Abstract: A data sharing method of a user device is provided. The data sharing method includes receiving, from a server device storing information, a private key corresponding to the information, performing a homomorphic encryption of the private key by a homomorphic encryption key provided from the server device, and generating a switch key, and uploading the switch key to a blockchain system. Accordingly, a more effective and clear data sharing is provided.

Abstract: A device may include one or more processors to establish a media access control security (MACsec) key agreement (MKA) session between a first network device and a second network device via a MACsec link; establish a fast heartbeat session via the MACsec communication link, between a first packet processing engine of the first network device and a second packet processing engine of the second network device, to permit the first packet processing engine and the second packet processing engine to exchange fast heartbeat messages via the fast heartbeat session and the MACsec communication link; determine, based on the fast heartbeat session, that the MKA session has ended; and/or perform an action based on the MKA session ending.

Abstract: The technology disclosed herein provides a method to control the resources used in a device. An implementation of such a method includes generating a device configuration ledger block based on initial assembly of components of a storage device, storing the device configuration ledger block on a node of a distributed ledger, detecting an activation of the device; in response to detecting the activation of the device, generating a current distributed ledger block based on current assembly of components of the storage device, comparing the current distributed ledger block with the device configuration ledger block, and in response to determining that the current distributed ledger block does not match with the device configuration ledger block disabling the operation of the device.

Abstract: Systems, methods, and apparatus for biometric digital signature generation for identity verification are disclosed. In one or more embodiments, a method for identity verification of a user comprises sensing, by at least one sensor, biometric information from the user. The method further comprises generating, by a sensor device, biometric data from the biometric information. Also, the method comprises hashing, by the user device utilizing a fuzzy hash algorithm or a hash algorithm (i.e. a non-fuzzy hash algorithm), at least a portion of the biometric data to generate a biometric digital signature for the user. In addition, the method comprises comparing, by a verification node, the biometric digital signature to a previous biometric digital signature for the user. Further, the method comprises verifying, by the verification node, the user when the verification node determines that the biometric digital signature is identical to the previous biometric digital signature for the user.

Abstract: A computer-implemented method includes sending key group information to a storage system. The key group information includes keyID information for client data keys in the key group. The client data keys enable deduplication of data chunks encrypted in any of the client data keys in the key group. The method also includes generating deduplication information. The deduplication information includes fingerprints associated with chunks of client data. The method also includes encrypting the data chunks with one of the client data keys, wherein a corresponding decryption key for the encrypted data chunks is not available to the storage system. The method includes sending the deduplication information to the storage system for use in a deduplication process by the storage system and sending the encrypted data chunks to the storage system.

Abstract: Methods and systems for rules-based data access are described. In some embodiments, a request for access to customer data by a requesting entity is received; the data is categorized; the person's preferences with respect to allowing access to data are compiled; a requesting entity is determined; and the providing entity that collected each requested data item is determined. Data shareability rules are evaluated based on the policies that regulate the access of the customer data and the requesting entity, and the customer data is provided to the requesting entity according to the evaluation.

Abstract: A method for setting up an execution rule of an operating environment for a communication terminal in a mobile network of an operator. The environment is referred to as a operator profile. The operator profile is stored in a subscriber module embedded in the terminal. According to the method, the subscriber module: obtains a first token signed by the operator and includes information relative to the identification of the rule; obtains a second token signed by a third party other than the operator and including a first element for verifying the authenticity of the first token; verifies the authenticity of the first token by using the first verification element; verifies the authenticity of the second token by using a second verification element; and sets up the rule in the subscriber module if the authenticity of the first and second tokens is verified.

Abstract: Techniques for securing communication. The techniques include using at least one device to perform: selecting a first operation from a plurality of operations, each of the plurality of operations associated with a respective type of data to be encrypted; generating first data to be encrypted at least in part by performing the first operation; encrypting both information identifying the first operation and the first data to obtain corresponding first ciphertext; and outputting the first ciphertext.

Abstract: A device (1) is configured to derive a first security key based on information relating to a first node (17), to request use of or to use a further device (9) as a relay to the mobile communication network and to determine whether the further device is connected to the first node and/or receive a message when another device, e.g. the first node, has determined that the further device is not connected to the first node. The device is further configured to, upon determining that the further device is not connected to the first node or upon receipt of the message, derive a second security key based on information relating to a second node (11) to which the further device is connected and transmit information via the further device, the information being encrypted using the second security key.

Abstract: Systems and methods of managing fraudulent devices are provided. The system detects a request for a connection to communicatively couple a technician computing device with a receiver computing device. The system identifies connection data for the connection. The system requests, based on the connection data, a plurality of account values. Each of the plurality of account values is associated with an account that the technician computing device used to establish the connection. The system generates a score indicating a fraudulent level of the account based on the plurality of account values. The system terminates, responsive to a comparison of the score with a fraud threshold, the connection. The system transmits, to a ticketing system, a support ticket generated responsive to the comparison of the score with the fraud threshold.

Abstract: Embodiments for protecting data stored and transmitted in a computer network, by receiving confidential data from a client, the data organized into labeled fields and corresponding data elements; filtering the received data to identify fields that require data masking; generating a security prediction on the corresponding data elements using a machine learning process; separating the masked data into tokenized data having a respective token associated with each corresponding data element; and storing the tokenized data on a blockchain secure ledger to ensure integrity of the received data and prevent an ability to tamper with the received data.

Abstract: A method of blockchain-based data management of distributed binary objects includes identifying a binary object to be stored in a first data store. The method further includes encrypting, by a processing device, the binary object using a cryptographic function of a blockchain to generate an encrypted binary object. The method further includes storing the encrypted binary object in the first data store. The method further includes storing a reference to the encrypted binary object on the blockchain.

Abstract: Examples in this application disclose data check computer-implemented methods, media, and systems. One example computer-implemented method includes retrieving, by a trusted execution environment (TEE), a check-triggering instruction from a server, where the check-triggering instruction is configured to trigger the TEE to perform a consistency check on basic data of a user to be identified, in response to the check-triggering instruction, retrieving, by the TEE, encrypted standard basic data of the user from a trusted institution, retrieving, by the TEE, encrypted basic data of the user from a first institution, retrieving, by the TEE, the basic data of the user by decrypting the encrypted basic data, performing, by the TEE, the consistency check on the basic data of the user based on the encrypted standard basic data to obtain a check result, and sending, from the TEE, the check result to a second institution.

Abstract: A communication adapter includes: an input unit receiving an operation for requesting transition to a setting mode; a mode setting unit setting a communication mode to the setting mode when the input unit receives the operation for requesting transition to the setting mode; a character string generation unit generating a random character string when receiving a connection start request from a terminal in the setting mode; an image generation unit converting the random character string into image data indicating an image that is difficult for a machine to recognize; an encryption processing unit encrypting transmission data to be transmitted to the terminal using the random character string as an encryption key, and decrypting reception data received from the terminal using the random character string; and a communication processing unit transmitting the image data and the encrypted transmission data to the terminal, and receiving the reception data from the terminal.

Abstract: A passive continuous-variable quantum key distribution scheme, where Alice splits the output of a thermal source into two spatial modes, measures one locally and transmits the other mode to Bob after applying attenuation. A secure key can be established based on measurements of the two modes without the use of a random number generator or an optical modulator.

Abstract: An example operation may include one or more of receiving medical data of a user, creating metadata of the medical data which includes a unique identifier of the user and a searchable description of the medical data which describes one or more attributes included in the medical data but does not expose the medical data, encrypting the medical data to generate encrypted medical data, generating a data block having stored therein the created metadata of the medical data and the encrypted medical data, and storing the generated data block within a distributed ledger such that the generated data block is hash-linked to a previous data block on the distributed ledger.

Abstract: Aspects of the present invention disclose a method, computer program product, and system for performing a validation of authentication credentials from a user. The method includes one or more processors receiving authentication credentials input in an authentication session, the authentication credentials including a username and a password. The method further includes one or more processors generating a hash of the password of the received authentication credentials. In response to determining that the received authentication credentials are not valid, the method further includes one or more processors determining whether the generated hash of the password matches a stored hash associated with the username of the received authentication credentials.

Abstract: The present disclosure describes a system that notifies users regarding specific user decisions with respect to solution phishing emails. The system notifies users when users perform specific actions with respect to the untrusted phishing emails. The system pauses execution of these actions and prompts the user to confirm whether to take the actions or to revert back to review the actions. In contrast from anti-ransomware technologies which are entirely in control, the system gives the user autonomy in deciding actions relating to untrusted phishing emails. The system interrupts execution of actions related to untrusted phishing emails in order to give users a choice on whether to proceed with actions.

Abstract: According to an aspect, there is provided a first node for evaluating an event using a function. A corresponding computer-implemented method of operating a first node to 5 evaluate an event using a function is also provided. The function is evaluated by two parties using garbled circuits, with each party garbling a circuit representing the function, and evaluating the circuit garbled by the other party.

Abstract: A data sharing method, server and storage medium including receiving a first part of a first key from a first client, the first key corresponding to encrypted data uploaded to a block of an information sharing system generating a first authorization code corresponding to the encrypted data; transmitting the first authorization code to the first client; based on receiving an access request from a second client for the encrypted data, obtaining a second authorization code and an incomplete key from the access request; based on the second authorization code being the same as the first authorization code and the second authorization code being valid, generating a second key according to the incomplete key and the first part of the first key corresponding to the encrypted data decrypting the encrypted data according to the second key to obtain the plaintext data; and transmitting, to the second client, the decrypted plaintext data.