Abstract: A digital object architecture infrastructure includes a handle system that stores handle data and a proxy server that caches handle data for rapid access. A client connects to the proxy server to request access to the handle data. When the handle data does not have access restrictions and is currently cached, the proxy server returns the handle data to the client without accessing the handle system. When the handle data does not have access restrictions and is not cached, the proxy server obtains the handle data from the handle system, caches a copy of the handle data for future access, and provides the handle data to the client. The proxy server may cache encrypted handle data that is subject to access restrictions, cannot be decrypted by proxy server, and can be provided to a client determined to be allowed access. The client can then decrypt the encrypted handle data.

Abstract: A system, method, and computer readable medium for determining authenticity of digital content. The system includes obtaining a video including a plurality of intermediate video frames with respective digital signatures, each video frame of the plurality of intermediate video frames associated with a respective digital signature. The digital signature is generated based at least in part on the image content of the video frame and a hash value of a previous video frame in the same video. Based on using a cryptographic key associated with a recording device used to capture the video, the system can determine authenticity of the content and the ordering of the frames within a video.

Abstract: A method for validating a digital user certificate of a user by a checking device is provided. The user certificate is protected by a digital signature with an issuer key of an issuance location which issues the user certificate. The method has the steps of: receiving the user certificate in the checking device, checking the user certificate using a certificate path positive list with at least one valid certificate path which is provided to the checking device by at least one positive path server, and confirming the validity of the user certificate if the issuer key of the user certificate can be traced back to a root certificate according to one of the valid certificate paths of the certificate path positive list. Also provided is a system, a checking device, a user device, a positive path server, and a computer program product which are designed to carry out the method for validating a digital user certificate.

Abstract: A system and method for secure searching in a semi-trusted environment by comparing first and second data (query and target data). A first data provider may map first secret data to a first plurality of tokens using a token codebook, concatenate the first plurality of tokens to generate a first token signature, and homomorphically encrypt the first token signature. A second data provider may map second data to a second plurality of tokens using the token codebook, concatenate the second plurality of tokens to generate a second token signature, and compare the homomorphically encrypted first token signature and an unencrypted or homomorphically encrypted second token signature to generate a homomorphically encrypted comparison. A trusted party may decrypt the homomorphically encrypted comparison, using a secret homomorphic decryption key, to determine if the token signatures match or not respectively indicating the search query is found or not in the target data.

Abstract: A decentralized system for securely registering, updating, and/or resolving domain names in a distributed ledger is disclosed. The distributed ledger may comprise a smart contract that includes a look-up table that maps network names to network addresses and/or one or more keys. The smart contract may verify whether any updates and/or changes made to an entry in the look-up table are cryptographically authorized. Additionally, the smart contract may enforce any additional policies implemented by a domain administrator for authenticating changes and/or updates to a domain name entry. The unique combination of storing domain information in a decentralized ledger and validating changes and/or updates to the domain information provides a decentralized root of trust that allows for secure queries of network names (e.g., domain name) for secure cross-entity communications.

Abstract: Computer-implemented methods and systems (DMS) for facilitating data similarity queries across a network (CN) of data memories (DM1, DM2). The disclosed methods and system are configured for matching data items held in the data memories (DM1, DM2) in a probabilistic manner with cryptographic protection of the data items. The data matching methods and systems (DMS) are robust against inconsistencies within the data to be matched (such as typographical errors, minor mismatches etc), within a certain predetermined similarity threshold (q), usually described as a percentage. The disclosed methods and systems (DMS) allow fast, low latency turnaround by aggregating the data items to be matched into data structures (M1, M2) that facilitate group-wise matching as opposed to pair-wise matching.

Abstract: An objective is to manage contract data registered in a distributed ledger with part of the contract data flexibly concealed without a centralized concealment server and without bothering the user with complicated procedures or the key management. A data registration method performed by a computer includes: generating a common key for encrypting and decrypting an item included in data that is registered in a distributed ledger; acquiring a public key for each account of a user having access authority to the item; encrypting the common key with the public key for each account; and registering the common key encrypted for each account in the distributed ledger via a transaction.

Abstract: A method for user authentication according to one embodiment of the present disclosure includes acquiring authentication information including biometric information of a user, generating a random string and a helper string from the biometric information, generating a secret value that corresponds to the authentication information, generating a private key and a public key using the secret value and the random string, and transmitting the public key to an authentication server.

Abstract: Methods, systems, and apparatuses are provided for flight management to configure an aircraft configuration (config) file accessible by the avionic system wherein an avionic service is implemented by a flight management system (FMS) for corroborating allowance of access using one of a set of validation procedures for corroboration prior to execution of a request for content to the config file including validating that a user request for a session is authorized based on user identification data, that a client request by an Electronic Flight Bag (EFB) application for a session is authorized based on client identification data, and in response to the client request, determining that an EFB application request is encrypted and performing a decrypt procedure of the EFB application request based on private key data of a private key; and encrypting an EFB application response based on public key data of a public key from the config file.

Abstract: A method for relating different types of records. The method may include providing comparison functions, wherein each comparison function corresponds to a semantical class, and wherein a computational cost is associated with each comparison function. The method may include determining one or more attribute pairs between the different types of records. The method may include sorting the comparison functions according to a determined accuracy. The method may include selecting a set of comparison functions associated with semantical classes according to a predefined rule. The method may include determining a total computational cost based on the computational cost of the selected set of comparison functions. The method may include determining whether two or more records are related using the selected set of comparison functions. The method may include relating the two or more records. The method may include determining a rate of false negative records.

Abstract: Disclosed herein is a method performed by an apparatus. In the method, a payload information item is obtained that is to be communicated to at least one recipient. An encrypted payload information item is obtained by encrypting said payload information item such that it is decryptable by use of a first decryption key and a second decryption key. Further, a message containing said encrypted payload information item is sent or triggered to be sent to said recipient.

Abstract: Techniques are disclosed relating to secure message exchanges. In some embodiments, a first computing device generates an account key associated with a user account shared by a plurality of computing devices. The first computing device signs a public key of the first computing device with the generated account key to produce a digital signature and sends the public key and the digital signature to a first server system for distributing the public key to a second computing device attempting to send an encrypted message to the first computing device. The first computing device sends the account key to an external storage external usable by others of the plurality of computing devices to obtain the account key and use the account key to sign public keys of the other computing devices. The first computing device receives, from the second computing device, the encrypted message encrypted using the public key.

Abstract: One embodiment of the disclosure relates to a method of transferring game data of a user stored in association with a first user identification information on a first platform to a second platform by executing computer readable instructions by one or more computer processors. The first user identification information is used to identify the user on the first platform and a second user identification information is used to identify the user on the second platform. The method includes a step of generating link data that associates the first user identification information with the second user identification information included in the identification code read by a first client device, and a step of identifying the game data based on the second user identification information and the link data and providing a game to the second client device by using the game data.

Abstract: This disclosure describes techniques for implementing blockchain for document verification and tracking. The techniques include parsing at least one portion of a version of a data file based at least on one or more parsing parameters, wherein at least one portion is associated with a transaction. The techniques also include generating a hash value for at least one portion associated with the transaction from a hash function and generating a digital signature using the hash value and key. Blocks representing the transaction is inserted onto a blockchain distributed ledger. The techniques further include receiving an updated version of the data file comprising the at least one portion of the data file associated with a new transaction and inserting additional blocks onto the blockchain distributed ledger recording the new transaction. Thereafter, the techniques include indicating differences between the version and the updated version of the data file.

Abstract: Systems and methods for maintaining immutable data access logs with privacy are disclosed. In one embodiment, in a cloud provider comprising at least one computer processor, the cloud provider having a plurality of clients, a method for maintaining immutable data access logs with privacy may include: (1) receiving data from a data owner, wherein the data owner is one of the clients; (2) storing the data in cloud storage; (3) executing an action or condition that impacts the data stored in cloud storage; (4) generating a log entry associated with the action or condition; (5) encrypting at least a portion of the log entry with a public key for the data owner; and (6) committing the log entry including the encrypted portion to a distributed ledger so that the committed log entry is immutable and cryptographically verifiable.

Abstract: A system, method, and computer program product are provided for preventing access to data associated with a data access attempt. In use, a data access attempt associated with a remote data sharing session is identified. Further, access to the data is prevented.

Abstract: A first system receives an encrypted data vector representing a text search query from a second system and second encrypted data from a third system that may include a first vector and a second vector representing text of an electronic document. The first system may multiply the vectors by a random vector. The first system may determine a first difference between the encrypted data vector and the first vector, and a second difference between the encrypted data vector and the second vector. The first system may determine a product of the first and second difference. The first system may send the product to the third system and then receive a value representing the decrypted difference. The first system may determine if the value satisfies a condition and send the result of the determination to the second system.

Abstract: A system for a shared and synchronous time series identification that matches a hardware clock-generating signal of a blockchain identified node device, with a generated data event time stamp and shared by all computing nodes participating in a complete system based on a blockchain design pattern and protocol. A blockchain cybersecurity system time signature is applied to synchronize the device level ID or device chain; this time sync is matched to the client master clocking time signal governing data transactions on the data event level or event chain. The combination of these two disparate blockchain mechanisms is termed as a multi-chain application. The matched time signals now provide referenced smart contract time sequencing. This matched time sequencing is unique and customized in its application to a multi-chain block chain cyber security application.

Abstract: A apparatus for credentialing users across multiple devices. The apparatus includes a processor connected to a network and at least a user device. Processor is configured to receive a credential data structure, verify the credential data structure, generate a credential block, and store the credential block in a data storage system. A plurality of user devices may access the network and the data storage system to view the verified credentials.

Abstract: Methods and systems for configuring a security device, such as an electronic lock, are disclosed. In particular, the present disclosure describes methods and systems for provisioning a lock with a certificate such that any change to the lock, or changes to lock-server communication characteristics, can be detected and (optionally) prevented. As such, security of such devices is improved.