Abstract: A system for utilizing a mobile device as a computer authenticator is provided. The system may include a computing application executing on a computing apparatus. The system may include a secure backend server. The secure backend server may include a list of user identifiers, token serial numbers, device registration numbers and computing device identifiers. A pre-registration process may be used to embed a mobile token on a mobile device. A registration process may be used to pair the mobile device to the computing device. An in-use process may be used to authenticate the computing application using the mobile device.

Abstract: A method of securely storing a target number is provided based on the Chinese-Remainder Theorem, A set of n congruence pairs of numbers are generated, wherein a target number (a secret) can be uniquely derived from any t out of the n pairs. In one aspect the divisors are pre-selected such that any randomly selected n integers from the sequence are a valid Asmuth-Bloom sequence for any access structure (t, n) where 1<t?n?N. In another aspect, means are provided for pre-storing members of a Mignotte or Asmuth-Bloom sequence of N divisors in a look-up table from which n divisors can be selected. In this way a flexible access structure is supported. CRT secret shares for a selected access structure can be generated without having to perform the laborious process of calculating Mignotte sequences for each secret and access structure. Storage required to store the secret shares is also reduced by storing and retrieving congruence pairs in the form of an index and a remainder.

Abstract: Systems and methods for security incident response management are disclosed. A method includes receiving a cyber event; identifying a playbook of tasks, where the playbook constitutes a response to the cyber event, and where a task of the tasks is assignable to a user group; receiving, from a user of the user group, a completion of the task; receiving a proof of completion of the task; and generating an compliance report including the task and the proof of completion.

Abstract: In some examples, an alert relating to an issue in a computing arrangement is received. It is determined that the received alert is similar to a given alert in an information repository containing information of past processes performed to address respective issues, the determining comprising comparing a property associated with the received alert to a property of alerts associated with the past processes, and the information contained in the information repository comprising actions taken in the past processes to address the respective issues. Performance of a remediation action is triggered that comprises an action, identified by the information in the information repository, taken to respond to the given alert.

Abstract: Systems and methods for encryption management for storage devices are disclosed. A method of operation of a storage device includes receiving a first request from a client device by a user for a first interaction and authenticating that the user is permitted for the first interaction with the storage device. The method includes receiving a second request for a second interaction with the storage device and performing advanced capabilities testing on the user based on the second interaction. Based on the advanced capabilities testing, the method includes permitting the user to complete the second interaction. In this way, additional safeguards may be provided to prevent the unintentional damage or destruction of data stored on the storage device. This may include testing that the user is in the right state of mind and/or ensuring that the user is aware of the consequences of the requested interaction with the storage device.

Abstract: A system, method and computer-readable medium format-preserving encryption of a numerical value, including storing a binary numerical value, the binary numerical value comprising a plurality of binary bits, dividing the plurality of binary bits into a plurality of bit groups and storing the plurality of bit groups in a plurality of bytes, encrypting each byte in the plurality of bytes using a radix value corresponding to a quantity of binary bits in a bit group corresponding to that byte to generate a plurality of ciphertext bytes, and combining a quantity of least-significant bits from each ciphertext byte in the plurality of ciphertext bytes to generate a binary ciphertext value, the quantity of least-significant bits combined from each ciphertext byte corresponding to the radix value used to generate that ciphertext byte.

Abstract: A one-button power-on processing method and a terminal thereof are provided. The method includes: judging whether pressing a power button at a current time triggers one-button power-on of a terminal when it is detected that the power button is pressed at the current time; and sending the biometric feature data acquired by the biometric feature identification module to an operating system of the terminal for one-button power-on processing if pressing the power button at the current time triggers one-button power-on of the terminal. In this way, the terminal is powered on by a user by performing the press operation once. This enhances convenience, and effectively improves user experience of the terminal.

Abstract: Some embodiments include systems and methods for the management of a plurality of expanded cryptographic keys associated with a plurality of corresponding Protected Software Environments (PSEs) supervised by PSE-management software running on a computer system. In one embodiment, a computer system has a first processor, a first memory controller, and a first RAM. The first memory controller has a first memory cryptography circuit connected between the first processor and the first RAM. The memory cryptography circuit comprises a keystore and a first cryptographic engine. The keystore comprises a seedstore and a key-expansion engine. The seedstore is configured to store a first plurality of cryptographic key seeds accessible by a key identifier, for use by the key-expansion engine to generate expanded keys, where each key seed corresponds to a corresponding client.

Abstract: Some embodiments are directed to an electronic cryptographic device arranged to determine a cryptographic key. The cryptographic device can include a physically unclonable function (PUF) arranged to produce a first noisy bit string during the enrollment phase and a second noisy bit string during the reconstruction phase, and a statistical unit arranged to execute a statistical test for verifying correct functioning of the physical unclonable function. The statistical test computes a statistical parameter for the physical unclonable function using helper data. The statistical test determines correct functioning if the statistical parameter satisfies a criterion of the statistical test.

Abstract: In aspects of multiplication operations on homomorphic encrypted data, a computing device stores homomorphic encrypted data as a dataset, and implements an encryption application that can perform multiplication operations on ciphertexts in the homomorphic encrypted data, where the ciphertexts include polynomial variables of the ciphertexts. The encryption application can compute and store intermediate polynomial variables that are computed as the multiplication operations are performed. The encryption application can then utilize one or more of the intermediate polynomial variables rather than recomputing the intermediate polynomial variables as the multiplication operations are performed on the ciphertexts.

Abstract: A method, apparatus and computer program product for secure communication includes receiving a message for transmission from a transmitting node to a receiving node. The message is split into a plurality of channels and each channel receives an identical copy of the message. Noise data is added to each version of the message. The noise data is different for a respective copy of the message than any other version of the message thus producing a plurality of ciphers each for a respective channel. The ciphers are transmitted via the respective channels from the transmitting node to the receiving node.

Abstract: Methods and systems are disclosed enabling establishment of a direct connection between a first device connected to a first network and a second device connected to a second network upon finding a permission response from a third device connected to a third network. Establishment of the direct connection is controlled by a second network node associated with the second network. A connection request is received from the first device at at least one of the second network node or a third network node associated with the third network and a permission indication is found indicating that a connection with the second device is subject to permission from the third device. A permission response may be found from the third device to permit the connection request for enabling establishment of the direct connection. Establishing of the direct connection is enabled between the first device and the second device in response to finding the permission response.

Abstract: An apparatus, method, and device for encapsulating heterogeneous functional equivalents are disclosed. The apparatus includes a redundancy controller, an input proxy, and an output proxy. In this application, a plurality of heterogeneous functional equivalents are encapsulated by an input proxy and an output proxy, so that the apparatus can support adaptation, normalization and dis-cooperation to cut a communication link employed by an attacker, such that it is difficult for the attacker to sniff and exploit unknown defects or backdoors, and a success rate of the attacker attacking an information system is reduced.

Abstract: The disclosure relates to a method of supporting monitoring of an encrypted data communication session of a first device, the method comprising: receiving a signal for initiating a communication session with a second device; generating an encryption key for encryption of the communication session; determining whether a monitoring signal is received for the communication session; and transmitting information about the encryption key to the second device by using a predetermined packet based on the determination.

Abstract: Methods, apparatus, and processor-readable storage media for encryption using wavelet transformation are provided herein. An example computer-implemented method includes generating a modified item of cryptographic information by randomly incorporating one or more characters into a user-provided item of cryptographic information; converting the modified item of cryptographic information to a matrix code; creating multiple bands of data by applying wavelet transformation to the matrix code; generating one or more encrypted items of cryptographic information by converting a selected one of the multiple bands of data into a sequence of multiple characters by applying an encoding process to the selected band of data; and storing the encrypted items of cryptographic information in a database for use in authentication requests.

Abstract: Embodiments presented herein use an audio based authentication system for pairing a user account with an audio-based periphery computing system. The audio-based authentication system allows a user to interface with the periphery device through a user computing device. The user can utilize a previously authenticated user account on the user computing device in order to facilitate the pairing of the audio-based periphery computing system with the user account.

Abstract: Implementations described and claimed herein provide systems and methods for mitigating network threats. In one implementation, a provider edge device of a telecommunications network is configured to accept distributed denial of service mitigation rule propagation from a customer edge device of a customer network in communication with the provider edge device. A distributed denial of service mitigation rule for the customer network is received at the provider edge device from the customer edge device. The distributed denial of service mitigation rule includes one or more routing parameters and a mitigation action. The distributed denial of service mitigation rule is implemented locally on the provider edge device of the telecommunications network. A broadcasting of the distributed denial of service mitigation rule in the telecommunications network is prevented beyond the provider edge device.

Abstract: A vehicle network system employing a controller area network protocol includes a bus, a first electronic control unit, and a second electronic control unit. The first electronic control unit transmits, via the bus, at least one data frame including an identifier relating to data used for a calculation for obtaining a message authentication code indicating authenticity of transmission content. The second electronic control unit receives the at least one data frame transmitted via the bus and verifies the message authentication code in accordance with the identifier included in the at least one data frame.

Abstract: Systems and methods for authorized access to restricted access locations. A first and/or second device includes a secure storage storing security credentials associated with a user for authorized access to restricted access locations. The second device is associated with a unique identifier. A processor of the first device is configured to: detect a presence of the second device within a predetermined proximity range of the first device; establish a communication channel between the first and second devices; receive the unique device identifier from the second device via the communication channel; determine whether the received unique device identifier matches a predetermined identifier in the secure storage, to validate the second device; determine whether the first and second devices maintain a predefined connection state; and permit access to the security credentials stored on the secure storage when the second device is validated and the predefined connection state is maintained.

Abstract: A system and computer-implemented method to detect particular Domain Name System (DNS) misuse, wherein the method includes obtaining monitored network data. The monitored network data includes respective instances of request traffic. The request traffic is associated with DNS requests that request resolution of a name that belongs to at least one identified domain. Each DNS request is sent from a source address of one or more stub resolver; the source address of the stub resolver may be spoofed. Each instance of request traffic includes the source address, the name for which DNS resolution is requested to be resolved, and the at least one identified domain associated with a corresponding DNS request. The method further includes tracking over time, using a probabilistic algorithm, an approximation of a first cardinality of names belonging to a selected domain of the at least one identified domain included in the instances of request traffic.