user to be authenticated and a comparison unit configured to compare the signal feature with a signal feature sample pre-stored in a feature library on an individual basis. When there a signal feature sample is matched with the signal feature, the device retrieves account information and a password of the user according to the matched signal feature sample. The device for authentication further includes a response unit configured to respond to a request of the user according to the account information and the password. The present disclosure can improve the security and convenience of user authentication.