Abstract: Systems, apparatuses, methods, and computer program products are disclosed for quantum computing (QC) detection. An example method includes generating QC detection data. The example method further includes generating a pair of asymmetric cryptographic keys comprising a public cryptographic key and a private cryptographic key, generating encrypted QC detection data based on the pair of asymmetric cryptographic keys, and destroying the private cryptographic key. The example method further includes monitoring a set of data environments for electronic information related to the encrypted QC detection data. Subsequently, the example method may include generating a QC detection alert control signal in response to detection of the electronic information related to the encrypted QC detection data.

Abstract: An encryption circuit includes a pipelined encryption core having a plurality of round cores therein. The pipelined encryption core is configured to perform a real round operation on each of a plurality of pieces of input data received therein and generate encryption data from the input data using an encryption operation comprising the real round operation. An encryption controller is provided, which is coupled to the pipelined encryption core. The encryption controller is configured to control the pipelined encryption core so that at least one of the plurality of round cores performs a virtual round operation as part of the encryption operation. The pipelined encryption core is configured to perform a virtual encryption operation using at least one of: (i) dummy data, and (ii) a dummy encryption key.

Abstract: A communication method and a device, the method including obtaining, by a terminal device, a security key, where the terminal device performs the obtaining while the terminal device is in a state in which the terminal device has disconnected a radio resource control (RRC) connection from a first network device, and in which the terminal device retains context information for a context, in the first network device, of the terminal device, and sending, by the terminal device, a first message to a second network device, where the first message includes an identifier of the terminal device and at least one of encrypted uplink data or encrypted signaling, the at least one of encrypted uplink data or encrypted signaling is encrypted by using the security key, and where the second network device is different from the first network device.

Abstract: Confidential, secret data may be shared via one or more blockchains. Mortgage applications, medical records, financial records, and other electronic documents often contain social security numbers, names, addresses, account information, and other personal data. A secret sharing algorithm is applied to any secret data to generate shares. The shares may then be integrated or written to one or more blockchains for distribution.

Abstract: An electronic point multiplication device (100) is provided for computing a point multiplication (kG) on an elliptic curve between a multiplier (k) and a base point (G) on the elliptic curve (E) for use in a cryptographic protocol. The device being arranged to compute from a first set of multiple joint encodings (Ai) a blinded base multiplier (A, 131), and a second set of multiple joint encodings (Bi) multiple blinded auxiliary multipliers (?i, 136). The device performs obtains the point multiplication (141) (kG) of the multiplier (k) and the base point (G) by computing the point addition of the point multiplication of the blinded base multiplier and the base point on the elliptic curve, and the multiple point multiplications of a blinded auxiliary multiplier and an auxiliary point. The blinded base multiplier and auxiliary multipliers may be represented in a plain format during the performing of the elliptic curve arithmetic.

Abstract: A sandbox component, operatively coupled to a host and a guest container, the sandbox component securely extends systems data collection software with potentially untrusted third-party code. A secure environment is enabled where plugins will run inside a sidecar container that is separate from a guest container. A container consists of an entire runtime environment: an application, plus its dependencies, libraries and other binaries, and configuration files needed to run it, bundled into one package. A sidecar service is not necessarily part of the application but is connected to the guest container and follows the parent application. A sidecar is independent from its primary application in terms of runtime environment and programming language. The sidecar plugin will be given a sparse/limited set of privileges required to simply perform its intended function and the Linux kernel constructs will control data access and transfer.

Abstract: Shannon's equivocation, the conditional entropy of key or message with respect to a specific ciphertext, is the primary indicator of the security of any secrecy system, in that when key equivocation H E (K) or message equivocation H E (M) attain log 0 (or 1) under a brute-force attack, the system is compromised and has no security. We propose a simplistic equivocation definition of security which distinguishes between “secure/unsolvable” and “insecure/solvable” encipherments.

Abstract: A method for controlling access to preliminarily identified computer resources is disclosed. The access is controlled so as to prevent the circumventing, by malicious applications, of barriers set up to prevent them from communicating when they are executed on one or more processors of an electronic device The method is implemented by an electronic device having access to the resources to be controlled. The method includes: receiving a request, coming from a program, for access to a current resource; obtaining at least one access parameter for access to the current resource within a resource-characterizing data structure; and modulating access to the current resource as a function of the at least one access parameter.

Abstract: The safety is improved when executing a transaction instructed after the login from a user having carried out the login operation to the server. A transaction system (101) includes a server (121), a first terminal (141), and a second terminal (161). A user logs-in the server (121) through the first terminal (141). The server (121) generates a notice to be transmitted to the second terminal (161) when receiving an instruction of a transaction through the first terminal (141) from a user. The first terminal (141) or the second terminal (161) prompts the user to input a confirmation of details of the transaction when the notice is transmitted to the second terminal (161) from the server (121). The server (121) regards the confirmation of the transaction made by the user as having been made when the input of the user matches with the details of the transaction.

Abstract: A file authentication method and apparatus are provided in the embodiments of this application. File digest data is extracted from a file that includes an installation package of an application. The file digest data identifies file information of the file. A feature character string of the file is generated based on the file digest data. File information of a target file is determined from a feature database based on the feature character string of the file. The target file matches the feature character string of the file, the feature database stores at least file information and feature character strings of a plurality of genuine files, and the file information of the target file and the file information of the plurality of genuine files include at least a certificate feature value. The file is authenticated according to the file information of the target file and the file information of the file.

Abstract: In one respect, there is provided a system for training a machine learning model to detect malicious container files. The system may include at least one processor and at least one memory. The at least one memory may include program code that provides operations when executed by the at least one processor. The operations may include: training, based on a training data, a machine learning model to enable the machine learning model to determine whether at least one container file includes at least one file rendering the at least one container file malicious; and providing the trained machine learning model to enable the determination of whether the at least one container file includes at least one file rendering the at least one container file malicious. Related methods and articles of manufacture, including computer program products, are also disclosed.

Abstract: Techniques for detecting suspicious data object access requests indicative of potential insider threats are described. A suspicious access detection module (SADM) determines, based on access data describing a access requests issued on behalf of multiple users, groups of the users having similar patterns of accesses to resource groups, a set of the resource groups accessed by each of the user groups, and ones of the user groups that are to be considered nearby others of the user groups based on having a threshold amount of resource group access similarities. The SADM causes an alert to be generated responsive to a determination that a subsequent access request is suspicious because it accesses a data object of a resource group that is not within the set of accessed resource groups of the issuing user's user group, and because the resource group is not within the sets of accessed resource groups of any nearby user groups.

Abstract: A control circuit causes a first cryptographic module to perform a dummy operation in a command processing period and a data processing period in which a second cryptographic module performs a normal operation while the first cryptographic module does not perform a normal operation.

Abstract: The present disclosure relates to a communication technique for converging a 5G communication system for supporting a higher data rate beyond a 4G system with an IoT technology, and a system therefor. The present disclosure provides a method and a device for enhancing data security. The method includes when a request message including information related to a first privacy level is received from a user device, authenticating the user device. The method also includes verifying the information related to the first privacy level. The method further includes transmitting, to the terminal, an image processed on the basis of the first privacy level among images processed on the basis of a plurality of privacy levels.

Abstract: A method and device for detecting a malicious circuit on an integrated circuit (IC) device is provided. The method includes generating a plurality of test patterns on the IC. A scan test circuit and the plurality of test patterns are used to test don't care bits of a function under test on the integrated circuit. Scan out data from the scan test circuit is provided in response to the plurality of test patterns. The scan out data is stored in a memory on the integrated circuit. The scan out data is monitored over a predetermined time period. If it is determined that a characteristic of the scan out data has changed within the predetermined time period, an indication that a malicious circuit has been detected is output. The device includes circuitry for performing the method in the field.

Abstract: Disclosed are systems and methods for passively authenticating users of a native application running on a mobile communications device. The user may be applying for a service, product, access, etc. from a provider computing system. A unique device identifier of the device may be acquired and provided to a first computing system. A mobile telephone number associated with the device may be received at the device. User information may be accepted from the user via a user interface of the device for entry into a set of fields. The mobile telephone number may be verified by determining, via a second computing system that is different from the first computing system, that the mobile telephone number is associated with the user information. The service/product/access for the user may be approved in response to verification of the mobile telephone number. The user may be authenticated without challenge questions.

Abstract: A method for protecting anonymity of an individual in public is presented. The computer-implemented method may include registering a plurality of facial features associated with the individual, and, in response to capturing an image of the individual from a video stream, determining whether the facial features associated with the individual are registered. The computer-implemented method may further include, in response to the determination that the facial features associated with the individual are registered, obscuring the facial features of the individual captured from the video stream with an unidentifiable image.

Abstract: The methods and system allow for the generation of a signcrypted biometric electronic signature token using a subsequent biometric sample after an enrollment of a biometric reference value in a biometric system. The signcrypted biometric electronic signature token involves simultaneous encryption and digital signature to protect the confidentiality. The system as described herein provides data integrity, origin authentication, and efficiency by performing encryption and digital signature simultaneously. The process allows a signcrypting party to enroll in a biometric service, sign a piece of data or content using a public key, that may be tied to a trusted anchor certificate authority, and submit a biometric sample. Subsequently, the relying party may validate the information on that piece of data or content to confirm the identity of the signcrypting party.

Abstract: Method and apparatus for allowing the changing of security values and consent data is provided. The security values allow for dynamically changing the security level and ease of access associated with performing specific transactions on specific accounts. The consent data may be pushed or pulled and when stored, may be used for future transactions, of both the same or a different type. The changing of security levels and consent data may be accomplished over the internet using mobile devices over both secure and non-secure networks.

Abstract: Apparatuses and methods for trusted module execution are proposed, which provide secure boot and trusted execution of system software by using the China commercial cryptography algorithms to establish the SRTM/DRTM. Conventionally, the Intel TXT which uses RSA or SHA-256 cryptography algorithms only authenticates the trusted modules. By contrast, the present application uses the China commercial cryptography algorithms and is able to authenticate the trusted modules and their digital certificates or certificate chains (which has a higher security level than just authenticating the digital certificates).