Abstract: A server is configured to communicate with a group of clients over a network in one embodiment. The server maps the group of clients into a plurality of subgroups of bounded size, communicates to a given one of the clients information identifying the particular subgroup to which that client belongs as well as the other clients in that subgroup. The given client utilizes the communicated information to generate a ring signature over the corresponding subgroup of clients based on the communicated information. The subgroup size may be bounded to a minimum size and a maximum size in accordance with a variable privacy parameter. The server can increase or decrease the value of the parameter in order to provide respective increased or decreased privacy to the clients, by making it respectively more or less difficult to determine which client in a corresponding one of the subgroups produced the received ring signature.

Abstract: A first cryptographic device is authenticated by a second cryptographic device. The second cryptographic device stores an alternative version of a secret value associated with the first cryptographic device as a countermeasure to compromise of the secret value. In conjunction with a protocol carried out between the first cryptographic device and the second cryptographic device, the second cryptographic device determines the secret value based at least in part on the alternative version of the secret value, and utilizes the determined secret value to authenticate the first cryptographic device. The alternative version of the secret value may comprise a randomly-skewed version of the secret value. For example, the secret value may comprise a key or other parameter of the first cryptographic device and the alternative version of the secret value may comprise a randomly-skewed version of the key or other parameter.

Abstract: Methods and apparatus are provided for silent alarm channels using one-time passcode authentication tokens. A message is transmitted indicating a potential attack on a protected resource by obtaining the message; combining the message with a tokencode generated by a security token to generate a one-time passcode; and transmitting the one-time passcode to a receiver. A plurality of the messages can be obtained in parallel, and the plurality of parallel messages can be combined with the tokencode to generate the one-time passcode. A subsequent message can optionally be generated by applying a hash function to a prior n-bit value to provide a counter identifying each message. The message optionally also comprises one or more additional bits to provide an annotation of the message.

Abstract: A processing device is configured to identify a plurality of defensive security actions to be taken to address a persistent security threat to a system comprising information technology infrastructure, and to determine a schedule for performance of the defensive security actions based at least in part on a selected distribution derived from a game-theoretic model, such as a delayed exponential distribution or other type of modified exponential distribution. The system subject to the persistent security threat is configured to perform the defensive security actions in accordance with the schedule in order to deter the persistent security threat. The distribution may be selected so as to optimize defender benefit in the context of the game-theoretic model, where the game-theoretic model may comprise a stealthy takeover game in which attacker and defender entities can take actions at any time but cannot determine current game state without taking an action.

Abstract: A client device or other processing device comprises a file processing module, with the file processing module being operative to provide a file to a file system for encoding, to receive from the file system a proof of correct encoding of the file, and to verify the proof of correct encoding. The file system may comprise one or more servers associated with a cloud storage provider. Advantageously, one or more illustrative embodiments allow a client device to verify that its files are stored by a cloud storage provider in encrypted form or with other appropriate protections.

Abstract: Methods and apparatus are provided for authenticating a user using multi-server one-time passcode verification. A user is authenticated by receiving authentication information from the user; and authenticating the user based on the received authentication information using at least two authentication servers, wherein the received authentication information is based on a secret shared between a security token associated with the user and an authentication authority that provides the at least two authentication servers. For example, the authentication information can comprise a passcode comprised of a tokencode from the security token and a password from the user. The user can be authenticated only if, for example, all of the at least two authentication servers authenticate the received authentication information.

Abstract: A server is configured to communicate with a group of clients over a network. Each of the clients obtains a corresponding informational message comprising security-related information such as an indication of compromise (IOC), inserts noise in the information message to generate an anonymized message, and communicates the anonymized message to the server. The anonymized messages communicated by the respective clients to the server may be configured so as to prevent the server from identifying any individual client associated with a particular one of the anonymized messages, while also allowing the server to extract from the anonymized messages collectively one or more characteristics of the underlying informational messages. A given client may insert noise in an informational message by, for example, selecting a noise value from a specified range of noise values, and combining the informational message and the selected noise value to generate the anonymized message.

Abstract: Methods and apparatus are provided for embedding auxiliary information in one-time passcode authentication tokens. Auxiliary information is embedded in authentication information transmitted to a receiver by obtaining the auxiliary information; and mapping the auxiliary information to a codeword using a secret key, wherein the secret key is shared between the security token and an authentication authority; and combining the codeword with a tokencode generated by a security token to generate a one-time passcode. The one-time passcode can then be transmitted to the receiver.

Abstract: A client device or other processing device comprises a file processing module, with the file processing module being operative to provide a file to a file system for encoding, to receive from the file system a corresponding encoded file, and to verify that the file system stores at least a designated portion of an encapsulation of the encoded file. In an illustrative embodiment, the file processing module receives, in addition to or in place of the encoded file, a proof of correct encoding. The file system may comprise one or more servers associated with a cloud storage provider. Advantageously, one or more illustrative embodiments allow a client device to verify that its files are stored by a cloud storage provider in encrypted form or with other appropriate protections.

Abstract: A client device or other processing device comprises a file processing module, with the file processing module being operative to request proof from a file system that a file having a first format is stored by the file system in a second format different than the first format, to receive the proof from the file system, and to verify that the file is stored in the second format using the proof provided by the file system responsive to the request. The proof is based at least in part on application of a function to the file in the second format, and the function imposes a minimum resource requirement on generation of the proof. The file system may comprise one or more servers associated with a cloud storage provider. Advantageously, one or more illustrative embodiments allow a client device to verify that its files are stored by a cloud storage provider in encrypted form or with other appropriate protections.

Abstract: The present invention relates to a method and a system of securely computing a measure of similarity for at least two sets of data. A basic idea of the present invention is to securely compare two sets of encrypted data to determine whether the two sets of data resemble each other to a sufficient extent. If the measure of similarity complies with predetermined criteria, the two sets of data from which the encrypted sets of data originate are considered to be identical.

Abstract: A physical random function (PUF) is a function that is easy to evaluate but hard to characterize. Controlled physical random functions (CPUFs) are PUFs that can only be accessed via a security program controlled by a security algorithm that is physically bound to the PUF in an inseparable way. CPUFs enable certified execution, where a certificate is produced that proves that a specific computation was carried out on a specific processor. The invention provides an additional layer for generating a proof of execution which any third party can verify. This proof of execution is also useful to provide secure memory and secure interruptible program execution.

Abstract: The invention relates to a method of establishing a shared secret between two or more parties, based on a physical token, wherein helper data from both the enrolment and the authentication measurement is used in such a way that only response data reliable at both measurements is used to generate the shared secret. The generated shared secret is therefore identical to both parties to a high degree of certainty. The invention further relates to a system for generating such a shared secret, comprising a central database server and a terminal, or any one of them.

Abstract: The present invention relates to a method and a system of securely computing a measure of similarity for at least two sets of data. A basic idea of the present invention is to securely compare two sets of encrypted data to determine whether the two sets of data resemble each other to a sufficient extent. If the measure of similarity complies with predetermined criteria, the two sets of data from which the encrypted sets of data originate are considered to be identical.

Abstract: The present invention relates to a system (600) and method for sharing multiple session keys between low-power devices (701) and more advanced devices (702). A polynomial algorithm with a certain number of parameters is used. A large number of parameters are fixed for the low-power devices (701) and a small number of parameters are fixed for the more powerful devices (702).

Abstract: Information signals such as grayscale images or audio signals are represented as a sequence of PCM signal samples. To embed auxiliary data in the least significant bits of the signal, the samples are slightly distorted. There is a so-termed “rate-distortion function” (20) which gives the largest embedding rate R given a certain distortion level D. It appears that the efficiency of prior art embedding schemes such as LSB replacement (21,22) can be improved. The invention discloses such embedding schemes (23,24). According to the invention, the signal is divided into groups of L (L>1) signal samples (x). For each group of signal samples, a vector of least significant portions (x mod n) of the signal samples is created. For n=2, the vector comprises the least significant bit of each signal sample. The syndrome of said vector (as defined in the field of error detection and correction) represents the embedded data.

Abstract: A method of embedding an additional layer of error correction into an error correcting code, wherein information is encoded into code words of said code over a first Galois field and wherein a number of code words are arranged in the columns of a code block comprising a user data sub-block and a parity data sub-block, provides an additional layer of error correction that can be easily implemented without losing compatibility improving the error correction capabilities. The method includes the steps of: encoding the rows of at least the user data sub-block separately or in groups using a horizontal error correcting code over a second Galois field larger than the first Galois field to obtain horizontal parities, and embedding the horizontal parities as additional layer in the error correcting code.

Abstract: A method of embedding an additional layer of error correction into an error correcting code, where information is encoded into code words that are arranged in columns of a code block. The method includes reducing the length of each row of the code block by adding row symbols together according to a predetermined adding rule resulting in a reduced code block; encoding the shortened rows of the reduced code block using a horizontal error correcting code to obtain horizontal parities; and embedding the horizontal parities as additional layer in the error correcting code.

Abstract: The invention relates to a method of storing a number of data bits of a secondary channel (30) in the frame of a main channel (20) and to a method of decoding a stream of bits relating to a secondary channel (30) embedded in the frames of a main channel (20) into a stream of data bits (62). In order to enable a certain synchronization and to guarantee a fixed amount of storage capacity in the secondary channel as well as to be able to correct deletions or insertions of bits in the secondary channel it is proposed according to the invention to form a secondary frame (11) having a fixed number of frame bits, to fill a fixed part of the secondary frame (11) with data bits (113), an end-bit (114) set to a first bit-value and, if necessary, with filling bits (115) set to a second bit-value, to encode the secondary frame (11) producing encoded data bits (113) and parity bits (112), which are finally embedded in the frame of the main channel (20).

Abstract: A method of selecting a generator matrix (G) for encoding information words (m) including information symbols (m1, m2, mk) into codewords (c) of a code (C) provides an enhanced error correction capability if at least one information symbol (m1, m2, m3) is known a priori to a decoder decoding received, possibly mutilated codewords (r). In order to design a code of which the correction power is enhanced if some information symbols are known to the decoder prior to decoding, the generator matrix (G) is selected such that the minimum Hamming distance of at least one subcode (C?) of the code (C) is larger than the minimum Hamming distance of the code (C), and that a subcode generator matrix (G?) of the at least one subcode (C?) is derived from the generator matrix (G) of the code (C) by omitting the at least one row from the generator matrix (G) corresponding to the at least one a priori known information symbol (m1, m2, m3).