Abstract: The present invention analyzes the text of a received file to determine if the file likely is a forensic artifact of a ransomware attack on a computer system. If the computer system concludes that the file is likely an artifact of a ransomware attack, the system terminates or ignores all related processes, thereby minimizing the harm caused to the computer system.

Abstract: Methods and apparatus for a secure time service are disclosed. A time server including a time source, a cryptographic key and a cryptographic engine is instantiated within a provider network. A time service endpoint receives a timestamp request from a client. The endpoint transmits a representation of the request to the time server, and receives, from the time server, an encryption of at least a timestamp generated using the time source. A response comprising the encryption of at least the timestamp is transmitted to the requesting client.

Abstract: Techniques for sending encrypted data includes establishing a plurality of different links between a first node and a different second node. The different links are different physical layer links or different virtual private network (VPN) links or some combination. The method also includes encrypting plaintext using a first value for an encryption parameter to produce ciphertext. Further, the method includes sending a first plurality of messages that indicate the ciphertext using at least one link of the plurality of different links. Still further, the method includes sending a different second plurality of messages that indicate the first value for the encryption parameter using at least one different link of the plurality of different links without introducing a random bit error.

Abstract: The embodiments described herein describe technologies for Module management, including Module creation and Module deployment to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a first command to create a Module and executes a Module Template to generate the Module in response to the first command. The RA device receives a second command to create a deployment authorization message. The Module and the deployment authorization message are deployed to an Appliance device. A set of instructions of the Module, when permitted by the deployment authorization message and executed by the Appliance device, results in a secure construction of a sequence of operations to securely provision a data asset to the target device.

Abstract: System and methods are provided for determining whether a media file in a private network has been suspiciously modified. In embodiments, a server controlled by a service provider, for example, can generate a digital provenance for a media file from a trusted device and immutably store a hash value representing the digital provenance of the media file. Subsequent instances of the media file that are detected within the private network, in embodiments, are evaluated by the server using the digital provenance of the media file in order to identify changes to the content of the media file. In further embodiments, the server can modify the content of a suspiciously modified media file to include a marker that disclaims the content and/or otherwise indicates that the media file has been modified.

Abstract: In response to receiving a primary wireless LAN connection request from a computing device, a wireless access point (WAP) establishes a temporary wireless LAN associated with a temporary service set identifier (SSID) of a computing device. WAP stores a computing device identifier of the computing device in association with the temporary SSID. WAP communicates to the computing device, a CAPTCHA challenge-response test requesting connection to the temporary wireless LAN. WAP awaits, for a timeout period, a temporary wireless LAN connection request by the computing device to communicate over the temporary wireless LAN. In response to receiving or failing to receive the temporary wireless LAN connection request from the computing device within a timeout period, WAP classifies the computing device as a human or machine user. WAP applies network policies to communications of the pending computing device over the primary wireless LAN based on the machine or human user classification.

Abstract: The technology disclosed herein provides a proof-of-work key wrapping system that uses key thresholding to cryptographically control data access. An example method may include: accessing a plurality of cryptographic key shares, wherein two or more of the plurality of cryptographic key shares enable access to content; selecting, by a processing device, a set of cryptographic attributes in view of a characteristic of a computing device; encrypting the plurality of cryptographic key shares to produce a plurality of wrapped key shares, wherein at least one of the plurality of cryptographic key shares is encrypted in view of the set of cryptographic attributes; and providing a wrapped key share of the plurality of wrapped key shares and at least one of the cryptographic attributes to the computing device, wherein the at least one cryptographic attribute facilitates deriving an access key from the plurality of wrapped key shares.

Abstract: An oblivious distributed file system is provided using an oblivious random access machine (ORAM), including an ORAM balanced tree structure, where each node in the tree is configured to store data blocks, the structure including at least two shares. The system also includes at least two ORAM servers, each of the servers configured to communicate with a client ORAM device, and programmed to facilitate storage of a different subset of the shares of the tree structure using a distributed file system and to implement an access procedure of a tree-based ORAM using the tree structure, including a retrieval phase and an eviction phase. In the retrieval phase, the servers utilize an authenticated Private Information Retrieval (PIR) protocol to retrieve data blocks as requested from the client ORAM device. In the eviction phase, the servers utilize a linear secret sharing scheme.

Abstract: An approach is provided for a homomorphic cryptosystem for use in resource-constrained environments (e.g., vehicle-based use cases) or when computer resources are to be conserved. The approach involves, for example, generating a nonce at a first device (e.g., vehicle engine control unit (ECU)). The approach also involves performing a homomorphic operation on the nonce and a ciphertext to generate a resulting cipher. The ciphertext is provided by a second device (e.g., a data server). The approach further involves attaching the resulting cipher to a request payload (e.g., to request secure data from the data server). The approach further involves transmitting the request payload including the nonce to the second device (e.g., the server).

Abstract: This disclosure generally relates to methods, systems, and devices for enhanced physical (PHY) layer security. A device may determine a physical layer (PHY) frame to be sent to a station device. The device may identify an encryption seed sequence to be used for encrypting a first portion of the PHY frame. The device may include an indication of the encryption seed sequence in a first field of one or more fields of the PHY frame. The device may encode the first portion of the PHY frame using the encryption seed sequence. The device may cause to send the PHY frame to the station device.

Abstract: Devices, systems, and methods of contextual mapping of web-page elements and other User Interface elements, for the purpose of differentiating between fraudulent transactions and legitimate transactions, or for the purpose of distinguishing between a fraudulent user and a legitimate user. User Interface elements of a website or webpage or application or other computerized service, are contextually analyzed. A first User Interface element is assigned a low fraud-relatedness score-value, since user engagement with the first User Interface element does not create a security risk or a monetary exposure. A second, different, User Interface element is assigned a high fraud-relatedness score-value, since user engagement with the second User Interface element creates a security risk or a monetary exposure.

Abstract: Methods, apparatuses, and storage media storing instructions for scanning electronically-stored files are provided. A file stored in a computer-readable storage medium is scanned. Based on the scanning, a common analysis is performed on the file for two or more software functions. Based on the scanning, a software function-specific analysis is performed on the file for a respective software function. Two or more decisions on the file is made for the two or more software functions based on the common analysis and the software function-specific analysis.

Abstract: Various embodiments are provided for performing weighted partial matching under homomorphic encryption in a computing environment. Selected data may be encoded and encrypted into an encrypted query for comparison using private set intersection (PSI) under homomorphic encryption (HE). An encrypted score may be determined according to data blocks of the selected data and a set of weights for each of the data blocks of the selected data to identify matches between the data and the encrypted query. The encrypted score may be decrypted and decoded to identify matches between the encrypted query with the selected data.

Abstract: The present invention relates to a method of generating a secure RSA key by a server comprising the steps of: •generating (S1) a private RSA key d and a RSA modulus integer N; •splitting (S2) the secret key integer d in j key shares dJ of length n, with j in [1, J], J being an integer, and such that d=d1+d2+ . . . +dJ mod phi(N), with each key share dj being equal to (dj(0) . . . dj(i) . . . dj(n/b?1)) with each key share component dj(i) in {0 . . . 2{circumflex over (?)}b?1} and i in [0, n/b?1], b being an integer inferior to n and phi the Euler's totient function; •encrypting (S3) with a fully homomorphic encryption (FHE) algorithm each key share component dj(i) of the private RSA key d by using a Fully Homomorphic Encryption secret key ps of a set Ss comprising the index couple (i,j), to generate an encrypted key share component edj(i) of said secure RSA key, said set Ss being a set of integer couples, among a predetermined integer number u of disjoint sets {S1, S2 Ss, Ss+1, . . .

Abstract: A network usage control method comprises receiving (S2, S5) a handset identifier (e.g. an IMEI number) of a requesting terminal device (2) seeking to use a mobile network (4); retrieving verification information (S7) for verifying an identity of an authorised terminal device associated with the handset identifier; verifying (S9), based on the verification information, whether the requesting terminal device (2) is the authorised terminal device; and controlling (S10, S11) usage of the mobile network by the requesting terminal ON device in dependence on whether the requesting terminal device is verified as the authorised terminal device. Cryptographic keys can be used to bind the handset identifier to a particular handset and verify that a device presenting a given handset identifier is actually the authorised handset for that handset identifier. This prevents thieves being able to circumvent blacklisted handset identifier of a stolen handset by cloning a valid handset identifier from another device.

Abstract: A method for managing collected transportation vehicle data relating to a transportation vehicle in a database. The transportation vehicle data are stored in the database together with information relating to a permissible use of the transportation vehicle data. The database allows access to the transportation vehicle data only according to the information relating to the permissible use. The method includes receiving information relating to a desired use of the transportation vehicle data and updating the information relating to the permissible use of the transportation vehicle data according to the information relating to the desired use of the transportation vehicle data.

Abstract: Techniques for brokering authorization between a user-facing service and a backend service are disclosed. A proxy service, operating independently of the user-facing service and the backend service, exposes an application programming interface (API) configured to receive requests from the user-facing services to perform functions of the plurality of backend services. The proxy service stores user authorization data that authorizes a user of a particular user-facing service to use a function of a backend service. The proxy service receives, via the API, a request to perform the function for an account associated with the user. Responsive to receiving to the request, the proxy service uses the user authorization data to access the backend service to perform the function for the account associated with the user.

Abstract: The present invention relates to methods, systems and apparatus for providing efficient packet flow fillrate adjustments and providing protection against distributed denial of service attacks. One exemplary embodiment in accordance with the invention is a method of operating a communication system including the steps of receiving, at a session border controller, a first SIP invite request message; making a decision, at the session border controller, as to whether the first SIP invite request originated from an Integrated Access Device or an IP-PBX device; generating, at the SBC, a packet flow fillrate based on said decision as to whether the SIP invite request originated at an Integrated Access Device or an Internet Protocol-Private Branch Exchange (IP-PBX) device.

Abstract: Examples associated with credentialed encryption are described. One example method includes receiving an encryption request from a local process via a secure channel. The encryption request includes a credential associated with the local process. Whether the local process is authorized to access an encryption function is verified using the credential. The encryption function specified in the encryption request is performed using a security key unique to a system performing the method. A result of the encryption function is provided to the local process.

Abstract: Transport Layer Security (TLS) connection establishment between a client and a server for a new session is enabled using an ephemeral (temporary) key pair. In response to a request, the server generates a temporary certificate by signing an ephemeral public key using the server's private key. A certificate chain comprising at least the temporary certificate that includes the ephemeral public key, together with a server certificate, is output to the client by the server, which acts as a subordinate Certificate Authority. The client validates the certificates, generates a session key and outputs the session key wrapped by the ephemeral public key. To complete the connection establishment, the server applies the ephemeral private key to recover the session key derived at the client for the new session. The client and server thereafter use the session key to encrypt and decrypt data over the link. The ephemeral key pair is not reused.