Abstract: A cryptographic processing method comprises the following steps: obtaining a second number determined by adding to a first number the order of a finite group or a multiple of this order; determining a quotient and a remainder by dividing the second number by a random number; obtaining a third element equal to the combination of elements equal to a first element of the finite group and in number equal to the product of the quotient and the random number; obtaining a fourth element equal to the combination of elements equal to the first element and in number equal to the remainder; determining a second element by combining the third element and the fourth element.

Abstract: A method for performing segmenting locking and merging control of encrypted digital assets based on time dimension is provided. The method being mainly provided to achieve segmenting locking and merging control of encrypted digital assets by adding a time attribute to encrypted digital asset. Using the method for performing segmenting locking and merging control of encrypted digital assets based on time dimension of the present invention, through the processing of encrypted digital assets in the time dimension, which not only can use smart contracts or hash locking to realize the automated transfer of encrypted digital assets in the future, and the transferred encrypted digital asset before the set time, also can transfer and transaction; meanwhile, since the segmentation object is based on the assets currently held by the user, therefore the deterministic payment of future value rights also can be ensured, has a wider range of applications.

Abstract: The present disclosure pertains to provisioning of credentials, and in particular to provisioning of authentication credentials to a computer device for accessing a cloud platform computer system. The computer device obtains sensor data and sends a request including a device identifier to a provisioning server using a provisioning server network address. The computer device receives a response, from the provisioning server, including a platform credential and a platform server network address of a platform server. The computer device stores the platform credential. The computer device sends the sensor data and the platform credential to the platform server using the platform server network address.

Abstract: A method of generating a cryptographic algorithm according to one embodiment of the present disclosure includes generating one or more key tables on the basis of a seed value; generating a first transformation function that converts an input bit string, which is input to one of input branches of a Feistel structure, into a first random bit string having a length that extends beyond a length of the input bit string; generating a second transformation function that converts a second random bit string generated by referencing the one or more key tables into a third random bit string having a length that is the same as the length of the input bit string; and generating a block cryptographic algorithm of a Feistel structure which includes a round function to which the one or more key tables, the first transformation function, and the second transformation function are applied.

Abstract: A method of generating a cryptographic algorithm includes generating at least one key table on the basis of a seed value; generating, by using a round tweak bit string and an input bit string that is input to one of input branches of a Feistel structure, a first transformation function converting the input bit string into a first random bit string having a length that extends beyond a length of the input bit string, generating a second transformation function converting a second random bit string generated by referencing the one or more key tables into a third random bit string having a length that is the same as the length of the input bit string, and generating a block cryptographic algorithm of a Feistel structure which includes a round function to which the one or more key tables, the first transformation function, and the second transformation function are applied.

Abstract: A vehicle control device that verifies integrity of a program within a higher-importance region containing a start-up program; and that verifies integrity of a program within a lower-importance region in a state in which the program within the higher-importance region has been started up by the start-up program.

Abstract: Disclosed is a method of verifying integrity of a pair of public and private cryptographic keys within the additive group of the integers modulo N, with N being the product of two primary numbers p and q, the method including: calculating a candidate private exponent d? corresponding to a private exponent d of the private key; and executing a test of integrity. The test of integrity includes a step for verifying the coherence of the candidate private exponent d? with respect to a public exponent e of the public key and to the numbers p and q, the verification step involving a first multiple modulo of the public exponent e of the public key and a second multiple modulo of the public exponent e of the public key.

Abstract: There is provided a computer-implemented method for managing third-party access to data, to increase data security and/or privacy. The method comprises receiving, from a third-party computer, a request to access data, wherein the request is indicative of at least one requested operation. A validity of each of the requested operations is determined in dependence on permission data stored in a distributed public ledger. The permissions data defines, for said third-party computer, a set of permissible operations and one or more permissible data attributes associated with each of the set of permissible operations. The request and the validity are logged in the distributed public ledger.

Abstract: Systems and methods for evaluating security risks using a manufacturer-signed software identification manifest are described. In some embodiments, an Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution, cause the IHS to: receive a request to perform attestation of a client device; retrieve, from an agent executed by the client device, a manifest comprising: (i) a signature portion encrypted with a first key, and (ii) a software identification (SWID) portion encrypted with a second key; retrieve the first key from a manufacturer database; retrieve the second key from a customer database; decrypt the signature and the manifest with the first and second keys; and perform the attestation using the decrypted manifest.

Abstract: A system for using hardware-secured receptacle devices includes a transfer processing device configured to store transfer method data associated with user on at least a cryptographically secured receptacle device, receive user authentication credentials from a user, authenticate user identity as a function of the user authentication credentials, retrieve a transfer authorization from the at least a cryptographically secured receptacle device as a function of the transfer method data, generate a transfer as a function of the transfer authorization.

Abstract: Methods, systems and computer program products for improving performance of a cryptographic algorithm are described. First, data to be encrypted/decrypted is provided as input to the system. A primary key, or multiple keys (in case of asymmetric cryptography), is generated for the encryption/decryption process. The primary key consists of metadata as well as key blocks containing secondary keys. The metadata contains information explaining how the data will be handled from algorithmic structure to the base cryptographic scheme to be used. Further, the data is split and processed via relevant portions of the key blocks. Finally, the completed encrypted/decrypted data segments are combined in order to complete the process. The used process ensures higher performance as well as higher algorithmic entropy than comparable methods in literature or on the market.

Abstract: An integrated-circuit device comprises a processor, a hardware key-storage system, and a key bus. The hardware key-storage system comprises a non-volatile key storage memory, which includes a key register, for storing a cryptographic key, and an address register, for storing a destination memory address for the cryptographic key. The hardware key-storage system further comprises output logic for sending the cryptographic key over the key bus to the destination memory address, and write-once logic for preventing an address being written to the address register unless the address register is in an erased state.

Abstract: Embodiments relate to switching a neural processor circuit between non-secure and secure modes. A security controller of the neural processor circuit indicates that a transition from the non-secure mode to the secure mode is to occur. The security controller waits for a neural task manager of the neural processor circuit to clear out any existing non-secure tasks in queues. After the existing non-secure mode tasks are cleared, the security controller switches the neural processor circuit to the secure mode. While in the secure mode, secure tasks are added to one or more queues and executed, and data for processing in the neural processor circuit is received from a secure source. The neural processor circuit may to transition back to the non-secure mode when all secure mode tasks are completed.

Abstract: Disclosed is a system for managing trust. The system comprises at least one wearable device, at least one terminal device and a server arrangement. The server arrangement is configured to determine occurrence of a first type of event between a wearable device and another wearable device or a second type of event between the wearable device and a terminal device; receive a device ID and a class of each of the at least one wearable device and the at least one terminal device; receive a rating and process the rating to generate updated activity information for each of the wearable device, and the other wearable device or the terminal device; update a profile corresponding to each of the at least one wearable device or the at least one terminal device with the updated activity information and allocate an incentive for the profile based on the updated activity information.

Abstract: In one embodiment, a computer-implemented method of a data processing (DP) accelerator obtaining a watermark of an artificial intelligence (AI) model includes receiving, from a host device, the AI model to execute on the DP accelerator, and receiving input data that triggers output from the AI model on the DP accelerator. The DP accelerator calculates AI model output, in response to the received input and provides the output to the host device. The output can be a watermark extracted from the AI model. DP accelerator can call a security unit of the DP accelerator to digitally sign the output. In an embodiment, the security unit digitally signs the output from the AI model using a key that is retrieved from, or is derived from, a key stored in a secure storage on the security unit.

Abstract: An example system with a pre-OS (Operating System) environment, the pre-OS environment includes a private memory that is isolated from a processor of the system. The pre-OS environment also includes an embedded controller (EC) coupled to the private memory, where the EC includes an embedded key. The EC is to execute instructions to generate an encryption key based on the embedded key; generate a signature key; obtain data; produce an integrity-verification tag based on a hash of the obtained data, where the hash employs the signature key; encrypt the obtained data based on the encryption key; store the encrypted data in the private memory; and store the integrity-verification tag in the private memory in association with the stored encrypted data.

Abstract: A method comprises: receiving, at a first device, a request to decrypt data encrypted with a symmetric key, the encrypted data stored on a memory device; retrieving shards of the symmetric key, the shards encrypted with public keys from a plurality of devices, wherein decryption of the data requires reconstituting the symmetric key from a threshold number of the shards; determining a priority to request decryption of the shards with private keys from the plurality of devices; requesting decryption by the plurality of devices of the shards in the determined priority until the threshold number of shards is reached; reconstituting the symmetric key from the decrypted shards; and decrypting the encrypted data with the symmetric key.

Abstract: Systems and methods for secure collaboration of intellectual property are provided. By way of introductory example, a cloud environment may store a session descriptor indicative of an executable, an input parameter for the executable, and a target recipient. The cloud environment may receive a first and second authorization of the session descriptor from the respective proprietors of the input parameter and the executable. The cloud environment may verify, based on the first authorization and the second authorization, the session descriptor is authorized. The cloud environment may generate, in response to the session descriptor being authorized, a collaboration result based on the executable and the input parameter. The cloud environment may control access to the collaboration result based on the target recipient.

Abstract: Methods and systems for encrypting shared information through its life cycle are described. The method includes receiving and storing a document. The method further includes encrypting document using a primary key. Further, the method includes receiving sharing request from current user of document for sharing document with a next user. The method includes, for each time the document is to be shared with next user in a series, generating a key for next user specified in sharing request. The method further includes encrypting document for next user using key generated for corresponding next user. Furthermore, the method includes binding access rights to document for authorizing request to access document by next user. The method includes sharing encrypted document with next user. Thereafter, the method includes receiving a request to access the document from the next user and providing the access to encrypted document meant for next user to next user.