Abstract: An example operation may include one or more of receiving storage requests endorsed by blockchain peers of a blockchain, selecting a group of the endorsed storage requests to be stored together and ordering the group of endorsed storage requests with respect to each other based on timestamps, encoding the group of ordered and endorsed storage requests into an image, and storing the encoded image within a data section of a block of the blockchain.

Abstract: A method of obtaining digitally signed data is disclosed. The method comprises sending first data (e2) from at least one of a plurality of first participants to at least one second participant, wherein the first data is based on second data (e) accessible to at least one said first participant, and the second data is inaccessible to the or each said second participant. A digital signature (s1) of the first data is received from at least one said second participant, and the digital signature of the first data is processed, by a plurality of the first participants, to provide shares of a digital signature(s) of the second data, wherein the digital signature of said second data is accessible by means of a threshold number of said shares and is inaccessible to less than said threshold number of shares.

Abstract: A cryptographic system comprising an encryption device to generate a ciphertext; a master re-encryption key generation device to generate a master re-encryption key that cannot decrypt a ciphertext generated by the encryption device, but can generate a re-encryption key for changing an access range for a ciphertext generated by the encryption device; re-encryption device to generate a re-encryption key for re-encrypting a target ciphertext generated by the encryption device, using the master re-encryption key, and re-encrypts the target ciphertext to generate a re-encrypted ciphertext, using the generated re-encryption key; and a decryption device to decrypt at least one of the ciphertext generated by the encryption device and the re-encrypted ciphertext generated by the re-encryption device.

Abstract: An apparatus for processing data comprises memory access circuitry to enforce ownership rights of a plurality of memory regions within a first memory. The memory access circuitry is responsive to a first export command received from a first export command source to perform a first export operation to encrypt the given owned data to form given encrypted data and to store the given encrypted data in a second memory. The memory access circuitry is responsive to a second export command for the given memory region received from a second export command source while the first export operation is being performed to determine whether said second export command source has higher priority than the first export command source and, when the second export command source has a higher priority, to interrupt the first export operation and to perform a second export operation specified by the second export command.

Abstract: The disclosure relates to detecting vulnerabilities in managed client devices. A system determines whether a vulnerability scan of a computing device is required to be performed. The system installs a vulnerability detection component in the computing device in response to determining that the vulnerability scan is required to be performed. The system requests the vulnerability detection component to perform the vulnerability scan of the computing device. The system transmits a result of the vulnerability scan to a remote management service for the computing device.

Abstract: Techniques for location based security in service provider networks (e.g., service provider networks for mobile subscribers) are disclosed. A system/process/computer program product for location based security in service provider networks includes monitoring network traffic on a service provider network at a security platform to identify a location for a new session; associating the location with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the location.

Abstract: There is provided an encryption method which comprises, by at least one server including a processing unit and memory, obtaining data, encrypting the data to obtain encrypted data, the encrypting comprising generating encryption keys using a plurality of seeds and a set of encrypting functions, processing the data using at least the encryption keys to generate the encrypted data, generating encrypted data DS,Enc informative of at least some of the plurality of seeds and transmitting the encrypted data and DS,Enc to a host different from the server, thereby enabling decryption of the encrypted data by the host. Corresponding decryption method is provided.

Abstract: A user verification apparatus may perform user verification using multiple biometric verifiers. The user verification apparatus may set a termination stage of one or more biometric verifiers. Multiple biometric verifiers may be used to generate outputs, for which separate termination stages are set to establish a particular combination of set termination stages associated with the multiple biometric verifiers, and the user verification apparatus may fuse outputs of the biometric verifiers based on the particular combination of set termination stages. The user verification apparatus may verify a user based on a result of the fusing, and an unlocking command signal may be generated based on the verifying. The unlocking command signal may be generated to selectively grant access, to the verified user, to one or more elements of a device. The device may be a vehicle.

Abstract: In a vehicle abnormality detection device, when a transmission and reception unit receives abnormality information of a first control device on an in-vehicle network configured by a plurality of layers via a firewall, an abnormality cause candidate acquisition unit acquires a candidate for a second control device that may cause the abnormality of the first control device. An abnormality information management unit manages the first control device and the second control device as abnormality cause control devices when the second control device in which an abnormality occurs before a time when the abnormality of the first control device is detected is detected from the candidate acquired by the abnormality cause candidate acquisition unit.

Abstract: According to one embodiment, a memory system includes a first nonvolatile memory, a second nonvolatile memory and a controller. The first nonvolatile memory includes a first memory element. The second nonvolatile memory includes a second memory element in which data is able to be written only once. The second memory element stores first key information. The controller receives second key information stored in an information processing apparatus, generates a first key using the first key information and the second key information, and generates a second key using at least the first key. The controller encrypts data, which is to be written into the first nonvolatile memory, with the second key, and decrypts data, which is read from the first nonvolatile memory, with the second key.

Abstract: Systems, apparatuses, methods, and computer program products are disclosed for post-quantum cryptography (PQC). An example method includes transmitting a first portion of an electronic communication to a client device over a non-PQC communications channel. The example method further includes transmitting a second portion of the electronic communication to the client device over a PQC communications channel. In some instances, the first portion of the electronic communication may comprise overhead data, and the second portion of the electronic communication may comprise payload data.

Abstract: A data processing apparatus includes a processing circuit configured to segment an original bit sequence into a plurality of input blocks each having a first block length, create a random bit sequence, encrypt respective ones of the plurality of input blocks with a block cipher scheme using a key (having a key length larger than the first block length) based on the random bit sequence to derive intermediate blocks, concatenate every predetermined number of intermediate blocks to form one or more output blocks, compute an invertible transformation function on the one or more output blocks and the random bit sequence to derive a further output block, and output an encrypted bit sequence including those output blocks.

Abstract: Disclosed embodiments relate to systems and methods for deterministic cryptography deidentification enabling granular destruction. Techniques include preparing a table of name-token pair groupings with unique tokens, storing data deidentified in association with the deidentification process in a centralized repository, identifying a token from the table of name-token pair groupings, and enabling reidentifying of a specific data item of the deidentified data based on the token provided from the table.

Abstract: Methods and systems for securing customer data in a multi-tenant database environment are described. A security module running on a database server may generate a private key-public key pair in response to receiving a request to store client data in a database. The security module may then transmit a request to derive a symmetric key to a key server, the request including the generated public key. The key server may derive a symmetric key, using key agreement and a key derivation function, based on the received public key and a private key managed by the key server. The security module may then receive the symmetric key from the key server and encrypt the client data. To facilitate decryption, the public key used to generate the symmetric key and an identifier for the private key managed by the key server may be stored in metadata associated with the client data.

Abstract: A method in a virtual private network (VPN) environment, the method including determining, by a VPN server, an encrypted authentication packet based at least in part on utilizing an encryption key and a nonce to encrypt an initial authentication packet; transmitting, by the VPN server to an authentication server, the encrypted authentication packet to enable VPN authentication of a device requesting VPN services from the VPN server; determining, by the authentication server, a response regarding the VPN authentication based at least in part on decrypting the initial authentication packet utilizing a decryption key and the nonce; and transmitting, by the authentication server to the VPN server, the response regarding the VPN authentication. Various other aspects are contemplated.

Abstract: Techniques are provided for authenticating communications between physical ports using knowledge of shared secrets. One method comprises receiving, by a first entity, a connection request to establish a communication between physical ports of the first entity and a second entity; providing a first pseudo-random value to the second entity; obtaining a shared secret for communications with the second entity; generating a first hash value based on the shared secret and the first pseudo-random value; obtaining a second hash value from the second entity based on the shared secret and the first second pseudo-random value; and authenticating the communication in response to the first entity validating the first hash value using the second hash value. An encryption key based on the shared secret can protect communications between the physical ports of the first and second entities.

Abstract: The disclosed embodiments are related to securely updating a semiconductor device and in particular to a key management system. In one embodiment, a method is disclosed comprising receiving a request for an activation code database from a remote computing device, the request including at least one parameter; retrieving at least one pair based on the at least one parameter, the pair including a unique ID (UID) and secret key; generating an activation code for the UID; and returning the activation code to the remote computing device.

Abstract: An access management system and method provisions credentials to access a resource, such as external web user accounts. Credentials are generated, encrypted and stored. To access the resource, encrypted credentials are decrypted, masked, and served to users, such that they are not visible to the user requiring access. The user is unaware of the credentials used to authenticate and unable to access the provisioned web resources outside set parameters.

Abstract: A memory device includes nonvolatile memory cells, and a secure module to process first data including information about the device stored in the cells to generate a first password key, process second data including information about the device stored in the cells to generate a second password key, generate a public key and a secret key by a public-key cryptography algorithm, using the first password key and the second password key, and provide the first password key, the second password key, the public key, and the secret key to the cells to store the first password key, the second password key, the public key, and the secret key, where the second data is different from the first data, a value of the first password key value and a value of the second password key are prime numbers, and the public key is provided to a host connected to the device.

Abstract: A system for validating an authorization request to facilitate controlling access to content or computer commands, in which the access is requested by multiple entities operated on discrete computing environments. The techniques make use of a system including a switchboard and a rule engine that collect parameter sets required for validation from the entities and dynamically generate a lock and key combination based on the collected parameter sets. The key of the lock and key combination allows the system to validate each entity independently regardless of the required parameters specified in the lock and key combination.