Abstract: A data comparison device holds first and second encrypted data of first and second plaintext, respectively. The first plaintext is divided into a plurality of blocks and the first encrypted data is generated by executing encryption of each of the plurality of blocks and shuffling of the plurality of blocks. The second plaintext is divided into a plurality of blocks and the second encrypted data is generated by executing encryption of each of the plurality of blocks. In at least one of the first encrypted data and the second encrypted data, a plaintext value is embedded as a value indicating a magnitude comparison result, and the data comparison device compares blocks at the same position before shuffling of the first encrypted data and the second encrypted data based on the embedded value and determines a magnitude relationship between the first plaintext and the second plaintext.

Abstract: An apparatus and a method for registering a device in a cloud server are provided. The apparatus includes detecting the device by using short-range communication, requesting an authentication code used for registering the device in the cloud server from an account server in response to the device being detected, receiving the authentication code from the account server, and transmitting the received authentication code and connection address information of the cloud server to the device.

Abstract: A system and method to transform a block of data is disclosed. A block of original data is retrieved from a data store, block of original data including a N number of words, each word including one or more bits of data. A multiplier matrix is provided, the multiplier matrix having N×N words, a plurality of sub matrices arranged diagonally within the N×N matrix, with each of the sub matrix arranged as a binomial matrix. All the words in the multiplier matrix not part of the sub matrix are set to zero. Each of the sub matrix is represented as a product of a plurality of lower factorized matrix, a plurality of upper factorized matrix and a shift matrix. The block of original data is multiplied with the multiplier matrix to generate a transformed block of original data with N number of words.

Abstract: A system having one or more processors. The one or more processors receive data having a request for transferring ownership of a portion of a security from a first user computing system. A portion of the data is signed by a signer with a group signature having an extension. The one or more processors further receive a request to link an identity of the signer and open the identity of the signer. The one or more processors provide to a regulator information corresponding to the group signature and a signature of a transferee being linked to the group signature. The one or more processors generate signing ability of a second user computing system associated with an identifier of the transferee. Generating the signing ability of the second user computing system to use the group signature transfers the ownership of the portion of the security.

Abstract: In one embodiment, a method by an apparatus of a Border Gateway Protocol (BGP) network includes accessing an attestation token for the apparatus. The method further includes encoding the attestation token in a BGP signaling message. The method further includes sending the BGP signaling message with the encoded attestation token to a second apparatus of the BGP network.

Abstract: A method for preventing side-channel attack according to an embodiment includes generating an order table which includes a position index value for each bit value of a bit string that is secret information to be generated through a decryption algorithm of an Nth Degree Truncated Polynomial Ring Units (NTRU) LPRime algorithm, shuffling a sort order of the position index value for the each bit value in the order table based on a random number, determining a generation order for the each bit value according to the sort order of the position index value for the each bit value in the order table, and generating the secret information through the decryption algorithm. The secret information is generated by generating the each bit value according to the determined generation order.

Abstract: Disclosed herein are systems and methods for device authentication or pairing. In an aspect, a wearable display system comprises a display, an image capture device configured to capture images of a companion device, a computer-readable storage medium configured to store the images of the companion device, and a processor in communication with the image capture device and the storage medium. The processor can be programmed with executable instructions to receive a first image of a first optical pattern displayed by the companion device captured by the image capture device, wherein the first optical pattern is generated by the companion device based on first shared data, extract first data from the first optical pattern in the received first image, authenticate the companion device based on the first data extracted from the first optical pattern, and notify a user of the wearable display system that the companion device is authenticated.

Abstract: Providing cascading quantum encryption services is disclosed. In one example, a first quantum computing device provides a plurality of encryption services that include one or more quantum encryption services and one or more classical encryption services. To encrypt a payload for transmission, the first quantum computing device selects a first encryption service from among the plurality of encryption services. The first quantum computing device then detects that the first encryption service is compromised. In response to detecting that the first encryption service is compromised, the first quantum computing device selects a second encryption service from among the plurality of encryption services, and encrypts the payload using the second encryption service. By automatically “cascading” from the first encryption service to the second encryption service in this manner, the first quantum computing device may ensure the secure communication of the payload to the second quantum computing device.

Abstract: Networked devices in a communications network share a common firmware key. Using the common firmware key, one networked device can encrypt configuration data it uses to operate in the network for distribution to other networked devices of the same or similar type. The networked devices that receive the encrypted configuration data then use the common firmware key to decrypt the encrypted configuration data, and using the decrypted configuration data, self-configure to operate on the network. This allows for the secure distribution of configuration data, as well as the self-configuration of networked devices without exposing the sensitive data needed for such configuration to a human.

Abstract: A method for a serving network to selectively employ perfect forward security (PFS) based on an indication from a home network is described. The method includes receiving, by the serving network, a PFS indicator from the home network; determining, by the serving network, whether the PFS indicator indicates that the home network has instructed the serving network to employ PFS for communications with a piece of user equipment; and performing, by the serving network, a PFS procedure with the piece of user equipment in response to determining that the PFS indicator indicates that the home network has instructed the serving network to employ PFS for communications with the piece of user equipment.

Abstract: Embodiments include wireless authentication devices, systems, and methods. A wireless authentication system can include an active wireless communication device including a first memory, first processing circuitry, and a first antenna, the first processing circuitry to produce an identifier request for an identifier (ID) and cause the first antenna to transmit the identifier request, receive the ID in a response to the identifier request, identify, based on the ID and data in the first memory, a location of a second memory to access, and produce an access request for the identified location of the second memory and cause the first antenna to transmit the access request.

Abstract: This disclosure relates to secure optical communication links. In particular, this disclosure relates to data storage devices, random access memories, host interfaces, and network layers that comprise a secure optical communication link. A data storage device comprises an optical data port to connect to an optical communication link external to the data storage device and a non-volatile storage medium to store user content data received over the optical communication link. A controller controls access to the user content data stored on the non-volatile storage medium. A cryptography engine uses a cryptographic key to perform cryptographic operations on data sent and received through the optical data port. An optical key distribution device coupled to the optical data port performs quantum key distribution over the optical communication link to provide the cryptographic key to the cryptography engine.

Abstract: Methods, systems, and computer programs are presented for secure data encryption in a multi-tenant service platform. One method includes an operation for detecting a write request to write index data to storage. The write request is from a first user from a group of users, and the storage is configured to store index data for the group of users. Further, the method includes operations for authenticating that the first user is approved for access to the storage, and for identifying a first encryption key for the first user, where each user from the group of users has a separate encryption key. Further yet, the method includes encrypting the index data with the first encryption key and storing the encrypted index data in the storage.

Abstract: A system and method for constructing an improved computing model that preserves use rights for data utilized by the model. A first dataset is accessed to build a computing model. The first data set is subject to terminable usage rights provisions. A portion of the first dataset is sampled to generate a second dataset. Vectors present in the first dataset and the second dataset are discretized. In response to determine that the usage rights associated with the primary dataset have been terminated, a coverage depletion for the second dataset is computed based on the usage rights termination associated with the first dataset. An estimated mean time to coverage failure for the first model based on the depletion coverage is determined for the second dataset. One or more data points are removed from the first dataset due to the termination of usage rights.

Abstract: Methods, apparatus and computer program product for protecting a confidential integrated circuit design process.

Abstract: Permission to execute a remote procedure call as requested by a first vehicle-enabled application over a first connection is validated using permissions assigned to the first vehicle-enabled application according to a policy table of the vehicle. Permission to execute the remote procedure call as requested by the second vehicle-enabled application over the second connection as forwarded to vehicle over the first connection is validated using permissions assigned to the second vehicle-enabled application according to the policy table of the vehicle.

Abstract: Some embodiments of the invention provide a method for deploying network elements for a set of machines in a set of one or more datacenters. The datacenter set is part of one availability zone in some embodiments. The method receives intent-based API (Application Programming Interface) requests, and parses these API requests to identify a set of network elements to connect and/or perform services for the set of machines. In some embodiments, the API is a hierarchical document that can specify multiple different compute and/or network elements at different levels of compute and/or network element hierarchy. The method performs automated processes to define a virtual private cloud (VPC) to connect the set of machines to a logical network that segregates the set of machines from other machines in the datacenter set. In some embodiments, the set of machines include virtual machines and containers, the VPC is defined with a supervisor cluster namespace, and the API requests are provided as YAML, files.

Abstract: According to one embodiment, a memory system includes a nonvolatile memory and a controller. In response to receiving from a host a write request designating a first address for identifying data to be written, the controller encrypts the data with the first address and a first encryption key, and writes the encrypted data to the nonvolatile memory together with the first address. In response to receiving from the host a read request designating a physical address indicative of a physical storage location of the nonvolatile memory, the controller reads both the encrypted data and the first address from the nonvolatile memory on the basis of the physical address, and decrypts the read encrypted data with the first encryption key and the read first address.

Abstract: Techniques are described that enable maintaining of session stickiness across authentication and authorization channels in an access management system, through the use an identifier for an access manager from a plurality of access managers. The access manager authenticates a user of a client device based on an authentication request. In response to response to successful authentication of the user, the access manager creates a session. The access manager also generates the identifier and causes the identifier to be stored for the session. The access manager can then receive a second request, which is sent to the access manager based on identifying the access manager using the stored identifier.

Abstract: A system for real time federation of file permissions for digital content protection is described. The system automatically protects the files as the files leave application boundaries and then ensures that the files can only be used as per the permissions defined on those files while they were inside the application. The system also provides real time federation of policies with the application that generated the file and automatic protection of files as the files leave the application boundary. The system thus creates a single integral platform that is easy to access as well as reliable, and provides ease-of-use, advanced technology, and connectivity that delivers automated file protection.