Abstract: A cryptographical apparatus for converting input bit sequences, whose overflow-free arithmetic addition results in a secret, into output bit sequences whose logic XORing results in the secret. The apparatus comprises a data interface for providing a first input bit sequence and a second input bit sequence and a processing circuit configured to a) gate the first input bit sequence and the second input bit sequence to obtain a logic result indicating overflow bit positions at which both the first input bit sequence and the second input bit sequence have a value of one; and to b) change the first and/or second input bit sequence at at least one overflow bit position. The processing circuit is configured to repeatedly perform steps a) and b) by using the respectively changed input bit sequences, until the logic result indicates no further overflow bit position and the output bit sequences are obtained.

Abstract: The present invention relates to the secure configuration of electronic devices, such as for example network-connected “smart” devices and appliances, collectively referred to as “IoT devices”. A computer-implemented method of secure configuration of at least one electronic device is provided. According to the method, the electronic device connects to a blockchain database; determines from said blockchain database a configuration block comprising block identification data, where the block identification data corresponds to device identification data, stored with the electronic device; obtains configuration information from said configuration block; and using the configuration information, conducts configuration of the electronic device.

Abstract: There is provided an encryption processing method performed by an encryption processing apparatus. The encryption processing method comprises compressing data to obtain compressed data, determining, within the compressed data, a section to be encrypted and encrypting the section to obtain partially encrypted data.

Abstract: A network monitoring apparatus, and a remote encryption and remote activation method, device and system thereof are provided. The method includes the following steps: receiving an encrypted activation password sent by a client terminal; decrypting the encrypted activation password to obtain an original activation password; determining whether the original activation password meets a predetermined password strength requirement; when the original activation password meets the predetermined password strength requirement, activating the network monitoring apparatus and setting the original activation password as an administrator password; and returning information indicating that the network monitoring apparatus is successfully activated to the client terminal. A network monitoring apparatus, an encryption method of a network monitoring apparatus based on a client terminal, a client terminal, and a remote activation system based on a network monitoring apparatus are also provided.

Abstract: A content recording apparatus includes an obtaining unit which obtains a content having a variable-length packet structure, an encrypter which generates encrypted data by encrypting the content, and a recorder which records the encrypted data in a block unit having a fixed length in a recording medium. The encrypted data includes an invalidated region unnecessary for reproduction of the content. The recorder records a size of the invalidated region in the recording medium.

Abstract: A security mechanism, e.g., a computing system, security server, can effectively serve as a centralized security mechanism, e.g., a computing system, security server, for an ecosystem that can include diverse clients and servers. The security mechanism can obtain redirected requests for services, authenticate credentials of a client and generate a (client-side) token that can be provided by the client to the server for verification of the identity of the client. The security mechanism can also obtain a token from a server that can be similar to a (client-side) token provided to a client and then generate a (server-side) token that can be provided to a server. The server-side token can include authorization information that allows access to one or more services of one or more other servers.

Abstract: Methods are described for providing access to one or more transponder functions of sports timing transponder that is configured for transmitting a signal comprising a transponder identifier to a receiver of a timing system that is configured to determine the point in time that said transponder passes said receiver. The method may comprise: establishing a communication link between said transponder and an access module configured to determine time information; determining rights information stored in a memory of said transponder, said rights information comprising one or more access conditions for determining when a user of said transponder has a right to access at least part of said transponder functions; receiving time information from said access module; and, determining whether said user has a right to access at least part of said one or more transponder functions on the basis of at least part of said access conditions and said time information.

Abstract: A method for identifying a group of users from a number of users includes receiving, for each user of the number of users, response data including motion data characterizing motion of the user during a prescribed time period occurring after issuance of a challenge to the number of users, processing the motion data of the number of users to identify a first subset of the number of users with substantially matching motion data, and forming the group of users to include the first subset of the number of users.

Abstract: Secure digital assistant integration with web pages is provided. The system receives an intent manifest data structure that maps actions of a digital assistant with link templates of an electronic resource developed by a third-party developer device. The system validates the electronic resource based on the intent manifest data structure. The system receives, from a data exchange component of an iframe of the electronic resource loaded by a client computing device, an identifier of the client computing device. The system receives a foreground state of the electronic resource from an onsite state sharing API. The system selects a data value for a parameter based on the foreground state and the intent manifest data structure. The system provides the data value. An authorization component generates an authorization prompt, receives input, and transmits the data value to an onsite intent execution API of the electronic resource to execute an action.

Abstract: A system is configured for managing security of a database associated with an organization. A fingerprint of an authorized user is captured. The data is scrambled using a scrambling technique. A list of users authorized to access the data is received from the user. A descrambler key corresponding to the scrambling technique is generated. The descrambler key is associated with fingerprints and predetermined location coordinates of authorized users. The descrambler key is configured to descramble the data when authorized users attempt to access the data using their fingerprints at their corresponding location coordinates. The scrambled data is encrypted. The system determines whether a particular user attempting to access the data is authorized to access the data by validating a fingerprint and location coordinates of the particular user. If the particular user is authenticated, the descrambler key descrambles the data. The particular user is allowed to access the data.

Abstract: A method and an apparatus for implementing logging on of hardware to windows system with version 10 or higher, including: obtaining, by a computer, a first data package according to a registration index corresponding to a device identification of a hardware device when monitoring insertion of the hardware device, encrypting first data package to obtain first encrypted result using first encryption key stored and sending the first encrypted result and the registration index to the hardware device for verifying; when verifying successful, generating third encryption value and fourth encryption value according to second device key stored corresponding to registration index and third random number and second session random number in first encrypted result, encrypting third encryption value and fourth encryption value to obtain second encrypted result using second encryption key, and sending second encrypted result to the computer for verifying; permitting logon when verifying is successful, otherwise refusing log

Abstract: A method of persistently storing event counts includes generating, using a secret cryptographic key, a sequence of numbers arranged in a pseudorandom order. The sequence of numbers is indicative of a sequence of addresses of cells in an array of cells. Each cell in the array of cells is programmable from an initial state to a programmed state to persistently encode data indicative of counter values associated with a particular event. The method also includes comparing addresses of cells having the programmed state with the sequence of addresses to determine whether a tampering event occurred at the array of cells. The method further includes, based on the determination, authenticating the array of cells or performing a countermeasure.

Abstract: Using an authentication server to program network elements, such as a network node, in accordance with software-defined networking techniques in order to establish a traffic flow rule for a communication device or user of the communication device. After successfully authenticating a communication device or user, the authentication server and/or network node may use an identifier received at the authentication server in connection with the authentication procedure in order to obtain a traffic flow rule for the communication device. The traffic flow rule may be established at the network node or forwarded to a second network node configured to receive network packets from the communication device. The first identifier may be any one of a user identifier identifying a user, an application identifier identifying an application, and a device identifier unique to the communication device.

Abstract: A method and system for authenticating application program interface (API) invokers using a common application program interface framework (CAPIF) is provided. The method includes establishing by a CAPIF core function (CCF) a secure Transport Layers Security (TLS) connection with at least one API invoker, on receiving a connection request from the at least one API invoker to access at least one service API on a CAPIF-2e interface. Further, the method includes determining by the CCF at least one security method to be used by the at least one API invoker for a CAPIF-2e interface security (C2eIS) of the at least one API invoker for accessing the at least one service API on a CAPIF-2e interface. The method further includes enabling the C2eIS by an API exposing function (AEF) the at least one API invoker based on the determined at least one security method.

Abstract: An example operation may include one or more of signing a blockchain transaction by an endorsement peer member of a blockchain, transmitting the blockchain transaction to an ordering service, identifying a blockchain transaction queue length, and receiving a signed promise from the ordering service that the blockchain transaction will be included in an identified block number based on the blockchain transaction queue length.

Abstract: Method for operating a network (10), wherein the network (10) comprises at least one outer network (12) having at least one network device (14) and at least one inner network (13) having at least one network device (15), wherein additionally a transmission unit (16) is present that blocks a transmission of data from the outer network (12) to the inner network (13) and allows it in the opposite direction (or vice versa), characterised in that the transmission unit (16) permits a transmission of data only from the inner network (13) to the outer network (12) and the at least one network device (15) sends data from the inner network (13) to the transmission unit (16) with a first address, wherein the transmission unit (16) converts this first address into a second address and thereafter the data are transmitted with this second address in the direction of the outer network (12), the second address being a target address for the at least one network device in the outer network (12).

Abstract: Disclosed are systems and methods for generating rules for detecting and blocking attacks on electronics systems of a means of transportation. A security server receives log data having messages that were intercepted on the buses of the means of transportation around the time of a road traffic accident with the means of transportation. The security server detects computer attacks on the electronics systems and generates one or more rules that depend on one or more indicators of compromise, such as malicious messages used in a computer attack and information on at least one ECU that is a recipient of the malicious messages. The generated rules further specify actions for blocking subsequent computer attacks, such as blocking, modifying, or changing communications within the communications bus of the vehicle.

Abstract: A system, method, and computer program product are provided for verifying virtual network function (VNF) package and/or network service definition integrity. In use, a system identifies a virtual network function package or a network service definition for performing integrity verification. The system computes a unique identifier of the VNF package or the network service definition that allows verification of an integrity of the VNF package or the network service definition. The system stores the unique identifier in a blockchain or a shared database. The system provides the VNF package or the network service definition to an entity such that the entity is capable of verifying the integrity of the VNF package or the network service definition by using the unique identifier of the VNF package or the network service definition from the blockchain or the shared database.

Abstract: A memory stores a program to be executed by a microprocessor. The program includes a first program part and a second program part. An authenticator is configured to authenticate the program and includes a module that is external to the microprocessor and configured to authenticate said first program part when the microprocessor is inactive. The authenticator further activates the microprocessor to execute the first program part and authenticate said second program part using instructions of the first program part if the module has authenticated the first program part. The microprocessor then executes the second program part if the microprocessor has authenticated said second program part.

Abstract: An authentication control device includes one or more memories, and one or more processors coupled to the one or more memories and the one or more processor configured to perform storing of a first authentication key received from a server device in the one or more memories, the first authentication key relating to a second authentication key stored in a terminal of a user, in communication between the authentication control device and the terminal in the state where the authentication control device is uncommunicable with the server device, in response to receiving, from the terminal, first information encoded in accordance with the second authentication key, perform decoding of the first information by the stored first authentication key, and execute an authentication process of the user in accordance with second information acquired by the decoding.