Abstract: This application provide a data management method for a blockchain system, a medium, and an electronic device. The system includes an accounting node sub-network and a service node sub-network. The method includes: adding, after an accounting node generates a first data block, first key information used for verifying a block header of a second data block generated after the first data block to a block header of the first data block; generating a signature corresponding to the first data block, and adding the signature corresponding to the first data block to the block header of the first data block; and releasing the block header of the first data block to the service node sub-network, to cause a service node to verify the signature included in the block header of the first data block, and obtaining the first key information after a successful verification to verify the block header of the second data block.

Abstract: This invention involves an encryption method that is mainly applied to network. The network could be both wireless or wired, the former is connected through a wireless router, and the latter is connected through a router. When the network receives a message requesting connection from at least one new networking device, it can authenticate and authorize the message through the key to form a fixed connection with the network, and at the same time, at least one connected device to the network can update the password connected to the network synchronously, or at least one connected device connected to the network can update the password connected to the network at any time, so as to improve the performance of network security and avoid hacking.

Abstract: A method executed by a computing device includes determining a set of identigens for each query word of a query to produce sets of identigens, where a set of identigens represents different meanings of a word of the query. The method further includes obtaining a first identigen selection for a first query word from the first set of identigens. The method further includes interpreting, using identigen pairing rules and based on the first identigen selection, the sets of identigens to produce a query entigen group. The method further includes accessing a knowledge database utilizing the query entigen group to produce a response entigen group. The method further includes generating a response to the query using the response entigen group, where the response includes at least one response word.

Abstract: Features for providing a secure method of symmetric encryption for private smart contacts among multiple parties in a private peer-to-peer network. The features include a master key representing a unique blockchain ledger. The master key may be shared among multiple participants in a private peer-to-peer network. Sharing of the master key may include communicating the master key in an encrypted message (e.g., email) using public key infrastructure (PKI). In some implementations, more complex distribution features may be includes such as quantum entanglement. The features support instantiation of a smart contract using a specific master key. The request may be submitted as an entry to the ledger with appropriate metadata and/or payload information for identifying and processing the request.

Abstract: A method including encrypting, by a user device based at least in part on utilizing a symmetric key, a folder stored on the user device; encrypting, by the user device based at least in part on utilizing an assigned public key specific to the folder, the symmetric key to determine a single-encrypted symmetric key; encrypting, by the user device based at least in part on utilizing a trusted device key specific to the user device, the single-encrypted symmetric key to determine a double-encrypted symmetric key; encrypting, by the user device based at least in part on utilizing a trusted user key specific to the folder, an assigned private key that is associated with the assigned public key; and storing, by user device, the double-encrypted symmetric key and the encrypted assigned private key in an associated memory is disclosed. Various other aspects and techniques are contemplated.

Abstract: A method for managing security keys for an I/O device may include loading a first security key from a primary memory to a security engine, performing a first data transfer operation between a host and the I/O device using the first security key with the security engine, loading a second security key from a secondary memory to the security engine, and performing a second data transfer operation between the host and the I/O device using the second security key with the security engine. The method may further include storing the first security key in the primary memory based on a frequency of use of the first security key. The frequency of use of the first security key may be determined by a pattern of transfers between the host and the I/O device.

Abstract: Systems, methods, and apparatuses to implement spatially unique and location independent persistent memory encryption are described. In one embodiment, a system on a chip (SoC) includes at least one persistent range register to indicate a persistent range of memory, an address modifying circuit to check if an address for a memory store request is within the persistent range indicated by the at least one persistent range register, and append a unique identifier value, for a component corresponding to the memory store request for the address, to the address to generate a modified address and output the modified address as an output address when the address is within the persistent range, and output the address as the output address when the address is not within the persistent range, and an encryption engine circuit to generate a ciphertext based on the output address.

Abstract: The technical problem of matching records in different datasets, for example a host dataset and a partner dataset storing records representing respective users, while maintaining the privacy of each dataset, is addressed by providing a privacy safe joint identification protocol. The privacy safe joint identification protocol computes respective anonymous joint identifiers for records in the two datasets. An anonymous joint identifier is generated such that the host-assigned and the partner-assigned identifies that have been determined to represent the same user are mapped to the same anonymous joint identifier.

Abstract: A method may include transferring data from a host to an encryption offload engine through an interconnect fabric, encrypting the data from the host at the encryption offload engine, and transferring the encrypted data from the encryption offload engine to a storage device through a peer-to-peer connection in the interconnect fabric. The method may further include transferring the encrypted data from the storage device to the encryption offload engine through a peer-to-peer connection in the interconnect fabric, decrypting the encrypted data from the storage device at the encryption offload engine, and transferring the decrypted data to the host through the interconnect fabric. The method may further include transferring the encrypted data from the storage device to the host, and verifying the encryption of the encrypted data at the host.

Abstract: A symmetric key that is stored at a device may be received. A public key from a remote entity may also be received at the device. Furthermore, a derived key may be generated based on a one way function between the symmetric key that is stored at the device and the public key that is received from the remote entity. The derived key may be encrypted with the public key and transmitted to the remote entity. The encryption of the derived key with the public key may provide secure transmission of the derived key to an authorized remote entity with a private key that may be used to decrypt the encrypted derived key.

Abstract: A unique transaction key (Tk) is established amongst multiple entities using a common hardware security module (HSM) with a common HMAC key (HK) and transaction scheme name (T). The transaction key (Tk) can be used for various cryptographic functions (e.g. encryption, MAC, HMAC, key management) with one or more messages at the transaction or session level.

Abstract: Techniques are disclosed relating to sharing a user credential between computing devices. In some embodiments, a first computing device stores a set of user credentials usable to authenticate a user and receives, from a second computing device, a request for a user credential to be provided responsive to an authentication prompt associated with the second computing device. In such an embodiment, the request includes an indication of a service for which the authentication prompt is being presented. Based on the indication, the first computing device determines whether the stored set of user credentials includes a user credential relevant to the authentication prompt and presents a selection prompt asking a user of the first computing device to select a one of the stored set of user credentials to provide to the second computing device for authentication to the service, the relevant user credential being identified in the selection prompt.

Abstract: An information processing apparatus includes circuitry that detects reception of first data from a connection source apparatus. The first data includes information about establishment of a session for encrypted communication between the source apparatus using a service and a connection destination apparatus providing the service. The circuitry converts the first data into a first message following a communication protocol in the session establishment, and converts a second message from the destination apparatus into second data including at least information for generating a common key for the encrypted communication. Before the session establishment, the circuitry transmits the first message to the destination apparatus and transmits the second data to the source apparatus. After the session establishment, the circuitry transmits service data from the source apparatus to the destination apparatus and from the destination apparatus to the source apparatus in an unconverted state.

Abstract: Methods, systems, and apparatus, including a method for determining network measurements. In some aspects, a method includes receiving, by a first aggregation server and from each of multiple client devices, encrypted impression data. A second aggregation server receives, from each of at least a portion of the multiple client devices, encrypted conversion data. The first aggregation server and the second aggregation server perform a multi-party computation process to decrypt the encrypted impression data and the encrypted conversion data. Each portion of decrypted impression data and each portion of decrypted conversion data is sent to a respective reporting system.

Abstract: A universal tag linked to the content of a data file for protecting the authenticity of the data file and/or the owner/creator of a digital file. The universal tag is linked to the content in the data file via one or more input keys/seeds that are used to generate the universal tag and rely on data associated with the content. Once generated, the universal tag is registered on a distributed ledger of at least on distributed trust computing network, which acts as a source of truth to validate the universal tag and, as such, validate (i) an authenticity of the data file, and/or (ii) the user associated with the data file (e.g., rightful possessor and/or creator of the digital file).

Abstract: A method for communicating amongst a plurality of peripherals within a mesh network including a first subnet and a second subnet including: receiving an advertisement from one or more peripherals of the plurality of peripherals, the advertisement including a hop count, a subnet identifier, and a unique subnet device identifier, the subnet identifier indicating the first subnet or the second subnet and the unique subnet device identifier indicating a specific peripheral of the plurality of peripherals within the mesh network; triggering a message send event; determining a desired stream direction within the mesh network; determining a desired subnet of the mesh network; determining a destination peripheral of the one or more peripherals within the desired subnet and in the desired stream direction in response to the hop count, the subnet identifier, and the unique subnet device identifier; connecting to the destination peripheral; and sending the message to the destination peripheral.

Abstract: Handling personally identifiable information (PII) in data streams is provided. Processed sensor data is received, from a plurality of vehicles including sensors capturing raw sensor data, the raw sensor data including captured PII and non-PII. The processed sensor data includes simulated PII created based on the captured PII and one or more layers of the captured PII corresponding to the simulated PII. A request is received from a client device for a portion of the processed sensor data. Access keys corresponding to the request are identified. A result is constructed according to the access keys using the processed sensor data. The constructed result is sent to the client device responsive to the request.

Abstract: The present disclosure provides a User Equipment (UE) comprising a transceiver circuit; and a controller configured to control the transceiver circuit to send, to an Access and mobility Management Function (AMF) of a communication node, an identifier, wherein upon successful authentication of a network access function of the UE in the communication node, the controller is configured to maintain a secure connection with the communication node.

Abstract: This disclosure is directed to facilitating voice and video communication between users independent of a location or a device. A communication request can specify users, who may be identified and located in their respective environments. For example, users can be identified and located using facial recognition imaging techniques and/or by monitoring a radio frequency (RF) signal associated with a device that is carried or worn by a user. After determining a location of a user, individual devices can be configured as a functionally grouped device to allow the users to communicate. For example, capabilities of a television, microphone, speaker, and imaging device can be combined to allow a video communication between users. Further, as a user moves around his or her environment, the location of the user can be tracked and additional functionally grouped devices can be provided for seamless communication.

Abstract: A method for searchable encryption with a public key includes receiving an operation request from a user device associated with a user requesting that encryption of data associated with the user. The data includes a corpus of documents stored on a remote storage device. The method also includes receiving a public key associated with the user. The public key includes an asymmetric cryptographic public key. The method also includes generating a random data key. The data key includes a symmetric cryptographic key. The method also includes encrypting, using the data key, a search index for the corpus of documents based on keywords within the corpus of documents. The method also includes encrypting, using the public key, the data key and sending the encrypted data key to a user device associated with the user.

Abstract: One feature pertains to a method that includes establishing a radio communication connection with a first radio access node (RAN) that uses control plane signaling connections to carry user plane data. The method also includes determining that the wireless communication device is experiencing radio link failure (RLF) with the first RAN and that the radio communication connection should be reestablished with a second RAN. A reestablishment request message is transmitted to the second RAN that includes parameters that enable a core network node communicatively coupled to the second RAN to authenticate the wireless communication device and allow or reject reestablishment of the radio communication connection. The parameters include at least a message authentication code (MAC) based in part on one or more bits of a non-access stratum (NAS) COUNT value maintained at the wireless communication device.

Abstract: The present disclosure provides a method and a device for transaction clearing. The method includes receiving first clearing requests transmitted by a quantity N of terminals, where N>1; according to the first clearing requests, acquiring transaction data of the quantity N of terminals from a database; initializing a cache queue, and loading the transaction data into the cache queue; reading the transaction data in the cache queue, and performing a clearing process on the transaction data; and writing a clearing result into the database and feeding back the terminals with an execution result of the first clearing requests.

Abstract: Techniques are disclosed relating to electronic security, e.g., for authenticating a mobile electronic device to allow access to system functionality (e.g., physical access to the system, starting an engine/motor, etc.). In some embodiments, a system and mobile device exchange public keys of public key pairs during a pairing process. In some embodiments, an asymmetric transaction process includes generating a shared secret using a key derivation function over a key established using a secure key exchange (e.g., elliptic curve Diffie-Hellman), and verifying a signature of the system before transmitting any information identifying the mobile device. In various embodiments, disclosed techniques may increase transaction security and privacy of identifying information.

Abstract: According to one embodiment, a method performed by a first communication device for generating a symmetric session key for encrypted communication with a second communication device is described comprising generating a blinding value for each of a first and a second private key component, generating a blinded public key from the first private key component, the second private key component, and the blinding values using a public key generation function, transmitting the blinded public key to the second communication device for encryption of a shared secret, receiving the shared secret, generating a session key for encrypted communication with the second communication device from the shared secret, encrypting, using the session key, an information from which the blinding values are derivable and transmitting the encrypted information to the second communication device.

Abstract: Methods are provided for maintaining user privacy, and may include establishing a secret key for communication between a plurality of user devices, the plurality of user devices including a first user device associated with a requesting user and a second user device associated with a second user, wherein at least one server computer does not have access to the secret key; receiving from the first user device, a split-payment request message comprising encrypted data, the encrypted data included in the split-payment request message encrypted based on the secret key; generating an encrypted balance for the requesting user and the second user based on the encrypted data of the split-payment request message; and transmitting to the second user device, a split-payment confirmation message including the encrypted balance for the requesting user and/or the second user. Systems and computer program products are also provided.

Abstract: There is provided a chatbot system including a plurality of user terminals, a chatbot, and a chat server. The chatbot includes a memory and a processor configured to create a message from data which is acquired from an external service, receive, as an input, a list including a user ID of a user terminal which has utilization authority for the data, generate a policy-equipped ciphertext by an encryption algorithm of ciphertext policy attribute-based encryption, and transmit the policy-equipped ciphertext to the chat server, and each of the user terminals includes a memory and a processor configured to receive a policy-equipped ciphertext from the chat server and decrypt the policy-equipped ciphertext using an attribute-equipped secret key which is generated on the basis of a user ID of the user terminal.

Abstract: Data can be protected in a centralized tokenization environment. A security value is received by a central server from a client device. The central server accesses a token table corresponding to the client device and generates a reshuffled static token table from the accessed token table based on the received security value. When the client device subsequently provides data to be protected to the central server, the central server tokenizes the provided data using the reshuffled static token table and stores the tokenized data in a multi-tenant database. By reshuffling token tables using security values unique to client devices, the central server can protect and store data for each of multiple tenants such that if the data of one tenant is compromised, the data of each other tenant is not compromised.

Abstract: Systems and applications are described that use group signature technology to allow for anonymous and/or semi-anonymous feedback while allowing for the application of rules and parameters. The use of group signature technology may serve to potentially mitigate or prevent malicious identification of individuals or entities providing a communication such as feedback. Feedback may range from constructive feedback all the way to the ‘whistleblower’ variety. It may be desirable to identify the individuals as belonging to a particular group or having a particular status or position while maintaining the anonymity of the individuals within the particular group.

Abstract: A method includes receiving an indication of a request from a client device. The request is for establishing an access session to perform one or more actions on data of a data processing platform. The method includes receiving data indicative of a context of the access session request and establishing a challenge session associated with the request that indicates one or more challenges required of a user associated with a client device to successfully respond to in order to establish the requested access session, a number or a type of the one or more challenges being determined based on the context, and establishing an access session to enable the user to perform the one or more actions on the data of the data processing platform if responses to all challenges in the challenge session are successful.

Abstract: A processor may incorporate one or more keys in a media. The one or more keys may each be associated with a specific instance and the one or more keys may be included in a blockchain. The processor may identify that a first specific instance has been encountered. The processor may provide a first key associated with the first specific instance. The processor may determine to allow access to content of the media.

Abstract: A communication terminal (10) includes control means for generating a subscription concealed identifier (SUCI) including a subscription permanent identifier (SUPI) concealed using a predetermined protection scheme, and a protection scheme identifier identifying the protection scheme, and transmission means for sending the SUCI to a first network apparatus during a registration procedure, the SUCI being sent for a second network apparatus to de-conceal the SUPI from the SUCI based on the protection scheme used to generate the SUCI.

Abstract: In a method of operating a neural network model, neural network model data and raw data are received during a non-secure mode. The neural network model data is encrypted by digital rights management (DRM). An operation mode is changed from the non-secure mode to a secure mode based on the receiving the neural network model data and the raw data. The neural network model is executed during the secure mode based on decrypted neural network model data that is obtained by decrypting the neural network model data encrypted by the DRM. The inference operation is performed on the raw data during the secure mode using the neural network model.

Abstract: Various techniques for dynamic path selection and data flow forwarding are disclosed. For example, various systems, processes, and computer program products for dynamic path selection and data flow forwarding are disclosed for providing dynamic path selection and data flow forwarding that can facilitate preserving/enforcing symmetry in data flows as disclosed with respect to various embodiments.

Abstract: A computer-implemented method includes: storing an encryption public key that is associated with a group of nodes, each node in the group associated with a private key share, the private key shares associated with a threshold private key reconstruction scheme for the group to allow an encryption private key associated with the encryption public key to be determined from at least a threshold of the private key shares; iteratively obtaining a plurality of indicators provided by a plurality of nodes of the group, each of the indicators representing one of an encryption private key share or a dummy signal; and identifying the encryption private key by iteratively: i) selecting a subset of the indicators; ii) calculating a possible shared secret; and iii) evaluating each possible shared secret against the encryption public key to determine whether the possible shared secret is the encryption private key. The invention is suited for implementation on a blockchain.

Abstract: An example operation may include one or more of sending, by a master transport, a first portion of a software update to a transport of a first subset of transports, sending, by a master transport, a second portion of the software update to a transport of a further subset of transports, when a first transport of the subset of the transports and a second transport of the further subset of the transports are in proximity, causing the first transport to send the first portion of the software update to the second transport, and causing the second transport to send the second portion of the software update to the first transport.

Abstract: According to various embodiments, a cryptographic processing device is described comprising a processor configured to determine a masking component, generate a masked version of a secret first element by masking multiple components of the secret first element with the masking component, determine a first share of the product of the secret first element and a second element by multiplying the second element with the masked version of the secret first element, determine a second share of the product of the secret first element and the second element by multiplying the second element with the difference of the secret first element and the masked version of the secret first element and continue with a lattice-based cryptography operation using the first share and the second share of the product.

Abstract: The present invention relates to a device and method for authenticating users and obtaining user signatures, which can be provided in business services using networks and various user information devices including information devices equipped with touch displays such as smartphones, or desktop PCs, laptops, tablet PCs, CCTVs, IoT, self-driving cars, drones, etc. and, more specifically, to a device and method for authenticating users and obtaining user digital signatures which, as an encryption key/password generation and verification system for user authentication to be provided in various web-based businesses in which various information devices are serviced in a client-server or peer-to-peer model network environment and in app-based businesses running on a specific platform, is simpler and ensures confidentiality and security.

Abstract: A method authenticates nodes in a communication network of an automation installation. Respective authentication information is transmitted to an authentication server, which takes the authentication information as a basis for admitting or rejecting the nodes in the communication network as subscribers. In order to be able to perform an authentication of a node even in a communication network configured with redundancy, the communication network contains multiple nodes, each of which has at least two communication ports. The communication network executes a spanning tree protocol and at least two of the nodes use their mutually facing communication ports to interchange authentication requests and send the respective received authentication information to an authentication server, connected to the communication network, that uses the respective received authentication information to perform a check on the authenticity of the node and admits or rejects the node in the communication network based on the check.

Abstract: Remote instructions are received at a remote computing device from a requesting device through a firewall. The remote computing device resides in a secured data center. Access credentials are presented by the requesting device. A request is made to an assistant computing device to query a dataset in communication with the remote computing device. Encrypted access credentials and encrypted remote instructions are received from the assistant computing device. The encrypted access credentials are configured to allow the requesting computing device to access the remote computing device. The encrypted remote instructions are configured to enable the remote computing device to execute at least one of the following: at least one data query, or at least one data manipulation. The encrypted access credentials are decrypted. The encrypted remote instructions are decrypted. The remote instructions are executed to generate query results. The query results are communicated to the requesting device.

Abstract: A communication device includes a first communication unit configured to start in a state where all communication terminals in a first communication area are connectable and acquire first identification information of a connected communication terminal, and a control unit configured to acquire, from among pieces of the acquired first identification information, third identification information being associated with second identification information of a communication terminal permitted to connect to a second communication unit forming a second communication area. The first communication unit shifts into a state where only a communication terminal having the third identification information is connectable.

Abstract: Embodiments can provide methods for securely provisioning sensitive credential data, such as a limited use key (LUK) onto a user device. In some embodiments, the credential data can be encrypted using a separate storage protection key and decrypted only at the time of a transaction to generate a cryptogram for the transaction. Thus, end-to-end protection can be provided during the transit and storage of the credential data, limiting the exposure of the credential data only when the credential data is required, thereby reducing the risk of compromise of the credential data.

Abstract: A method for managing a post-hoc device registration in an ecosystem is provided. The method includes assembling an electronic device, having a system on a chip (SoC) integrated therein. The method further includes activating/onboarding the device, receiving, by a CA from the device, a communication containing at least one keypair, validating, from the CA to the device, the at least one keypair, triggering, by the CA, data capture of validation data. The validation data includes user registration data, and manufacture/status data for least one of the device and the SoC. The captured validation data is stored in a database of the CA, and then aggregated, along with the received at least one keypair, from the CA database into a billing invoice to the device assembler. The registration data is referenced to the at least one keypair and other validation data by the CA.

Abstract: Various embodiments of the present invention relate to a device and method for providing connection between an electronic device and other electronic devices through figure input.

Abstract: An example system includes a processor that can obtain a circuit describing operations of sequential secure computation code. The processor can modify the circuit based on a cost function. The processor can partition the circuit into a number of sub-circuits. The processor can assign the number of the sub-circuits to different processors for execution.

Abstract: The semiconductor device includes a first semiconductor IC, a second semiconductor IC with a smaller heat generation quantity than the first semiconductor IC, a first heat conduction member covering at least a portion of the first semiconductor IC, a second heat conduction member covering the second semiconductor IC and the first heat conduction member, and a heat dissipation member. The heat dissipation member covers the second heat conduction member and dissipates heat produced from the first semiconductor IC and second semiconductor IC to the exterior. A thermal conductivity of the first heat conduction member is lower than a thermal conductivity of the second heat conduction member in a horizontal direction, which is a direction in which the first semiconductor IC and the second semiconductor IC are arrayed.

Abstract: A system described herein may use automated techniques to verify network connection integrity and provide visual indicators of connection validity or invalidity. The system may generate a unique identifier related to a user and/or web resource during an initial use. The unique identifier may be utilized to transform a secure image and store the transformed image. Upon subsequent use of the web resource, a visit identifier may be generated and utilized to perform an inverse transformation of the transformed image and display the result, where the resulting image will be the same as the secure image if the visit identifier matches the unique identifier.

Abstract: Methods, systems, and computer readable media for utilizing predetermined encryption keys in a test simulation environment are disclosed. In one embodiment, a method includes generating, prior to an initiation of an Internet protocol security (IPsec) test session, a private key and a public key at a traffic emulation device and storing the private key and the public key in a local storage associated with the traffic emulation device. The method further includes retrieving, from the local storage, the private key and the public key upon the initiation of the IPsec test session between the traffic emulation device and a device under test (DUT) and generating a shared secret key utilizing the retrieved private key and a DUT public key received from the DUT.

Abstract: A secure module can be configured to: provide the trusted execution environment; and load secure-software for processing in the trusted execution environment to perform operations. The operations can include generating a private key and a corresponding public key; maintaining the private key in the trusted execution environment; receiving at least one attestation request from at least one attestation server; responding to the received attestation requests with attestation responses generated with the private key; initiating encrypted connections with client devices using the private key, the encrypted connections having an endpoint within the trusted execution environment such that contents of the encrypted connections are secure from observation and manipulation by other operations outside of the secure module and outside of the client devices; and communicating data with the client devices through the encrypted connections.

Abstract: A method, a computer system, and a computer program product for cryptography are provided. A guest virtual server registers with a trusted hypervisor by using guest credentials. A guest wrapping key associated with the guest credentials is generated. A satellite virtual server instance that shares a master key with the virtual guest server is generated in the trusted hypervisor. A copy of the guest wrapping key is passed to the satellite virtual server instance. A random guest key is wrapped with the guest wrapping key, thereby producing a wrapped guest key. The wrapped guest key is rewrapped with the master key to form a protected guest key.

Abstract: Disclosed are various embodiments for implementing a key escrow system without disclosure of a client's encryption key to third parties. An encryption key is split into a plurality of key segments pursuant to a shared secret protocol. A plurality of peer client devices are then identified. Each peer client device in the plurality of peer client devices is then verified and the respective one of the plurality of key segments are sent to a respective one of the plurality of peer client devices. A response is then received from each respective one of the plurality of peer client devices, the response confirming receipt of the respective one of the plurality of key segments. A list identifying the plurality of peer client devices is finally provided to a key escrow service, the list comprising key-value pairs that identify each respective one of the plurality of peer client devices and the respective one of the plurality of key segments.