Abstract: A key updater for a first party operating on a network generates a mutually distilled key for communication between the first party and a second party. The key updater determines a set of verifying parties operating on the network needed to authenticate the mutually distilled key, wherein each verifying party of the set of verifying parties operates on the network. The key updater iteratively executes a key equivalency test for each verifying party in the set of verifying parties to determine a nonce sum until the key equivalency test has been executed for each of the verifying parties in the set of verifying parties or until it is determined that at least one node on the network has been compromised. The key updater generates a final key for communication between the first party and the second party based on the nonce sum and the mutually distilled key.

Abstract: A system for enhanced public key infrastructure is provided. The system includes a computer device. The computer device is programmed to receive a digital certificate including a composite signature field including a plurality of signatures. The plurality of signatures include at least a first signature and a second signature. The computer device is also programmed to retrieve, from the digital certificate, a first key associated with the first signature from the digital certificate. The computer device is further programmed to retrieve the first signature from the composite signature field. In addition, the at least one computer device is programmed to validate the first signature using the first key.

Abstract: A method for verification at a computing device of a signed message received from a first party over a public communications channel, the method including extracting a message digest “a” belonging to a semigroup from the signed message; obtaining a public key [c,e] for the first party, including a fixed value checker “c” and an endpoint “e”, checker “c” and endpoint “e” belonging to the semigroup and the endpoint comprising a multiplication of a private key “b” for the first party and the checker “c”, multiplying the message digest “a” and the endpoint “e” to create an endmatter “ae”; extracting a signature “d” from the signed message, the signature “d” belonging to the semigroup and being a multiplication of message digest “a” and private key “b”; multiplying the signature “d” and the checker “c” to create a signcheck “dc”; and verifying that the endmatter “ae” matches the signcheck “dc”.

Abstract: A system and method for automatic identification of photocopied documents is disclosed wherein the method is performed by capturing an image of a marked printed document; decoding a digital watermark embedded in the image, obtaining a mark identifier; recovering, by searching a database, at least one calibration parameter associated with the mark identifier; applying a discrete Fourier transform to the image, obtaining a frequency matrix; obtaining at least one maximum frequency value in the frequency matrix; comparing the at least one maximum frequency value with at least one calibration parameter; determining, on the basis of the comparison, if the marked printed document is an original document or a photocopied document.

Abstract: This disclosure relates generally to techniques for encrypting and decrypting data and to systems that encrypt and/or decrypt data to maintain secrecy associated with such data as the data is transmitted from a source to one or more recipients. More specifically, this disclosure relates to techniques for encrypting and decrypting standalone data packages (e.g., user datagram protocol (UDP) data packages, etc.) and to systems that encrypt and/or decrypt standalone data packages. Even more specifically, encryption techniques are disclosed that employ scrambled headers and payloads that are uniquely encrypted from package to package.

Abstract: Software and system settings can be migrated between computing environments. In one example, a system can receive a group of software identification modules defining a group of software fingerprints for detecting a group of software components. Each software identification module can include a respective software fingerprint for detecting a respective software component. The system can determine that a source computing environment includes one or more software components from within the group of software components by analyzing the source computing environment using each respective software fingerprint in the group of software fingerprints. The system may then deploy the one or more software components in a target computing environment.

Abstract: A digital asset security device, includes an asset capture unit configured to electronically capture a digital asset, a processor configured to digitally sign the captured asset, a memory configured to store a digitally signed asset from the processor, and a hashing module in communication the asset capture unit, the processor, and the memory, and configured to provide a cryptographic hash to one or more of the captured asset and the digitally signed asset.

Abstract: An image processing device includes: a recognition unit configured to recognize a part of a confidential target from a captured image; a processing unit configured to process the captured image such that the part recognized by the recognition unit is concealed; an encryption unit configured to encrypt data relating to the part recognized by the recognition unit; and a merging unit configured to merge data of the image processed by the processing unit and the data encrypted by the encryption unit.

Abstract: A method including configuring a security device to store, in a database, a trusted fingerprint determined based at least in part on encrypting trusted connection information included in a trusted transmission packet received from a trusted source application; configuring the security device to determine a current fingerprint based at least in part on encrypting current connection information included in a current transmission packet received from a current source application; configuring the security device to compare the current fingerprint with the trusted fingerprint; and configuring the security device to process the current transmission packet based at least in part on a result of comparing the current fingerprint with the trusted fingerprint. Various other aspects are contemplated.

Abstract: An example operation may include one or more of connecting, by a smart note, to a blockchain configured to store Bitcoins (BTCs) of a user on a ledger, displaying, by the smart note, a value of a BTC read from the ledger on a display screen located on the smart note, detecting, by the smart note, a press of a button located on the smart note, generating, by the smart note, a BTC address pair in response to the detecting of the press of the button, checking, by the smart note, if a private key associated with the smart note has been used, in response to a confirmation that the private key has not been used, generating and displaying, by the smart note, a trusted symbol indicating to the user of the smart note that the private key has not been used, and transferring, by the smart note, the value of the BTC to the blockchain using the private key associated with the smart note.

Abstract: A microprocessor device comprising an implementation of a cryptographic operation constructed to process parameters and generate an output, wherein at least some of the parameters are obfuscated such that the cryptographic operation processes the obfuscated parameters, wherein the parameters which are obfuscated are obfuscated in that they are encrypted according to an additive homomorphic cryptographic system.

Abstract: A symmetric cryptography for encrypting and decrypting information is provided, that can be implemented efficiently in hardware or in software. The symmetric cryptography uses a key generator, so that the cryptography is not dependent on a single, static cryptography key. The key generator is a value or collection of values from which the key is generated. In some embodiments, the key generator substantially increases the computational complexity of differential cryptanalysis and other cryptographic attacks because it has more entropy than the key(s). In an embodiment, the key generator is updated with one-way functions exhibiting the avalanche effect, which generates an unpredictable sequence of keys used during the encryption or decryption process. In an embodiment, a dynamic key is derived from a key generator with a one-way function. In an embodiment, a block cipher uses a different dynamic key to encrypt each block of plaintext, where each key is derived from a different key generator.

Abstract: A tamperproof diamond package comprises a package body; at least one chip embedded in the package body and at least one antenna configured to enable communication with the chip; anti-counterfeiting visual impressions on the package body; a diamond pouch formed at a predetermined section within the package body; and one or more diamonds located inside the diamond pouch and an outer covering encasing the package body and configured to reveal any tampering with the one or more diamonds located in the diamond pouch. The diamond package can be credit card shaped and also contains serial number and website information and be provided in nominal dollar values. An associated diamond exchange system utilizes the diamond packages and provides a registration server which stores unique identifying information that enable interrogating the individual diamond packages and checking their authenticity with the registration server.

Abstract: It is provided a method for managing central secret keys of a plurality of user devices associated with a single public key. The method is performed in a key manager and comprises the steps of: receiving, from a first user device, transformation data and an identifier of a second user device; obtaining a first central secret key associated with the first user device; generating a second central secret key by applying the transformation data to the first central secret key, wherein the transformation data is applied in reverse to how the same transformation data is applied by the first user device to a device secret key of the first user device; and storing the second central secret key in association with the second user device.

Abstract: Aspects of the present disclosure relate to encrypted data processing (EDAP). A processor includes a register file configured to store ciphertext data, an instruction fetch and decode unit configured to fetch and decode instructions, and a functional unit configured to process the stored ciphertext data. The functional unit further includes a decryption module configured to decrypt ciphertext data from the register file to receive cleartext data using an encryption key stored within the functional unit. The functional unit further includes a local buffer configured to store the cleartext data. The functional unit further includes an arithmetic logical unit configured to generate cleartext computation results using the cleartext data The functional unit further includes an encryption module configured to encrypt the cleartext computation results to generate ciphertext computation results for storage back into the register file.

Abstract: The present disclosure describes a system, method, and computer program for syncing content across workspace pages. The system creates a first synced block on a first workspace page. Content on workspace pages rendered by the system is stored in blocks and each of the workspace pages has a hierarchy of blocks. The system adds one or more child blocks to the first synced block as content to be synced. The system creates a reference synced block on a second workspace page and adds a pointer to the reference synced block that points to the first synced block. This is done in order to sync the one or more child blocks of the first synced block across the first and second workspace pages, where editing the first synced block or the reference synced block includes editing the one or more child blocks of the first synced block.

Abstract: A method of multi-factor authentication includes receiving, by a first electronic device, a partial digital certificate including partial certificate information omitting at least one authentication factor from complete certificate information, and a signature encrypting a first hash of the complete certificate information with a certificate authority private key. The method also includes obtaining the first hash by decrypting, by the first electronic device, the signature with a certificate authority public key corresponding to the certificate authority private key; generating, by the first electronic device, a second hash based on the partial certificate information in the partial digital certificate and the at least one authentication factor; and comparing, by the first electronic device, the second hash to the first hash.

Abstract: Groups of devices may be prevented from accessing content by encrypting the content. A plurality of secrets associated with a decryption key may be generated using a secret sharing algorithm. The plurality of secrets may be sent to one or more groups of devices to derive the decryption key. A non-restricted subset of the groups of devices may receive one or more secrets. Devices within the non-restricted subset of the groups may be able to use one or more secrets to determine the decryption key for the content. Groups that do not receive one or more secrets may be unable to determine the decryption key for the content.

Abstract: Embodiments of the present disclosure provide systems and methods for sharing encrypted organization data packets among network devices using service-oriented protocol. Method implemented at first network device associated with first autonomous system (AS) includes accessing organization packet (OP) routing information, data structure and service information relating to organization associated with first AS. OP routing information and the service information are being accessed based on organization identifier of the organization and the service information indicating service type associated with the organization. Method includes sending connection request including the data structure and the service information to second network device to establish linked network path. The method includes receiving acknowledgment from the second network device.

Abstract: A method including storing, by a device in a database, a trusted fingerprint determined based at least in part on encrypting trusted connection information included in a trusted transmission packet received from a trusted source application; determining, by the device, a current fingerprint based at least in part on encrypting current connection information included in a current transmission packet received from a current source application; comparing, by the device, the current fingerprint with the trusted fingerprint; and processing, by the device, the current transmission packet based at least in part on a result of comparing the current fingerprint with the trusted fingerprint. Various other aspects are contemplated.

Abstract: In an approach to collaborative discourse, responsive to receiving a collaborative discourse, a document corpora of the collaborative discourse is analyzed. A picture metadata is analyzed for each image in a graphic repository. A machine learning model is derived based on the analysis of the document corpora and the analysis of the picture metadata. Appropriate images are selected from the graphic repository based on the machine learning model, where the appropriate images closely align with the collaborative discourse.

Abstract: A system and method to perform a forensic analysis of a file including: one or more processors; and a memory storing computer-readable instructions that, when executed by the one or more processors, cause the system device to: receive one or more files for analysis; identify a file format for the file; determine whether the file format is a supported multimedia file; parse the file to separate structural elements from the file; generate a profile structural signature for the one or more files; a database including a plurality of profile structural signatures corresponding to known hardware and/or software; determining whether the one or more files matches one of the plurality of profile structural signatures; and providing an indication of an identity of the known hardware and/or software for the one or more files upon a determination that the one or more files matches one of the plurality of profile structural signatures.

Abstract: Disclosed are various approaches for verifying the compliance of a TLS session with TLs policies. Traffic between an application and a destination server can be routed through a TLS gateway. The TLS gateway can inspect TLS handshake messages for compliance with TLS policies.

Abstract: The technical idea of the present invention relates to a method for forming a virtual private network and a virtual private network operating system, which provide a virtual private network by performing signature and authentication based on a post quantum cryptography. A method for forming a virtual private network performed by a server according to the technical idea of the present invention comprises the steps of: generating a private key including a first key vector corresponding to a grid and a second key vector having a first distance from the first key vector; receiving a handshake request from a client; performing a signature by using the private key; and transmitting a certificate and an authentication message including the signature to the client.

Abstract: The disclosed embodiments are related to the generation of a personal identifier within a memory device. In one embodiment, a method is disclosed comprising generating an asymmetric key pair from a physically unclonable function (PUF), the asymmetric key pair including a public key and a private key; generating a certificate signing request (CSR) for the public key, the CSR including a user identifier and a customer public key; requesting a digital certificate of the public key from a certificate authority (CA), the certificate authority storing a mapping between the customer public key and the user identifier; receiving a message from a host device; signing the message using the private key; and transmitting the signed message and the digital certificate to a computing device.

Abstract: Systems and methods for generating and tracking molecular digital signatures to ensure authenticity and integrity of NA molecules are disclosed. In some embodiments, a NA authentication system includes a NA authentication device coupled to one or more user devices. Methods for generating a signed NA sequence, validating a signed NA sequence, and detecting/correcting potential errors within a user allowable limit using a NA authentication system are disclosed. Methods for associating a signed NA sequence with a digital representation of the NA sequence, using a NA authentication system, are disclosed.

Abstract: A method for data security implemented as an application on a device includes generating a request for one or more secret shares needed to reconstruct a key. The device stores a first secret share in its memory. The method also includes signing the request with a certificate that identifies the request as valid without identifying the device, and sending the request, signed with the certificate, to at least one other device. The method further includes receiving, from the at least one other device, the one or more secret shares, determining whether the one or more secret shares received from the at least one other device is sufficient to reconstruct the key, and reconstructing the key using the first secret share and the one or more secret shares upon determining that the one or more secret shares are sufficient to reconstruct the key.

Abstract: Systems and methods for dynamically encrypting requests in accordance with embodiments of the invention are disclosed. In one embodiment, a computer-implemented method includes obtaining a notification indicating an updated private key has been issued for a third-party service, obtaining, based on the notification, an updated public encryption key associated with the third-party service, generating a security token for the third-party service, the security token associated with a caching system, obtaining, from a secured database and based on the security token, the updated private key, storing, using the caching system, a routing entry comprising the security token and encrypted based on the updated private key, receiving, from a client device, a request to access the third-party service, authenticating the request with the third-party service using the routing entry, and redirecting the client device to the third-party service.

Abstract: An efficient search of a target string by a query string in homomorphically encrypted space. The target string may be encoded by reordering its characters into a plurality of target substrings, each encoding non-sequential characters of the target string separated by a periodic stride K and different target substrings having stride sequences offset relative to each other. The query string may be encoded into a plurality of query substrings, each defining a repeating sequence of a different respective character value in the query string. Each of the substrings may be homomorphically encrypted and hashed. The plurality of hashed encrypted target substrings and plurality of hashed encrypted query substrings may be compared to determine if there is a search result match. A rolling hash may iteratively update the plurality of hashed encrypted target substrings by one target string slot and the comparison may be repeated for each iterative update.

Abstract: A system for implementing mixed protocol certificates, the system includes a subject device designed and configured to receive, from an issuing device, a first digital certificate, wherein the first digital certificate further comprises a first digital signature public and private key pair according to a first digital signature protocol and a second digital signature public key according to a second digital signature protocol, wherein the second digital signature protocol is distinct from the first digital signature protocol, to generate a second digital certificate, wherein generating the second digital certificate comprises generating a subject digital signature signing the certificate, the subject digital signature generated as a function of the second digital signature protocol and to provide the first digital certificate and the second digital certificate to a verifying device.

Abstract: Provided are a computer program product, system, and method for determining a frequency at which to execute trap code in an execution path of a process executing a program to generate a trap address range to detect potential malicious code. Trap code is executed in response to processing a specified type of command in application code to allocate a trap address range used to detect potentially malicious code. A determination is whether to modify a frequency of executing the trap code in response to processing a specified type of command. The frequency of executing the trap code is modified in response to processing the specified type of command in response to determining to determining to modify the frequency of executing the trap code.

Abstract: In one example an apparatus comprises a computer readable memory; and a signature module to generate a set of cryptographic keys for attestation of group member devices and a set of leaf nodes in a sub-tree of a Merkle tree corresponding to the set of cryptographic keys, forward the set of leaf nodes to a group manager device, receive, from the group manager device, a subset of intermediate nodes in the Merkle tree, the intermediate nodes being common to all available authentications paths through the Merkel tree for signatures originating in the sub-tree, and determine a cryptographic key that defines an authentication path through the Merkle tree, the authentication path comprising one or more nodes from the set of leaf nodes and one or more nodes from the intermediate nodes received from the group manager device. Other examples may be described.

Abstract: The object of the invention relates to a method in which a telecommunications operator or an e-delivery provider can send notices by email to one or a number of recipients, certifying the content of the notice and with a link to a proxy server of a CA (certification authority) who will verify the digital certificate of the recipient and their identity.

Abstract: A watermark representing a link to an original video and/or metadata such as haptic metadata associated with the original video is embedded in the original video in such a way that a re-recording to the original video can still preserve the watermark. The watermark can be used to link to the original video or to the metadata related thereto.

Abstract: Apparatus, systems and methods for agile network isolation through use of packet level non-repudiation (PLNR) are provided. Using a fast cryptography to verify that incoming packets are undeniably being received from the identified source, real-time attack notifications can be independently verified and shared among the network devices to remove compromised nodes from the network. The ability to collaborate among nodes without trust may be achieved via PLNR, to share attack notifications in real-time may be achieved via Telling Attack Layer (TATL), and to establish the identity of an attack in a permanent and binding way may be achieved via DISCOvery (DISCO).

Abstract: A method and system of creating and managing encryption keys that facilitates sharing of encrypted content. The system may include an information management system with a key management server and a computing device having an encryption service module. The encryption service module detects operations at the computing device and encrypts a document with an encryption key created using user information and a secret.

Abstract: The invention relates to an industrial process controller comprising at least three field devices coupled to one another by means of a data link, with the field devices controlling and/or monitoring an industrial process, wherein the field devices are configured to store a block chain, wherein the block chain comprises a plurality of blocks, and wherein the blocks store use data. The process controller is characterized in that the field devices are configured to delete one or more blocks from the block chain and to adapt the block chain to the change caused by the deletion.

Abstract: Methods of half-duplex communication systems or full-duplex communication systems are provided. The half-duplex communication system includes n number user units-including a transmitting unit of transmitting units, wherein the transmitting unit including a channel estimation module, an identity update module and a modulation module; a receiving unit of receiving units including a demodulation module, a post-processing module and a reconciliation and verification module; a memory unit for storing prime identities, data to be transmitted and shared secret key; a control unit; an antenna connected to each of the transmitting units and each of the receiving units; and the methods are used for realizing a generation of shared secret keys, and an integrated identity verification and a data transmission using the half-duplex communication systems and the full-duplex communication systems.

Abstract: A method for securing a secret of a client using an escrow agent operatively connected to the client includes initiating enrollment of the client with the escrow agent, wherein the enrollment results the escrow agent generating a key pair comprising a public key and a private key, obtaining the public key from the escrow agent, wherein the private key is not shared with the client, encrypting the secret with the public key to obtain an encrypted secret, and storing the encrypted secret on the client.

Abstract: Techniques are described that enable maintaining of session stickiness across authentication and authorization channels in an access management system, through the use an identifier for an access manager from a plurality of access managers. The access manager authenticates a user of a client device based on an authentication request. In response to response to successful authentication of the user, the access manager creates a session. The access manager also generates the identifier and causes the identifier to be stored for the session. The access manager can then receive a second request, which is sent to the access manager based on identifying the access manager using the stored identifier.

Abstract: The authentication device holds first data and second data, the first data to authenticate the authentication target device of a version from a first version same as the authentication device to a second version newer than the first version, the second data to authenticate the authentication target device of a version newer than the second version. The authentication target device holds a plurality pieces of first target data and second target data, the plurality pieces of first target data corresponding to each of versions from a third version same as the authentication target device to a fourth version older than the third version, one second target data corresponding to each of versions from a fifth version to a sixth version, the fifth version being older than the fourth version by one version, the sixth version being older than the fifth version.

Abstract: A technique for distributed electronic signature processing includes displaying a document for signature on a first device along with an optically-readable code. A second device scans the optically-readable code displayed by the first device, initiating a process that transfers signature entry from the first device to the second device, which may receive handwritten signatures input or otherwise provided thereon. The second device then accepts the physical signature, which is used to effectuate a signing of the document.

Abstract: The present disclosure relates exposure notification, and in particular to techniques for verification of positive test results from public health authorities where individuals submit notice using public health approved mobile applications for exposure notification and/or contact tracing. When an individual attempts to submit a positive test result notification in a mobile application, the associated device's mobile number will be requested. This mobile number will then be sent a verification code to be entered in the application. At this point, these codes shall be stored digitally in escrow. A regular data feed from a health authority shall be provided that shall include an agreed encryption (irreversibly encrypted or reversibly encrypted) of the mobile numbers associated with any reported test. Any results submitted in the application that have a matching encryption of the mobile numbers shall be released from the escrow for subsequent notification.

Abstract: An intelligent determination of code change review assignments and subsequent secured access to the determined assignments. Code changes undergo code change complexity determination which is based on (i) a level of importance of the module(s) in which the changes occur, (ii) the volume of metadata files impacted by the code changes, and (iii) the dependency of the code changes on external modules. A distributed trust computing network is implemented and a code change smart contract which relies on smart contract rules is used to determine and allocate code change review assignments. In this regard, data blocks within a distributed ledger define individual segments/portions of the code change file with each data block identifying a code change review assignment.

Abstract: A method for key agreement between a first party and a second party over a public communications channel, the method including selecting, by the first party, a first value “a”; multiplying the first value “a” by a second value “b” using Knuth multiplication to create a third value “d”, the third value “d” being a semistandard tableau; sending the third value “d” to the second party; receiving, from the second party, a fourth value “e”, the fourth value being a second semistandard tableau comprising the second value “b” multiplied by a fifth value “c” selected by the second party; and creating a shared secret by multiplying the first value “a” with the fourth value “e” using Knuth multiplication, wherein the shared secret matches the third value “d” multiplied by the fifth value “c” using Knuth multiplication.

Abstract: A system and method generate private keys for devices participating in a self-certified identity based encryption scheme. A private key is used by the devices to establish a common session key for encoding digital communications between devices.

Abstract: Disclosed herein is a data storage device comprising a data path and an access controller. The data path comprises a data port configured to transmit data between a host computer and the data storage device. The data storage device is configured to register with the host computer as a block data storage device. A non-volatile storage medium stores encrypted user content data and a cryptography engine is connected between the data port and the storage medium and uses a cryptographic key to decrypt the encrypted user content data. The access controller generates a challenge for an authorized device; sends the challenge to the authorized device; receives a response to the challenge from the authorized device over the communication channel; calculates the cryptographic key based on the response; and provides the cryptographic key to the cryptography engine to decrypt the encrypted user content data stored on the storage medium.

Abstract: Disclosed are a method and apparatus for determining evidence authenticity based on a blockchain ledger. The method includes: identifying target electronic evidence, providing a relatively high authenticity reference score for the target electronic evidence in response to that it is determined that the target electronic evidence is stored by at least one candidate blockchain ledger platform, and providing a relatively low authenticity reference score for the target electronic evidence in response to that it is determined that the target electronic evidence is not stored by at least one candidate blockchain ledger platform. If the target electronic evidence corresponds to a relatively high authenticity reference score, it indicates that the identified target electronic evidence has a relatively high degree of authenticity (possibility of being authentic) and a relatively low possibility of being tampered with.

Abstract: The system generates a validation tool in response to receiving an indication to initiate validation. The system identifies at least one media content item based on a user profile, and generates at least one question based on the at least one media content item. The at least one media content item may include an image, a video, text, or a combination thereof. The system determines at least one answer corresponding to the at least one question. The question and answer may be determined based on a question template. For example, the template may be selected based on attribute types or values of the at least one media content item. The system generates the at least one question for output on an output device. Upon receiving input indicative to an answer, the system compares the inputted answer to the determined answer to determine whether to validate the user.

Abstract: A virtual payment system for paying for goods, services and content ordered over an internetwork is disclosed. The virtual payment system includes a commerce gateway. Buyers and sellers becomes registered participants by applying for virtual payment buyer and seller accounts. Once an account is established with the commerce gateway, a digital certificate is stored on the registered participant's computer. A buyer can then order a product, i.e., goods, services or content from a seller and charge it to the virtual payment account. When the product is shipped, the seller notifies the commerce gateway, which applies the charges to the buyer's virtual payment account. The buyer can settle the charges using a prepaid account, a credit account, or by using reward points earned through use of the virtual payment account. A buyer may create sub-accounts.