Abstract: The disclosed embodiments are related to securely updating a semiconductor device and in particular to a key management system. In one embodiment, a method is disclosed comprising receiving a request for an activation code database from a remote computing device, the request including at least one parameter; retrieving at least one pair based on the at least one parameter, the pair including a unique ID (UID) and secret key; generating an activation code for the UID; and returning the activation code to the remote computing device.

Abstract: Systems and methods for hardened key derivation in multi-party computation. The method includes deriving child private key shares from parent private key shares using hardened multiparty computation while maintaining key refresh properties. The method includes selecting a random number generator G and a second random number generator G?. Child private key shares are derived by computing an offset using G?.

Abstract: A router for securing cloud storage and databases and optimizing performance including a processor, a network communication device, and a memory storage device having stored thereon a routing table containing instructions to the router for inserting tags into inbound data requests and routing the inbound data requests responsive to the inserted tags to storage options including secure storage, faster storage location; and storage with fault tolerance features, and a mapping table including a plurality of mappings of records related to the inbound data requests and where the inbound data requests are routed.

Abstract: Disclosed herein are systems and method for synthetic file scanning. In one exemplary aspect, a method may comprise, for each respective file in a plurality of files on a storage device, determining a respective likelihood of the respective file being targeted by the malicious activity, and including, in a subset of files, each respective file in the plurality of files with a respective likelihood that is greater than a threshold likelihood. The method may comprise for each respective file in the subset of files, identifying at least one fragment of the respective file that is susceptible to the malicious activity. The method may comprise extracting and storing at least one fragment from each respective file in a synthetic file, and scanning the synthetic file periodically instead of the plurality of files.

Abstract: Statistical analysis can be used to attempt to identify potentially malicious references, such as trap URLs. When a URL is utilized for a request, that request can be intercepted before analysis before that URL is resolved to an address. Portions of this URL, as well as the entire URL, can be compared against one or more lists of known URLs using a probabilistic matching process to determine whether there are any matches that are very close but not quite exact. Any determined match with high probability above a suspicion threshold can be flagged as being suspicious, or associated with a potentially malicious site. An action can then be taken, such as to block that URL or prompt a user for confirmation of intent.

Abstract: A method for remote browsing, including: running a local browser instance; running a remote browser to interface between a third party and the local browser; sending an image of the remote browser to the local browser and presenting an image of the local browser to the third party; selecting, on the remote browser, a local resource from a virtual representation of the local resource on the remote browser; and redirecting data from the selected local resource from the local browser to the remote browser.

Abstract: A method for data processing, a readable medium, and an electronic device are provided. The method for data processing includes: receiving a data processing task; determining target data corresponding to the data processing task and a target first key corresponding to the target data; decrypting the target first key according to the first session key via a target computing node to obtain the first key, and decrypting the target data based on the first key to obtain the data to be processed; and determining a data processing result according to a target model and the data to be processed. The target computing node is executed in a trusted execution environment. The target model is obtained by decrypting an encrypted target model based on a model key, the model key is stored in a key management service, and the key management service is executed in the trusted execution environment.

Abstract: Techniques for hierarchical encryption for data storage are disclosed, in one or more embodiments. These techniques include parsing an electronic database storage request, based on the syntax of the request, to identify a plurality of request elements and determining, using one or more trained machine learning (ML) models, one or more sensitivities associated with the plurality of request elements. The techniques further include identifying one or more encryption techniques for the plurality of request elements based on the one or more sensitivities, encrypting data associated with the database storage request using the identified one or more encryption techniques, and storing the encrypted data and one or more associated encryption keys in an electronic database, using the electronic database storage request.

Abstract: A method of secure communications between a master and a plurality of devices in a wireless communications network, the method comprising: encrypting, on said master, downlink plaintext for multicast transmission to a plurality of devices over a wireless communications link utilizing a symmetric key encryption algorithm in accordance with a first counter value and a shared symmetric session key; and decrypting, on one of said devices, multicast downlink cyphertext received from said master over said wireless communications link utilizing a symmetric key decryption algorithm in accordance with a second counter value and said shared symmetric session key; wherein said wireless communications link is a short distance wireless link in that said master and said plurality of downlink devices are located within a single industrial complex.

Abstract: A computer-implemented method for generating, storing, and transmitting encryption value sets may include (1) accessing bit value tables each identified by a bit value and randomly selecting a bit value; (2) generating mixing schemes; (3) generating matrix dimensions for encryption; (4) generating encryption deciders and decryption deciders; and (5) sending at least one encryption value set (which may include a mixing scheme, the bit value, two matrix sizes, an encryption decider, and a decryption decider) to a sender for encrypting plaintext. A computer-implemented method for transmitting value sets for decrypting data may include (1) accessing bit value tables each identified by a bit value and randomly selecting a bit value; (2) generating mixing schemes, matrix dimensions, and decryption deciders; and (3) sending at least one decryption value set (which may include a mixing scheme, the bit value, two matrix sizes, and a decryption decider) to a recipient for decrypting ciphertext.

Abstract: Systems and methods for handshaking, without a certificate authority, to provide at least post-quantum communications security over a computer network. The method generates an authentication tag, hashing, by an initiator, a concatenation of unique identifiers of the initiator and a recipient. The method also generates an encrypted text, symmetrically encrypting, by the initiator that is configured to use a shared secret, a concatenation of the authentication tag and the unique identifiers of the initiator and the recipient. The method further includes sending the encrypted text from the initiator to a server. The method also includes symmetrically decrypting, by the server that is configured to use the shared secret, the encrypted text. The method further includes authenticating, by the server, the encrypted text. The method also includes generating a session key and providing the session key from the server to the initiator.

Abstract: In a distributed system, a first computer system may require computationally verifiable assurances of the authenticity and integrity of computations (e.g., performed as part of the execution of a program) performed by a second computer system. Methods described herein may be utilized to enforce and/or ensure the correct execution of a program. The first computer system may delegate execution of a program to a second computer system and a protocol may be employed to constrain the second computer system to perform a correct execution of the program. The protocol may include mitigation and correction routines that mitigate and/or correct the incorrect execution of a program. In various systems and methods described herein, the protocol may utilize a blockchain network such as a Bitcoin-based blockchain network.

Abstract: An Ethernet data transmission circuit, an Ethernet data transmission system and an Ethernet data transmission method are provided. The Ethernet data transmission circuit includes: a polarity processing circuit for processing a polarity carried by Ethernet data into a preset polarity; and an encoder for receiving the Ethernet data and the preset polarity carried by the Ethernet data, and encoding the Ethernet data. On the one hand, the security of Ethernet in a transmission process can be improved; on the other hand, without increasing workload of the encoder, the polarity processing circuit of the Ethernet data transmission circuit can be used to process the Ethernet data to be with a preset polarity, to facilitate the encoder to code.

Abstract: Observing and/or monitoring a computer network that includes a plurality of nodes may involve detecting one or more data flows, or communications, between two or more nodes of the computer network. The data flow(s) may be associated with a user of the computer network. The user may be an individual person, an entity, and/or a software application. A characteristic of the data flow and the user may be determined and these characteristics may be used to determine a level of security risk caused by the data flow in the network. Then, when the level of security risk is above a risk threshold, an alert may be communicated to an operator of the computer network. The alert may be, for example, a message (e.g., email, SMS text message, etc.) and/or display of an icon, or an aspect (e.g., size, color, and/or location) of an icon provided on a graphical user interface (GUI).

Abstract: A terminal device may receive information indicating a first key from a first communication device, receive information indicating a second key from a second communication device. receive first encrypted connection information from a first communication device as a response to a request, decrypt the first encrypted connection information by using the first key indicated by the information received from the first communication device so as to obtain connection information, generate second encrypted connection information by encrypting the obtained connection information by using the second key indicated by the information received from the second communication device; and send the second encrypted connection information to the second communication device, wherein the second communication device decrypts the second encrypted connection information received from the terminal device and establishes a wireless connection with a specific device by using the connection information.

Abstract: An authentication system includes: an information processing apparatus including a first processor; and an authentication server connected to the information processing apparatus through a network and including a second processor. The first processor acquires user registration information stored in a first memory based on an instruction operation of the user, generates an authentication request including data encrypted based on an encryption key included in the acquired user registration information and identification information included in the acquired user registration information, and transmits the authentication request to the authentication server.

Abstract: Dynamic evaluation of data store access store permissions is disclosed: obtaining a set of record identifiers (IDs) associated with a selected data store associated with an external system; determining record-level access permissions associated with a user for records in the selected data store associated with the set of record IDs; inferring one or more data store-level access permissions associated with the user for the selected data store based at least in part on the record-level access permissions associated with the user for the records in the selected data store; and presenting the inferred one or more data store-level access permissions associated with the user at a user interface.

Abstract: A computer-implemented method for use by a client device is provided. The client device comprises a memory and is configured to send data according to a cryptographic protocol that uses a key. The method comprises: generating a data unit and a seed related to the data unit; generating a measurement result of the client device related to the seed; generating an attestation key based on the measurement result and a key that is agreed in accordance with the cryptographic protocol; encrypting the data unit at least in part based on the attestation key; and generating an output comprising the encrypted data unit. Related methods for use by a server device and a network component, and related client device, server device and network component are also provided.

Abstract: A method of obtaining digitally signed data is disclosed. The method comprises sending first data (e2) from at least one of a plurality of first participants to at least one second participant, wherein the first data is based on second data (e) accessible to at least one said first participant, and the second data is inaccessible to the or each said second participant. A digital signature (s1) of the first data is received from at least one said second participant, and the digital signature of the first data is processed, by a plurality of the first participants, to provide shares of a digital signature (s) of the second data, wherein the digital signature of said second data is accessible by means of a threshold number of said shares and is inaccessible to less than said threshold number of shares.

Abstract: In various embodiments, systems and methods for generating attested video image data are provided. In some embodiments, an ISP pipeline incorporates a secure cryptographic signing mechanism to digitally sign content-based outputs in a way that attests to the authenticity of the process by which the content was processed before output from the camera. The ISP pipeline may include a hardware security module that inputs video image data from an image sensor, and generates an attestation package that includes attestations about the video content, in combination with an attestation of how it was produced, and signs those attestations together using a key to produce an output comprising attested media data. The ISP pipeline may apply supplemental attestations to the attestation package representing facts associated with the video content that evidence the authenticity. The digital signature applied to the attestation package may use a zero-knowledge proof to describe the signing key.