Abstract: Collaborative multiparty homomorphic encryption comprising receiving a linear common public key collaboratively generated by a plurality of parties as a sum of linear public key shares associated with the respective plurality of parties. Each of two ciphertexts may be encrypted with the linear common public key and the two ciphertexts may be combined by a non-linear computation to generate a result ciphertext encrypted by a non-linear public key. The result ciphertext may be re-encrypted with a re-linearization key to swap encryption keys from the non-linear public key to a linear public key. The re-encrypted result ciphertext may be distributed to the plurality of parties to each partially decrypt the re-encrypted result ciphertext by a linear secret key share associated with the party, which in combination fully decrypts the result by a linear common secret key that is a sum of the secret key shares of the respective plurality of parties.

Abstract: A method for distributing data to a computing device using device level authentication includes: receiving a single use key from a payment institution, the single use key encrypted by the payment institution using a first encryption, a server public key, and device data; wrapping a device public key using the server public key; electronically transmitting at least the device data, the wrapped device public key, and the single use key to a server; receiving the single use key encrypted using a second encryption from the server, the second encryption using the device public key to encrypt the single use key; decrypting the single use key encrypted with the second encryption using a device private key; and electronically transmitting the decrypted single use key and payment credentials to a point of sale device.

Abstract: A validity verification method may include receiving an event to be analyzed from a security information & event management (SIEM) server, the event to be analyzed selected by the SIEM server from a plurality of events detected by different security devices based on a desired correlation rule; registering the event to be analyzed; collecting raw data associated with the registered event from a security device corresponding to the registered event among the different security devices; acquiring location information of an intended network location associated with an attack based on the collected raw data; determining a validity status of the registered event based on the acquired location information; generating an exceptional processing message of the registered event; and transmitting the generated exceptional processing message to the SIEM server based on results of the determining the validity status of the registered event.

Abstract: System and method for creating and managing trusted execution environments (TEEs) using different underlying hardware TEE mechanisms use a virtual secure enclave device which runs in a virtualized environment in a computer system. The device enables an enclave command transmitted to the virtual secure enclave device to be retrieved and parsed to extract an enclave operation to be executed. A TEE backend module is used to interact with a particular hardware TEE mechanism among those available in the computer system. The module ensures the enclave operation for the software process is executed by the particular hardware TEE mechanism, or the TEE scheme based on a particular hardware TEE mechanism.

Abstract: A system may be configured to prepare and use prediction models for predicting existence of fingerprints among encrypted traffic. Some embodiments may: obtain a machine learner configured to identify statistical differences between pseudo-randomness associated with encrypted user data and higher-entropy randomness associated with a set of other data; determine at least a portion of a path traversed by the encrypted user data in the network based on the identification; and secure the network based on the determination.

Abstract: Methods, media, and systems for facilitating inter-application communications between a web platform and a remote application computing device are disclosed such that a link protocol agent associated with the web platform processes an authentication request based on which a temporary connection resource locator is provided. A connection is then established at the resource locator and maintained for a period of time. Payloads and acknowledgements are exchanged in the established connection. The connection is capable of being established across a firewall.

Abstract: A method implements anonymous uncensorable cryptographic chains. The method includes receiving, from a first application, verifiable data for a current record and unverified data for the current record. The unverified data for the current record was received by the first application from a second application. The method further includes verifying the verifiable data for the current record with unverified data from a previous record. The method further includes recording the verifiable data for the current record and the unverified data for the current record to the current record responsive to verifying the verifiable data for the current record. The method further includes presenting the current record to one or more of the first application and to the second application.

Abstract: Embodiments disclosed herein are directed to a system and method configured to create a PII profile of the user and monitor data brokers for PII that matches the PII profile. For each data broker, the system can determine a threat level to the user and provide a dynamically updatable user interface configured to present the data brokers in a predetermined order, e.g. descending order of threat. The system can be configured to receive a swipe input from the user to either “Opt-Out” or “Remove” the user PII. “Opting-Out” can include preventing the data broker from selling or sharing the user PII. “Removing” can include requesting the data broker to delete all PII for the user. The system can then monitor the data broker for compliance with the request. Further, the system can provide a user interface to the data broker to petition the user for continued use of the PII.

Abstract: Systems and methods for generating min-increment counting bloom filters to determine count and frequency of device identifiers and attributes in a networking environment are disclosed. The system can maintain a set of data records including device identifiers and attributes associated with device in a network. The system can generate a vector comprising coordinates corresponding to counter registers. The system can identify hash functions to update a counting bloom filter. The system can hash the data records to extract index values pointing to a set of counter registers. The system can increment the positions in the min-increment counting bloom filter corresponding to the minimum values of the counter registers. The system can obtain an aggregated public key comprising a public key. The system can encrypt the counter registers using the aggregated shared key to generate an encrypted vector. The system can transmit the encrypted vector to a networked worker computing device.

Abstract: In one preferred form of the present invention, show in in FIGS. 1 to 3, there is provided a computer implemented security method (10) comprising: providing users (14) with first virtual machines (12), the first virtual machines (12) for being displayed on first electronic devices (18); and providing the users with virtual keyboards (22), the virtual keyboards (22) for providing user input to control the first virtual machines (12), the virtual keyboards (22) for being displayed on second electronic devices (24) that are different to the first electronic devices (18) to reduce the effectiveness of possible malware loggers on the first electronic devices (18).

Abstract: A secure joining system is a secure joining system including a plurality of secure computing apparatuses. The plurality of secure computing apparatuses include a first vector joining unit, a first permutation calculation unit, a first vector generation unit, a second vector joining unit, a first permutation application unit, a second vector generation unit, a first inverse permutation application unit, a first vector extraction unit, a second permutation application unit, a third vector generation unit, a second inverse permutation application unit, a second vector extraction unit, a modified second table generation unit, a third permutation application unit, a fourth vector generation unit, a shifting unit, a third inverse permutation application unit, a bit inversion unit, a third vector extraction unit, a modified first table generation unit, a first table joining unit, and a first table formatting unit.

Abstract: A secure strong mapping computing system is a secure joining system including a plurality of secure computing apparatuses. The plurality of secure computing apparatuses include a first vector joining unit 11n, a first permutation calculation unit 12n, a first vector generation unit 13n, a second vector joining unit 14n, a first permutation application unit 15n, a second vector generation unit 16n, a first inverse permutation application unit 17n, and a first vector extraction unit 18n.

Abstract: Apparatuses and methods related to detecting synchronization between multiple devices. The security of a device may be compromised if the device receives commands from unauthorized sources. A state of a device can be affected by the commands the device receives. A different device can determine whether there is synchronicity between device and the different device to determine whether the security of the device may have been compromised.

Abstract: A device, method or executable instructions that include receiving, over a network, an authentication request from a user device for performing a function utilizing a first authentication method, obtaining network intelligence data for a mobile network over the network, and identifying a risk for each of multiple authentication methods in response to analyzing device security behavior and the network intelligence data. Further embodiments include identifying a first risk for the first authentication method and identifying a second risk for the function, determining the first risk is higher than the second risk, and identifying a second authentication method that is associated with the second risk. Additional embodiments include notifying the user device of the second risk for the function, and providing a recommendation to the user device to utilize the second authentication method to perform the function. Other embodiments are disclosed.

Abstract: In an embodiment, a communication method, using OFDM (Orthogonal Frequency Division Multiplexing), comprises transmitting and receiving packets between a first node and at least one second node, where each packet comprises a preamble and payload data. The method, performed by the first node, may comprise receiving packets from the at least one second node, and authenticating the at least one second node based on physical layer characteristics, i.e., on CSI (Channel State Information). The authenticating may be based on a plurality of preambles, which are extracted from a group of consecutively received packets.

Abstract: A storage circuit stores secret information. A software processing circuit obtains an operation task and generates scheduling instructions corresponding to the operation task. After receiving the scheduling instructions, a hardware processing circuit obtains the secret information from the storage circuit when the flag bit in the scheduling instruction is a valid value, determines, based on the secret information, data addresses of one or more pieces of operation data required for completing the operation corresponding to the scheduling instruction, and obtains the one or more pieces of operation data based on the data addresses to complete the operation corresponding to each scheduling instruction.

Abstract: A system for split keys for wallet recovery includes an interface configured to receive a request to recover a user private key, and a processor configured to provide a request to a credential issuing authority for a first encrypted recovery key share, wherein the request includes a first identification credential, receive the first encrypted recovery key share from the credential issuing authority, provide a request to a trusted organization for a second encrypted recovery key share, wherein the request includes a second identification credential, receive the second encrypted recovery key share from the trusted organization, combine the first encrypted recovery key share and the second encrypted recovery key share to determine a recovered encryption key, and determine the user private key using the recovered encryption key.

Abstract: According to one embodiment, a secure computing method includes setting a coefficient selected from a ring of integers Q based on first data X, generating n pieces of first fragment data from the first data X based on the coefficient, causing a learning model held in the computing device to learn the first fragment data, generating n pieces of second fragment data from second data Z based on the coefficient, performing, by each of the n computing devices, inference based on the second fragment data using the learning model, and obtaining decoded data dec by decoding k pieces of inference result data. The coefficient is set to make each of the n pieces of first fragment data less than a maximum value of the ring of integers Q.

Abstract: Described herein are systems and methods for enhancing an interface for an information technology (IT) environment. In one implementation, an incident service causes display of a first version of a course of action and obtains input indicative of a request for a new action in the course of action. The incident service further determines suggested actions based at least one the input and causes display of the suggested actions. Once displayed, the incident service obtains input indicative of a selection of at least one action from the suggested actions, and causes display input indicative of a selection of at least one action from the suggested actions.

Abstract: Aspects of the present disclosure involves receiving an input message, generating a first random value that is used to blind the input message to prevent a side-channel analysis (SCA) attack, computing a second random value using the first random value and a factor used to compute the Montgomery form of a blinded input message without performing an explicit Montgomery conversion of the input message, and computing a signature using Montgomery multiplication, of the first random value and the second random value, wherein the signature is resistant to the SCA attack.