Abstract: A device and method for quantum key distribution (QKD). The QKD center includes an authentication key sharing unit for sharing authentication keys with QKD client devices; a quantum key generation unit for generating a sifted key for each of the QKD client devices using a quantum state; an error correction unit for generating output bit strings by correcting errors of the sifted keys; and a bit string operation unit for calculating an encryption bit string by performing a cryptographic operation on the authentication keys, the distribution output bit strings and output bit strings received from the QKD client devices. The present invention improves security by preventing the QKD center from being aware of keys shared among users.

Abstract: A system and method for providing or exchanging healthcare information (e.g., medical information) to authorized users in a secure manner. The method is implemented in a computer infrastructure having computer executable code tangibly embodied on a computer readable storage medium having programming instructions operable to: assign identification information to a plurality of users and a plurality of items; associate the identification information of a user of the plurality of users with one or more items of the plurality of items; set-up security policies including predetermined locations, within predetermined stages within a sequence and during predetermined times; and provide the user access to the one or more items when there is a matching between the identification information of the user and the one or more items, and all of the security policies associated with the user and the one or more of the plurality of items are met.

Abstract: Technologies for provisioning cryptographic keys include hardcoding identical cryptographic key components of a Rivest-Shamir-Adleman (RSA) public-private key pair to each compute device of a plurality of compute devices. A unique cryptographic exponent that forms a valid RSA public-private key pair with cryptographic key components hardcoded into each compute device is provided to each compute device so that each compute device has a unique public key. The public key of each compute device may be used to provision unique secrets to the corresponding compute device.

Abstract: Techniques for use in generating a dynamically-changing IoT device identity with robust blockchain validation are provided. When entering a communication network, an IoT device performs a procedure for registration. The procedure includes communicating, in a transaction, data associated with the IoT device to a network device (e.g. a fog router). The data includes, amongst other data items, an identity for addressing communications to and from the IoT device. A transaction number associated with the transaction is received based on a blockchain registration of the transaction. An updated identity of the IoT device is then derived based on the transaction number. In one example, the updated identity of the IoT device may be derived by combining a static address of the IoT device and the transaction number. The steps may be repeated by the device for each one of a plurality of network registrations.

Abstract: Techniques for chunking data in data storage systems that provide increased data storage security across multiple cloud storage providers. The techniques employ a chunking engine and a policy engine, which evaluates one or more storage policies relating to, for example, cost, security, and/or network conditions in view of services and/or requirements of the multiple cloud storage providers. Having evaluated such storage policies, the policy engine generates and provides operating parameters to the chunking engine, which uses the operating parameters when chunking and/or distributing the data across the multiple cloud storage providers, thereby satisfying the respective storage policies. In this way, users of data storage systems obtain the benefits of cloud storage resources and/or services while reducing their data security concern and optimizing the total cost of data storage.

Abstract: Implementations and methods herein provide a networked storage system including a plurality of physical storage devices configured to store data on a plurality of virtualized volumes, a key store configured to store a plurality of encryption keys, and a security manager configured to encrypt data stored on each of the plurality of virtualized volumes using a different key.

Abstract: A method, a client, and a system for testing an application. A webpage file includes codes for simulating a malicious attack. The method includes providing, by the test client, a network address of the webpage file to the tested application, wherein when the tested application loads the webpage file according to the network address, the tested application executes the codes comprised in the webpage file to attempt to read content of a private file in a private directory of the tested application. When the tested application successfully reads the content of the private file, the tested application transmits a message carrying the content of the private file to a test server through a local terminal device, wherein the test server determines whether the tested application has a security loophole according to the message transmitted by the tested application.

Abstract: A system and method for providing content consumption data to users in a multi-device environment. Activity data from a plurality of UE devices associated with a subscriber account are obtained when one or more users tied to the subscriber account consume content on one or more UE devices. The activity data may be correlated with one or more pieces of information relating to the consumed content. When a journal request is received from a user operating a UE device associated with the subscriber account, a response is generated containing data for presentation in a journal format that includes correlated subscriber activity data for the subscriber account over a select period of time.

Abstract: An apparatus, method and system are disclosed which may be used for assessing the trustworthiness of a particular proprietary microelectronics device design representation in a manner that will maintain its confidentiality and, among other things, thwart attempts at unauthorized access, misappropriation and reverse engineering of the confidential proprietary aspects contained in the design representation and/or its bit stream design implementation format. The disclosed method includes performing a process for assessing/verifying a particular microelectronics device design representation and then providing some indication of the trustworthiness of that representation. An example utility/tool which implements the disclosed method is described that is particularly useful for trust assessment and verification of FPGA designs.

Abstract: The disclosed embodiments include computerized methods and systems that facilitate two-factor authentication of a user based on a user-defined image and information identifying portions of the image sequentially selected by the user. In one aspect, a communications device presents a first digital image of a first user on a touchscreen display. The communications device may receive, from the first user, information identifying portions of the first digital image selected in accordance with a candidate authentication sequence established by the first user. The selected first image portions may, for example, be associated with corresponding facial features of the first user. The communications device may determine whether the candidate authentication sequence matches a reference authentication sequence associated with the first digital image, and may authenticate an identity of the first user, when the first selection sequence is determined to match the second selection sequence.

Abstract: Embodiments provide a user interface display method for a terminal, and a terminal. The method includes: generating, by a terminal in a first operating environment, a first user interface that includes a first input component, obtaining a first user interface picture according to the first user interface, and determining attribute information of the first input component according to a first application. The method also includes switching, by the terminal, to a second operating environment, and displaying a second user interface in the second operating environment according to the first user interface picture and the attribute information of the first input component, thereby reducing processing overheads of the terminal.

Abstract: An information handling system includes a processor that executes instructions for a content sharing system that has mixed operating system capabilities. The processor detects pre-paired wireless connectivity for at least one of a plurality of remotely connected computing devices and implements a role-based policy to partially limit content sharing system operation, the operation is based on a role classification. The processor also auto-initiates navigation accessibility within authorized remotely connected computing devices via the content sharing system.

Abstract: Techniques are described for associating identifiers (e.g., digital watermarks) with video content in a way that enables identification of the source of pirated content with specificity as granular as an individual user account. A compositors operating in the DRM trust zone of a client device introduces the identifier by compositing overlay information with decoded video frames. The identifier may then be recovered by comparing target content to the source content to extract the overlay information.

Abstract: Methods for use in a storage unit of a dispersed storage network (DSN) to securely store cryptographic key information. In various examples, the storage unit receives a slice access request relating to a key slice generated by performing a dispersed storage error encoding function on an encryption key. When the slice access request includes a request to store the key slice, the storage unit encrypts the key slice using a local key and stores the encrypted key slice (e.g., in a key region of a storage vault). When the slice access request includes a request to recover a key slice stored in the storage unit, the encrypted key slice is recovered from memory and decrypted using the local key to produce a decrypted key slice for provision to the requesting entity. For rebuilding operations, the storage unit may instead return a zero information gain (ZIG) representation of the key slice.

Abstract: In accordance with embodiments, there are provided mechanisms and methods for security verification of communications to tenants of an on-demand database service. These mechanisms and methods for security verification of communications to tenants of an on-demand database service can enable embodiments to allow tenants to selectively implement security measures with respect to inbound communications, etc. The ability of embodiments to provide such feature may allow tenants to efficiently and effectively implement security measures for in-bound emails.

Abstract: In aspects of string matching in encrypted data, a computing device stores homomorphic encrypted data as a dataset, and implements a string matching application that receives an encrypted query string as a query of the homomorphic encrypted data. The string matching application can then apply algorithms to perform addition and multiplication operations, and determine whether there are matching strings of the encrypted query string in the dataset. The string matching application can compute, for each row of the dataset, a sum of some function of dataset bits and query bits for a row result, and multiply the row results of the computed rows to determine matching strings. Alternatively, the string matching application can compute, for each row of the dataset, a product over some function of the dataset bits and the query bits for a row result, and add the row results of the computed rows to determine matching strings.

Abstract: The invention relates to a method for providing a wireless local network, wherein stationary communication devices and mobile communication devices are connected in the manner of a mesh as the sub-network, which is particularly connected to an infrastructure network and configured to exchange authentication messages with at least one communication device, which is particularly disposed in the infrastructure network and provides an authentication function. During an attempt to establish a first link by a first communication device connected to a communication device providing the authentication function to a second communication device connected to the communication device providing the authentication function, an authenticator role to be assigned as part of an authentication process is associated with the first and second communication devices, wherein at least one property correlating with the connection is analyzed for meeting a criterion.

Abstract: A sequence mining platform (SMP) comprises a processor, at least one machine-accessible storage medium responsive to the processor, and a sequence manager in the machine-accessible storage medium. The sequence manager is configured to use processing resources to determine a sequence of nucleobases in a nucleic acid. The storage medium also comprises a blockchain manager to (a) collect transaction data for one or more transactions for a blockchain which requires a proof of work (POW) for each new block; and (b) include at least some of the transaction data in a new block for the blockchain. The storage medium also comprises a sequence mining module (SMM) to use the determined sequence of nucleobases from the sequence manager to create a POW for the new block. In one embodiment, the SMM enables an entity which controls the SMP to receive transaction rewards and sequencing rewards. Other embodiments are described and claimed.

Abstract: An indication that a user wishes to conduct a bank transaction is received. An authentication path to be presented to the individual is pseudo-randomly determined. The authentication path comprises a combination of authentication challenges to be presented to the individual. A determination is made whether the user presented valid responses to the authentication challenges. The user is authenticated to conduct the bank transaction based on whether the user is determined to have presented valid responses to the authentication challenges.

Abstract: The present description relates to systems and techniques for allowing a third party verifier to verify aspects of secured data, or successful communication thereof. For example, a message or other data may be associated with a shared manifest that describes aspects of some data but does not reveal or expose the data. As a result, the data may be kept private while selective privacy and verification with respect to the data is achieved by the inclusion of only selected aspects of said data in the shared manifest.