Abstract: A method for transmitting data includes: obtaining original data to be encrypted on a network device; determining a decryption geographic location of the original data to be encrypted, and selecting a hotspot within a range of the decryption geographic location; afterwards, using attribute information of the selected hotspot as an encryption key to encrypt the original data to be encrypted, and obtaining ciphertext data and sending the ciphertext data to user equipment. The attribute information is available to the user equipment by the user equipment scanning the hotspot within the range of the decryption geographic location. The present disclosure realizes encryption of the original data based on an actual decryption geographic location which is used as the encryption key of the original data to be encrypted.

Abstract: A system and method allows a matching system to mediate requests for information among different computer systems without storing information that can be used to log into those computer systems.

Abstract: A continuous glucose monitor for wirelessly transmitting data relating to glucose value to a plurality of displays is disclosed, as well as systems and methods for limiting the number of display devices that can connect to a continuous glucose transmitter. In addition, security, including hashing techniques and a changing application key, can be used to provide secure communications between the continuous glucose transmitter and the displays. Also provided is a continuous glucose monitor and techniques for authenticating multiple displays, providing secure data transmissions to multiple displays, and coordinating the interaction of commands and data updates between multiple displays.

Abstract: Systems and techniques for location independent website filtering using bifurcated domain name system are described herein. A domain name system (DNS) request may be received. A unique device identifier may be received for the requesting device. The ISP may provide external network services to the services gateway. The DNS service provider may maintain a website filtering policy. The DNS request may be forwarded to the DNS service of the ISP. The DNS service of the ISP may respond with a DNS resolution. An access control request may be forwarded to the DNS service provider external to the ISP. A website filtering policy associated with the device identifier may be used to determine website access. The DNS service provider external to the ISP may respond with a grant/block status. Based on the returned grant/block status, the services gateway may respond to the requesting device with the DNS resolution or access denial.

Abstract: With respect to a key distribution system including N terminal devices Ui and a key distribution server used for exchanging a session key, the key distribution system includes an isogeny calculating unit configured to calculate a first public value using a basis of a first torsion subgroup of a predetermined elliptic curve at an odd-numbered terminal device Ui and calculate a second public value using a basis of a second torsion subgroup of the predetermined elliptic curve at an even-numbered terminal device Ui, when N is an even number, a distributing unit configured to distribute the first public value calculated at the odd-numbered terminal device Ui to a terminal device Ui?1 and a terminal device Ui+1, and distribute the second public value calculated at the even-numbered terminal device Ui to a terminal device Ui?1 and a terminal device Ui+1, from the key distribution server, a key generating unit configured to use second public values distributed by the distributing unit to generate the session key at t

Abstract: A security communication method of a client ECU included in a vehicle Ethernet network includes transmitting a first message generated based on a first random number generated by the client ECU, first security version information of the client ECU, and a symmetric key pre-shared with a server ECU, to the server ECU, receiving a second message generated based on a second random number generated by the server ECU, second security version information of the server ECU, and the symmetric key in response to the first message, from the server ECU, when successfully verifying the second message, storing the second random number in a memory of the client ECU, transmitting a third message to the server ECU and generating a session key based on the first random number, the second random number, and the symmetric key, and transmitting a fourth message encrypted using the session key to the server ECU.

Abstract: This disclosure provides a network security architecture that permits installation of different software security products as virtual machines (VMs). By relying on a common data format and standardized communication structure (e.g., using pre-established, cross-platform messaging), a general architecture can be created and used to dynamically build and reconfigure interaction between both similar and dissimilar security products. Examples are provided where an intrusion monitoring system (IMS) can be used to detect network threats based on distributed threat analytics, passing detected threats to other security products (e.g., products with different capabilities from different vendors) to trigger automatic, dynamically configured communication and reaction. A network security provider using this infrastructure can provide hosted or managed boundary security to a diverse set of clients, each on a customized basis.

Abstract: A method includes receiving an indication of a request from a client device. The request is for establishing an access session to perform one or more actions on data of a data processing platform. The method includes receiving data indicative of a context of the access session request and establishing a challenge session associated with the request that indicates one or more challenges required of a user associated with a client device to successfully respond to in order to establish the requested access session, a number or a type of the one or more challenges being determined based on the context, and establishing an access session to enable the user to perform the one or more actions on the data of the data processing platform if responses to all challenges in the challenge session are successful.

Abstract: A share generating device obtains N seeds s0, . . . , sN?1, obtains a function value y=g(x, e)?Fm of plaintext x?Fm and a function value e, and obtains information containing a member yi and N?1 seeds sd, where d?{0, . . . , N?1} and d?i, as a share SSi of the plaintext x in secret sharing and outputs the share SSi. It is to be noted that the function value y is expressed by members y0?Fm(0), . . . , yN?1?Fm(N?1), which satisfy m=m(0)+ . . . +m(N?1).

Abstract: A first copy of a True Random Number (TRN) pool comprising key data of truly random numbers in a pool of files may be stored on a sender and a second copy of the TRN pool is stored on a receiver. An apparent size of the TRN pool on each device is expanded using a randomizing process for selecting and re-using the key data from the files to produce transmit key data from the first copy and receive key data from the second copy.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for data tracing are provided. One of the methods includes: receiving a data backtracking request, the data backtracking request comprising a version identifier of a first data version of a target object; obtaining, from the blockchain, version identifiers of a plurality of second data versions of the target object and a plurality of data blocks in the blockchain, wherein the second data versions comprise an initial data version of the target object, and at least one of the obtained data blocks comprises a version identifier of the initial data version; and determining, based on the version identifier of the initial data version, data content corresponding to the initial data version of the target object.

Abstract: A computing device operating system providing a plurality of secure domains. A domain manager selectively creates a plurality of secure domains, and one of the secure domains is selected as a current domain. A domain policy service stores and enforces, for each secure domain, a policy comprising a rule set controlling access to files and applications associated with the domain. A package manager enforces, for each secure domain, installation of the applications associated with the domain. A domain message service provides communication between running processes associated with different ones of the secure domains. An activity manager selectively switches the current domain. Domain isolation is achieved while enabling a unified user interface providing concurrent access to the resources of multiple domains.

Abstract: The present disclosure relates to a system and method for performing anti-malware scanning of data files that is data-centric rather than device-centric. In the example, a plurality of computing devices are connected via a network. An originating device creates or first receives data, and scans the data for malware. After scanning the data, the originating device creates and attaches to the data a metadata record including the results of the malware scan. The originating device may also scan the data for malware contextually-relevant to a second device.

Abstract: Elliptic Curve Cryptography (ECC) can provide security against quantum computers that could feasibly determine private keys from public keys. A server communicating with a device can store and use PKI keys comprising server private key ss, device public key Sd, and device ephemeral public key Ed. The device can store and use the corresponding PKI keys, such as server public key Ss. The key use can support all of (i) mutual authentication, (ii) forward secrecy, and (iii) shared secret key exchange. The server and the device can conduct an ECDHE key exchange with the PKI keys to mutually derive a symmetric ciphering key K1. The device can encrypt a device public key PK.Device with K1 and send to the server as a first ciphertext. The server can encrypt a server public key PK.Network with at least K1 and send to the device as a second ciphertext.

Abstract: In a medical workspaces management method, a user identified in a users database (52) is authenticated. At a server computer (10), a virtual session is created including running instances (16) of a plurality of medical applications on the server computer with the instances associated with the authenticated user. Using at least one locating service (20), a current medical content presentation device (30, 32) is identified which is proximate to the authenticated user. At the server computer, a set of rules is applied to determine content of the instances to be presented. This content is pushed from the server computer to the current medical content presentation device. At the current medical content presentation device, the pushed content is presented on a display (40, 42) of the current medical content presentation device.

Abstract: This application discloses a continuous-variable quantum key distribution (CV-QKD) device and method. The device includes a light source, a modulation unit, a first random number generator, and a processor, where the processor is configured to obtain a first data sequence based on a preset quantity of modulation format symbols, a distribution probability of each symbol, and a first random number sequence generated by the first random number generator, and obtain a second data sequence based on the first data sequence; and the modulation unit is configured to modulate, based on to the first data sequence, a signal emitted by the light source to output a second optical signal, where the second optical signal does not need to include quantum states with a quantity in an order of magnitude of 28×28 required in an existing Gaussian protocol.

Abstract: Systems and methods for authentication and key agreement are provided and can utilize a scheme that uses dynamic key generation to achieve replay-attack resistance in zero round trip time (0-RTT). The hash-chain concept can be integrated with the Diffie-Hellman (DH) key exchange scheme. With this scheme, a device can securely determine the new shared key immediately (i.e., in 0-RTT) and start using it.

Abstract: Systems and methods for policy-controlled communication over the Internet between third party client applications and remote services. A client device enforces policies on the communication between the applications and services. The communication is redirected through a mid-link server using a digitally protected tunnel. Network addresses of the client device and remote service are masked.

Abstract: Systems, apparatuses, methods, and computer program products are disclosed for post-quantum cryptography (PQC). An example method includes receiving data, a set of data attributes about the data, and a risk profile data structure indicative of a vulnerability of the data in a PQC data environment. The example method further includes retrieving PQC cryptographic performance information associated with a set of PQC cryptographic techniques. The PQC cryptographic performance information may comprise a set of PQC cryptographic performance attributes for each PQC cryptographic technique in the set of PQC cryptographic techniques. The example method further includes selecting a PQC encryption algorithm for encrypting the data based on the set of data attributes, the risk profile data structure, the PQC cryptographic performance information, and a PQC optimization machine learning model. Subsequently, the example method includes encrypting the data based on the selected PQC encryption algorithm.

Abstract: Server cluster communication across the public internet using a single secure User Datagram Protocol (UDP) is facilitated by an intermediary registry server. The intermediary registry server enables servers within a cluster to identify and securely communicate with peer servers in the cluster across disparate locations and through firewalls Using an external address registry shared to each member of a server cluster peer group, individual servers can establish a direct secure channel using a single UDP tunnel.