Abstract: Provided are methods and systems for performing secure analytics using term generations and a homomorphic encryption. An example method includes receiving, by at least one server from a client, a term generation function, a hash function, a public key of a homomorphic encryption scheme, and a homomorphically encrypted list of indices, wherein the list of indices is generated using the term generation function and the hash function, applying, by the server, the term generation function, the hash function, and the public key to a data set to determine a further homomorphically encrypted list of indices, extracting, by the server and using the homomorphically encrypted list of indices and the further homomorphically encrypted list of indices, data from the encrypted data set to obtain an encrypted result, and sending the encrypted result to the client to decrypt the encrypted result using a private key of the homomorphic encryption scheme.

Abstract: A wireless local area network (WLAN) access method includes sending, by a terminal, a request for querying an available wireless access point to a server. The method further includes sending, by the server according to the query request, obtained information about the available wireless access point. The method further includes receiving, by the terminal, wireless access point information returned by the server, and determining a specific wireless access point from the received wireless access point information. The method further includes sending, by the terminal, an authentication information request of the specific wireless access point to the server. The method further includes when receiving the request, sending, by the server, authentication information corresponding to the specific wireless access point to the terminal, where the authentication information is used to connect the terminal to the specific wireless access point.

Abstract: A carrier network may provide for asymmetric key exchange for end to end encryption between user equipment utilizing capability upload and discovery messages of the carrier network. For example, a carrier network may receive a capability upload message from a first user equipment. The carrier network may determine that the capability upload message includes a key bundle for end to end (E2E) encryption of communications. In response, the carrier network may store the key bundle in a key distribution center (KDC). The carrier network may also receive, from a second user equipment, a capability discovery message requesting capability information for the first user equipment. In response, the carrier network may request and receive the key bundle from the KDC and transmit the key bundle to the second user equipment.

Abstract: A computer system is provided. The computer system includes a memory and at least one processor coupled to the memory and configured to receive a sequence of characters within a field of a web browser, the field being associated with a password entry field served to the web browser from a website. The processor is further configured to store the received sequence of characters and send an alternate sequence of characters to the website. The processor is further configured to encrypt the received sequence of characters to generate a received encrypted partial password and compare the received encrypted partial password to one or more entries in a list of encrypted partial passwords. The processor is further configured to, in response to the comparison resulting in a difference, delete the previously sent alternate sequence of characters, and send the stored sequence of characters to the website.

Abstract: A system for automatic collection and analysis of digital forensic evidence by a cloud service provider is disclosed. The system utilizes machine learning models to identify and store digital forensic evidence relating to cybercrimes committed using a cloud service. Particularly, if an image or video file uploaded to the cloud service provider is determined to relate to illicit, illegal, or malicious activity, relevant digital forensic evidence is extracted and stored for later provision to law enforcement. The digital forensic evidence that is collected may be used to assist law enforcement in their investigations of criminal activity, as well as aid in the successful prosecution of criminals in court proceedings.

Abstract: Techniques are described for providing session management functionalities using an access token (e.g., an Open Authorization (OAuth) access token). Upon successful user authentication, a session (e.g., a single sign-on session) is created for the user along with a user identity token that includes information identifying the session. The user identity token is presentable in an access token request sent to an access token issuer authority (e.g., an OAuth server). Upon receiving the access token request, the user identity token is parsed to identify and validate the session against information stored for the session. The validation can include various session management-related checks. If the validation is successful, the token issuer authority generates the access token. In this manner, the access token that is generated is linked to the session. The access token can then be used by an application to gain access to a protected resource.

Abstract: Embodiments of an apparatus and method are disclosed. In an embodiment, a method of executing multi-link operations in a multi-link communications system comprises performing a single frame exchange between a first multi-link device and a second multi-link device to execute a multi-link operation for multiple links between the first and second multi-link devices using a frame transmitted on a first link among the multiple links, wherein the frame includes an element that carries other link information on at least one link of the multiple links other than the first link, wherein the frame includes per-link value information that has different values for different links of the multiple link, and wherein successful execution of the single frame exchange completes the multi-link operation for at least two links of the multiple links between the first and second multi-link devices.

Abstract: A method that is performed to access data nodes of a data cluster. The method includes obtaining, by a data access gateway (DAG), a first request from a host; and in response to the first request, obtaining first bidding counters from the data nodes; obtaining first metadata mappings from the data nodes; making a first determination that the first request may not be served using any data node in an accelerator pool of the data cluster; and in response to the first determination, identifying, based on the bidding counters and metadata mappings, a data node in a non-accelerator pool of the data cluster associated with a first highest bidding counter of the bidding counters and a first appropriate metadata mapping of the metadata mappings; and sending the first request to the data node in the non-accelerator pool of the data cluster.

Abstract: An example method of managing rights in a cloud computing system includes: creating a role template having a role template set of rights to resources in the cloud computing system; assigning a tenant set of rights to the resources to each of a plurality of tenants of the cloud computing system, respectively; and creating a role instance for each respective tenant based on the role template and assigning the role instance to each respective tenant, where the role instance is linked to the role template in the cloud computing system and where the role instance includes a role instance set of rights that includes an intersection of the role template set of rights and the tenant set of rights for the respective tenant.

Abstract: A method for integrity protection scheme by a mobile communication device or a core network entity according to a first exemplary aspect of the present disclosure includes configuring settings and parameters for integrity protection for user data with another party; receiving user plane data from the other party, calculating Message Authentication Code for Integrity (MAC-I) for a part of the data and checking integrity of the part of the data.

Abstract: A system that provides for the accessing and playing of media files having differing associated rights such as non-DRM media files, purchased and downloaded media files, subscription download files such as tethered downloads, and subscription streamed DRM files. The system also provides a method and user interface for sharing a media collection among computing devices in communication via a network. The system allows access and playback, from each computing device on a network, of all media files in a media collection, regardless of their associated rights.

Abstract: System and techniques for multi-tenant cryptographic memory isolation are described herein. A multiple key total memory encryption (MKTME) circuitry may receive a read request for encrypted memory. Here, the read request may include an encrypted memory address that itself includes a sequence of keyid bits and physical address bits. The MKTME circuitry may retrieve a keyid-nonce from a key table using the keyid bits. The MKTME circuitry may construct a tweak from the keyid-nonce, the keyid bits, and the physical address bits. The MKTME circuitry may then decrypt data specified by the read request using the tweak and a common key.

Abstract: There is a verification application arranged to interact with other applications on an electronic device, the electronic device having a processor, a memory and an operating system controlling operation of the verification application and the other applications on the processor using arbitrary memory locations, where the other applications are enabled to call the verification application to securely determine authenticity of a user of the electronic device. The verification application is arranged to receive verification data for secure determination of authenticity of the user; and provide, upon a call from any of the other applications and a match between the verification data and a verification reference, a trust token to the calling application. A method, electronic device and computer program are also disclosed.

Abstract: The present disclosure relates to a communication method and system for converging a 5th-Generation (5G) communication system for supporting higher data rates beyond a 4th-Generation (4G) system with a technology for Internet of Things (IoT). The present disclosure may be applied to intelligent services based on the 5G communication technology and the IoT-related technology, such as smart home, smart building, smart city, smart car, connected car, health care, digital education, smart retail, security and safety services. The present invention relates to an authentication method applied to a next generation 5G communication system and an apparatus for performing same, network slices, a method for managing the network slices, and an apparatus for performing the same.

Abstract: A method for implementing a fast UBDM transform includes receiving a first, input vector via a processor, and partitioning the first vector to produce a magnitude vector and a sign vector. A second vector, including a modified magnitude vector and a modified sign vector, is generated by: applying a permutation to the magnitude vector to produce the modified magnitude vector, converting the sign vector, based on an algorithm, into an intermediate sign vector, and applying nonlinear layers to the intermediate sign vector. Each nonlinear layer includes a permutation, an S-box transformation, a diffusive linear operation and/or an Xor operation. Multiple linear layers are applied to the second vector to produce a third vector, the third vector being a transformed version of the first vector. A first signal representing the third vector is sent to at least one transmitter for transmission of a second signal representing the transformed data vector.

Abstract: This disclosure provides systems, methods and apparatus, including computer programs encoded on computer storage media, for onboarding one or more Multi-AP devices using a device provisioning protocol (DPP) and a Multi-AP communication protocol. In one aspect, a first Multi-AP device may determine, during an onboarding process, DPP configuration information that was derived using the DPP. The first Multi-AP device may establish a Multi-AP network configuration between the first Multi-AP device and a second Multi-AP device using the Multi-AP communication protocol based, at least in part, on the DPP configuration information. In one aspect, the DPP configuration information may be derived remotely by the network operator prior to device deployment. In one aspect, a configurator station (STA) may be delegated as the DPP configurator by the network operator, and may onboard one or more STAs into the Multi-AP network using the DPP and the Multi-AP communication protocol.

Abstract: This disclosure describes methods and systems for a biometric identity management system capable of being deployed incrementally one organization at a time, and also reversibly, such that any organization can unsubscribe at any time. A biometric processing engine can perform biometric matching between records from a first database and a second database, whereby the databases have been established independently of each other. Each record comprises a biometric record and a corresponding identifier unique across databases. If a biometric record of a first record and a biometric record of a second record are from a same individual, the first record comprising a first unique identifier and the second record comprising a second unique identifier are linked. Using the first or second unique identifiers, access to information about the individual linked to both the first record in the first database and the second record in the second database is provided.

Abstract: A method is provided for decrypting data encrypted according to a cipher key according the advanced encryption standard (AES). The method includes precomputing a product of each element value of an InvMixColumn matrix and each possible value of an input state array and deriving a set of round keys from the cipher key and the set of round keys. The deriving includes providing an initial round key and a plurality of further round keys, performing an initial decryption round, and performing N full decryption rounds at least in part using the precomputed product of each element value of an InvMixColumn matrix and each possible value of the input state array.

Abstract: Embodiments of the present invention provide a system for employing a smart device for secure and authenticated event. The system may include a smart assistant device that receives an audible request from a user for an event with a merchant. The smart assistant device then establishes a secure active session with a mobile device associated with the user over a wireless network. The smart assistant device determines a digital voice ID for the received audible request for the event and transmits the digital voice ID and event information to the mobile device of the user. A smart assistant application of the mobile device validates the digital voice ID based on stored reference data. Event information and additional user execution information is then provided to an event processing system for asynchronous processing.

Abstract: A method for monitoring and identifying changes in one or more parameters of an OS is disclosed. The method includes performing a measurement by a measurement application of a first computer system of the one or more parameters of a first OS executing on the first computer system, receiving the measurement of the one or more parameters of the first OS by an appraisal application, and storing the measurement of the one or more parameters of the first OS in a data store. The method also includes comparing the measurement with one or more first OS parameter norms associated with the first network slice, and identifying a change in the one or more parameters of the first OS by the appraisal application in response to comparing the measurement of the one or more parameters of the first OS with the one or more first OS parameter norms.