Abstract: A method including determining, by a processor, an assigned key pair associated with a user device, the assigned key pair including an assigned public key and an assigned private key; authenticating, by the processor, received biometric information; selectively transmitting, by the processor to a trusted device based at least in part on a result of authenticating the received biometric information, an encryption request to encrypt the assigned private key; and encrypting, by the processor based at least in part on selectively transmitting the encryption request, content based at least in part on utilizing the assigned public key is disclosed. Various other aspects are contemplated.

Abstract: A method including determining, by the first device for a group, a group access key pair including a group access public key and a group access private key; determining, by the first device, a sharing encryption key based on the group access private key and an assigned public key associated with a second device; encrypting, by the first device, the group access private key based on utilizing the sharing encryption key; determining, by a second device, a sharing decryption key based on the group access public key and an assigned private key associated with the second device; decrypting, by the second device, the group access private key based on utilizing the sharing decryption key; and accessing, by the second device, the group based on utilizing the group access private key. Various other aspects are contemplated.

Abstract: In one implementation, a method for providing security on externally connected controllers includes receiving, at a reporting agent that is part of a security middleware layer operating on a controller, an indication that a process has been blocked; obtaining, by the reporting agent, trace information for the blocked process; determining by the reporting agent, a code portion in an operating system of the controller that served as an exploit for the blocked process; obtaining, by the reporting agent, a copy of malware that was to be executed by the blocked process; generating, by the reporting agent, an alert for the blocked process that includes (i) the trace information, (ii) information identifying the code portion, and (iii) the copy of the malware; and providing, by the reporting agent, the alert to a network interface on the controller for immediate transmission to a backend computer system.

Abstract: A baseband processor of a communication device, the baseband processor comprising a multiple encryption manager that utilizes a transmit data stream as an input data stream in the case that the transmit data stream is determined not to already have encryption applied by a higher layer component, and that utilizes a known unencrypted dataset as an input data stream in the case that the transmit data stream is determined to already have encryption applied by a higher layer component, an encryptor block that encrypts the input data stream into an encrypted data stream, and a randomness inspector that is in communication with the encryptor block, the randomness inspector unit accessing the input data stream and the encrypted data stream from the encryptor block and determining a randomness gain by comparing a first randomness measurement associated with the input data stream to a second randomness measurement associated with the encrypted data stream.

Abstract: Disclosed herein is a method of connection of home appliance to a network, a network-connection system for home appliances, and an apparatus related to a network-connection setting for home appliances. The network connection method of home appliance includes operations in which a terminal device receives an input of an authentication key of an access point (AP) apparatus and the terminal device or the AP apparatus verifies and authenticates the authentication key; a home appliance is set to be in a state of communicating with the terminal device; the home appliance is interconnected to the terminal device and the terminal device transmits an identification number and the certificated authentication key of the AP apparatus to the home appliance; and the home appliance is connected to the AP apparatus based on the identification number and the authentication key of the AP apparatus.

Abstract: A method including determining, by a device, a sharing decryption key based at least in part on an assigned private key associated with the device and a group access public key associated with a group; decrypting, by the device, a group access private key associated with the group by utilizing the sharing decryption key; and decrypting, by the device, encrypted content included in a folder associated with the group based at least in part on utilizing the group access private key associated with the group. Various other aspects are contemplated.

Abstract: A computer device may include a memory storing instructions and processor configured to execute the instructions to host a network function container that implements a microservice for a network function in a wireless communications network, wherein the network function container is deployed by a container orchestration platform; host a service proxy container associated with the network function container, wherein the service proxy container is deployed by the container orchestration platform; and configure the hosted service proxy container to apply a wireless network policy to the microservice for the network function. The processor may be further configured to intercept messages associated with the microservice for the network function using the configured service proxy container; and apply the wireless network policy to the intercepted messages using the configured service proxy container.

Abstract: Systems and methods are described for providing secure storage of data sets while enabling efficient deduplication of data. Each data set can be divided into fixed-length blocks. The plaintext of each block can be convergently encrypted, such as by using a hash of the plaintext as an encryption key, to result in block-level ciphertext that can be stored. If two data sets share blocks, the resulting block-level ciphertext can be expected to overlap, and thus duplicative block-level ciphertexts need not be stored. A manifest can be created to facilitate re-creation of the data set, which manifest identifies the block-level ciphertexts of the data set and a key by which each block-level ciphertext was encrypted. By use of block-level encryption, nearly identical data sets can be largely deduplicated, even if they are not perfectly identical.

Abstract: Tools, strategies, and techniques are provided for evaluating the identities of different entities to protect individual consumers, business enterprises, and other organizations from identity theft and fraud. Risks associated with various entities can be analyzed and assessed based on analysis of social network data, professional network data, or other networking connections, among other data sources. In various embodiments, the risk assessment may include calculating an authenticity score based on the collected network data.

Abstract: Systems and methods for tokenization to support pseudonymization are provided herein. An example method includes receiving an input set, seeding a random number generator with one or more secret data, transposing the input set using a first random number/transposition parameter generated by the random number generator to create a transposed input set, transposing a token set using a second random number/transposition parameter generated by the random number generator to create a transposed token set, and generating a token by substituting transposed input set values with transposed token set values.

Abstract: Techniques for stream-based key management are disclosed. A system obtains a first payload to be published to a first set of one or more subscribers, encrypts the first payload using a symmetric key, to obtain a first payload ciphertext, encrypts the symmetric key using an attribute-based encryption (ABE) policy associated with the first payload, to obtain a key ciphertext, and publishes the first payload ciphertext and the key ciphertext. The system obtains a second payload to be published to a second set of one or more subscribers. Responsive at least to determining that each subscriber in the second set of one more subscribers is in the first set of one or more subscribers and the ABE policy is associated with the second payload, the system encrypts the second payload using the symmetric key, to obtain a second payload ciphertext, and publishes the second payload ciphertext without republishing the key ciphertext.

Abstract: An individual data unit for enhancing the security of a user data record is provided that includes a processor and a memory configured to store data. The individual data unit is associated with a network and the memory is in communication with the processor. The memory has instructions stored thereon which, when read and executed by the processor cause the individual data unit to perform basic operations only. The basic operations include communicating securely with computing devices, computer systems, and a central user data server. Moreover, the basic operations include receiving a user data record, storing the user data record, retrieving the user data record, and transmitting the user data record. The individual data unit can be located in a geographic location associated with the user which can be different than the geographic locations of the computer systems and the central user data server.

Abstract: A cryptographic method is provided. The cryptographic method comprises an initialisation phase for determining a provisional generator point G? equal to a first product G?=[d?]G, where d? is a first random scalar forming a secret key of N bits and G is a generator point of an elliptical curve, and determining a provisional key Q? equal to a second product Q?=[d?]Q, where Q is a point of the elliptical curve forming a public key. During an encryption phase a second random scalar forming a second secret key k of M bits, with M<N; a public key P is calculated such that P=[k]G?; a coordinate of an intermediate point SP1, of the elliptical curve, equal to a fourth product SP1=[k]Q?; at least one key by application of a derivation function (F1); and data (T1) are encrypted based on said at least one key.

Abstract: The invention is notably directed to a method for encoding information. This method first comprises generating an encryption key according to polymorphic features of nucleic acids from one or more entities. Next, information is encrypted based on the generated key. Finally, the encrypted information is encoded into synthetic DNA. Another aspect concerns a method for retrieving information. Consistently with the above encoding scheme, synthetic DNA in provided, which encodes encrypted information. Such information is read by sequencing the synthetic DNA and by decrypting the information read using a decryption key. The latter is generated according to polymorphic features of nucleic acids from one or more entities (e.g., from the legitimate individual(s) requesting access to information). Thus, the encoded information cannot be interpreted unless a suitable decryption key is available. The invention is further directed to related DNA samples and systems, including DNA vaults.

Abstract: Systems, methods, and computer-readable storage media are provided for sharing user-information with bots. An automated task to be performed on behalf of a user is determined from at least one user message provided to a user interface of a first bot. A second bot is determined that is capable of performing the automated task on behalf of the user. User information of the user to provide to the second bot for the performing of the automated task is determined. Content of the user information is based on a trust level of the second bot and service parameters for completing the automated task. The first bot provides the determined user information to the second bot using one or more network communications.

Abstract: A baseband processor of a communication device, the baseband processor including an encryptor block that encrypts a transmit data stream into an encrypted data stream, at least one transmit chain block that transforms the encrypted data stream into an analog transmit signal, and a randomness inspector unit that is in communication with the encryptor block, the randomness inspector unit accessing the transmit data stream and the encrypted data stream from the encryptor block as first and second input streams, respectively, to the randomness inspector unit, and determining a randomness gain by comparing a first randomness measurement associated with the first input stream to a second randomness measurement associated with the second input stream.

Abstract: The present disclosure relates to a transmitting device and a transmitting method, and a receiving device and a receiving method which are capable of improving confidentiality and communication resistance in low power wide area (LPWA) communication. The transmitting device generates a key stream on the basis of GPS time information, encrypts transmitted data on the basis of the key stream to generate encrypted data, and transmits the encrypted data to the receiving device. The receiving device generates a key stream on the basis of GPS time information and decodes the encrypted data into the transmitted data on the basis of the key stream. The present disclosure can be applied to an LPWA communication system.

Abstract: A method including determining, by a processor, an assigned key pair associated with a user device, the assigned key pair including an assigned public key and an assigned private key; authenticating, by the processor, received biometric information; selectively transmitting, by the processor to a trusted device based at least in part on a result of authenticating the received biometric information, an encryption request to encrypt the assigned private key; and encrypting, by the processor based at least in part on selectively transmitting the encryption request, content based at least in part on utilizing the assigned public key is disclosed. Various other aspects are contemplated.

Abstract: Methods, systems, and devices supporting virtual cryptographic key ceremonies are described. A server may receive a plurality of public keys and a plurality of digital signatures comprising data encrypted using a plurality of private keys, where each private key of the plurality of private keys corresponds to a respective public key of the plurality of public keys. The server may generate a quorum token based on the plurality of signatures and the plurality of public keys, where generating the quorum token is based on the plurality of signatures representing at least a threshold number of pools. The server may receive a plurality of encrypted shares associated with respective pools of a plurality of pools, generate a master wrapping key based on generating the quorum token and receiving the plurality of encrypted shares, unwrap a root key using the master wrapping key, and generate a certificate based on the root key.

Abstract: A system for security key rotation in a cloud computing environment is disclosed. The system performs steps to at least initiate, at a predetermined interval, a call to determine whether to initiate generation of a public-private key pair for a client application. The system determines whether to initiate generation of the public-private key pair for the client application and based on determining to initiate generation of the public-private key pair for the client application, transmits a control signal requesting generation of the public-private key pair The system generates the public-private key pair and transmits a private key associated with the public-private key pair to a secure storage location for later retrieval by the client application and transmits a public key associated with the public-private key pair to a public key service for later retrieval by a client associated with the client application.