Abstract: A method performed by a trusted network device and a network device for transmitting a trusted state representation of a state of a DLT network to one or more network devices is described. The trusted network device determines a state indicator. The state indicator is a representation of a state of the DLT network at a given time. The trusted network device transmits to one or more network devices a beacon message including the state indicator. The beacon message is signed based on authentication information associated with the trusted network device. The state indicator is to be used by the one or more network devices as a trusted current state of the DLT network.

Abstract: Aspects of the present disclosure involve a method and a system to support execution of the method to obtain a first N cryptographic key, receive a key diversification information comprising a first plurality of bits, obtain an expanded key diversification information (EKDI) comprising a second plurality of bits, wherein a number of bits in the second plurality of bits is greater than a number of bits in the first plurality of bits, and wherein a value of each bit of the second plurality of bits is deterministically obtained in view of values of the first plurality of bits, and apply, by the processing device, a key derivation function to the first cryptographic key and the EKDI to obtain a second cryptographic key.

Abstract: Systems and methods herein describe privacy preserving multi-touch attribution. The described systems access a plurality of impression events and a plurality of conversion events, and for each impression event and each conversion event, wherein each impression event and each conversion event are associated with user identifiers, the described systems generates a hashed user identifier based on the associated user identifier, initiates a key agreement protocol comprising a key, generates an encrypted identifier by encrypting the hashed user identifier with the key, and stores the encrypted identifier.

Abstract: Described herein is a system and method for validating media integrity using asymmetric key cryptography utilizing a public/private cryptographic key pair. The private key is kept secret and is known to an originator and/or publisher of a media file. The public key is added to the media file and is used to validate integrity of the media file, that is, that content of the media file (e.g., portion(s), frame(s)) has not been altered since publication of the media file. By validating integrity of the media file, strong proof that the media file came from an owner of the keypair (e.g., had possession of the private key) can be obtained, for example, resolving issues of trust and/or authenticity common in altered content. In some embodiments, information regarding an origin of the content can further be determined.

Abstract: In an approach, a process stores a matrix of multibit values for a computation in an analog multiply-accumulate unit including at least one crossbar array of binary analog memory cells connected between respective pairs of word- and bit-lines of the array, where: bits of each multibit value are stored in cells connected along a word-line, and corresponding bits of values in a column of the matrix are stored in cells connected along a bit-line. In each of one or more computation stages for a cryptographic element, the process supplies a set of polynomial coefficients of an element bitwise to respective word-lines of the unit to obtain analog accumulation signals on the respective bit-lines. The process converts the analog signals to digital. The process processes the digital signals obtained from successive bits of the polynomial coefficients in each of the stages to obtain a computation result for the cryptographic element.

Abstract: A registration device (500) accepts plaintext, attribute information of a user having an authority of referring to the plaintext, and a registration key for use in generating a user key for generating a search query. The registration device generates aggregate information indicating one or more aggregate values, by aggregating a plurality of attribute values included in the attribute information. The registration device generates generalized information indicating a plurality of generalized values for each aggregate value by generalizing each aggregate value included in the aggregate information. The registration device generates ciphertext data including the plaintext encrypted, by using the plaintext, the attribute information, the generalized information, and the registration key. The registration device registers the ciphertext data in a database.

Abstract: Aspects of the disclosure relate to storing sensitive information. A computing platform may split a signature key into shares, which may be used to regenerate the signature key. The computing platform may encrypt these shares using corresponding SEKs, and may subsequently encrypt the SEKs using corresponding operator keys. The computing platform may distribute the operator keys to user devices via corresponding HSMs. The computing platform may store the encrypted shares, encrypted SEKs, and identifiers of the user devices. The computing platform may receive requests for the encrypted SEKs from the user devices, and may send the respective encrypted SEKs accordingly. The user devices may return, to the computing platform, corresponding decrypted SEKs. The computing platform may use the SEKs to decrypt the encrypted shares, which may then be used to reconstruct the signature key.

Abstract: A vehicle-to-everything terminal provides a vehicle-to-everything server with a security credential that can prove an identity of the vehicle-to-everything terminal, and requests the vehicle-to-everything server to apply for a certificate for the vehicle-to-everything terminal. The security credential may be a token preconfigured in the vehicle-to-everything terminal, or may be a digital signature of the vehicle. The vehicle-to-everything server performs identity verification on the vehicle-to-everything terminal based on the security credential. After the verification succeeds, the vehicle-to-everything server selects a proper certificate server to apply for a certificate for the vehicle-to-everything terminal.

Abstract: This invention enables asynchronous encrypted communication under a protection of a simple password which must be communicated out-of-band. The password is easily communicable in-person, by telephone or by a text message. The invention assumes that one of the parties has an online device, such as a smartphone. After the encrypted session has been established, it can be used for a variety of cryptographic applications, such as encrypting or decrypting messages, sharing of cryptographic keys, and verifying data. The invention also has the secondary benefit of authenticating both parties to each other.

Abstract: Embodiments of this application provide a watermark embedding method applicable to a three-dimensional (3D) field. By combining vertex data of an original 3D model and vertex data of a 3D watermark, and combining material data of the original 3D model and material data of the 3D watermark, the original 3D model and the 3D watermark can be synthesized into a 3D model. In addition, before and after watermark embedding, an appearance of the original 3D model can remain unchanged. This avoids impact of watermark embedding on the appearance and use value of the 3D model, and ensures a display effect of the 3D model. Further, a function of encrypting the embedded 3D watermark may be implemented, and the 3D watermark cannot be easily removed or modified. This can effectively ensure the copyright of the original 3D model, and better promote a digital asset such as the 3D model.

Abstract: Disclosed are memory encryption systems and methods that rotate encryption keys for robust resistance against side-channel-analysis (SCA)-based attacks on communication paths between an encryption engine within a trust boundary and an external memory component. A key data structure has a plurality of keys that are used to encrypt a plurality of memory blocks in the external memory. The memory blocks encrypted with the oldest key of the key data structure are identified. Encrypted data is read from the identified memory blocks. The encrypted data is decrypted from the identified memory blocks. The data is then re-encrypted using the selected key that is newer than the oldest key, and re-written to the identified memory blocks.

Abstract: An individual data unit for enhancing the security of a user data record is provided that includes a processor and a memory configured to store data. The individual data unit is associated with a network and the memory is in communication with the processor. The memory has instructions stored thereon which, when read and executed by the processor cause the individual data unit to perform basic operations only. The basic operations include communicating securely with computing devices, computer systems, and a central user data server. Moreover, the basic operations include receiving a user data record, storing the user data record, retrieving the user data record, and transmitting the user data record. The individual data unit can be located in a geographic location associated with the user which can be different than the geographic locations of the computer systems and the central user data server.

Abstract: A module has a processor for executing an encryption process to encrypt a message to a cipher-text with authentication. The encryption process includes generating a tag from a secret message authentication code (MAC) key, a nonce, a message, and optionally an additional data using a Poly1305 function, generating a pseudorandom initialization vector (IV) from a secret encryption key and the tag using a first encryption function, and generating a cipher-text from the secret encryption key, the generated IV, and the message using a second encryption function. The module or a similar module may execute a corresponding decryption process to decrypt the cipher-text to a decrypted message and verify the authenticity of the cipher-text. At least one of the first and second encryption functions may be an Advanced Encryption Standard (AES) encryption function such as an AES-CTR encryption function, an AES-like encryption function, and/or other suitable encryption functions.

Abstract: A method is suggested for providing a response, wherein the method comprises: obtaining a challenge from a host, determining the response based on the challenge, determining an auxiliary value based on the response or the challenge, providing the auxiliary value to the host, obtaining a random value from the host, checking the validity of the challenge based on the random value, and providing the response to the host only if the challenge is valid. Also, corresponding methods running on the host and system are provided. Further, corresponding devices, hosts and systems are suggested.

Abstract: An information processing apparatus generates a public key pair in accordance with a certificate issuance request, generates a certificate signing request based on the public key pair and transmits an electronic certificate issuance request to an external apparatus. The information processing apparatus receives a response transmitted from the external apparatus as a response to the electronic certificate issuance request, obtains an electronic certificate included in the received response and causes an application to enable its use of the obtained electronic certificate.

Abstract: A method is provided for a device participating in a data aggregation service. The device receives, from at least one requesting server, a participant homomorphic encryption key, and a request for data to perform a computation. The device encrypts requested data, including a location identifier, with the participant homomorphic encryption key, and sends, to an aggregation service, the encrypted requested data.

Abstract: A non-transitory computer-readable storage medium comprising instructions stored thereon. When executed by at least one processor, the instructions may be configured to cause a computing system to at least receive a message, the message including a header, an encrypted symmetric key, and an encrypted body, decrypt the encrypted symmetric key using a private key to generate a decrypted symmetric key, decrypt the encrypted body using the decrypted symmetric key to generate a decrypted body, and store the header, the decrypted symmetric key, and the decrypted body in long-term storage.

Abstract: A method including authenticating, by a processor, received biometric information; selectively transmitting, by the processor based at least in part on a result of authenticating the received biometric information, a decryption request to decrypt an encrypted assigned private key; receiving, by the processor based at least in part on selectively transmitting the decryption request, a decrypted assigned private key; and decrypting, by the processor, encrypted content based at least in part on utilizing the decrypted assigned private key is disclosed. Various other aspects are contemplated.

Abstract: Embodiments of an automatic key delivery system and methods of use are described. One computerized method utilizing an automatic key delivery system includes operations of establishing, by a first network device, a communication session with a second network device, transmitting first content to the second network device during the communication session, wherein the first content is encrypted with a first encryption format, and transmitting second content to the second network device during the communication session, wherein the second content is encrypted with a second encryption format. The computerized method may further includes operations of receiving, from the second network device, third content during the communication session, wherein the third content is encrypted with the first encryption format, and decrypting the third content using a first cryptographic key corresponding to the first encryption format.

Abstract: Encryption keys may be deployed to a satellite, secured, and accessed from a terrestrial source that verifies entity identifying information, generates an access key that is associated in a key pair with a one-time pad (OTP) key used to encrypt a message, transmits the access key to a satellite on which the key pair and encrypted message are stored, receives the encrypted message and the OTP key from the satellite, and decrypts the encrypted message using the OTP key. The satellite receives the OTP from an extra-terrestrial delivery vehicle, stores the OTP in memory, associates one-to-one the access keys and OTP keys as the key pairs in a key pairs table, receives a request for the encrypted message, the request including the access key paired in a key pair in the key pairs table with the OTP key that was used to encrypt the message, and retrieves, in response to receiving the access key, the OTP key and the encrypted message associated in the data storage with the OTP key paired with the access key.