Abstract: A user device presents a user interface (UI) that enables user selection or entry of configuration parameters for configuring a location spoofing detection service to be performed for at least one wireless device. The user device receives, via the UI, configuration parameters that comprise one or more user-selected location determining sources, selected from among multiple different location determining sources presented via the UI, for use in performing the location spoofing detection service. The user device sends the configuration parameters to another device for configuring the location spoofing detection service for the at least one wireless device.

Abstract: Aspects of the present disclosure describe a method and a system to support execution of the method to perform a cryptographic operation involving identifying an N-word number, X=XN?1 . . . X1Xo, to be squared, performing a first loop comprising M first loop iterations, wherein M is a largest integer not exceeding (N+1)/2, each of the M first loop iterations comprising a second loop that comprises a plurality of second loop iterations, wherein an iteration m of the second loop that is within an iteration j of the first loop comprises computing a product Xa*Xb of a word Xa and a word Xb, wherein a+b=2j+m, j?0 and m?0, and wherein all second loops have an equal number of second loop iterations.

Abstract: Examples are disclosed herein to implement remote authentication and passwordless password reset. An example server includes: at least one processor to forward executable instructions to a client device, the executable instructions, when executed at the client device, to cause the client device to: authenticate a user of an account based on a biometric authentication factor; obtain a local storage key by decrypting an encrypted local storage key with a cloud key obtained from a remote authentication server, the cloud key associated with the client device; decrypt a key bag with the local storage key, the key bag including a content encryption key and an encrypted credential encrypted with the content encryption key, the encrypted credential associated with the user; and decrypt the encrypted credential with the content encryption key to obtain a credential without the user supplying a master password associated with the account.

Abstract: Secure, semi-classical authentication schemes are presented. An authentication token is generated by applying a pre-determined measurement to a plurality of random quantum states to obtain a sequence of classical measurement outcomes. The token is validated by receiving the classical measurement outcomes and verifying whether the sequence corresponds to a statistically plausible result for the pre-determined measurement of the plurality of quantum states.

Abstract: An information processing device (100) has: an acquisition unit (131) which acquires, from a second terminal device (50) of a second user, an encryption search index, which is a search keyword encrypted by searchable encryption using a shared key and a verification key acquired from a first terminal device (10) of a first user who owns a document, and an identifier of the second user who searches for the document; a test unit (132) which checks a database, in which the encrypted-document index of an encrypted keyword of the document generated in the first terminal device (10), an encrypted document associated with the encrypted-document index, and a test key and a re-encryption key corresponding to the second user are registered, and tests the encryption search index by using the test key based on the identifier of the second user; and a generation unit (133, 134) which encrypts the encrypted document, which has been searched for by using the tested encryption search index, by the re-encryption key based on t

Abstract: Methods, systems, and devices for quantum key distribution (QKD) in passive optical networks (PONs) are described. A PON may be a point-to-multipoint system and may include a central node in communication with multiple remote nodes. In some cases, each remote node may include a QKD transmitter configured to generate a quantum pulse indicating a quantum key, a synchronization pulse generator configured to generate a timing indication of the quantum pulse, and filter configured to output the quantum pulse and the timing indication to the central node via an optical component (e.g., an optical splitter, a cyclic arrayed waveguide grating (AWG) router). The central node may receive the timing indications and quantum pulses from multiple remote nodes. Thus, the central node and remote nodes may be configured to communicate data encrypted using quantum keys.

Abstract: A device and method manage digital data. The device and method may receive a trusted-phrase text string at a client device. The device and method may receive an application pin number (APN) associated with a user. The device and method may process the APN to determine a selector value. The device and method may extract a portion of the trusted-phrase text string based on the selector value to yield a sub-trusted-phrase text string, generating a storage access ID (SAID), the SAID including the APN and the sub-trusted-phrase-text string encrypted using the trusted-phrase text string as an encryption phrase; and, outputting the SAID to an external device, for creation of a data storage location at a storage server, the data storage location having a name based on the SAID. The device and method may include ability to recover the trusted-phrase text string.

Abstract: A method for managing network live streaming data and a related apparatus, device and storage medium, the method includes: a stream pushing request transmitted by a data access device is received; a stream pushing parameter set based on a media content feature of stream pushing data from multiple data sources in the data access device is determined; a target port is then determined according to the stream pushing parameter; the stream pushing data transmitted by the data access device is further received through the target port; and the stream pushing data is pushed to a live streaming device, so that the live streaming device plays media content data in a network live streaming process. In this way, a process of combining media content of multiple terminals and performing network live streaming is implemented.

Abstract: A method includes a preparation step and a key agreement step. In the preparation step, a first quantum key distribution (QKD) device at a first location and a second QKD device at a second location distant from the first location together create a quantum secured key according to a QKD protocol, and a first encryption device at the first location and a second encryption device at the second location together create a symmetrically encrypted channel between the first location and the second location using the quantum secured key. In the key agreement step, a first key agreement device at the first location and a second key agreement device at the second location together create an encryption key via the symmetrically encrypted channel.

Abstract: According to an embodiment, a communication device includes one or more processors. The processors share encryption keys with a plurality of external communication devices. The processors, based on residual quantities of the encryption keys, decide on a route for sending transmission data. The processors encrypt, for each external communication device of one or more external communication devices included in the route, a header in which the external communication device is set as a destination, using an encryption key shared with the external communication device. The processors generate a packet that includes the transmission data and encrypted headers for the one or more external communication devices. The processors send the generated packet along the route.

Abstract: The messages established on a communication path between two nodes are increasingly encrypted. However, the devices present on the communication path may intervene to transport the messages and to read, edit or add data in the messages. It may also be desirable that only “authorized” devices can carry out these actions. In order to intervene on these data, it would be necessary that the devices on the communication path have available all the keys used by the nodes to encrypt and decrypt the data of the messages, which is difficult to envisage. A modification method enables a device, capable of intercepting a data message on a communication path between two nodes, to edit the data under the control of the nodes, while ensuring that a device cannot access the data edited by another device on the path.

Abstract: A quantum communications system includes a communications system that operates with a quantum key distribution (QKD) system, which includes a transmitter node, a receiver node, and a quantum communications channel coupling the transmitter node and receiver node. The transmitter node may be configured to transmit to the receiver node a bit stream of optical pulses, and switch between first and second QKD protocols based upon at least one channel condition.

Abstract: A system and method are provided for mitigating key-exhaustion attacks in a key exchange protocol. The method includes computationally confirming an exchange of key bits has provided fresh shared key material before information theoretically confirming the exchange of key bits has provided fresh shared key material, while maintaining synchronization between messaging parties. In one implementation, maintaining synchronization includes updating keys in between each post-processing message session and managing a local state of each messaging party in the key exchange protocol prior to sending a next post-processing message. In another implementation, maintaining synchronization includes hiding a message containing the information theoretic authenticator by executing a decoy authentication process, prior to using an information theoretical key.

Abstract: A first copy of a True Random Number (TRN) pool comprising key data of truly random numbers in a pool of files may be stored on a sender and a second copy of the TRN pool is stored on a receiver. An apparent size of the TRN pool on each device is expanded using a randomizing process for selecting and re-using the key data from the files to produce transmit key data from the first copy and receive key data from the second copy.

Abstract: A system for provisioning credentials onto an electronic device is provided. The system may include a payment network subsystem, a service provider subsystem, a primary user device, and a secondary user device. The user may select a particular payment card to provision onto the secondary user device by providing an input at the primary user device. A broker module running on the service provider subsystem may then transfer a disabled pass to the secondary user device. Concurrently, the payment network subsystem may direct a trusted service manager module on the service provider subsystem to write credential information onto a secure element within the secondary user device. Once the secure element has been updated, the broker module may provide an activated pass to the secondary user device so that the secondary user device can be used to perform NFC-based financial transactions at a merchant terminal.

Abstract: Disclosed are a security authentication method and an apparatus thereof, and an electronic device.

Abstract: Disclosed herein is a method of a communication device, wherein the communication device is configured to operate in connection with an access node associated with a wireless communication network. The method comprises receiving a first data packet comprising a write request for writing code and/or data to a non-volatile memory comprised in the communication device and determining whether a second data packet comprising an identifier associated with the first data packet is received. When it is determined that the second data packet comprising the identifier is received, the method comprises extracting the identifier from the second data packet, wherein the identifier is a radio access layer parameter, determining whether the identifier is trusted, determining whether the identifier is validated when it is determined that the identifier is trusted and accepting at least a subset of the write request when it is determined that the identifier is trusted and validated.

Abstract: Methods, systems, and apparatus for solving computational tasks using quantum computing resources. In one aspect a method includes receiving, at a quantum formulation solver, data representing a computational task to be performed; deriving, by the quantum formulation solver, a formulation of the data representing the computational task that is formulated for a selected type of quantum computing resource; routing, by the quantum formulation solver, the formulation of the data representing the computational task to a quantum computing resource of the selected type to obtain data representing a solution to the computational task; generating, at the quantum formulation solver, output data including data representing a solution to the computational task; and receiving, at a broker, the output data and generating one or more actions to be taken based on the output data.

Abstract: Techniques for provisioning a key server to facilitate secure communications between a web server and a client by providing the client with a first data structure including information on how the web server may obtain a target symmetric key are presented. The techniques can include: provisioning the key server with a second data structure including information on how the key server may generate the first data structure; receiving a request on behalf of a web server for a third data structure comprising information on how the client may obtain the first data structure from the key server; and obtaining the third data structure, such that the third data structure is published in association with an identification of the web server, and such that the client uses the third data structure to obtain the first data structure and uses the first data structure to communicate with the web server.

Abstract: Various embodiments of the present application set forth a computer-implemented method that includes generating, based on a resource file stored at an endpoint device, a credential data packet for authenticating with a first application executing in a first network, where the resource file includes a set of encryption keys associated with a plurality of applications including the first application, and where the credential data packet is encrypted with a device key signed by the endpoint device, and the credential data packet is signed by an endpoint device management (EDM) key extracted from the set of encryptions keys included in the resource file, sending, by the endpoint device, the credential data packet to the first application via a trusted communication channel, and receiving, by the endpoint device and in response to the credential data packet, an authorization packet from the first application via the trusted communication channel.

Abstract: A first intermediate key management system (KMS) server of a distributed KMS receives a key lookup service (KLS) query from a KMS client for determining an identity of KMS server(s) that are capable of performing a first operation with a first managed key. The first intermediate KMS server is one of the intermediate KMS servers of the distributed KMS. The first KMS server determines the identity of one or more of the KMS servers that are capable of performing the first operation with the first managed key. The first KMS server transmits a KLS response to the KMS client that includes the identity of the KMS server(s) that are capable of performing the first operation with the first managed key.

Abstract: Methods and systems for key generation and device management are disclosed. A root key can be stored on a component which can be integrated with a device, and the component can store a product class identifier. The product class identifier can define a class of products, devices, features, hardware components, or other entities. One or more keys can be generated and stored on the devices based on the product class identifier and the root key. A network operator or service provider can then provide services to a class of devices that includes the device, or perform and manage other functions. The services can be authorized or otherwise implemented based on the one or more new keys stored at the devices within the class of devices.

Abstract: The technology disclosed herein provides a cryptographic key wrapping system for verifying device capabilities. An example method may include: accessing, by a processing device, a wrapped key that encodes a cryptographic key; executing, by the processing device in a trusted execution environment, instructions to derive the cryptographic key in view of the wrapped key, wherein the executing to derive the cryptographic key comprises a task that consumes computing resources for a duration of time; using the cryptographic key to access program data; executing, by the processing device, the program data, wherein the executed program data evaluates a condition related to the duration of time; and transmitting a message comprising an indication of the evaluated condition.

Abstract: An end-to-end group messaging method or apparatus organizes a plurality of local groups of members into local-group (LG) trees and a public-group (PG) tree. Each tree has a plurality of nodes including a root node connecting to a plurality of leaf nodes. Each LG tree corresponds to a local group. Each member of a local group is associated with a leaf node of the corresponding LG tree. Each LG tree is associated with a leaf node of the PG tree. Members of a same local group may establish communication therebetween by using a group key associated with the root node of the LG tree of the local group. Members of all local groups may establish communication therebetween by using a group key associated with the root node of the PG tree.

Abstract: When a user attempts to execute a procedure for transfer or the like from an app, user authentication is first required by a PIN code or the like. When the user authentication is successful, function limitation of an IC chip is released and a mode in which a function provided by the IC chip can be used is set. The app encrypts a procedure message describing procedure content with a private key using the function of the IC chip and creates an electronic signature. When the electronic signature and the procedure message are sent to an online service server, the server verifies the electronic signature using the corresponding electronic certificate. When the procedure message is sent from a valid user and it is confirmed as a result of the verification that the content is not altered, the server executes the procedure for transfer or the like in accordance with the content of the procedure message.

Abstract: A monitoring system and associated methodology for response to incidents sensed by at least one sensor of an individual signal unit includes transmission to a central control facility by the individual signal unit, of at least a unique identifying code for that individual signal unit, over a communication network; the response includes a transmission of data from said central control facility to one or more recipients nominated by a registered owner of the individual signal unit wherein registration of the individual signal unit and configuration of sensing and of said response is via a web-based interface.

Abstract: Embodiments of a device and method are disclosed. In an embodiment, a method for network segmentation of a network deployed at a customer site involves establishing a tunnel between a network device of the network deployed at the customer site and a network port of a switch of the network deployed at the customer site, when a wired device is plugged into the network port of the switch, transmitting network traffic between the wired device and the network device through the tunnel, facilitating a security operation regarding the wired device, and based on a result of the security operation, performing a network segmentation operation regarding the wired device.

Abstract: A method for a quantum key distribution from a first target node to a second target node across a network via an entanglement-based protocol, including the following steps: transferring entangled particles from a load node to the first target node and to at least one intermediate node; generating a quantum key with the entangled particles transferred to the first target node and the at least one intermediate node; transmitting the quantum key to the second target node on a first path located on the network with a stage of secure quantum key transmission agreement starting from the at least one intermediate node by encrypting intervals of binary nodes with pre-shared quantum keys; and providing a secure communication with the quantum keys between the first target node and the second target node on a second path located on the network.

Abstract: An example operation includes one or more of generating, by a channel peer, a random value to be associated with a channel name, mapping, by the channel peer, the random value to a block range, receiving, by the channel peer, a channel-MAC from a second peer, and validating the channel-MAC based on the channel name and the random value.

Abstract: Data security across data residency restriction boundaries is provided by obtaining and profiling a dataset on which a desired analysis is to be performed, with some results of the desired analysis to be transferred from one location to another, the dataset subject to data residency restrictions that restrict transfer of the dataset across a boundary to the another location, and the profiling identifying a profile level for the dataset, then automatically generating a container image based on the profile level and the data residency restrictions that restrict the transfer of the dataset across the boundary, the container image configured for instantiation and execution to process the dataset into a reformatted dataset not restricted by the data residency restrictions for transfer across the boundary, and storing the container image to a container registry.

Abstract: The present disclosure includes systems and methods for quorum-based data processing, in which quorum portions are distributed to candidate participants in determined proportions that control groups of required participants. In exemplary embodiments, a server generates a plurality of quorum portions from original data, wherein the original data includes secret information for data processing within a secured computing environment, and wherein at least a predetermined minimum number of the quorum portions are required to reconstruct the original data. Sets of quorum portions are determined from said plurality of quorum portions, wherein each set includes a respective proportion of the plurality of quorum portions, and at least one set includes a larger proportion of the quorum portions. Each set of quorum portions is distributed to a respective one of a plurality of computing devices associated with respective participants over a data network within a secured computing environment.

Abstract: In an approach, a processor obtains an encrypted data key and a first encrypted protection key from a storage device. A processor sends the first encrypted protection key to a first device. A processor obtains a protection key from the first device, wherein the protection key is generated by the first device through decrypting the first encrypted protection key. A processor decrypts the encrypted data key using the protection key to obtain a data key.

Abstract: Systems and methods for a dynamic encryption model in which dynamic encryption keys are associated with an access token having an expiration time. The access token is generated for a user session of a user application seeking to make API calls to a service provider system. When the access token expires, or becomes otherwise invalid, the dynamic encryption keys are discarded, and any further API calls are made using an updated access token and updated dynamic encryption keys. The dynamic encryption keys are used to encrypt specially designated fields of API calls and/or API call results.

Abstract: Methods and systems for resetting a digital credential within a digital credential based authentication system. The method includes logging a first administrative user into the digital credential system, receiving, from the first administrative user, a first portion of authentication credentials for a first customer, validating, by the first administrative user using the digital credential system, the first portion, logging a second administrative user into the digital credential system, receiving, from the second administrative user, a second portion of authentication credentials for the first customer, receiving the second portion by the second administrative user, validating, by the second administrative user using the digital credential system, the second portion; and resetting the authentication credentials based on the validation of the first portion and second portion.

Abstract: System and methods of the disclosed subject matter provide segregating, at a memory storage coupled to a multitenant database system, first tenant data of a first tenant from at least second tenant data of a second tenant, based on a first tenant identifier. A first encryption key associated with the first tenant may be retrieved from a key cache memory based on the first tenant identifier, to encrypt one or more fragments of the first tenant data. The fragments of the first tenant data may be encrypted based on the retrieved encryption key. Non-encrypted header information may be generated for each of the encrypted fragments of the first tenant data, where the header information may have metadata including the first tenant identifier. The encrypted fragments of the first tenant data and the corresponding non-encrypted header information may be stored in the immutable storage.

Abstract: This application describes methods, mediums, and systems for verifying a device for use in a messaging system. Using the device verification procedures described, a messaging system can securely authorize new devices to send and receive encrypted messages on behalf of a user, preferably without the need to share a private encryption key between the users' different devices. The application describes several techniques that can be used to provide such a system, including distributing a computer-perceptible code that encodes encryption information between a secondary device and a primary device. This allows the information to be distributed without intervention by a server. Other techniques provide unique ways to build and reverify authorized device lists, distribute encryption keys in chat channels, ensure that lists of authorized devices are distributed in the correct order and remain valid for an appropriate amount of time, add new devices to an ongoing or new conversation, and more.

Abstract: Disclosed are various embodiments for an authentication service. A unique identifier is associated with a device access token for a client to be authenticated. An authentication identifier is sent to an authenticated client. The client to be authenticated communicates the authentication identifier and unique identifier to the authentication service to complete authentication.

Abstract: A processing unit and a method of operating a processing unit. In an embodiment, the processing unit comprises a SIMON block cipher for transforming plaintext data into encrypted data. A key expansion module generates and outputs one or more encryption keys; and the key expansion module includes a first series of adiabatic registers for holding key generation data values, and for using adiabatic switching to transmit the key generation data values through the first series of adiabatic registers. A round function module receives the plaintext data and the one or more encryption keys, encrypts the plaintext data to generate the encrypted data, and outputs the encrypted data; and the round function module includes a second series of adiabatic registers for holding encryption data, and for using adiabatic switching to transmit the encryption data through the second series of adiabatic registers.

Abstract: Providing selective peer-to-peer monitoring using MBeans by providing a federation of peer-to-peer network servers based on the MBeans, and enabling each of the peer-to-peer networks servers to selectively monitor data associated with at least a subset of the peer-to-peer network servers using at least one of the MBeans.

Abstract: A non-transitory computer-readable storage medium comprising instructions stored thereon. When executed by at least one processor, the instructions may be configured to cause a computing system to at least receive a message, the message including a header, an encrypted symmetric key, and an encrypted body, decrypt the encrypted symmetric key using a private key to generate a decrypted symmetric key, decrypt the encrypted body using the decrypted symmetric key to generate a decrypted body, and store the header, the decrypted symmetric key, and the decrypted body in long-term storage.

Abstract: A system with methods to enhance key strength for a quantum shared key which is derived by a conventional quantum key distribution protocol and the system provides a single optical communication channel with security protection mechanism for key distribution without relying on an authenticated public classical channel. The system is implemented with technology in combination of key-strength enhancement, re-encoding operation, density-matrix verification, and grating control for a single optical communication channel where the system can be integrated with a conventional Quantum-Key-Distribution protocol such as BB84 or B92, but excluding GHz-clocked QKD system. Thereby, the system can help a known QKD system to overcome current drawbacks of an apparatus implemented over a conventional QKD protocol so as to derive an enhanced quantum shared key.

Abstract: Secure credentials (e.g., Diffie Helman (DH) key pairs) may be generated independently of requests to establish communication channels between storage system ports (SSPs) and remote ports, such that secure credentials are pre-generated relative to the requests for which they are utilized to establish secure communication channels. For example, DH key pairs may be pre-generated, and each DH key pair stored in an entry of a DH key table. The number of DH keys to generate and store may be determined based on user input and/or the number of potential communication channels for the storage system. In response to a request to establish a communication channel, an IKE session may be executed, during which a pre-generated DH key pair may be obtained from the DH key table, from which symmetric for secure communication between the SSP and the remote port may be derived.

Abstract: Methods, systems, and devices for wireless communications are described. A user equipment (UE) and a serving base station may locally store secret information (e.g., side information, such as a secret key, a public key, etc.) that is used to protect physical (PHY) layer channel or signal transmissions. The UE and the serving base station may determine a next value of a pseudo random sequence that is a function of a current value of the pseudo random sequence and the secret information and may use the next value to determine a time-varying parameter. The UE and the serving base station may use this time-varying parameter to determine which tones, which symbols periods, or which sequence, is being used for a subsequent communication of a PHY layer channel or signal.

Abstract: The disclosure details the implementation of an apparatus, method, and system comprising a portable device configured to communicate with a terminal and a network server, and execute stored program code in response to user interaction with an interactive user interface. The portable device contains stored program code configured to render an interactive user interface on a terminal output component to enable the user the control processing activity on the portable device and access data and programs from the portable device and a network server.

Abstract: Providing cascading quantum encryption services is disclosed. In one example, a first quantum computing device provides a plurality of encryption services that include one or more quantum encryption services and one or more classical encryption services. To encrypt a payload for transmission, the first quantum computing device selects a first encryption service from among the plurality of encryption services. The first quantum computing device then detects that the first encryption service is compromised. In response to detecting that the first encryption service is compromised, the first quantum computing device selects a second encryption service from among the plurality of encryption services, and encrypts the payload using the second encryption service. By automatically “cascading” from the first encryption service to the second encryption service in this manner, the first quantum computing device may ensure the secure communication of the payload to the second quantum computing device.

Abstract: Systems and methods that may be used to provide policies and protocols for blocking decryption capabilities in symmetric key encryption using a unique protocol in which key derivation may include injecting a random string into each key derivation. For example, a policy may be assigned to each client device indicating whether the client device has been assigned encryption only permission or full access permission to both encrypt and decrypt data. The disclosed protocol prevents client devices with encryption only permission from obtaining keys for decryption.

Abstract: The disclosure details the implementation of an apparatus, method, and system comprising a portable device configured to communicate with a terminal and a network server, and execute stored program code in response to user interaction with an interactive user interface. The portable device contains stored program code configured to render an interactive user interface on a terminal output component to enable the user the control processing activity on the portable device and access data and programs from the portable device and a network server.

Abstract: The systems and methods relate to virtual radio access networks (vRANs). The systems and methods may offload a signal processing task of a physical layer from a vRAN server located at the far edge of a network nearby a base station to a remote location further away from the base station. The remote location may include higher level edge deployments of servers or a cloud deployment of servers. The system and methods may scale the vRAN server capacity by offloading the signal processing task to the remote location without compromising quality of service requirements or latency requirements of the user equipment or the applications.

Abstract: Methods, systems and apparatus for implementing a quantum gate on a quantum system comprising a second qubit coupled to a first qubit and a third qubit. In one aspect, a method includes evolving a state of the quantum system for a predetermined time, wherein during evolving: the ground and first excited state of the second qubit are separated by a first energy gap ?; the first and second excited state of the second qubit are separated by a second energy gap equal to a first multiple of ? minus qubit anharmoniticity?; the ground and first excited state of the first qubit and third qubit are separated by a third energy gap equal to ??; and the first and second excited state of the first qubit and third qubit are separated by a fourth energy gap equal to the first multiple of the ? minus a second multiple of .

Abstract: Data integrity logic is executable by a processor to generate a data integrity code using a hardware-based secret. A container manager, executable by the processor, creates a secured container including report generation logic that determines measurements of the secured container, generates a report according to a defined report format, and sends a quote request including the report. The defined report format includes a field to include the measurements and a field to include the data integrity code, and the report format is compatible for consumption by any one of a plurality of different quote creator types.