Abstract: There is provided mechanisms for authenticating an OEM entity as manufacturer of a communication device comprising an identification module. A method is performed by a network entity. The method comprises providing, towards tire identification module, a challenge of a challenge-response authentication procedure. The method comprises obtaining, from the identification module, a first response of the challenge-response authentication procedure. The method comprises providing, towards the OEM entity and upon having obtained the response, the challenge. The method comprises obtaining, from the OEM entity, a second response of the challenge-response authentication procedure. The method comprises authenticating the OEM entity as the manufacturer of the communication device only when the second response matches the first response.

Abstract: This disclosure relates to a system and method for at source data masking and discovery of unique identifier for at-source masking. The method reads a table of production database comprising sensitive column from a source database for at source data masking. A unique identifier column is identified, and a temporary table is created which has three or more columns. Columns of temporary table comprises a sensitive column from the table of production database, a column for masked data of sensitive column and a unique identifier column. Sensitive column of the temporary table is masked using a known masking technique and the original data of the sensitive column and the masked data of the sensitive column is inserted into the temporary table. Finally, the production database is updated with the masked data of the sensitive column.

Abstract: Techniques are provided for generating and using a multi-signature token for electronic message validation according to the one or more embodiments as described herein. Specifically, a multi-signature token may be generated that includes at least two digital signatures and information (e.g., user information). Each of the at least two digital signatures may be generated using a private key of at least two key pairs that are maintained on a plurality of keystores that have at least two different implementations (e.g., security protocols). If the at least two digital signatures are valid, the multi-signature token may be determined to be valid and the client request may optionally be performed. If at least one of the at least two digital signatures is invalid, the client request is optionally not performed.

Abstract: Described embodiments provide systems, methods, non-transitory computer-readable medium for initiating one-factor or multi-factor authentication. A device comprising one or more processors and coupled to memory. The device can receive a request to authenticate a user to enable access to an application by the user. The request can originate from an Internet Protocol (IP) address external to a network hosting the application. The device can determine that a previous request to authenticate the user originated from the IP address and was approved based on successful completion of multi-factor authentication by the user. The device can provide, responsive to the determination, the user with access to the application using one-factor authentication instead of the multi-factor authentication.

Abstract: A method for verification at a computing device of a signed message received from a first party over a public communications channel, the method including extracting a message digest “a” belonging to a semigroup from the signed message; obtaining a public key [c,e] for the first party, including a fixed value checker “c” and an endpoint “e”, checker “c” and endpoint “e” belonging to the semigroup and the endpoint comprising a multiplication of a private key “b” for the first party and the checker “c”, multiplying the message digest “a” and the endpoint “e” to create an endmatter “ae”; extracting a signature “d” from the signed message, the signature “d” belonging to the semigroup and being a multiplication of message digest “a” and private key “b”; multiplying the signature “d” and the checker “c” to create a signcheck “dc”; and verifying that the endmatter “ae” matches the signcheck “dc”.

Abstract: A method for classifying domains to malware families includes identifying a corpus of malicious domains, identifying one or more suspicious domains, extracting a timeframe corresponding to the one or more suspicious domains, calculating a rank coefficient between the one or more suspicious domains and a current seed domain of the corpus of malicious domains, determining whether the rank correlation coefficient exceeds a rank threshold for the one or more suspicious domains, comparing a number of suspicious domains whose correlation coefficients exceed the rank threshold to a relation threshold, and responsive to determining the number of suspicious domains whose correlation coefficients exceed the rank threshold exceeds the relation threshold, applying a tag to the suspicious domains indicating that the one or more suspicious domains correspond to a same malware family as the current seed domain.

Abstract: The present disclosure relates to a system and a method for providing personal information for an online service system. More particularly, the present disclosure relates to a system and a method for providing personal information using a one-time private key based on a blockchain of proof of use, wherein personal information is registered and stored in a distributed manner in a blockchain network, services in online and offline service systems are used by using alternative authentication identification information that is anonymous and includes a public key to access the personal information in the blockchain network, and for membership registration and login, only the alternative authentication identification information is used to receive a service, become a member of a service, and to log in, without providing the personal information.

Abstract: A system and method for digitally signing data. A method includes generating, by a first device, at least one first secret share based on a secret key chosen by the first device, wherein the first device is offline with respect to a second device; partially signing data by the first device using the at least one secret share, wherein the data is received from the second device without establishing direct communications between the first device and the second device; and sending the partially signed data from the first device to the second device, wherein the second device generates signed data using the partially signed data, wherein the signed data corresponds to a public key generated based on the at least one first secret share and at least one second secret share generated by the second device.

Abstract: Techniques for privately collecting content dedicated to a recipient from a plurality of contributors are disclosed. In one particular embodiment, the techniques may be realized as a method for privately collecting content dedicated to a recipient from a plurality of contributors comprising: inviting the plurality of contributors to privately contribute content dedicated to a recipient before a deadline; receiving a first content from a first contributor dedicated to the recipient; receiving a second content from a second contributor dedicated to the recipient, wherein the first contributor is unable to access the second content and the second contributor is unable to access the first content; and presenting the first content and the second content to the recipient after the deadline.

Abstract: This application relates to an identity verification method performed at a computer device and a computer-readable storage medium.

Abstract: Cryptographically secure data communications between layered groups of devices in a wireless cooperative broadcast network encrypts datagrams twice prior to transmission by a source device, first using an inner layer key that is shared by a first group of devices, and second using an outer layer key that is shared by a second group of devices; the devices of the first group being members of the second group. Received datagrams are recovered by first decrypting with the outer layer key and second decrypting with the inner layer key.

Abstract: Systems, methods, and apparatuses relating to circuitry to implement an instruction to create and/or use data that is restricted in how it can be used are described. In one embodiment, a hardware processor comprises a decoder of a core to decode a single instruction into a decoded single instruction, the single instruction comprising a first input operand of a handle including a ciphertext of an encryption key (e.g.

Abstract: According to some embodiments, a system, method, and non-transitory computer readable medium are provided comprising a plurality of real-time monitoring nodes to receive streams of monitoring node signal values over time that represent a current operation of the cyber physical system; and a threat detection computer platform, coupled to the plurality of real-time monitoring nodes, to: receive the monitoring node signal values; compute an anomaly score; compare the anomaly score with an adaptive threshold; and detect that one of a particular monitoring node and a system is outside a decision boundary based on the comparison, and classify that particular monitoring node or system as anomalous. Numerous other aspects are provided.

Abstract: Methods, systems, and apparatus, including a method for determining network measurements. In some aspects, a method includes receiving, by a first aggregation server and from each of multiple client devices, encrypted impression data. A second aggregation server receives, from each of at least a portion of the multiple client devices, encrypted conversion data. The first aggregation server and the second aggregation server perform a multi-party computation process to decrypt the encrypted impression data and the encrypted conversion data. Each portion of decrypted impression data and each portion of decrypted conversion data is sent to a respective reporting system.

Abstract: Methods and systems are presented for providing a multi-party computation (MPC) framework for dynamically configuring, deploying, and utilizing an MPC system for performing distributed computations. Based on device attributes and network attributes associated with computer nodes that are available to be part of the MPC system, a configuration for the MPC system is determined. The configuration may specify a total number of computer nodes within the MPC system, a minimum number of computer nodes required to participate in performing a computation process, a key distribution mechanism, and a computation processing mechanism. Encryption keys are generated and distributed among the computer nodes based on the key distribution mechanism. Upon receiving a request for performing the computation, updated network attributes are obtained.

Abstract: According to an embodiment of the present disclosure, a ring-learning with rounding (LWR)-based quantum-resistant signature method includes: a key generation step of receiving a security parameter, and outputting a signature key and a verification key, via an operation on a ring defined by a cyclotomic equation including three terms; a signature value output step of outputting a signature value based on the output signature key; and a signature verification step of calculating an operation value based on the output verification key and signature value, and verifying a signature based on a result of comparing the output signature value with the calculated operation value.

Abstract: In one embodiment, data communication apparatus includes packet processing circuitry to receive data from a memory responsively to a data transfer request, and cryptographically process the received data in units of data blocks using a block cipher so as to add corresponding cryptographically processed data blocks to a sequence of data packets, the sequence including respective ones of the cryptographically processed data blocks having block boundaries that are not aligned with payload boundaries of respective one of the packets, such that respective ones of the cryptographically processed data blocks are divided into two respective segments, which are contained in successive respective ones of the packets in the sequence, and a network interface which includes one or more ports for connection to a packet data network and is configured to send the sequence of data packets to a remote device over the packet data network via the one or more ports.

Abstract: Some embodiments are directed to a public-key encryption device (20) and a private-key decryption device (10). The public-key encryption device is configured to compute a second public-key matrix (u), the second public-key matrix (u) having fewer matrix elements than the first public-key matrix (b) of the private-key decryption device. This reduces computation and bandwidth requirements at the side of the public-key encryption device.

Abstract: In one embodiment, an apparatus includes a network interface to receive a sequence of data packets from a remote device responsively to a data transfer request, the received sequence including received data blocks, and packet processing circuitry to read cryptographic parameters from a memory in which the parameters were registered by a processing unit, the cryptographic parameters including an initial cryptographic key and initial value, compute a first cryptographic key responsively to the initial cryptographic key and initial value, cryptographically process a first block responsively to the first cryptographic key, compute an updated value responsively to the initial value and a size of the first block, compute a second cryptographic key responsively to the initial cryptographic key and the updated value, cryptographically process a second block of the received data blocks responsively to the second cryptographic key, and write the cryptographically processed first and second block to the memory.

Abstract: A method of implementing a revocable threshold hierarchical identity-based signature scheme may include receiving an identifier associated with a user. A first secret key based on the identifier may be generated. A string and the identifier may be directed to be posted on a block of a blockchain. A second secret key may be generated using the string, the first secret key, and the identifier. The block that includes the string and the identifier may be signed using the second secret key. A message may be signed using the second secret key to generate a signature. The signature may be provided to a device. The signature may be verifiable by the device using the string and the identifier obtained from the block by the device.