Abstract: Disclosed is a method of encrypted storage of data, applied to a client having an application (APP) installed thereon. The method includes: generating an encryption key based on a preset algorithm; dividing the encryption key into m portions, and respectively storing the portions in m media of the client, where m is a natural number greater than 1; and encrypting target data by using the encryption key.

Abstract: The present disclosure relates to authenticity and data security for bus-based communication networks in a vehicle. The present disclosure teaches a protocol frame, a sender on data link layer, and a receiver on data link layer providing such authenticity and data security as well as a communication network in a vehicle employing the protocol frame, the sender and the receiver according to the present disclosure.

Abstract: Disclosed embodiments relate to systems and methods for securely and privately auditing web sessions. Techniques include receiving, from a browser extension executing on a user endpoint device, encrypted browser session data and an encrypted session key, storing the encrypted browser session data and the encrypted session key; receiving, from an auditor endpoint device, an audit request associated with the stored encrypted browser session data; retrieving the stored encrypted browser session data and the stored encrypted session key based on the audit request; and transmitting at least some of the encrypted browser session data and the encrypted session key to the auditor endpoint device to enable access to the browser session data by the auditor endpoint device.

Abstract: Methods and systems for performing on demand access transactions are disclosed. In one example, the method includes receiving, by a directory service computer from an authorizing computer, a file including a primary access identifiers and virtual access identifiers, the virtual access identifiers not being capable of being used at resource providers to conduct transactions. The method also includes receiving a request to provide an access token that is associated with an account, the request comprising information that identifies the account. The method further includes retrieving a virtual access identifier based on the identifying information; and requesting, by the directory service computer to a token service computer, that the access token be provisioned on the user device or an application computer associated with an application on the user device.

Abstract: The invention relates to a method for generating cryptographic keys according to a key derivation function model. An embodiment includes the following steps: defining a master key for different models of a product type from a manufacturer; defining a set of key derivation parameters for the key derivation function model; determining the key derivation parameters for the model for which a cryptographic key is to be derived; deriving a single cryptographic key or a set of cryptographic keys from the master key according to the key derivation function model taking into account the key derivation parameters, wherein the step of defining a set of key derivation parameters comprises at least the following parameters: key type identification and key type learning counter.

Abstract: A user identity authentication method includes: receiving first information input by a user, and obtaining intermediate information of the user from a block-chain; generating second information by using the first information and the intermediate information; and obtaining a matching result by determining whether the second information matches result information stored in the block-chain, and determining whether user identity of the user is valid according to the matching result.

Abstract: A data monitoring system comprising a server communicatively coupled to a client device and a data module via a network. The server is configured to store a private key of a public-private key pair associated with the data module, receive a request from the client device for authenticated access to the data module, and generate an authentication key based at least on the private key and a time. The client device is configured to generate the request for authenticated access to the data module and transmit the request to the server. The data module is configured to store the private key of the public-private key pair associated with the data module, generate the authentication key based at least on the private key and the time, and grant access to the data module if the authentication key generated by the data module and the authentication key generated by the server match.

Abstract: Blockchain-based file handling is provided by receiving a data file from a user device, storing the data file to local storage of the blockchain peer, generating a file identifier of the data file, providing the file identifier to the user device, storing the file identifier to a synchronized ledger of the blockchain network, where the synchronized ledger tracks access to the data file, and distributing data of the data file to one or more other blockchain peers of the blockchain network.

Abstract: Method and apparatus for protecting against a jitter attack upon a cryptographic processing device. In some embodiments, the cryptographic processing circuit is configured to perform a cryptographic function on a set of input data to generate a corresponding set of transformed output data. An input line supplies an input signal used by the cryptographic processing IC during execution of the cryptographic function. A monitor circuit monitors the input signal, and temporarily disables the cryptographic processing IC when time-varying changes to the input signal indicate a jitter attack may be taking place. The input signal may be a source voltage, and voltage transitions in the source voltage can be monitored. Alternatively, the input signal may be a clock signal, and frequency variations in the clock signal can be monitored. The monitor circuit may be arranged on a power island to maintain power during power fluctuations.

Abstract: An example operation includes one or more of selecting, by a trust maintainer node, at least two blockchain nodes to be assigned as non-human intelligent nodes controlled by separate consortiums, identifying, by the trust maintainer node, a plurality of blockchain nodes that are not assigned as non-human intelligent nodes, assigning, by the trust maintainer node, a trust value to each of the plurality of the blockchain nodes based on voting histories of each of the plurality of the blockchain nodes to determine an overall trust value of a blockchain, and responsive to the overall trust value of the blockchain being below a minimum threshold, selecting at least one node from the plurality of the nodes to be assigned as the non-human intelligent node to increase the overall trust value of the blockchain.

Abstract: Double key encryption encrypts sensitive data using a content key, obtains a user public key from a key management service, encrypts the content key using the user public key, and encrypts the result using a cloud service provider key. Data confidentiality is protected efficiently through multilevel encryption and also by utilizing keys that are managed by different entities. Sensitivity labeling allows analytics to track sensitive data without compromising confidentiality. Compliance mechanisms may use attribute-based access control to support storage of sensitive data in a cloud, but only inside a permitted region, and without giving the cloud service provider access to the sensitive data.

Abstract: A virtual machine (VM) provisioned in the IaaS platform from a custom OS distribution that implements a remote attestation of itself. The VM can prove its privacy and integrity properties to an external party using a set of OS-level restrictions and IaaS-level validations. Remote attestation provides guarantees that the VM administrator cannot tamper with the VM operation and cannot access sensitive data. The attested properties are guaranteed by the correct operation of the underlying VM technology.

Abstract: A method for registering and provisioning an electronic device is provided. The method includes a step of inserting a first keypair into a secure element of the electronic device. The first keypair includes a public key and a private key. The method further includes a step of requesting, from a server configured to register and provision connected devices, a provisioning of credentials of the electronic device. The method further includes a step of verifying, by the server, the electronic device credentials. The method further includes a step of registering, by the server, the electronic device. The method further includes a step of transmitting, from the server to the electronic device, a device certificate. The method further includes steps of installing the transmitted device certificate within the secure element of the electronic device, and provisioning the electronic device according to the installed device certificate.

Abstract: A data message authentication system in a vehicle communication network includes a sequence generator configured to generate a sequence representative of an intra-message pattern; a parsing processor configured to receive a data message, receive the sequence from the sequence generator, select a subset of data segments from the data message based on the intra-message pattern, and output the selected subset of data segments; and a tag generator configured to receive the selected subset of data segments from the parsing processor and generate an authentication code based on the selected subset of data segments, where the authentication code corresponds to the data message.

Abstract: Software installed in the nodes in a communication network allows them to perform a “name server” function, which entails the management of a dynamic list of the client devices that are connected to the cloud, a “task” function, which entails the receipt and transmission of the packets, and an “authority” function, which entails the determination of the routes of the packets through the cloud. Each node is capable of performing only one function at a time. After completing a job, a node reverts to an undifferentiated, state awaiting its next performance request.

Abstract: Generating unique data encryption keys for a data set, by allocating a data set associated with a security policy, where the security policy specifies a key encryption key (KEK) label, retrieving the KEK label from the security policy, storing the KEK label as metadata of the data set, opening the data set for a first time write, generating a data encryption key (DEK), retrieving a KEK from a key store according to the KEK label, encrypting the DEK using the KEK, storing the encrypted DEK as metadata of the data set, and encrypting the data set using the DEK.

Abstract: Embodiments of this specification provide methods and systems for operating an IoT device An exemplary method comprises: receiving, by a user equipment, an operation instruction for the IoT device from a user, wherein the user equipment is communicatively coupled with the IoT device; identifying, by the user equipment, a biometric feature of the user; verifying, by the user equipment, an identity of the user based on the biometric feature; signing, by the user equipment, the operation instruction using a first user key of the user in response to the identity of the user being verified; transmitting, by the user equipment, the signed operation instruction to the IoT device; verifying, by the IoT device, the signed operation instruction using a second user key of the user; and executing, by the IoT device, the operation instruction in response to the signed operation instruction being verified.

Abstract: In a cryptographic apparatus, a cryptographic module executes first assurance check processing, which is processing for satisfying a predetermined certification requirement on image data of first software, and also executes second assurance check processing, which is processing for satisfying the above predetermined certification requirement on a verification target, which is at least part of image data of second software, and on which verification for satisfying the predetermined certification requirement is not performed by a device.

Abstract: An electronic apparatus for managing data based on a block chain and a method therefor are provided. The electronic apparatus includes a communication interface, a memory, and a processor to receive a request for accessing data from an authenticated user, generate first block information regarding the request by including information on the request and at least one second block information related to the request from among a plurality of second block information stored in the memory, transmit the generated first block information to at least one of a plurality of external apparatuses constituting a block chain, and update the plurality of second block information stored in the memory based on the generated first block information. The plurality of second block information includes information on a block regarding a latest access history by category among a plurality of blocks included in block chain data shared by the plurality of external apparatuses.

Abstract: Technologies for providing policy-based secure containers for multiple enterprise applications include a client computing device and an enterprise policy server. The client computing device sends device attribute information and a request for access to an enterprise application to the enterprise policy server. The enterprise policy server determines a device trust level based on the device attribute information and a data sensitivity level based on the enterprise application, and sends a security policy to the client computing device based on the device trust level and the data sensitivity level. The client computing device references or creates a secure container for the security policy, adds the enterprise application to the secure container, and enforces the security policy while executing the enterprise application in the secure container. Multiple enterprise applications may be added to each secure container. Other embodiments are described and claimed.