Abstract: A technique for controlling cryptographic document protection and verification is presented. In one implementation, a device is associated with a device identifier and with a cryptographic key is configured to obtain an electronically processable document representation (EPDR) of content of a document that is to be protected and to apply the cryptographic key to the EPDR to obtain a cryptographically processed document representation (CPDR). The device is further configured to transmit the device identifier and a verification parameter comprising at least one of the EPDR and the CPDR towards a transaction server that is configured to log the device identifier and the verification parameter in a tamper-proof manner. The device is also configured to receive a transaction identifier associated with the device identifier and the verification parameter from the transaction server, and trigger printing of the transaction identifier and the CPDR on a physical document that corresponds to the EPDR.

Abstract: A method implemented by an onboard avionics computer for executing a plurality of binary codes that are associated with a plurality of sets of metadata, wherein: the plurality of binary codes and the plurality of metadata are hierarchized into a number of levels at least equal to two; a first binary code, of a level, is associated with a first set of metadata of the level, and a second binary code of a lower level, itself associated with a second set of metadata of the lower level; the first set of metadata comprises a data signature, the data comprising at least a first message digest associated with the first binary code, and the second set of metadata comprises a public key; the method comprising the execution, by the second binary code, of the following steps: applying a hash function to obtain a second message digest of the first binary code; decrypting the signature using the public key to obtain the first message digest; authorizing the execution of the binary code, if and only if the first message dig

Abstract: A method of selecting a distributed framework includes identifying, by a selection device coupled to a memory, at least a first cryptographic evaluator of a plurality of cryptographic evaluators, wherein identifying the at least a first cryptographic evaluator further comprises and evaluating a secure proof generated by the at least a first cryptographic evaluator, and identifying the at least a first cryptographic evaluator as a function of the secure proof, assigning, by the selection device, a confidence level of the at least a first cryptographic evaluator, and selecting, by a selection device, a distributed framework from the plurality of cryptographic evaluators as a function of the confidence level, and assigning a task to the distributed framework.

Abstract: Various embodiments include a secure access system that provides secure group-based access to sets of digital assets. The system may allow a user to upload digital assets to the system for secure access by other users, and may allow a user to remove digital assets from the system as well. The assets may be associated with a family, and may be stored as a “family album”. The system may issue a secure credential to family members for accessing the family album. A family member may invite another family or individual to view the family album. On acceptance of the invitation, the system may automatically forward the secure credential to the invited family or individual. The invited family or individual may use the secure credential to access the family album with no further action required by the invited family or individual.

Abstract: Systems, apparatuses, and methods include technology including a headless medical device for performing implementing a medical resource or function in context with a configuration device and an optional host device for locking or unlocking a lock status of the headless medical device respective to action requests relating to the medical resource or function.

Abstract: The disclosure relates to a method for enabling the secure functions of a chipset (1) and especially the encryption of the content of the secure memory (7) when the device goes into low power mode. The content of the secure memory (7) may be encrypted and stored in an external memory (20) during low power mode of the chipset (1).

Abstract: The present disclosure includes systems and methods for quorum-based data processing, in which quorum portions are distributed to candidate participants in determined proportions that control groups of required participants. In exemplary embodiments, a server generates a plurality of quorum portions from original data, wherein the original data includes secret information for data processing within a secured computing environment, and wherein at least a predetermined minimum number of the quorum portions are required to reconstruct the original data. Sets of quorum portions are determined from said plurality of quorum portions, wherein each set includes a respective proportion of the plurality of quorum portions, and at least one set includes a larger proportion of the quorum portions. Each set of quorum portions is distributed to a respective one of a plurality of computing devices associated with respective participants over a data network within a secured computing environment.

Abstract: Methods for detection of web application anomalies include receiving, by processors of a web server, web application logs and database logs. A machine learning algorithm is executed by the processors to segment the web application logs and the database logs into clusters based on probability density modeling, such that a variance of features within each cluster is less than a threshold variance. Each cluster corresponds to authorized access of backend databases or unauthorized access of the backend databases. The processors compare each cluster to baseline clusters corresponding to the authorized access of the backend databases. The processors determine that a particular cluster corresponds to the unauthorized access of the backend databases based on the comparison. Responsive to determining that the particular cluster corresponds to the unauthorized access of the backend databases, a display device of the web server generates a graphical user interface representing the particular cluster.

Abstract: The present invention relates, in general, to computing engineering and, more particularly, to a method and system for anonymously identifying a user as a member of a group of users. The authors provide the improved anonymous identification witness hiding protocol intended to verify membership in a local community of registered participants based on one-way accumulators developed using quasi-commutative one-way elliptic curve functions. The identification protocol according to the present invention provides the required level of cryptographic security with low operational efforts and resource consumption.

Abstract: Certain aspects of the present disclosure provide techniques for reporting transactions in a blockchain. The method generally includes instantiating a plurality of worker processes for processing blocks from a blockchain in parallel, Each worker process is generally associated with an offset into a buffer of blocks from the blockchain to be reported to one or more computing resources. A subject block to be reported to the one or more computing resources is selected from the buffer. The subject block is generally a block inserted into the buffer by a worker process. The subject block is validated based on a block number associated with the subject block and a block number of a next block to be reported Based on validating the subject block, the subject block is reported to the one or more computing resources, and the subject block, is marked in the buffer as a reported block.

Abstract: Secure patching of an operating system of the integrated circuit chip. A patch server encrypts a patch to the operating system of the integrated circuit chip and transmits the encrypted patch to an issuing-authority server. The issuing-authority server appends the encrypted patch into a digital certificate in an extension to the digital certificate and transmits the digital certificate including the encrypted patch to a terminal. The terminal transmits the digital certificate the integrated circuit chip. The integrated circuit chip recovers the extension to the second digital certificate and decrypts the extension using a decryption key of the manufacturer of the integrated circuit chip thereby recovering the patch to the operating system of the integrated circuit chip and installs the patch into the operating system of the integrated circuit chip.

Abstract: Systems, devices, and methods for generating a unique fingerprint are described herein. For example, an example integrated circuit (IC) chip includes a physically unclonable function (PUF) and an auxiliary circuit. The PUF is a hybrid Boolean network. Additionally, the auxiliary circuit is configured to receive a transient response enable signal.

Abstract: Devices, systems, and methods of detecting a vishing attack, in which an attacker provides to a victim step-by-step over-the-phone instructions that command the victim to log-in to his bank account and to perform a dictated banking transaction. The system monitors transactions, online operations, user interactions, gestures performed via input units, speed and timing of data entry, and user engagement with User Interface elements. The system detects that the operations performed by the victim, follow a pre-defined playbook of a vishing attack.

Abstract: Systems and methods provide a deployable cloud-agnostic redaction container for performing optical character recognition and redacting information from a document using a cloud-based, guided redaction framework. An example method for document redaction includes receiving a plurality of documents and extracting pages from the plurality of documents. The method then determines, based on a load balancing criterion, a processing order for the pages extracted from the plurality of documents, and performs, based on the processing order, an optical character recognition process and a redaction process on the pages to generate redacted pages. The redacted pages are provided for transmission or storage to a cloud data management platform.

Abstract: One example method includes performing a data management transaction, such as a data read operation, a data write operation, or a data delete operation, generating transaction metadata relating to the data management transaction, transmitting the transaction metadata to a blockchain network, and receiving, from the blockchain network, confirmation that the transaction metadata has been stored in a distributed ledger associated with the blockchain network.

Abstract: Methods and systems are provided for mutual authentication between an agent, such as a user (142), and a service host system (128), such as a service provider system, via an insecure and/or untrusted communications network (140). In exemplary embodiments, an initial enrolment sequence (300, 400) is mediated by an authentication server (102) to establish an association between the service host system (128) having an identifier (SPID), an agent (142) that is assigned an identifier (UID) known to the service provider, and a client device (116) having a device identifier (DevID), which is used to access the service, along with a set of credentials comprising cryptographic signatures generated by the service host system (128) and client device (116) using corresponding private keys.

Abstract: Systems and methods for verifying proofs generated from shared data without revealing the shared data are provided. In one aspect, a method comprises receiving, from a first node, a first proof generated from a first private key associated with the first node and data shared between the first node and a second node; receiving, from the second node, a second proof generated from a second private key associated with the second node and the shared data; verifying, without revealing the shared data, the first proof and the second proof were both generated from the shared data with a first public key mathematically related to the first private key, and a second public key mathematically related to the second private key; and preforming an action based on the verification of the first proof and the second proof both being generated from the shared data.

Abstract: A data processing system including storage. The data processing system also includes at least one processor to generate output data using at least a portion of a first neural network layer and generate a key associated with at least the portion of the first neural network layer. The at least one processor is further operable to obtain the key from the storage and obtain a version of the output data for input into a second neural network layer. Using the key, the at least one processor is further operable to determine whether the version of the output data differs from the output data.

Abstract: A secure programming system and method for provisioning and programming a target payload into a programmable device mounted in a programmer. The programmable device can be authenticated before programming to verify the device is a valid device produced by a silicon vendor. The authentication process can include a challenge-response validation. The target payload can be programmed into the programmable device and linked with an authorized manufacturer. The programmable device can be verified after programming the target payload by verifying the silicon vendor and the authorized manufacturer. The secure programming system can provision different content into different programmable devices simultaneously to create multiple final device types in a single pass.

Abstract: One-to-many cryptographic systems and methods are disclosed, and a network employing the same, including numerous industry applications. The embodiments of the present invention can generate and regenerate the same symmetric key from a random token. The one-to-many cryptographic systems and methods include a central location and a cryptographic module being in communication with each other. The cryptographic module is configured to encrypt and/or decrypt data received a remote location and output encrypted and/or decrypted data. The cryptographic module includes a key generator configured to use two or more inputs to reproducibly generate the symmetric key and a cryptographic engine configured to use the symmetric key for encrypting and decrypting data. Corresponding methods, and network employing the same, are also provided.