Abstract: A method is set forth for signing and subsequently verifying a plurality of digital messages, including the following steps implemented using at least one processor-based subsystem: selecting parameters including an integer q, a relatively smaller integer p that is coprime with q, and a Gaussian function parameter; generating random polynomial f relating to p and random polynomial g relating to q; producing a public key that includes h, where h is equal to a product that can be derived using g and the inverse of f mod q; producing a private key from which f and g can be derived; storing the private key and publishing the public key; producing a plurality of message digests by hashing each of the digital messages with the public key; for each message digest, producing a digital signature using the message digest, the private key, and a Gaussian noise polynomial related to the Gaussian function parameter; and performing a batch verification procedure utilizing the plurality of digital signatures and the public

Abstract: A method of providing a login to website requested from a computing device, by a biometric information based authentication device which interworks with a control server, is provided. The method includes detecting a login request message transmitted from the computing device to a website server providing the website, extracting login session information from the login request message, outputting an authentication result with respect to received biometric information, and transmitting authentication information comprising the login session information and the authentication result to the control server. The login session information is transmitted from the control server to the website server to determine, by the website server, the login allowance of the website.

Abstract: The authentication method of a block chain authentication module includes: receiving an authentication preparation request; configuring a channel and generating a channel key allocated to the channel; generating a block including an authentication comparison data, the block further including a block key allocated to the block; commonly transmitting the channel key and the block key, and dividing and transmitting the authentication comparison data; transmitting an authentication preparation completion message including the channel key and the block key; receiving an authentication request message including the channel key, the block key, and authentication target data; dividing and transmitting the authentication target data; receiving a result of comparing the divided and transmitted authentication comparison data with the divided and transmitted authentication target; and determining whether the authentication of the terminal succeeds.

Abstract: A table key capable of decrypting a first table from a plurality of encrypted tables may be received. Each of the encrypted tables may include at least one pair of values corresponding to a challenge value and a response value. A request to authenticate a secondary device may be received and in response to the request to authenticate the secondary device, a challenge value obtained by using the table key to decrypt an entry in the first table may be transmitted to the secondary device. A second challenge value may be transmitted to the secondary device and a cryptographic proof may be received from the secondary device. The validity of the cryptographic proof received from the secondary device may be authenticated based on the second challenge value and the response value obtained by using the table key to decrypt the entry in the first table.

Abstract: An integrated circuit includes a semiconductor substrate having a rear face. A first semiconductor well within the substrate includes circuit components. A second semiconductor well within the substrate is insulated from the first semiconductor well and the rest of the substrate. The second semiconductor well provides a detection device that is configurable and designed, in a first configuration, to detect a thinning of the substrate via its rear face, and in a second configuration, to detect a DFA attack by fault injection into the integrated circuit.

Abstract: A method of accessing data at a device, wherein the data is stored remotely from the device or in removable storage. The method may the following steps: (i) sending a request from the device to access the data, the request including an identification code of a secure element or a memory card associated with the device, (ii) verifying, based at least partly on the identification code, whether access to the data is to be allowed or denied, and (iii) allowing or denying the device access to the data accordingly.

Abstract: A method for verifying content data to be used in a vehicle is provided. The method includes acquiring content data, acquiring, from partial data divided from the content data, a respective plurality of first hash values, acquiring a signature generated by using the first hash values and a key, acquiring state information that indicates a state of a vehicle, determining an integer N that is greater than or equal to one based on the acquired state information, generating, from N pieces of partial data included in the partial data, respective second hash values, verifying the content data by using each of (a) a subset of the plurality of first hash values respectively generated from partial data other than the N pieces of partial data, (b) the second hash values, and (c) the signature, and outputting information that indicates a result of the verifying.

Abstract: An authentication system for V2X communication systems includes a first node having a V2X communication module with a processor, a memory, and input/output ports communicating a request to join and periodically communicating a first data packet to the V2X communication system. The authentication system having a private blockchain including a plurality of participant nodes within a predefined optimized area of one another, the blockchain receiving and validating the request to join the V2X communication system, and upon successfully validating the request to join the V2X communication system, periodically sending a second data packet from the plurality of participant nodes to the first node. The input/output ports receiving the second data packet, the processor executing a first control logic stored in the memory to extract the second data packet and a second control logic selectively generating a notification based on the contents of the second data packet.

Abstract: A system and method is provided for a cryptographic primitive and authentication protocol comprised of micro-cavity resonators at optical wavelengths. A micro-cavity resonator is illuminated with an optical challenge signal and the cavity returns an output response that is dependent on the input signal. Digital signal processing is performed on the output signal to generate a corresponding digital representation. This process is repeated for variations of the input signal with its digital output being stored in a database. A user or object claiming an identity presents a token to the system. The system selects a subset of the available challenge-response pairs and presents the challenges to the token. The system compares the digitized responses with the original responses expected for that token. The system will approve or deny the claimed identity corresponding to the presented token.

Abstract: Examples of a system and method for securing data on a computing device are described herein. One or more cryptographic operations are executed on at least a portion of data stored in a memory module of the computing device in response to a change of operational state of the system from a first operational state to a second operational state.

Abstract: A first login request for the first service is received at a first server that provides a first service and from a terminal. Device identifier information of the terminal is generated by a hardware processor at the first server. The device identifier information of the terminal is associated, by the hardware processor at the first server, with first login state information. The first login state information indicates that the terminal has logged into the first server. The device identifier information and the first login state information are transmitted to a second server. The second server provides a second service that has a trusted login relationship with the first service.

Abstract: Examples relate to integrity reports. In an implementation, an entity for executing a function is launched, the entity operating one or more files for executing the function. In response to the entity being launched, an entity image integrity report is generated comprising, for one or more files operated by the entity, a reference to the file measurement in a first integrity report the first integrity report containing measurements of a plurality of files operable in one or more entities. Alternatively, in response to the entity being launched, an entity integrity report is generated comprising a file measurement for each of the files operated by the entity.

Abstract: Provided are a security apparatus and an operation method thereof. The security apparatus comprises a core circuit which performs a security function by using an authentication key such as a secret key provided by a physically unclonable function (PUF). The security apparatus may receive event information indicating that the security apparatus is in a security-vulnerable state such as a case where the security apparatus is stolen or lost. In such case, a power management circuit can apply at least one electrical shock of overvoltage and overcurrent to the security apparatus to cause physical damage to the security apparatus, so that the core circuit does not perform the security function normally.

Abstract: Privacy protection methods, systems, and apparatus, including computer programs encoded on computer storage media, are provided. One of the methods is performed by a second computing device and includes: receiving a data request for object data from a first computing device, wherein the object data is associated with an object and is stored in the second computing device; performing encryption of the object data using a public key associated with the object based on the data request to generate a first ciphertext; obtaining verification data based on the first ciphertext for verifying whether a ciphertext to be verified corresponds to the object data; and sending the verification data to the first computing device for the first computing device to execute a cryptography protocol with a third computing device based on the verification data.

Abstract: The present invention discloses methods and systems for sending information packets from a first network node to a second network node. An aggregated tunnel is established between the first network node and the second network node. An information packet is determined whether to be sent according to profile condition(s) of the aggregated tunnel and then according to a selected policy. When a selected policy is selected and the information packet is sent through a tunnel according to the selected policy. When no policy is selected, the information packet is sent through one of a first group of tunnels. When no profile is selected, the information packet is sent through a network interface of the first network node.

Abstract: A method for preserving privacy in an HTTP communication between a client and a server includes: intercepting an HTTP request that is sent from the client to the server; extracting a cookie from the HTTP request, the cookie including a cookie name and a cookie value; splitting the cookie value into information segments; and modifying one or more of the information segments based on predefined modification rules.

Abstract: Methods and systems for managing and/or processing a blockchain to maintain data security for confidential and/or personal data are provided. According to certain aspects, the disclosed data security techniques may enable access sharing functionality utilizing the blockchain. For example, access sharing may be utilized to file documents, share policy information, and/or comply with an audit. The data security techniques disclosed herein also enable the use of smart contracts to transfer funds associated with payment obligations and/or other forms of blockchain based payments, comply with anti-money laundering requirements, report industry data, validate interest payments and/or maintain agent sales data. Data security may be achieved through the use of public key/private key encryption techniques.

Abstract: A device and method for user authentication. The device for authentication includes an extraction unit configured to extract a signal feature of a brainwave signal of a user to be authenticated and a comparison unit configured to compare the signal feature with a signal feature sample pre-stored in a feature library on an individual basis. When there a signal feature sample is matched with the signal feature, the device retrieves account information and a password of the user according to the matched signal feature sample. The device for authentication further includes a response unit configured to respond to a request of the user according to the account information and the password. The present disclosure can improve the security and convenience of user authentication.

Abstract: A method for storing a data file, ‘DF’ on a storage entity, ‘SE’ includes a computing entity, ‘CE’, chunking the DF into a number of blocks using a one-way-function and a chunking key. The CE may compute a hash value for each of the blocks. One or more proxies, ‘PE’, may check whether the blocks are already stored, resulting in a first number of already stored blocks and a second number of blocks not being stored. The CE may encrypt the blocks not being stored using an encryption key, transmit the encrypted blocks to the SE for storing, and inform the PE about the hash value of each of the transmitted blocks and corresponding storage location information of the transmitted blocks.

Abstract: Provided are an entity identity validity verification method and device with multiple trusted third parties being involved. In the application, validity of identities of entities performing mutual identity validity verification can only be verified by different trusted third parties. During the verification process, the trusted third parties that are respectively trusted by the two entities interact with each other, and provide identity validity verification services for mutual identity validity verification between the entities, to complete the identity validity verification between the entities.