Abstract: This application relates to an identity verification method performed at a computer device. The method includes: obtaining a biometric feature image of an object; performing living body detection on the biometric feature image in a secure running environment of the computer device; in accordance with a determination that the object is a living body, extracting biometric feature information from the biometric feature image and encrypting the biometric feature information in the secure running environment of the computer device; transmitting the encrypted feature information to an application in a normal running environment of the computer device for performing identity verification of the object; and receiving, from the application, an identity verification result of the object, the identity verification result being obtained after the encrypted feature information is decrypted and verified.

Abstract: A system and method for digitally signing data. A method includes generating, by a first device, at least one first secret share based on a secret key chosen by the first device, wherein the first device is offline with respect to a second device; partially signing data by the first device using the at least one secret share, wherein the data is received from the second device without establishing direct communications between the first device and the second device; and sending the partially signed data from the first device to the second device, wherein the second device generates signed data using the partially signed data, wherein the signed data corresponds to a public key generated based on the at least one first secret share and at least one second secret share generated by the second device.

Abstract: Techniques are provided for generating and using a multi-signature token for electronic message validation according to the one or more embodiments as described herein. Specifically, a multi-signature token may be generated that includes at least two digital signatures and information (e.g., user information). Each of the at least two digital signatures may be generated using a private key of at least two key pairs that are maintained on a plurality of keystores that have at least two different implementations (e.g., security protocols). If the at least two digital signatures are valid, the multi-signature token may be determined to be valid and the client request may optionally be performed. If at least one of the at least two digital signatures is invalid, the client request is optionally not performed.

Abstract: A system comprising a processing circuitry configured to: obtain information of one or more cyber-attack scenarios, each (i) associated with a sequence of events, and (ii) posing a threat on one or more computerized systems of an organization; for each of the cyber-attack scenarios: (a) collect preliminary information enabling determination of occurrence of a first sub-group of the sequence associated with the cyber-attack scenario; (b) analyze the preliminary information to identify the occurrence of the first sub-group; (c) upon identification of occurrence of the first sub-group, proactively collect complementary information; (d) analyze the complementary information to identify the occurrence of the second sub-group, or attempt to negate occurrence of the cyber-attack scenario; and (e) upon the analysis of the complementary information resulting in identification of occurrence of the second sub-group of the respective events, trigger an alert indicative of a potential occurrence of the cyber-attack scenar

Abstract: Methods and systems for managing secrets are disclosed. To manage secrets, backups of the secrets may be obtained to facilitate future recoveries of the secrets. While backed up, the secrets may be protected with a security model. The security model may prescribe how decryption keys are maintained, and how various copies of the backed up secrets are to be separated from the decryption keys for encrypted copies of the secrets. When access to a secret is lost, a recovery may be performed using a corresponding encrypted backup of the secret.

Abstract: Apparatuses, methods, and systems are disclosed for securing communications between user equipment devices. One apparatus includes a processor that derives, at a first user equipment (“UE”) device in communication with a mobile wireless communication network, a security key for securing communications between the first UE and a second UE via the mobile wireless communication network, the security key derived based on at least one parameter associated with the first UE and the second UE. The processor establishes a secure communication between the first UE and the second UE via a first network function of the mobile wireless communication network using the derived security key.

Abstract: A first intermediate key management system (KMS) server of a distributed KMS receives a key lookup service (KLS) query from a KMS client for determining an identity of KMS server(s) that are capable of performing a first operation with a first managed key. The first intermediate KMS server is one of the intermediate KMS servers of the distributed KMS. The first KMS server determines the identity of one or more of the KMS servers that are capable of performing the first operation with the first managed key. The first KMS server transmits a KLS response to the KMS client that includes the identity of the KMS server(s) that are capable of performing the first operation with the first managed key.

Abstract: Provided is a data protection system that operates to shield private data from detection or communication over a network. In an embodiment, the system includes a shielding device that, when active, provides a shielding output that shields, e.g., obscures, detection of private data by sensors of smart devices. The shielding may be selectively activated such that active sensors of the smart devices may operate or detect environmental events normally during times outside of the shielding. A data protection tool of the system may remove or shield private data generated by a user device, e.g., by modifying captured image data.

Abstract: Methods and systems for parsing and identifying unindexed parameters and other information (e.g., a token contract address) that may appear encoded in event data. Specifically, the system may retrieve bytecode for an identified blockchain operation (e.g., a transaction). The system may then segregate the bytecode into constructor arguments, code sections, and/or metadata. The system may then parse the segregated portions of bytecode for bytecode representations that are based on function signatures, event signatures, token standards, and/or contract addresses. In some embodiments, the system may further narrow the pool of known bytecode representations that are compared against the remaining sections of bytecode based on bytecode representations corresponding to a particular type of blockchain network standard.

Abstract: Encryption of data using a cryptographic device is protected. The protecting includes generating a first output of a first branch by encrypting a constant using a key, and generating a first output of a second branch by encrypting a constant using a key. The first output of the first branch, the first output of the second branch, and a first portion of plaintext data are XORed, generating a first portion of cypher text. A second output of the first branch is generated by encrypting the first output of the first branch using a key, and a second output of the second branch is generated by encrypting the first output of the second branch using a key. The second output of the first branch, the second output of the second branch, and a second portion of plaintext data are XORed, generating a second portion of cypher text.

Abstract: An apparatus for verifying an integrity of a device connected to a telecommunication network. The apparatus comprises at least one transceiver configured to broadcast a signal to the device via a non-network channel outside the telecommunication network for causing the device to provide a response to the signal depending on the integrity of the device. Further, the apparatus comprises an attestation server configured to receive the device's response and verify the integrity of the device depending on the device's response.

Abstract: A server and a device can conduct mutually authenticated post-quantum cryptography (PQC) key encapsulation mechanisms (KEM) that also support forward secrecy. The device can store a trusted server public key (PK.server) and the server can store a trusted device public key (PK. device). The device can generate (i) a first KEM ciphertext and (ii) a first key with PK.server and encrypt an ephemeral public key (ePK. device) using the first key. The server can generate (i) a second KEM ciphertext and (ii) a second key with ePK. device. The server can generate (i) a third KEM ciphertext and (ii) a third key with PK.device. The server can encrypt an ephemeral public key (ePK. server) using the first, second, and third keys. The device can generate (i) a fourth KEM ciphertext and (ii) a fourth key with ePK. server. The device can encrypt application data using at least the first, second, third, and fourth keys.

Abstract: Systems and methods described relate to executing, by a third computing entity different from a first computing entity and a second computing entity, a smart contract generated by the first computing entity and the second computing entity. A verification key is determined based on a power of a secret, the power of the secret being based on first and second sets of elliptic curve points. The smart contract comprising a first input from the first computing entity and a second input from the second computing entity are received. The smart contract is executed by computation of a function on an input to produce an output. A proof of correct execution of the smart contract is produced. A blockchain transaction is generated using an output of the smart contract. The generated blockchain transaction using the verification key and the proof of correct execution is validated by a fourth computing entity.

Abstract: Techniques are disclosed of enabling projects to be managed for grouping artifacts about related network activity. A graphical interface can be provided to enable users to create both public and private projects with information including names, descriptions, collaborators and monitoring profiles. A project can include context and history of the project so multiple users can collaborate within a project to view the analysis process as assets are identified in the project. Information is retrieved for identified assets in separate projects and is available for display in the graphical interface.

Abstract: The disclosed computer-implemented method for identifying security threats in smart contract-based services to protect against malicious attacks utilizing off-blockchain resources may include (i) identifying a reference associated with a transaction on a smart contract-based platform, (ii) detecting content describing one or more smart contracts associated with the reference on the platform, (iii) extracting an identifier from the content to locate off-blockchain resources utilized by the smart contracts, (iv) determining potential security threats associated with the off-blockchain resources, and (v) performing a security action that protects against the potential security threats. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method according to one embodiment includes performing an attestation of code of a logic loader in a trusted execution environment (TEE) and receiving a request for the logic loader to load service logic code to the TEE. An integrity check of the service logic code associated with the request is performed. In response to the service logic code associated with the request passing the integrity check, the logic loader is allowed to load the service logic code associated with the request to the TEE. A computer program product according to another embodiment includes a computer readable storage medium having program instructions embodied therewith. The program instructions are readable and/or executable by a computer to cause the computer to perform the foregoing method.

Abstract: Embodiments describe systems and methods for analyzing digital certificates. A computer-implemented method can include identifying a plurality of digital certificates, individual digital certificates of the plurality of digital certificates including respective internal information. External information associated with the individual digital certificates can be determined, the external information not contained within the respective digital certificate. The external information can be updated in a database with additional external information that is collected on a periodic basis. A query can be run against the database to identify one or more vulnerable digital certificates associated with a client based on the internal information and the external information. A notification can be sent to the client regarding the one or more vulnerable digital certificates.

Abstract: A computing device may receive, from an electronic device and via a wireless connection, a request to securely transmit user information using a secure data exchange module of the computing device. The computing device may configure the secure data exchange module for conducting a secure transmission of the user information and transmit a notification to the electronic device. The computing device may provide a user interface on the computing device for conducting the secure transmission of the user information. The computing device may receive and/or send, via the secure data exchange module, the user information. The computing device may transmit, via the wireless connection, the user information to the electronic device. The computing device may receive, from the electronic device, confirmation of a successful processing of the user information. The computing device may provide an indication of the confirmation of the successful processing of the user information.

Abstract: A system described herein may maintain one or more smart contracts on a distributed ledger. The system may receive a request, associated with a User Equipment (“UE”), for access to a particular network (e.g., a private network), identify one or more attributes of the UE, and select a particular smart contract based on the attributes of the UE. The system may execute the selected particular smart contract, which may include performing operations, indicated by the particular smart contract, using the one or more attributes of the UE as inputs. Executing the particular smart contract may further include identifying outputs that result from performing the particular set of operations using the attributes of the UE as inputs, such as a network access policy for the UE. The system may output a response to the request, indicating the network access policy determined based on executing the particular smart contract.

Abstract: Systems, methods, and apparatuses relating to circuitry to implement an instruction to create and/or use data that is restricted in how it can be used are described. In one embodiment, a hardware processor comprises a decoder of a core to decode a single instruction into a decoded single instruction, the single instruction comprising a first input operand of a handle including a ciphertext of an encryption key (e.g.