Abstract: A method for controlling the IoT devices and an IoT system using the same are provided. The IoT devices includes a trigger device and a functional device. A managing software is executable on a client device. First, a credential is sent to the client from the functional device. Second, a script is received at the trigger device. The script includes the credential, at least one supported command, and at least one supported event. The script is generated at the managing software. The supported command is recognizable to the functional device. When the supported event is triggered at the trigger device, the supported command from the trigger device is received at the functional device. Then, a function of the functional device is performed based on the command, which increases the convenience of operating the system. The trigger device need not recognize the command, which increases the flexibility of the system.

Abstract: Disclosed herein are systems and methods for synchronizing anonymized linked data across multiple queues for SMPC. The systems and methods guarantee that data is kept private from a plurality of nodes, yet can still be synced within a local queue, across the plurality of local queues. In conventional SMPC frameworks, specialised data known as offline data is required to perform key operations, such as multiplication or comparisons. The generation of this offline data is computationally intensive, and thus adds significant overhead to any secure function. The disclosed system and methods aid in the operation of generating and storing offline data before it is required. Furthermore, the disclosed system and methods can help start functions across multi-parties, preventing concurrency issues, and align secure input data to prevent corruption.

Abstract: Disclosed herein are methods, systems, processes, and machine learning models for identifying ephemeral or short lived computing assets in a network. Data indicative of potential ephemeralness associated with the computing assets in the network is received. The received data is processed and provided as input to a logistic machine learning model trainer for classification based on logistic regression. The logistic machine learning model trainer classifies each computing asset as ephemeral or non-ephemeral based on one or more ephemeralness feature characteristics of each of the computing assets that are part of input data. The logistic machine learning model trainer generates a trained logistic machine learning model for identifying new ephemeral computing assets in the network and excluding these new ephemeral computing assets from security operations. The logistic machine learning model is then stored for automatically determining whether a new computing asset in the network is ephemeral.

Abstract: A method for preventing a differential cryptanalysis attack is provided. The method is implemented by an adaptive scan chain, a control module, and a plaintext analysis module. The plaintext analysis module controls the adaptive scan chain, so that two plaintexts differing in the last bit of only one byte are input through scan chains with different structures. Consequently, the two input plaintexts for which differential cryptanalysis attack technology originally can be used to crack the key are unable to generate outputs that can be used by the differential cryptanalysis attack technology.

Abstract: In an authentication system (120) of a first organization that a first user belongs to, when the first user accesses a service of another organization from a user terminal of the first organization, an authentication device (300) receives a hello message from another organization system, encrypts the hello message using a client private key of the first user, and sends the encrypted hello message to said another organization system as a signature message.

Abstract: A multi-device digital rights management server is provided. The server may include, but is not limited to, a processor communicatively coupled to a communications system and a memory, the processor configured to receive, from the communications system, a request to transfer digital content from a first user device to a second user device, update, upon receipt of the request, digital rights management data stored in the memory to enable both the first user device and the second user device to consume the digital content, receive, from the communications system, notice that one of the first user device and the second user device is consuming the digital content, update, upon receipt of the notice, the digital rights management data to disable the other of the first user device and the second user device from consuming the digital content.

Abstract: Some examples relate generally to computer architecture software for information security and, in some more particular aspects, to machine learning based on changes in snapshot metadata for anomaly and ransomware detection in a file system.

Abstract: Described are methods and systems for calibrating simulation models to generate digital twins for physical entities. In some embodiments, a method includes receiving a plurality of datasets for a plurality of corresponding physical entities. A calibration request is enqueued to a calibration requests queue for each received dataset and includes information indicating a dataset and a corresponding physical entity. A plurality of calibration engines and a plurality of corresponding simulation clusters for generating a plurality of calibration results for a plurality of calibration requests dequeued from the calibration requests queue can be deployed.

Abstract: A request is received from a computing device for substitute data, with access to the substitute data being contingent upon successful multi-factor authentication of the first service. Signature data based on the request is generated using a first key of public-private key pair. Credential proof and the signature is provided to a second service, which verifies the credential proof as a first factor of the multi-factor authentication and verifies, using a second key, the signature as a second factor of the multi-factor authentication. The substitute data is obtained as a result of authentication by the second service. The computing device is caused, by providing the substitute data to the computing device, to input the substitute data into the interface in place of data associated with the first entity.

Abstract: The disclosed embodiments include processes that manage a cryptographically secure generation and exchange of data between network-connected systems operating within a computing environment using a permissioned distributed ledger. For example, and based on secure interaction with a distributed smart contract maintained within ledger blocks of the permissioned distributed ledger, an apparatus and a counterparty system may generate local symmetric encryption keys that facilitate a secure communication session between the apparatus and the counterparty system. Using the symmetric encryption key, the apparatus may generate a cryptographically secure representation of generated or obtained data, which may be transmitted to the counterparty system across the secure communications channel.

Abstract: Provided is a distributed ledger device, aiming at easily and appropriately determining a status of operational processing on a distributed ledger in a certain distributed ledger device at another distributed ledger device. A BC node in a BC system including a plurality of BC nodes that manage a distributed ledger for a predetermined target transaction, the BC node including: the storage device; and the processor, in which the storage device stores the distributed ledger, and the processor, when executing processing relating to the distributed ledger, transmits content information indicating contents of the processing to be managed by another BC node that manages the distributed ledger. The processor may transmit an instruction to register the content information in another distributed ledger managed by the plurality of BC nodes that manage the distributed ledger.

Abstract: A method for detecting Command and Control (C&C) toward a web application in a network includes: obtaining, using a Web Application Firewall (WAF) of the network, network traffic between the web application and a server outside the network; transmitting the network traffic from the WAF to a machine learning model; determining, using the machine learning model, whether the network traffic includes a command signature; in response to determining that the network traffic includes a command signature, generating a notification; and determining, based on the notification, whether the server is a C&C.

Abstract: A file management server may include a processor, a network interface for operatively coupling the file management server to a user computer system and to memory services via a network. The file management server includes a file management application configured to receive an authorisation enquiry of the user computer system to store file fragments of a file via the network in a plurality of the memory services; and in response to the receipt of the authorisation enquiry, request an authorisation token from each of the memory services and forward, to the user computer system, authorisation tokens formed as URLs and obtained in response to the request. Each URL enables direct write or direct read access to a storage space of one of the memory services identified by the URL. Metadata that allows reconstruction of the file from the stored file fragments is protected against access by the memory services.

Abstract: A character string classification method, a character string classification system, a character string classification device, and a computer readable storage medium are provided. The method includes: acquiring a to-be-classified character string, inputting the to-be-classified character string to a feature extractor to obtain a feature vector of the to-be-classified character string, and inputting the feature vector to a classifier to obtain a classification result of the to-be-classified character string. With the character string classification method, only the features of the character string itself are used in the character string classification process. That is, the to-be-classified character string is directly inputted to the feature extractor to obtain the feature vector, and the classifier classifies the to-be-classified character string based on the feature vector, thereby eliminating requirement for other information associated with the character string.

Abstract: A method of operating a secure wireless network between a master controller and a secure device is provided. The method comprising: detecting at least one of a NONCE-GET and a NONCE-REPORT using a sniffer configured to detect wireless signals from a selected wireless protocol; determining that the NONCE-GET was not transmitted by a master controller or that the NONCE-REPORT was not in response to a NONCE-GET transmitted by the master controller, the master controller being in electronic communication with the sniffer; and transmitting a new NONCE-GET to the secure device from the master controller.

Abstract: A method for executing a binary code including the execution of an indirect load instruction which provokes the reading of a data line associated with an address obtained from the content of a destination register, then the construction of an initialization vector from the content of this data line, then the loading of this constructed initialization vector in a microprocessor, then the execution of an indirect branch instruction which provokes a branch directly to a first encrypted instruction line of a following basic block whose address is obtained from the content of the same destination register, then the decryption of the cryptogram of each encrypted instruction line of the following basic block using the initialization vector loaded in the microprocessor.

Abstract: A method for the personalization of an integrated circuit card, includes: simulating a downloading of a single image corresponding to a fixed part of personalization data of the integrated circuit card; simulating an execution of a sequence of personalization commands for the integrated circuit card to generate a set of personalization data; combining the set of personalization data with the single image to obtain a card image comprising the fixed part of personalization data and the set of personalization data; encrypting the card image to obtain an encrypted single image; and downloading the encrypted single image in a memory of the integrated circuit card.

Abstract: A biometric scanner apparatus comprising a biometric sensor configured to scan at least a biological sample and receive a unique biometric pattern, a secret data extractor configured to receive the unique biometric pattern from the biometric sensor and generate an output comprising a sample-specific secret, and a sample identifier circuit communicatively connected to the secret data extractor wherein the sample identifier circuit is configured to produce at least an output comprising a secure proof of the sample-specific secret.

Abstract: A method and system for secure storage of digital data offers enhanced resistance to threat actors (whether insiders or hackers) gaining unauthorised access to extract and manipulate data, and to brute force computational attacks. The method employs double randomised fragmentation of source data into a random number of fragments of random sizes, encryption of each fragment with a separate encryption key, storage of the encrypted fragments and keys and a catalogue of the mappings of locations and fragments to keys all in physically and logically separate locations in a secure storage estate (1). The method may be repeatedly applied to encrypted fragments, keys and catalogue in a cascade fragmentation process to add further levels of security.

Abstract: A mechanism of authenticating a communication device onto a radio access network via a private wireless gateway is described. This includes communicating with a communication device via a first wireless interface authentication information, a preferred roaming list (PRL), and an initial access value are obtained from the communication device. A first expected access value is determined based on rolling code data and a secret function. The PRL is authenticated when the first expected access value matches the initial access value. The communication device is proxied onto a radio access network via a second wireless interface. The proxying includes providing the authentication information and the PRL to a cell site attached to the radio access network.