Abstract: A method for whitebox cryptography is provided for computing an algorithm (m,S) with input m and secret S, using one or more white-box encoded operations. The method includes accepting an encoded input c, where c=Enc(P,m); accepting an encoded secret S?, where S?=Enc(P,S); performing one or more operations on the encoded input c and the encoded secret S? modulo N to obtain an encoded output c?; and decoding the encoded output c? with the private key p to recover an output m? according to m?=Dec(p,c?), such that m?=(m,S).

Abstract: A cryptographic key is associated with an identifier (ID) of an electronic gaming machine (EGM). A computing device receives a coupon redemption request including an electronic payment coupon having the EGM ID and a credit amount. The computing device authenticates the electronic payment coupon based at least in part on the cryptographic key associated with the EGM ID and transmits a redemption confirmation when the electronic payment coupon is successfully authenticated. The computing device also stores a cancellation associated with the electronic payment coupon. The cancellation indicates that the electronic payment coupon has been redeemed for the credit amount. Such an electronic payment coupon may, for example, be generated by an EGM and/or be redeemed using an EGM and/or any other computing device capable of receiving the electronic payment coupon, transmitting a redemption request, and providing the credit amount to a user.

Abstract: Embodiments of the present disclosure disclose a network roaming protection method and related device. The method includes: receiving, by a visited session management device, a first session establishment request that includes a first security requirement; obtaining, by the visited session management device, a target security policy, where the target security policy is obtained by processing the first security requirement set and a second security requirement set using a preset rule; and sending the target security policy to the UE instructing the UE to generate a target shared key based on a reference shared key and according to a rule defined by the target security policy, where the target shared key is used to protect secure end-to-end data transmission between the UE and the visited gateway.

Abstract: Systems and methods described herein discuss securing user-entered data in-transit between a first device and a second device. A user may enter text in a document. A first device may analyze the document to identify the user-entered text. The user-entered text may be separated from the document and transformed into an image using a machine learning algorithm. Transforming the text into an image may secure the data in-transit from the first device to a second device. The second device may receive the image and the document from the first device. The second device may reconstruct the user-entered text from the received image and re-assemble the document from the received document and the reconstructed user-entered text.

Abstract: A system that incorporates the subject disclosure may include, for example, instructions which when executed cause a device processor to perform operations comprising sending a service request to a remote management server; receiving from the management server an authentication management function and an encryption key generator for execution by a secure element and an encryption engine for execution by a secure device processor, sending a request to establish a communication session with a remote device; and communicating with the remote device via a channel established using an application server. The secure element and the secure device processor authenticate each other using a mutual authentication keyset. The secure element, the secure device processor and the device processor each have a security level associated therewith; the security level associated with the secure device processor is intermediate between that of the secure element and that of the device processor. Other embodiments are disclosed.

Abstract: The present disclosure discloses methods and systems providing a secure scanning. A method includes receiving a document for scanning, by a multi-function device, wherein the multi-function device is configured with an identity key, wherein the multi-function device is enabled with a secure scanning feature. An image data corresponding to the document is generated. A scanned document corresponding to the image data is generated. Then, content of the scanned document is encoded with the identity key of the multi-function device, to secure the content in the scanned document, wherein the content of the scanned document is accessible only at a device having the identity key. The device can be the same multi-function device that encodes the content of the scanned document. The device can be a different multi-function device but configured with the same identity as of the multi-function device.

Abstract: Systems, apparatuses, methods, and computer program products are disclosed for session authentication using quantum line switching. An example system includes encoding circuitry configured to generate, based on a first set of quantum bases, a set of qbits, and transmit the first subset of qbits over a first quantum line. The encoding circuitry is configured not to transmit the first set of quantum bases. The system further includes switching circuitry configured to receive the first subset of qbits over the first quantum line, and transmit it over a second quantum line. The system further includes first decoding circuitry configured to receive the first subset of qbits, and decode, based on a second set of quantum bases, the first subset of qbits to generate a first decoded set of bits. The system further includes first session authentication circuitry configured to generate a session key based on the first decoded set of bits.

Abstract: A system and method for verifying entry credentials and activating/deactivating an access control system is disclosed herein. Particularly, the system and method include an embedded local control device attached or communicative with an electronic gate or lock. The control device is communicative with a remote access control management system, which is structured to receive, track and manage access tokens that can be used to control access to a gated community or other secured location. For each access token, a lookup key is generated, which is used in conjunction with a bijective transformation process to thereby generate a unique access code. The unique access code can be used to enter the electronic gate or lock, provided that any associated access restrictions, such as date and time, are also validated.

Abstract: A server and method for providing a content selection is provided. The server receives content targeting parameters and obtains content items from at least one content site based on the content targeting parameters. The server can further identify content descriptors for the content items and generate a first content cluster from a subset of the content items based on the content descriptors. The server can further generate a second content cluster from a second subset of the content items based on the content descriptors and rank the first and the second content clusters in an order of usefulness. The ranking of the content clusters can be based on at least one of an importance of content, a recentness of the content items and a size of the content cluster.

Abstract: Technologies for encrypted data access by field-programmable gate array (FPGA) user kernels include a computing device having an FPGA and an external memory device accessible by the FPGA. The FPGA includes a secure key store, a micro-encryption engine, and multiple slots for user kernels that are each identifiable with an index. A user kernel is programmed at an index and a symmetric encryption key is provisioned to the secure key store at the index. The micro encryption engine may read encrypted data from the external memory device, decrypt the encrypted data with the key associated with the index of the user kernel, and forward plain text data to the user kernel. The micro encryption engine may also receive plain text data from the user kernel, encrypt the plain text data with the key, and write the encrypted data to the external memory device. Other embodiments are described and claimed.

Abstract: A method is implemented in a networked computer system that is connected to document issuers and validators and interacts with a blockchain. It comprises generating a master key assigned to an issuer, certifying a document through a first process including generating a document persistence key, encrypting document data with an encryption algorithm and an encryption key derived from three keys (the master key, the document persistence key and an intermediate key), registering encrypted document data in the blockchain, and generating a web address carrying recovery information of the certified document; reading the document through a second process accessible to the web address, the second process including recovering the encrypted data in the blockchain and accessing the three keys, decrypting the encrypted data using the encryption key derived from the three keys, and displaying the document; and upon request from a legitimate holder of the document erasing the persistence key.

Abstract: Techniques and structures to facilitate management of log event messages, including transmitting one or more messages, each having a unique identifier (ID), to a computing device, generating a comparison checksum for each of the one or more messages, wherein each comparison checksum is associated with a unique ID corresponding to a message from which the comparison checksum was generated, performing an encryption on each comparison checksum and associated unique ID to generate encryption data and transmitting the encryption data to the computing device.

Abstract: A source device and a method of transmitting content are provided. The source device includes a controller configured to check a version of a content protection method supported by a sink device from the repeater, to encrypt the content based on a version of the content protection method applied to the content, and to set a value of type information of the content protection method based on the version of the content protection method applied to the content and the version of the content protection method supported by the sink device, and a communicator including communication circuitry configured to transmit the encrypted content and the type information of the content protection method to the repeater, wherein the type information of the content protection method for determining whether the content received from the source device is output to the sink device from the repeater, based on the version of the content protection method supported by the sink device.

Abstract: A print server is provided such that, in a case where a determination unit determines that a first condition and a second condition are identical, a management unit manages acquisition sources of print data files generated based on a first printing request, the acquisition sources including reissued second signature information.

Abstract: Systems and methods are provided for protecting identity in an authenticated data transmission. For example, a contactless transaction between a portable user device and an access device may be conducted without exposing the portable user device's public key in cleartext. In one embodiment, an access device may send an access device public key to a portable user device. The user device may return a blinded user device public key and encrypted user device data. The access device may determine a shared secret using the blinded user device public key and an access device private key. The access device may then decrypt the encrypted user device data using the shared secret.

Abstract: In one example, the cryptlet binary and a cryptlet key pair are provided to an enclave. A cryptlet key pair for the first cryptlet includes a cryptlet private key and a cryptlet public key. A cryptlet binding associated with a first cryptlet includes at least one binding. Each binding includes a mapping between the first cryptlet and at least one of a smart contract or another cryptlet. A binding identification is associated with the cryptlet binding. An output is received from the first cryptlet, such that the output is at least one of encrypted or signed by the cryptlet private key, and such that the output is signed by an enclave private key. A cryptlet identity is generated for the first cryptlet, such that the cryptlet identification includes: the hash of the cryptlet binary, the cryptlet public key, and the binding identification.

Abstract: A method implemented by computers includes exchanging a key between a first user and a second user. Ephemeral session keys are generated. The ephemeral session keys are generated by a first computer associated with the first user and a second computer associated with the second user. An encrypted key generation response is exchanged between the first computer and the second computer. A new session request is received. It is determined that there is a valid session state. It is confirmed that there is a valid user. It is determined that there is a valid session identification. Information between the first computer and the second computer is cryptographically exchanged in response to the valid session state, the valid user and the valid session identification.

Abstract: Provided is a method and a security module for determining or providing a device-specific private key for an asymmetrical cryptographic process. A device-specific private primary seed is reproducibly formed from a device-specific secret piece of data, and the device-specific private key is determined from the device-specific private primary seed.

Abstract: A technique for detecting malware uses hardware capabilities of the processing element of a programmable device to detect modification of executable code during execution. By monitoring a dirty bit in page tables, pages that have been modified can be detected, allowing analysis of those pages during execution. An indication may then be passed to an anti-malware software to analyze the executable further.

Abstract: A data structure includes data that allows specific users to access data items that are part of the data structure and allows the users to store data items in association with the data structure. The data structure includes a root node which is the genesis of the data structure. The data structure further includes an access node for each user granted access rights to the data structure. An access node granting a user access rights to the data structure is directly connected to the root node. For a user whose access rights to the data structure are revoked, the data structure includes an additional access node directly connected to the access node that gave the user access rights. The data structure also includes a record node for each data item that is part of the data structure. Each record node is connected to the root node directly or indirectly.

Abstract: According to one embodiment, a physical uncloneable function circuit for providing a protected output bit is described including at least one physical uncloneable function circuit element configured to output a bit of a physical uncloneable function value, a physical uncloneable function bit output terminal and a coupling circuit connected between the physical uncloneable function circuit element and the physical uncloneable function bit output terminal configured to receive a control signal, supply the bit to the physical uncloneable function bit output terminal for a first state of the control signal and supply the complement of the bit to the physical uncloneable function bit output terminal for a second state of the control signal.

Abstract: A cryptographic ASIC and method for autonomously storing data into a one-time programmable memory in isolation. Internal circuitry provides programming pulses of a given voltage magnitude and duration for changing the state of selected memory elements. Use of internal circuitry reduces pin count and increases reliability and security over devices relying on external circuitry to provide programming pulses. In one embodiment, the stored data comprises cryptographic data for enforcing a derivative key hierarchy for managing an information stream, such as a blockchain.

Abstract: Systems and methods are disclosed for preventing tampering of a programmable integrated circuit device. Generally, programmable devices, such as FPGAs, have two stages of operation; a configuration stage and a user mode stage. To prevent tampering and/or reverse engineering of a programmable device, various anti-tampering techniques may be employed during either stage of operation to disable the device and/or erase sensitive information stored on the device once tampering is suspected. One type of tampering involves bombarding the device with a number of false configuration attempts in order to decipher encrypted data. By utilizing a dirty bit and a sticky error counter, the device can keep track of the number of failed configuration attempts that have occurred and initiate anti-tampering operations when tampering is suspected while the device is still in the configuration stage of operation.

Abstract: A computing module is described herein, wherein the computing module is configured to perform acts including generating a digital signature for a printed circuit board (PCB), wherein the digital signature is based upon a sensor signal generated by a sensor that is electrically coupled to at least one of a trace of the PCB or an electrical component of the PCB. The acts further include determining that the PCB is authentic and is free of tampering based upon the digital signature. The acts additionally include outputting an indication that the PCB is authentic and is free of tampering responsive to determining that the PCB is authentic and is free of tampering.

Abstract: A technique communicates a password to a user. The technique involves receiving, by processing circuitry, a request for a password. The technique further involves generating, by the processing circuitry, a password in response to the request. The password includes a series of alphanumeric digits which contains at least one number and at least one letter. The technique further involves displaying, by the processing circuitry, the password on a display screen. Each number displayed on the display screen has a first visual characteristic, and each letter displayed on the display screen has a visual characteristic that is different from the first visual characteristic. Such a technique enables disambiguation of an alphanumeric security code to a user.

Abstract: A method for operating a u-MANO inside a user domain that ensures deployment and service integrity of end-to-end network services in collaboration with a p-MANO includes receiving a request for a network service instance; and initiating a discovery operation to discover the p-MANO if the request's scope is determined to extend beyond the user domain. The discovery operation includes: determining an identity and/or an address of the p-MANO; sending a solicitation message to the p-MANO to discover its reachability and availability; sending a service request specifying network service requirements to the p-MANO in response to receiving a solicitation response from the p-MANO; and receiving a service acceptance from the p-MANO. The method further includes instantiating and deploying the network service instance that is at least partially within the user domain and partially outside the user domain.

Abstract: A method for executing by a circuit a substitution operation such that an output data may be selected in a substitution table using an input data as an index. The substitution operation may be performed using a new masked substitution table. The input data may be combined by XOR operations with a new value of a first mask parameter, and the output data may be combined by XOR operations with a new value of a second mask parameter. The new masked substitution table may be generated by computing the new value of the first mask parameter by applying XOR operations to a previous value of the first mask parameter and to a first input mask, computing the new value of the second mask parameter by applying XOR operations to a previous value of the second mask parameter and to a second input mask, and generating the new masked substitution table using a previous masked substitution table and the first and second input masks.

Abstract: Methods, devices, and systems are provided for configuring a reading device and/or a lock using a mobile device. The mobile device, running a configuration application, communicates with the reading device, determines a configuration of the reading device, and makes a determination for configuring the reading device based at least partially on configuration information provided by the reading device.

Abstract: A sound distribution apparatus is connected to a sound reproduction terminal that detachably holds an authentication device storing decoding information, the sound distribution apparatus including a sound distribution unit that streaming-distributes sound information, which has been encrypted with a decodable code on the basis of the decoding information, to the sound reproduction terminal.

Abstract: A system may include a communication device configured to communicate over a network, one or more processors, and one or more non-transitory computer-readable media containing instructions that, when executed by the one or more processors, cause the system to perform one or more operations. The operations may include performing a cryptographic operation on one or more packets to facilitate secure communication between the system and a computing device over the network, the cryptographic operation including probabilistic rounding. The operations may also include communicating, via the communication device, with the computing device over the network using the one or more packets.

Abstract: A non-transitory computer-readable recording medium stores computer-executable instructions that, when executed by one or more processors, causes the one or more processors to perform operations including receiving, at a first electronic device, high quality live stream data through a high quality channel; playing back the high quality live stream data; receiving low quality live stream data through a low quality channel as the electronic device is set as a seed device in response to creation of the high quality channel; and sharing the received low quality live stream data by transmitting the received low quality live stream data.

Abstract: Techniques are disclosed concerning secure access to data in a computing device. In one embodiment, a computing device includes a communication interface, a memory, a memory controller, and a security processor. The communication interface may communicate with a different computing device. The security processor may generate a host key in response to a successful authentication of the different computing device, and then encrypt a memory key using the host key. The security processor may also send the encrypted memory key to the memory controller, and send the host key to the different computing device. The host key may be included by the different computing device in a subsequent memory request to access data in the memory. The memory controller may, in response to the subsequent memory request, use the included host key to decrypt the encrypted memory key and use the decrypted memory key to access the data.

Abstract: Content is securely shared between communication devices in an ad-hoc manner by employing common sensing context to establish pairing between the communication devices. In one aspect, the communication devices are within a specified distance from each other and sense common signals from their environment over a specified time period. The common signals are analyzed to determine an initialization or session key, which is utilized to secure content transfer between the communication devices. Additionally or alternatively, the key is utilized to provide access to virtual (e.g., digital content) and/or physical (e.g., buildings) resources.

Abstract: Providing data security includes: in response to a request to write data content to a storage, generating encrypted data content based on the data content; attempting to obtain a reference to the encrypted data content in the storage; in the event that the reference to the encrypted data content is obtained, modifying a translation line to refer to the reference to the encrypted data content in the storage; and in the event that the reference to the encrypted data content is not obtained: storing the encrypted data content at a new location; obtaining a reference to the encrypted data content stored at the new location; and modifying the translation line to refer to the reference to the encrypted data content stored at the new location.

Abstract: According to an embodiment, a data processor includes a storage unit that stores a set of character strings that is a set of character string elements of which magnitude correlation is uniquely identifiable; a data converter that encrypts numerical data included in data to be managed, generates an index value corresponding to the numerical data using the character string elements included in the set of character strings, and generates converted data including the encrypted numerical data and the index value; a first transmitting unit transmits the converted data to a server; a query expression converter that converts a condition part including a numerical value of a query expression into a condition part including the character string elements to generate a converted query expression; a second transmitting unit that transmits the converted query expression to the server; and a receiving unit that receives, from the server, a result of query.

Abstract: First data from a user device is received on an electronic computing device. The first data is encrypted to generate second data. The second data is fragmented and stored in a plurality of data stores.

Abstract: A method for ciphering protected content communicated between a first device and a plurality of devices over a plurality of channels comprises performing authentication between the first device and each of the plurality of devices to create two or more shared key and initialization vector pairs allowing the ciphering of the protected content; generating a key stream for each of the channels based on a selected one of the two or more of shared key and initialization vector pairs; maintaining a buffer for each channel, each of the buffer containing the key stream generated for the corresponding channel; and ciphering data incoming on a selected channel using the selected key stream from the buffer corresponding to the selected channel.

Abstract: A method of maintaining ongoing authentication of a user of an application without the need to enter and re-enter a username and a corresponding password for each session initiated between a client side application residing on a client side platform and a server; and wherein the password is not stored on the server; the method comprising utilising an unbroken chain of one-time pass codes; each pass code in the chain being unique to the username and client side application; each pass code renewed periodically and preferably at least once during each said session.

Abstract: A transmission apparatus and a transmission data protection method thereof are provided. The transmission apparatus stores a data table, a bloom filter, a first randomization array, a plurality of second randomization arrays and an identifier of each of the second randomization arrays. The bloom filter has a plurality of independent hash functions. The transmission apparatus generates a current original datum according to the data table; inputs the current original datum to the bloom filter as a current input datum of the bloom filter to output a current bloom datum; randomizes the current bloom datum according to the first randomization array to generate a current first randomized datum; randomizes the current first randomized datum according to one of the second randomization arrays to generate a current second randomized datum; and transmits a data signal carrying the current second randomized datum and an identification datum to another transmission apparatus.

Abstract: An apparatus is provided which comprises: a first stage of physically unclonable function (PUF) circuits to receive an n-bit challenge, wherein the first stage of PUF circuits comprise a subset of ‘n’ PUF cells each of which is to generate an output bit; and a first stage of cipher blocks to receive the output bits from the subset of ‘n’ PUF cells, wherein the first stage of cipher blocks is to generate a plurality of bits.

Abstract: An Authentication Of Things (AOT) system includes a cloud server configured to control a cloud domain connected with a plurality of devices, a home server configured to control a home server connected with a plurality of devices, a first device corresponding to a new device, and a second device of a root user connected with the home domain while authentication is completed in the home server. In this case, the first device loads cryptographic material of the cloud server from the cloud server in a pre-deployment stage, the cryptographic material includes at least one selected from the group consisting of an identifier of the first device in the cloud server, a first private key of an ID-based cryptography system of the first device in the cloud server, a first pairwise key of the first device in the cloud server, and a counter of the first device, and if the first device is shipped to a trader, the cloud server deletes the first private key from the cloud server.

Abstract: A cryptographic system implements a functional encryption scheme that is based on the lattice theory. In the cryptographic system, a key generation apparatus generates, as a secret key skv for a predicate vector v, a secret key skv including a matrix e as a key element, wherein a product of the matrix e and a matrix AY determined by the predicate vector v being input parameter Y forms a matrix uj for a value j in a set [N] including a plurality of values, the matrix uj being among a plurality of matrices u obtained from public parameters PP.

Abstract: A system and method provides access to one or more web services requested from a web site by using an app on a smart device, such as a smart phone or tablet, or the smart device itself.

Abstract: Operational parameters of a single-photon detector are determined with a continuous wave laser source. At a fixed trigger, a dark count probability and a series of count probabilities at different optical powers are determined. A particular optical power is selected by using a wide-range variable attenuator to attenuate the optical power of the continuous wave laser. The dark count probability and the count probabilities are determined for different trigger rates. The operational parameters include efficiency, afterpulsing constant, and detrap time. The operational parameters are computed by fitting the computed dark count probabilities and count probabilities to a user-defined relationship.

Abstract: A data storage system implements aggregation, bifurcation, and/or reduction techniques to improve the efficiency of processing data storage requests. Data storage requests and/or their associated payloads may be aggregated based on one or more parameters. Data to be the stored and the associated commands may be separated so as to optimize a system's throughput and latency for each. Furthermore, extraneous commands and requests may be reduced or eliminated based on heuristics associated with the requests and the data.

Abstract: A system and method can support device management. A trusted operating system (OS) in a trusted execution environment can store a digest for one or more binary files, which are associated with a trusted application that is deployed in the trusted execution environment. Then, the system can update the trusted application based on one or more updates received from a service provider. Furthermore, the system allows the trusted OS to derive at least one secret bound to the updated trusted application using the digest stored by the trusted OS in the trusted execution environment.

Abstract: The present disclosure relates to a structure which includes a pair of non-volatile storage devices in a memory array which are sensed to determine an initial data state and reinforced by a write operation of the initial data state to the pair of non-volatile storage devices. The structure can be used for a robust and error free physical unclonable function.

Abstract: Disclosed are an encryption apparatus and method. The encryption apparatus includes a storage configured to store a static key table, and at least one processor configured to implement an authenticator configured to perform authentication with an external apparatus and acquire authentication information and a key table generator configured to generate a dynamic key table using authentication information acquired through the authentication.

Abstract: Systems and methods for private deep neural network training are disclosed. Method includes storing first private values at first machine and second private values at second machine; providing, to third machine, first share of first private values and first share of second private values; providing, to fourth machine, second share of first private values and second share of second private values; computing, at third machine, third machine-value based on first share of first private values and first share of second private values; computing, at fourth machine, fourth machine-value based on second share of first private values and second share of second private values; providing, to first machine and second machine, third machine-value and fourth machine-value; and computing, at first machine, a mathematical function of first private values and second private values, mathematical function being computed based on first private values stored at first machine, third machine-value, and fourth machine-value.

Abstract: A method and system provides access control encryption for a file system. A resource management module manages access to data on a storage container and hosts a virtual file system including files representing the data on the storage container. An access control and encryption module encrypts each of the files with a respective file encryption key. The access control module generates a plurality of application containers each associated with a respective user and that include respective lists of files that the respective user is authorized to access. The access control and encryption module generates decrypts the files and allows access to files based on the lists of files in the application containers.