Abstract: An example of the instant solution comprises at least one of receiving an encrypted data and an encryption key, generating a randomized matrix, dispersing the encrypted data based on the randomized matrix resulting in a fragmented encrypted data and dispersing the encryption key based on the randomized matrix and the fragmented encrypted data.

Abstract: Systems, methods, devices, instructions, and media are described for generating suggestions for connections between accounts in a social media system. One embodiment involves storing connection graph information for a plurality of user accounts, and identifying, by one or more processors of the device, a first set of connection suggestions based on a first set of suggestion metrics. A second set of connection suggestions is then identified based on a second set of suggestion metrics, wherein the second set of connection suggestions and the second set of suggestion metrics are configured to obscure the first set of connection suggestions, and a set of suggested connections is generated based on the first set of connection suggestions and the second set of connection suggestions. The set of connection suggestions is then communicated to a client device method associated with the first account.

Abstract: A method is provided for securely accessing code in an external memory. In the method, plaintext code may be stored in internal memory as sets of multiple blocks, each of the multiple blocks having N-bits. The code is encrypted and stored in the external memory. A block cipher having an authenticated encryption mode is used to convert the plaintext code to ciphertext code plus an authentication tag corresponding to each set of the multiple blocks. The external memory is formatted to store the ciphertext and the authentication tag. A translated address for the ciphertext is created from a plaintext address. During a read operation, the generated authentication tag is checked with an expected authentication tag. If the check is successful, the ciphertext code is decrypted and provided to a CPU for execution as plaintext code. In one embodiment, the CPU executes the plaintext code “in place” in the external memory.

Abstract: Apparatus and methods associated with the authentication of a welding or cutting torch with a power supply are provided. According to some implementations, the authentication includes encryption/decryption techniques initiated by the physical or virtual closure of one or more of a trigger switch and a parts-in-place switch. The delivery of high voltage welding or cutting power from the power supply to the torch being enabled only upon a successful authentication of the torch with the power supply.

Abstract: Methods, systems, and devices for facilitating joint submissions. In an example embodiment, a system may facilitate a joint submission from multiple devices. For example, a primary device may receive data for a joint submission with a peripheral device, and the data may be segmented into sensitive and non-sensitive data.

Abstract: Systems and methods to produce shared secret data are generally described. In some examples, a first device may receive a first public key from a second device. The first device may produce a first public key based on the first public key of the second device. The respective private keys of each device may be associated with the first public keys of each device. Each device may produce a second public key based of respective private keys and the other devices first public key. Each device may transmit a second public key to the other device. The first device may produce the shared secret data based on its private key and the second public key of the second device. The second device may produce the shared secret data based on its private key and the second public key of the first device.

Abstract: This invention enables asynchronous encrypted communication under a protection of a simple password which must be communicated out-of-band. The password is easily communicable in-person, by telephone or by a text message. The invention assumes that one of the parties has an online device, such as a smartphone. After the encrypted session has been established, it can be used for a variety of cryptographic applications, such as encrypting or decrypting messages, sharing of cryptographic keys, and verifying data. The invention also has the secondary benefit of authenticating both parties to each other.

Abstract: Techniques for transport layer signaling security with next generation firewall are disclosed. In some embodiments, a system/process/computer program product for transport layer signaling with next generation firewall includes monitoring transport layer signaling traffic on a service provider network at a security platform; and filtering the transport layer signaling traffic at the security platform based on a security policy.

Abstract: Aspects of associative cryptography key operations are described. In one embodiment, a first cryptographic function is applied to secret data to produce a first encrypted result. The first encrypted result is transmitted by a first device to a second device. The second device applies a second cryptographic function to the first encrypted result to produce a second encrypted result. At this point, the secret data has been encrypted by two different cryptographic functions, each of them being sufficient to secure the secret data from others. The two different cryptographic function can be inversed or removed, in any order, to reveal the secret data. Thus, the first device can apply a first inverse cryptographic function to the second encrypted result to produce a first result, and the second device can apply a second inverse cryptographic function to the first result to decrypt the secret data.

Abstract: There is provided a technique of establishing encryption keys for communication between 1st peer and 2nd peer via a data path. The technique comprises: by each peer, using input keying material to independently generate equivalent pairs of peer encryption keys (PEKs), verifying equivalence of the generated PEK pairs, and using by 1st peer and 2nd peer the verified PEK pairs to become in possession of equivalent pairs of session encryption keys (SEKs). Verifying comprises: generating by 1st peer a first handshake (HS) message encrypted by PEK Tx1 and sending the first HS message to the 2nd peer via the data path; decrypting by the 2nd peer the first HS message using the PEK Rx2, generating a second HS message encrypted by PEK Tx2, and sending the second HS message to the 1st peer via the data path; and decrypting the second HS message by the 1st peer using PEK Rx1.

Abstract: A method is suggested for providing a response, wherein the method comprises: obtaining a challenge from a host, determining the response based on the challenge, determining an auxiliary value based on the response or the challenge, providing the auxiliary value to the host, obtaining a random value from the host, checking the validity of the challenge based on the random value, and providing the response to the host only if the challenge is valid. Also, according methods running on the host and system are provided. Further, corresponding devices, hosts and systems are suggested.

Abstract: A method including determining, by a processor, an assigned key pair associated with a user device, the assigned key pair including an assigned public key and an assigned private key; authenticating, by the processor, received biometric information; selectively transmitting, by the processor to a trusted device based at least in part on a result of authenticating the received biometric information, an encryption request to encrypt the assigned private key; and encrypting, by the processor based at least in part on selectively transmitting the encryption request, content based at least in part on utilizing the assigned public key is disclosed. Various other aspects are contemplated.

Abstract: In one implementation, a method for providing security on externally connected controllers includes receiving, at a reporting agent that is part of a security middleware layer operating on a controller, an indication that a process has been blocked; obtaining, by the reporting agent, trace information for the blocked process; determining by the reporting agent, a code portion in an operating system of the controller that served as an exploit for the blocked process; obtaining, by the reporting agent, a copy of malware that was to be executed by the blocked process; generating, by the reporting agent, an alert for the blocked process that includes (i) the trace information, (ii) information identifying the code portion, and (iii) the copy of the malware; and providing, by the reporting agent, the alert to a network interface on the controller for immediate transmission to a backend computer system.

Abstract: A method including determining, by the first device for a group, a group access key pair including a group access public key and a group access private key; determining, by the first device, a sharing encryption key based on the group access private key and an assigned public key associated with a second device; encrypting, by the first device, the group access private key based on utilizing the sharing encryption key; determining, by a second device, a sharing decryption key based on the group access public key and an assigned private key associated with the second device; decrypting, by the second device, the group access private key based on utilizing the sharing decryption key; and accessing, by the second device, the group based on utilizing the group access private key. Various other aspects are contemplated.

Abstract: A baseband processor of a communication device, the baseband processor comprising a multiple encryption manager that utilizes a transmit data stream as an input data stream in the case that the transmit data stream is determined not to already have encryption applied by a higher layer component, and that utilizes a known unencrypted dataset as an input data stream in the case that the transmit data stream is determined to already have encryption applied by a higher layer component, an encryptor block that encrypts the input data stream into an encrypted data stream, and a randomness inspector that is in communication with the encryptor block, the randomness inspector unit accessing the input data stream and the encrypted data stream from the encryptor block and determining a randomness gain by comparing a first randomness measurement associated with the input data stream to a second randomness measurement associated with the encrypted data stream.

Abstract: Disclosed herein is a method of connection of home appliance to a network, a network-connection system for home appliances, and an apparatus related to a network-connection setting for home appliances. The network connection method of home appliance includes operations in which a terminal device receives an input of an authentication key of an access point (AP) apparatus and the terminal device or the AP apparatus verifies and authenticates the authentication key; a home appliance is set to be in a state of communicating with the terminal device; the home appliance is interconnected to the terminal device and the terminal device transmits an identification number and the certificated authentication key of the AP apparatus to the home appliance; and the home appliance is connected to the AP apparatus based on the identification number and the authentication key of the AP apparatus.

Abstract: A method including determining, by a device, a sharing decryption key based at least in part on an assigned private key associated with the device and a group access public key associated with a group; decrypting, by the device, a group access private key associated with the group by utilizing the sharing decryption key; and decrypting, by the device, encrypted content included in a folder associated with the group based at least in part on utilizing the group access private key associated with the group. Various other aspects are contemplated.

Abstract: A computer device may include a memory storing instructions and processor configured to execute the instructions to host a network function container that implements a microservice for a network function in a wireless communications network, wherein the network function container is deployed by a container orchestration platform; host a service proxy container associated with the network function container, wherein the service proxy container is deployed by the container orchestration platform; and configure the hosted service proxy container to apply a wireless network policy to the microservice for the network function. The processor may be further configured to intercept messages associated with the microservice for the network function using the configured service proxy container; and apply the wireless network policy to the intercepted messages using the configured service proxy container.

Abstract: Systems and methods are described for providing secure storage of data sets while enabling efficient deduplication of data. Each data set can be divided into fixed-length blocks. The plaintext of each block can be convergently encrypted, such as by using a hash of the plaintext as an encryption key, to result in block-level ciphertext that can be stored. If two data sets share blocks, the resulting block-level ciphertext can be expected to overlap, and thus duplicative block-level ciphertexts need not be stored. A manifest can be created to facilitate re-creation of the data set, which manifest identifies the block-level ciphertexts of the data set and a key by which each block-level ciphertext was encrypted. By use of block-level encryption, nearly identical data sets can be largely deduplicated, even if they are not perfectly identical.

Abstract: Systems and methods for tokenization to support pseudonymization are provided herein. An example method includes receiving an input set, seeding a random number generator with one or more secret data, transposing the input set using a first random number/transposition parameter generated by the random number generator to create a transposed input set, transposing a token set using a second random number/transposition parameter generated by the random number generator to create a transposed token set, and generating a token by substituting transposed input set values with transposed token set values.