Abstract: A method for generating random numbers includes initializing a pseudo-random number generator (PRNG) having a state of 2048 bits comprising inner bits and outer bits, the inner bits comprising the first 128 bits of the 2048 bits and the outer bits comprising the remaining bits of the 2048 bits. The method also includes retrieving AES round keys from a key source, and for a threshold number of times, executing a round function using the AES round keys by XOR'ing odd-numbered branches of a Feistel network having 16 branches of 128 bits with a function of corresponding even-numbered neighbor branches of the Feistel network, and shuffling each branch of 128 bits into a prescribed order. The method also includes executing an XOR of the inner bits of the permuted state with the inner bits of a previous state.

Abstract: A method of communicating a secret (k0, k1) on the Bitcoin blockchain is disclosed. The method comprises sending information identifying secrets selectable by the recipient and receiving a first public key (Ui) of an elliptic curve cryptography system, corresponding to a first secret (Si) selected for access by the recipient and for which a first private key (m) is accessible to the recipient. A second public key (U1-i) is received, corresponding to a second secret not selected for access by the recipient, wherein a corresponding second private key is not available to the recipient. First and second secrets encrypted by means of the respective first and second public keys (X0, X1) are sent to the recipient, wherein the first secret is accessible to the recipient by means of the first private key, the second secret is inaccessible to the recipient, and the sender is unable to distinguish between the first and second secrets.

Abstract: An aspect of authenticating a user via a processing system includes receiving, at an input device of the processing system, an input gesture corresponding to an explicit assertion of user intent with respect to a function to be performed on the processing system; and simultaneously authorizing and authenticating the user, with respect to the function, from data acquired from the input gesture.

Abstract: A method and apparatus provides a blockchain that includes one or more blocks that contain a cryptographic binding of a signature-verification public key and/or a data encryption public key to the identity of the holder of the corresponding private key. The binding is performed by one or more key binding entities, referred to herein as a blockchain identity binder. Originators and recipients use the identity binding data to secure block chain transactions.

Abstract: Methods of facilitating communication between clients and servers are contemplated. Embodiments of the inventive subject matter make it possible for a client to establish a packet-based connection with a server by first authenticating with a web backend. This can enable, for example, a client to establish a packet-based connection with a server though a web browser.

Abstract: A system includes at least one processor to receive a second public key, a first random number, and a second random number, and store the second public key, the first random number, and the second random number in an installation record, perform key agreement with a first private key and the second public key to determine a MasterSecret, perform key expansion with the MasterSecret, the first random number, and the second random number to generate a client authentication key, a server authentication key, a client encryption key, and a server encryption key, and store the client authentication key, the server authentication key, the client encryption key, and the server encryption key and delete the MasterSecret.

Abstract: Described herein is a system and method for validating media integrity using asymmetric key cryptography utilizing a public/private cryptographic key pair. The private key is kept secret and is known to an originator and/or publisher of a media file. The public key is added to the media file and is used to validate integrity of the media file, that is, that content of the media file (e.g., portion(s), frame(s)) has not been altered since publication of the media file. By validating integrity of the media file, strong proof that the media file came from an owner of the keypair (e.g., had possession of the private key) can be obtained, for example, resolving issues of trust and/or authenticity common in altered content. In some embodiments, information regarding an origin of the content can further be determined.

Abstract: Aspects of the present disclosure include a system comprising a computer-readable storage medium storing at least one program and a method for managing access permissions associated with data resources. Example embodiments involve evaluating user access permissions with respect to shared data resources of a group of network applications. The method includes receiving a request to access a data resource. The method further includes accessing a policy object linked to the data resource that includes an effective policy for the data resource. The method further includes evaluating a user's access permissions with respect to the data resource based on the policy object and communicating a response to the network application that includes the access permission of the user.

Abstract: A device participates in secret sharing-based MPC. Original data can be restored by combining a share of the device with a corresponding share of another device. The device includes means for acquiring random number and means for updating a share of the device on the basis of the acquired random number. A method for updating by the updating means is designed to perform update in a manner that a share of the device updated on the basis of the acquired random number is combined with the corresponding share of the other device updated on the basis of the random number to cancel an influence of the random number and restore the original data.

Abstract: A cryptographic processing device for cryptographically processing data, having a memory configured to store a first operand and a second operand represented by the data to be cryptographically processed, wherein the first operand and the second operand each correspond to an indexed array of data words, and a cryptographic processor configured to determine, for cryptographically processing the data, a product of the first operand with the second operand by accumulating results of partial multiplications, each partial multiplication comprising the multiplication of a data word of the first operand with a data word of the second operand wherein the cryptographic processor is configured to perform the partial multiplications in successive blocks of partial multiplications, each block being associated with a result index range and a first operand index range and each block comprising all partial multiplications between data words of the first operand within the first operand index range with data words of the sec

Abstract: According to an aspect of the embodiments, an apparatus includes an information processing apparatus includes a memory, and circuitry coupled to the memory and configured to accept registration of a device available for a user and an available function of the device, generate a Web application programming interface according to the registration, and also generates a virtual device that responds to access to the Web application programming interface in cooperation with the device, notify a terminal of information including an access method to the Web application programming interface corresponding to an authenticated user, based on a result of user authentication using the terminal, and accept access to the Web application programming interface from the terminal and accesses the device via the virtual device.

Abstract: A method including determining, by a first device, a sharing encryption key based at least in part on a group access private key associated with a group and an assigned public key associated with a second device; encrypting, by the first device, the group access private key associated with the group utilizing the sharing encryption key; and transmitting, by the first device, the encrypted group access private key to enable the second device to access the group. Various other aspects are contemplated.

Abstract: This specification discloses a consensus method of a consortium blockchain and a consortium blockchain system. The method includes: dividing, by a primary consensus node of the consortium blockchain, proposed data into data blocks corresponding to backup consensus nodes of the consortium blockchain based on erasure coding (EC), the data blocks corresponding to hash values calculated based on EC; sending, by the primary consensus node, a first data block to a corresponding backup consensus node, wherein the first data block is forwarded by the corresponding backup consensus node receiving the first data block to one or more other backup consensus nodes; and initiating, by the primary consensus node, a consensus process for the proposed data based on a Practical Byzantine Fault Tolerance (PBFT) protocol to send a hash value of the first data block to the corresponding backup consensus node via a PBFT protocol message.

Abstract: A non-transitory computer-readable storage medium comprising instructions stored thereon. When executed by at least one processor, the instructions may be configured to cause a computing system to at least receive a message, the message including a header, an encrypted symmetric key, and an encrypted body, decrypt the encrypted symmetric key using a private key to generate a decrypted symmetric key, decrypt the encrypted body using the decrypted symmetric key to generate a decrypted body, and store the header, the decrypted symmetric key, and the decrypted body in long-term storage.

Abstract: A client device is fabricated using a semiconductor fabrication process. One or more uncontrollable random physical processes in the semiconductor fabrication process can cause small differences between the client device and other client devices. When the client device is presented with a challenge from a server device, the client device generates a random response that depends on its physical properties. The server device stores this random response as a part of a virtual PUF circuitry storage device having other random responses from the other client devices. The server device uses the random response of the client device stored in the virtual PUF circuitry storage device for one or more encryption algorithms to encrypt information to be provided to the client device.

Abstract: An example of the instant solution comprises at least one of receiving an encrypted data and an encryption key, generating a randomized matrix, dispersing the encrypted data based on the randomized matrix resulting in a fragmented encrypted data and dispersing the encryption key based on the randomized matrix and the fragmented encrypted data.

Abstract: A method and system for secure input at a remote service are provided. In a method conducted at a secure input device, a hash operation is performed on a data structure including shared data, the shared data having been obtained from a remote service via an encrypted payload. User input for secure entry at the remote service is received and encoded by performing an operation on corresponding symbols of the user input and an output of the hash operation to output an encoded message, the user input and the encoded message having the same length. The encoded message is output for entry at the remote service.

Abstract: Authentication is a key procedure in information systems. Conventional biometric authentication system is based on a trusted third-party server which is not secure. The present disclosure provides a privacy preserving multifactor biometric authentication for authenticating a client without the third-party authentication server. The server receives a plurality of encrypted biometric features from the client, encrypted using Fully Homomorphic Encryption. Further, the server evaluates the plurality of encrypted biometric features to obtain a client identifier value and a plurality of encrypted resultant values. The server encrypts each of the plurality of resultant values based on a time based nonce and the client identifier value. The encrypted authentication tags and the corresponding resultant values are aggregated by the server and transmitted to the client. The client decrypts the resultant value and the authentication tag and transmits to the server.

Abstract: A system, method, and apparatus for providing secure communications to one or more users through an unclassified network. The system may include a network access management device may have a plurality of internal data network communications interfaces configured to communicate with at least one classified computing device using a National Security Agency (NSA) Commercial Solution for Classified (CSfC) comprised solution and an external data network communications interface configured to communicate with an unclassified network. A network access management device may use an inner NSA CSfC approved tunneling technology, an outer NSA CSfC approved tunneling technology, and a processor configured to perform processing and routing protocols associated with interconnecting the internal data network communications interface and the external data network communications interface.

Abstract: When a user equipment (UE) provides a new request to a serving gateway (S GW), the S GW augments domain name system (DNS) requests and provides them to a public DNS, with the augmentation providing indications of the requested function. The public DNS responds by providing the IP address of a simplified packet data network (PDN) gateway (P GW) close to the UE location. The P GW forwards communications to the nearest instance of an endpoint providing the requested service or function. In embodiments, some of the functions of the P GW are shifted to other devices in the mobile core, devices that are already local. The simplification of the P GW allows the P GW to be virtualized and moved to a general-purpose server location. Existing information present in the data path is used to provide encryption of portions of the General Packet Radio Services (GPRS) Tunneling Protocol (GTP) connection, allowing the location of the P GW to be optimized in a virtual server data center, as the data path is now secure.