Abstract: A cryptographic system that can prevent encryption and decryption processes from being inefficient as an encryption key is updated is provided. The cryptographic system includes: a first encryption unit for encrypting original data in a first encryption method using a main key to generate first encrypted data; a second encryption unit for encrypting the first encrypted data in a second encryption method using a sub key to generate second encrypted data; a database for storing the second encrypted data generated; a key update unit for updating the current version of the main key to a new version of the main key and updating the current version of the sub key to a new version of the sub key; and a data update unit for converting the second encrypted data encrypted with the current version of the sub key into a state encrypted with the new version of the sub key.

Abstract: Various configurations and techniques for enabling bidirectional cryptographic input output (IO) operations with an IO device of a computing system are disclosed herein. In an example, electronic operations of a computing system to enable a secure direct memory access (DMA) transaction including writing information to enable the secure DMA transaction to memory, reading and verifying the information from memory, performing encryption of data from the IO device using the information from memory, and writing encrypted secure data for the secure DMA transaction to the memory. In a further example, the information to enable the secure DMA transaction may include a counter value written by authorized software, and encrypting the secure data using the counter value, to prevent replay of the secure encrypted data by software other than the authorized software.

Abstract: The present invention relates to the field of information display and information playback on medical fluid management machines, in particular dialysis machines in which there should be a simple and reliable transmission of patient features and machine features to a mobile computer. The present invention is based on the problem of making available to the operating personnel information pertaining to the medical fluid management machine or a treatment to be performed therewith and doing so in a simple and convenient manner such that certain information should be readable only by certain groups of people. In this regard methods and devices have been proposed with which specific graphic codes are generated, encrypted and displayed or applied, these graphic codes being inputable and decodable by a mobile computer.

Abstract: The disclosed hash and message padding functions are based on the permutation composition problem. To compute a hash of a message using permutation composition based hashing, the message is split into equal size blocks. For each block, a permutation composition value is computed. The block permutation composition values are then combined through composition to generate an overall permutation composition value. The hash of the message is then based on the overall permutation composition value. To pad a message using permutation composition based padding, the message is split into equal size blocks. For each block, a permutation composition value is computed and the permutation composition value is added to the block. The padded blocks are then recombined to generate the padded message.

Abstract: A functional program stored in a memory area of an electronic card may be protected against an attack by disturbance of electrical origin intended to modify at least one logic state of at least one code of this program. The method may include: a storage step during which codes of the functional program and codes of a check program intended to check the logical behavior of the functional program are stored in the memory of the card; and a step of executing at least one code of the functional program followed by a step of checking the logic states of the functional program by executing the check program. During the storage step, the codes of the check program are stored in a memory area formed by addresses that are defined so that the attack by disturbance of electrical origin has no influence on the logic states of this program.

Abstract: A method and apparatus for encrypting an area of an electronic document are provided. The method includes displaying the electronic document, receiving an input signal including information about a first point and a second point of the electronic document, shifting an area adjacent to the first point toward the second point in response to the input signal, displaying only an area of the electronic document other than an encrypted area determined according to a result of the shifting, and enabling a lock mode that maintains a state of displaying the area other than the encrypted area.

Abstract: A method for creating a virtual SIP user agent by use of a webRTC enabled web browser (200) comprises a user logging in to a web application server (400) via a webRTC enabled web browser (200). The web application server (400) uses the logged on user identity to lookup an associated SIP user identity along with a registrar server address and the web application server (400) initiates a SIP registration procedure using its IP address as the registered contact.

Abstract: In one embodiment, a command is received from a video provider at a media rendering device, the command being a command to embed a subscriber ID in at least one video frame in a video stream. A random key, k is also received from the video provider at the media rendering device. An injective transformation is invoked for k and the subscriber ID, the injective transformation generating a sequence of pairs of: near-transparent patterns and corresponding time periods. Logical blocks of the at least one video frame in the video stream are overlaid with one of the near-transparent patterns for its one of the corresponding time periods. Related apparatus, systems, and methods are also described.

Abstract: Technologies for securing communication may include monitoring a secured network connection between a client and a server. The secured network connection may be secured using a symmetric cryptographic key. The technologies may also include detecting a transmission of secured information between the client and the server, copying the transmission, forwarding the transmission to an intended recipient, decrypting the transmission using the symmetric cryptographic key, and determining whether the transmission is indicative of malware.

Abstract: Embodiments are disclosed for profiling network-level malicious activity. Profiling embodiments include observing malicious activity, representing such activity in accordance with a set of representative features, capturing temporal evolution of this malicious behavior and its dynamics, and using this temporal evolution to reveal key risk related properties of these networks. Embodiments are further disclosed addressing the connectedness of various networks and similarity in network-level maliciousness. Embodiments directed to similarity analyses include focusing on the notion of similarity—a quantitative measure of the extent to which the dynamic evolutions of malicious activities from two networks are alike, and mapping this behavioral similarity to their similarity in certain spatial features, which includes their relative proximity to each other and may be used to help predict the future maliciousness of a particular network.

Abstract: A method performed by a processing system includes reconstructing a metadata tree of a patient from a metadata tree journal, the metadata tree including a plurality of references to a corresponding plurality of encrypted electronic health records of the patient in an encrypted data store, and validating the metadata tree by comparing first integrity information of the metadata tree to second integrity information corresponding to the metadata tree journal provided by a metadata integrity validator.

Abstract: In an approach for authenticating a user attempting to access to a resource, a processor receives an indication of a user attempting to access a resource within a timeframe, wherein the indication includes a location of the user. A processor identifies a location requirement for the user attempting to access the resource, wherein the location requirement originates from an entry indicating an expected location of the user within the timeframe, and wherein the entry is unmodifiable by the user. A processor determines whether the expected location of the user matches, within a threshold, the received location of the user attempting to access the resource.

Abstract: There is provided an information processing apparatus including an encrypted-ID generation section which encrypts a unique ID to generate an encrypted ID, the unique ID being set as an ID unique to the information processing apparatus, a communication section which sends the encrypted ID as ID information to be sent to another apparatus, an individualization code holding section which holds, in advance, an individualization code capable of being generated by decrypting the ID information in the other apparatus, and an access key generation section which generates an access key used for authentication with the other apparatus based on the individualization code held by the individualization code holding section.

Abstract: Documents that have been compromised by malware are detected and recovered. A hash of a portion of a file of a document is generated. An identifier of the file includes a signature that is embedded in the file, with the identifier including the hash of the portion of the file and other file information, such as a pathname of the file. A list that includes the identifier of the file is consulted before generating a backup copy of the file. The file is restored from the backup copy of the file in response to detecting that the file has been encrypted.

Abstract: The present disclosure provides a screen shielding method, applied to a display device of an electronic device, wherein the display device has a display region, and the electronic device is arranged to execute a plurality of applications. The screen shielding method includes determining whether a first predetermined input signal has been received when a first application of the plurality of applications has been executed in the foreground, and producing a privacy block in response to the first predetermined input signal for entering a privacy protect mode.

Abstract: The present application generally relates to systems, devices, and methods to conduct the secure exchange of encrypted data using a three-element-core mechanism consisting of the key masters, the registries and the cloud lockboxes with application programming interfaces providing interaction with a wide variety of user-facing software applications. Together the mechanism provides full lifecycle encryption enabling cross-platform sharing of encrypted data within and between organizations, individuals, applications and devices. Control of the private key required for decryption is maintained by the information owner. More specifically, the mechanism establishes unique identities, verifies authenticity, generates and securely exchanges asymmetric encryption key pairs, encrypts, transmits, receives and decrypts data to/from cloud lockboxes; creates and appends metadata specific to the applications and retrieves and/or act upon metadata.

Abstract: Technologies are generally described for systems, devices and methods effective to detect a potential attack on a memory of a memory device. In some examples, a processor may send a request to the memory device. The request may include a request for information that relates to memory writes to the memory of the memory device. The processor may receive a response from the memory device. The response may include the information that relates to the memory writes. The processor may determine, based on the response, an amount of memory of the memory device written to during an interval of time. The processor may detect the potential attack based on the amount of memory written to and based on the interval of time. The processor may then generate an alert based on the detection of the potential attack.

Abstract: A shut-off circuit interrupts the flow of power to the system circuit of a portable device, when liquids are detected within the portable device. Liquid sensors are placed proximate to the ports of the portable device. The ports may admit the flow of liquids, so the liquid sensors may detect the passage of liquids into the portable device. If the liquid sensors detect liquids entering the portable device, a shut-off circuit interrupts the flow of power from the battery to the system circuit.

Abstract: A method of performing cross-authentication in a vehicle controller interworking with an external device includes: generating a random number S and transmitting the random number S to the external device according to an authentication request message received from the external device; generating a variable i using a first function having the random number S as a parameter; generating a first session key Ks using a second function having the variable i and a pre-stored secret key K as parameters; receiving a first response key from the external device; generating a second response key using a third function having the random number S, the variable i and the first session key Ks as parameters; and authenticating the external device based on whether the first response key is equal to the second response key.

Abstract: A command executing method for a memory storage apparatus is provided. The method includes grouping logical addresses into logical address groups and assigning a key for each of the logical address groups independently. The method also includes receiving a write command and write data corresponding to the write command and temporarily storing the write data into a buffer memory. The method further includes executing the write command, enabling a direct memory access once to transfer the write data from the buffer memory to a writable non-volatile memory module of the memory apparatus and encrypting each sector data of the write data with keys corresponding to the logical address groups that the logical address storing the sector data belong to.