Abstract: A system includes programmable systolic cryptographic modules for security processing of packets from a data source. A first programmable input/output interface routes each incoming packet to one of the systolic cryptographic modules for encryption processing. A second programmable input/output interface routes the encrypted packets from the one systolic cryptographic module to a common data storage. In one embodiment, the first programmable input/output interface is coupled to an interchangeable physical interface that receives the incoming packets from the data source. In another embodiment, each cryptographic module includes a programmable systolic packet input engine, a programmable cryptographic engine, and a programmable systolic packet output engine, each configured as a systolic array (e.g., using FPGAs) for data processing.

Abstract: A system and method for identifying, analyzing, and repairing deviations in a power-on self-test routine (POST) of a computer system is disclosed. The computer system includes a basic input output system (BIOS) including a POST routine executed between power-on and hand off to an operating system. A memory stores a golden image POST code sequence. The controller and BIOS receive a sequence of POST codes from the execution of the POST routine. The sequence of POST codes is compared to the golden image POST code sequence. A deviation in the POST routine is identified based on at least one POST code of the sequence of the POST codes not matching the golden image POST code sequence. The identified deviation may be analyzed for further information in a message. The message may be used to recover from the deviation.

Abstract: A system, method and apparatus for configuring a node in a sensor network. A sensor service can enable sensor applications to customize the collection and processing of sensor data from a monitoring location. In one embodiment, sensor applications can customize the operation of nodes in the sensor network via a sensor data control system.

Abstract: A computer implemented method, system and computing device for identifying a test option associated with an application for a user is described. The method comprises selecting a predefined test indicated by a test identifier associated with the requested application, the test having more than one test option associated therewith, generating a hash of the test identifier and a user identifier associated with the user, processing the hash to generate an index, comparing said index with a distribution of numbers divided into multiple ranges, each range being associated with a test option, and selecting a test option associated with the range into which the index falls. The applications may be computer gaming applications.

Abstract: Techniques are provided for detection of unauthorized encryption in a storage system using key length evaluation. One method comprises determining a key length of an encryption key used to encrypt data associated with one or more write commands in a storage system; evaluating the key length relative to an expected key length; and performing one or more automated remedial actions, such as generating an alert notification, in response to the key length being different than the expected key length. A count of a number of write operations in a given folder can be compared to a number of files in the given folder and an alert notification can be generated in response to the count of the number of write operations in the given folder having a same value as the number of files in the given folder.

Abstract: An indication of a mode of operation to be performed with a block cipher may be received. Logic associated with the block cipher may be configured based on the indicated mode of operation to be performed with the block cipher. Furthermore, an input data and a mask data may be received. The input data may be combined with the mask data to generate a masked input data based on the configured logic. The masked input data may be provided to the block cipher based on the configured logic and an output data may be generated with the block cipher based on the provided masked input data.

Abstract: Embodiments of the present invention disclose a communication method, an apparatus, and a system. The communication method includes: receiving, by a terminal device, a context identifier sent by a second radio access network device, and sending, to a first radio access network device, a first message that includes the context identifier; receiving, by a core network device, a second message sent by the first radio access network device, and sending, to the second radio access network device, a message that includes the context identifier; and receiving, by the core network device, context information of the terminal device that is sent by the second radio access network device, and sending the context information to the first radio access network device. Therefore, communication between the first radio access network device and the second radio access network device is ensured, and working efficiency is improved.

Abstract: A method comprises generating, during an enrollment process conducted in a controlled environment, a dark bit mask comprising a plurality of state information values derived from a plurality of entropy sources at a plurality of operating conditions for an electronic device, and using at least a portion of the plurality of state information values to generate a set of challenge-response pairs for use in an authentication process for the electronic device.

Abstract: Embodiments of the present invention disclose a communication method, an apparatus, and a system. The communication method includes: receiving, by a terminal device, a context identifier sent by a second radio access network device, and sending, to a first radio access network device, a first message that includes the context identifier; receiving, by a core network device, a second message sent by the first radio access network device, and sending, to the second radio access network device, a message that includes the context identifier; and receiving, by the core network device, context information of the terminal device that is sent by the second radio access network device, and sending the context information to the first radio access network device. Therefore, communication between the first radio access network device and the second radio access network device is ensured, and working efficiency is improved.

Abstract: An industrial control system includes an encryption device, a decryption device and a mission-critical communication link connecting the encryption device to the decryption device. The encryption device is configured to send encrypted messages to the decryption device over the mission-critical communication link. The system includes a failure monitor configured to monitor for a failure of the encryption device or the decryption device, and, in the event of failure, to continue the sending of the messages to the decryption device but without encrypting the messages.

Abstract: Example methods and computer systems for encapsulated encrypted packet handling for receive-side scaling (RSS). One example may comprise a first computer system performing encryption and encapsulation on a first inner packet to generate a first encapsulated encrypted packet that includes (a) a first security protocol header and (b) a first outer header configured based on a first security association (SA). The first encapsulated encrypted packet may be forwarded to cause receive-side processing using a first core of a second computer system based on the first outer header. The first computer system may further perform encryption and encapsulation on a second inner packet to generate a second encapsulated encrypted packet that includes (a) a second security protocol header (b) a second outer header configured based on a second SA. The second encapsulated encrypted packet may be forwarded to cause receive-side processing using a second core based on the second outer header.

Abstract: A computer-implemented system for processing a return without receiving an item to minimize network load is disclosed. The system may be configured to receive a return application programming interface (API) call from a user device requesting a return of a returned item; validate the return API call against data records of a networked database; determine that the returned item comprises a plurality of individual items; analyze a return code of the return API call to determine whether a subset of the individual items is defective; determine a portion of a price of the returned item corresponding to the subset of the individual items; generate a refund API call to issue the portion of the price of the returned item as a refund; update the data records of the networked database to record the refund; and transmit a notification to the user device regarding an approval of the return API call.

Abstract: A system and method for on-wing test of an aircraft transponder involves configuring a self-test feature to the transponder's corresponding onboard ACAS to verify the on-board transponder system conforms to each of a plurality of required tests of an aviation oversight authority standard for operation. Once this test is initiated, the ACAS initiates this transponder test interrogating the transponder via a low power signal causing the transponder to reply accordingly. The ACAS performs each required test to ensure proper transponder function and alerts a user with a failure indication and stores each result should the transponder fail any of the plurality of tests.

Abstract: Provided herein are methods and systems for a bill payment platform that enables consumers to make bill payments using simplified methods of communication, such as by using text messages or short messaging service (SMS) messages and the like, through message interfaces provided by the bill payment platform, which may include components for context-based notification, intelligent message interpretation, and regulatory compliance.

Abstract: A method for manipulation-proof storage of payload data is provided, including: storing the payload data in a chain of data records; forming, for each data record in the chain, a current hash value at least using the payload data comprised and stored in the respective data record; storing, in the data record, a predecessor hash value that corresponds to a hash value of a preceding data record, such that in a first data record in the chain, a predetermined root hash value replaces the predecessor hash value; storing, in a persistent memory, a chain of hash values including the current hash value, the predecessor hash value, and the predetermined root hash value, such that content, once stored in the persistent memory, is no longer modifiable or removable from the persistent memory; and storing the data records in a reversible memory that is distinct from the persistent memory.

Abstract: A system and method for identifying missing required data elements in an electronic document. The method includes analyzing the electronic document to identify at least one data element; determining, based on the identified at least one data element and at least one electronic document requirement, whether there is at least one required data element missing from the electronic document; generating a query based on the identified at least one data element upon determining that there is at least one required data element missing from the electronic document; querying a database using the generated query; and modifying, based on a response to the query, the electronic document to include the at least one missing required data element.

Abstract: The systems, methods and apparatuses described herein provide a computing device that is configured to attest itself to a communication partner. In one aspect, the computing device may comprise a communication port configured to receive an attestation request from the communication partner, and an application-specific integrated circuit (ASIC). The ASIC may be configured to receive the attestation request, which may include a nonce. The ASIC may be further configured to generate a verification value, capture data representing a state of computation of the ASIC when the verification value is being generated, and send the verification value and captured data to the communication port to be transmitted back to the communication partner. The verification value may be a computation result of a predefined function taking the nonce as an initial value. In another aspect, the communication partner may be configured to attest the computing device using speed of computation attestation.

Abstract: A multimedia file and methods of generating, distributing and using the multimedia file are described. Multimedia files in accordance with embodiments of the present invention can contain multiple video tracks, multiple audio tracks, multiple subtitle tracks, data that can be used to generate a menu interface to access the contents of the file and ‘meta data’ concerning the contents of the file. Multimedia files in accordance with several embodiments of the present invention also include references to video tracks, audio tracks, subtitle tracks and ‘meta data’ external to the file. One embodiment of a multimedia file in accordance with the present invention includes a series of encoded video frames and encoded menu information.

Abstract: In some embodiments, methods and systems are provided for processing reimbursement requests submitted by retail stores to distribution centers responsible for delivering products to the retail stores. A claim processing server is configured to analyze a reimbursement request, an associated electronic invoice, and a set of business rules, all of which are stored in electronic databases and obtained by the processing server. Based on this analysis, the claim processing server is programmed to either approve or deny the reimbursement request submitted by a retail store, and if the reimbursement request is approved, to generate a corrected invoice to be sent to the distribution center.

Abstract: The present invention aims to improve data protection against illegal access by a strong differentiation of the security level specific on a type of data so that when the protection on a part of the data is violated, the remaining data are still inaccessible. A method for controlling access, via an open communication network, to user private data, comprising steps of: dividing the user private data into a plurality of categories, each category defining a privacy level of the data, encrypting the user private data of each category with a category key pertaining to the category of the data, attributing to a stakeholder an entity configured for accessing to at least one category of user private data, and authorizing the access to the at least one category of user private data for the entity of the stakeholder, by providing the stakeholder with the category keys required for decrypting the user private data of the corresponding category.

Abstract: Systems and methods for data authentication can comprise processing a first secret element to generate a first encrypted secret element, processing a second secret element to generate a non-secret element, and processing the first encrypted secret element and the non-secret element to generate an encrypted data block.

Abstract: A method for updating system information of a computer device is provided. The computer device includes a baseboard management controller (BMC) and a non-volatile memory. The method includes steps of: a) upon activation of the BMC, determining whether the BMC is in a power on reset (PoR) state, and obtaining current system information that is associated with the computer device; b) when it is determined that the BMC is in the PoR state, determining whether system information stored in the non-volatile memory conforms with the current system information; and c) when the determination made in step b) is negative, storing the current system information in the non-volatile memory.

Abstract: Method, system and apparatus for provisioning a subscription of a service to a device comprising: receiving a message from a device, the message protected by first provisioning data installed on the device. Authenticating the message using data corresponding to the first provisioning data. On successful authentication, providing data enabling the device to recover protected second provisioning data from a subscription manager. Providing the device with the protected second provisioning data.

Abstract: A random code generator is installed in a semiconductor chip and includes a PUF cell array, a control circuit and a verification circuit. The PUF cell array includes m×n PUF cells. The control circuit is connected with the PUF cell array. While a enroll action is performed, the control circuit enrolls the PUF cell array. The verification circuit is connected with the PUF cell array. While a verification action is performed, the verification circuit determines that p PUF cells of the PUF cell array are normal PUF cells and generates a corresponding a mapping information, wherein p is smaller than m×n. While the semiconductor chip is enabled, the control circuit reads states of the p normal PUF cells of the PUF cell array according to the mapping information and generates a random code according to the states.

Abstract: Various embodiments include composite security interconnect devices and methods. One method embodiment that may be performed by a composite security interconnect device, also referred to herein as a security controller, includes decrypting a first encrypted input received from a peripheral device with a first encryption key to obtain clear text. The first encryption key may be an encryption key established between the security controller and the peripheral device. The method further includes encrypting the clear text with a second encryption key to obtain second encrypted input, the second encryption key being a key of an encryption key pair established with a transaction processing host.

Abstract: The invention relates to the transmission of multimedia data, which is to be output, from a computer device to a vehicle multimedia device. The vehicle multimedia device has a control device which is designed to determine a piece of vehicle status information in order to transmit said information to the computer device. On the basis of the vehicle status information, the computer device generates release data which determines to what extent the multimedia data is to be output. The computer device transmits the multimedia data and the release data to the vehicle multimedia device, which multimedia device outputs, by means of an output device, the maximum multimedia data to the extent defined by the release data.

Abstract: A path computation element (PCE) central controller (PCECC) comprising a memory comprising executable instructions and a processor coupled to the memory and configured to execute the instructions. Executing the instructions causes the processor to receive a request to compute a path through a network, the request comprising a plurality of computational tasks, divide the computational tasks into a plurality of groups of computational tasks, transmit at least some of the plurality of groups of computational tasks to a plurality of path computation clients (PCCs) for computation by the PCCs, and receive, from the PCCs, computation results corresponding to the plurality of groups of computational tasks.

Abstract: Methods, apparatus, and systems are disclosed for, among other things, secure passphrase handling for computing devices. In one respect, a method is provided. The method includes receiving a plurality of passphrase elements from an input device. The method also includes performing a sequence of secure delay processing operations, each operation generating a delayed output value from an initial value. The passphrase is verified upon completion of the sequence of secure delay processing operations. Further, initial values of respective secure delay processing operations are based on respective passphrase elements and, for each secure delay processing operation after a first secure delay processing operation, a delayed output value from at least one other secure delay processing operations.

Abstract: Systems, methods, and computer-readable storage devices storing instructions for homomorphic encryption via finite ring isomorphisms are provided. An example method includes selecting a polynomial f(x) of exact degree n with small coefficients in a ring Fq[x] and selecting a polynomial h(y) of exact degree n in a ring Fq[y]. The method includes constructing an isomorphism from the ring Fq[x]/(f(x)) to the ring Fq[y]/(h(y)) and constructing an inverse isomorphism from the ring Fq[y]/(h(y)) to the ring Fq[x]/(f(x)). The method includes encrypting a message using said isomorphism from the ring Fq[x]/(f(x)) to the ring Fq[y]/(h(y)) and transmitting the encrypted message to a remote computer. The method also includes receiving one or more encrypted response messages from the remote computer based at least in part on the transmitted message and decrypting the one or more encrypted response messages.

Abstract: A method for reading or writing data at an address of a memory is disclosed. The data includes a number of consecutive words that each has a plurality of bits. The words are transferred to or from the memory in synchronization with a clock signal so that each word is transferred in one cycle of the clock signal. The bits are scrambled or unscrambled by applying a logic function to the bits of each word. The logic function is identical for the scrambling and the unscrambling and makes use of a bit-key that is dedicated to the word and is identical for the scrambling and the unscrambling. Each bit-key comes from a pseudo-random series generated based on the address.

Abstract: A method and apparatus may include receiving a request to restore access to digital assets of a digital wallet. The digital assets are accessed via M-number of cryptographic keys. Access to at least N-out-of-M keys is necessary in order to access the digital assets at a given time. N is a number less than M. The M-number of keys include at least a first key, a second key, and a third key. One of the M keys is stored on a first server. One of the M keys is stored on a second server. The key stored on the first server corresponds to the second key. The key stored on the second server corresponds to the third key. The second server is separated from the first server. With certain embodiments, the second server is totally disconnected from any network.

Abstract: Example implementations relate to non-volatile storage of management data. In example implementations, a system is disclosed, the system including a plurality of computing devices, a management device, and a non-volatile memory including a plurality of management spaces corresponding to the plurality of computing devices. In example implementations, at least one of the plurality of management spaces is to be accessible by the management device and by the corresponding computing device, be inaccessible by computing devices other than the corresponding computing device, and store management data associated with the corresponding computing device.

Abstract: A storage device can include processing and cryptographic capability enabling the device to function as a hardware security module (HSM). This includes the ability to encrypt and decrypt data using a cryptographic key, as well as to perform processing using such a key, independent of whether that processing involves data stored on the device. An internal key can be provided to the drive, whether provided before customer software access or received wrapped in another key, etc. That key enables the device to perform secure processing on behalf of a user or entity, where that key is not exposed to other components in the network or environment. A key may have specified tasks that can be performed using that key, and can be discarded after use. In some embodiments, firmware is provided that can cause a storage device to function as an HSM and/or processing device with cryptographic capability.

Abstract: Systems and methods of restraining reverse engineering process for analog integrated circuit use techniques of adding dummy devices, device fragmentation, increasing bus width, employing different layouts for the same circuit element and mixing different types of passive devices increase complexity and makes the layout floorplan more difficult to be extracted for the reverse engineering. The system adds dummy devices and ensures the extra devices and capacitance do not affect the target circuit performance.

Abstract: There is provided a device or a method for executing an operation of a cryptographic scheme, the operation being applied to a given state of a data block of original data, the operation being defined in a basis ring corresponding to the quotient of a starting ring by a basis ideal generated by at least one element of the starting ring. The operation is executed from a state derived from the current state of the data block, in at least one reference ring, which provides a reference value for each reference ring, each reference ring being the quotient of the starting ring by a reference ideal.

Abstract: A method and a program capable of controlling an error rate of device-specific information are provided.

Abstract: Provided is a display device that has a usage validity period and confirms that the device is within the usage validity period when it is used, and can be improved in usefulness and can be used quickly, as well as a usage management method and program for the display device. The display device includes: a real-time clock; and, a control unit that, upon receiving a video display-ON signal for turning on video display under the condition that the status of the real-time clock is invalid, displays video corresponding to an input video signal.

Abstract: A computer-implemented method is provided for encrypting a message using a plurality of keys and a plurality of encryption algorithms. The method includes mapping, by the computing device, each of the plurality of keys to an encryption algorithm randomly selected from the plurality of encryption algorithms, and storing, by the computing device, in an index table the plurality of keys correlated to their respective encryption algorithms. The method also includes decomposing, by the computing device, the message into one or more message segments and encrypting, by the computing device, each of the one or more message segments using the index table. The method further includes transmitting, by the computing device, at least one of the index table or the one or more encrypted message segments to a receiving computing device over the electronic network.

Abstract: In one embodiment, the present invention includes a method to establish a secure pre-boot environment in a computer system and performs at least one secure operation in the secure environment. In one embodiment, the secure operation may be storage of a secret in the secure pre-boot environment.

Abstract: A method and apparatus of a network element that authenticates a field replaceable unit of the network element is described. The network element authenticates a field replaceable unit of the network element by generating a nonce. In addition, the network element generates a signature using a nonce and a private encryption key that is securely stored in the field replaceable unit. The network element further verifies the signature using a public encryption key that is a pair to the private encryption key and is not securely stored in the field replaceable unit. If the field replaceable unit is verified, the network element uses the field replaceable unit to operate the network element. Otherwise, the network element disables the field replaceable unit.

Abstract: In one example, a system for accessing services comprises a processor to detect a change in a topology of the system and request configuration data or a firmware image stored in secure storage of a wireless credential exchange or EEPROM, wherein the configuration data indicates an authorized stackable topology map for the system. The processor can also determine the change in the topology is allowed based on the authorized stackable topology map and execute an internet or local based service comprising a modification based on the change to the topology of the system, the service with the modification to be executed in response to a transmission of the change to the service.

Abstract: The present invention relates to a method to provide a dynamic change of security configurations in an integrated circuit product adapted to execute at least a given critical process and susceptible to be attacked. The method comprises the steps of tracking successive executions of the given critical process, and after a given number of such executions, triggering a change of the security configuration.

Abstract: A method, computer program product, and computer system for identifying, by a computing device, a change to at least one record of a plurality of records in a multi-record update. At least one problem condition associated with the change to the at least one record is determined, wherein the at least one problem condition is determined via at least one problem definition object before the change is saved. The at least one problem condition is organized on a display. An action is executed on the at least one problem condition displayed.

Abstract: Methods and apparatus, including computer program products, are provided for adaptive security. In one aspect there is provided a method. The method may include receiving, at a user equipment, at least one policy update representative of a rule defining at least one of a security level and an operation allowed to be performed at the security level; monitoring a configuration of the user equipment to determine whether the configuration of the user equipment violates the at least one policy update; and adapting, based on the monitoring, at least one of a security indicator at the user equipment and the operation at the user equipment. Related apparatus, systems, methods, and articles are also described.

Abstract: The systems, methods and apparatuses described herein provide a computing device that is configured to attest itself to a communication partner. In one aspect, the computing device may comprise a communication port configured to receive an attestation request from the communication partner, and an application-specific integrated circuit (ASIC). The ASIC may be configured to receive the attestation request from the communication port. The attestation request may include a nonce generated at the communication partner. The ASIC may be further generate a verification value and send the verification value to the communication port to be transmitted back to the communication partner. The verification value may be a computation result of a predefined function taking the nonce as an initial value. In another aspect, the communication partner is configured to attest the computing device using speed of computation attestation.

Abstract: The systems, methods and apparatuses described herein provide a computing device that is configured to attest itself to a communication partner. In one aspect, the computing device may comprise a communication port configured to receive an attestation request from the communication partner, and an application-specific integrated circuit (ASIC). The ASIC may be configured to receive the attestation request, which may include a nonce. The ASIC may be further configured to generate a verification value, capture data representing a state of computation of the ASIC when the verification value is being generated, and send the verification value and captured data to the communication port to be transmitted back to the communication partner. The verification value may be a computation result of a predefined function taking the nonce as an initial value. In another aspect, the communication partner may be configured to attest the computing device using speed of computation attestation.

Abstract: A system, method and apparatus for configuring a node in a sensor network. A sensor service can enable sensor applications to customize the collection and processing of sensor data from a monitoring location. In one embodiment, sensor applications can customize the operation of nodes in the sensor network via a sensor data control system.

Abstract: A transmission unit for connection to a first bus system, the transmission unit receiving messages via the first bus system, the messages being constructed as a succession of a first bit sequence, of at least one control signal and of a second bit sequence, the first bit sequence of a received message being forwarded by the transmission unit to a processing station, at least one predefined control signal of the received message being checked by the transmission unit, the second bit sequence of the received message being forwarded by the transmission unit to the processing station if the predefined signal of the received message has a predefined value, instead of the second bit sequence, the transmission unit sending a predefined or predefinable terminating bit sequence to the processing station, if the predefined control signal of the received message has a value that deviates from the predefined value.

Abstract: In one embodiment, a system includes a processor and logic integrated with and/or executable by the processor, the logic being configured to cause the processor to receive a data stream including data for encryption, insert one or more test vectors between individual blocks of data of the data stream, encrypt the blocks of data including the one or more test vectors to produce an encrypted data stream including one or more encrypted test vectors, decrypt the encrypted data stream including the one or more encrypted test vectors, compare each decrypted test vector with a corresponding inserted test vector, and report results of the comparison. Other systems, methods, and computer program products for self testing an encryption/decryption cycle are described according to more embodiments.

Abstract: A system comprising a processor adapted to activate multiple security levels for the system and a monitoring device coupled to the processor and employing security rules pertaining to the multiple security levels. The monitoring device restricts usage of the system if the processor activates the security levels in a sequence contrary to the security rules.