Abstract: A processor may generate one or more encrypted policies associated with a policy creator. A processor may generate token metadata associated with a user utilizing the one or more encrypted policies. A processor may encrypt the token metadata to form encrypted token metadata. A processor may send the one or more encrypted policies and the encrypted token metadata to a policy evaluator. The policy evaluator may evaluate the one or more encrypted policies and the encrypted token metadata. The processor may return a response. The response may be based on the evaluation by the policy evaluator.

Abstract: Disclosed are methods for utilizing a memory device as a security token. In one embodiment, a method includes receiving a request to perform an operation; transmitting a nonce to a memory device; receiving a second nonce from the memory device, the second nonce encrypted using a private key of the memory device; verifying the second nonce using a public key of the device, held by the host system; and executing the operation upon successfully verifying the second nonce.

Abstract: A system (100) and computer-implemented method are provided for data collection for distributed machine learning of a machine learnable model. A privacy policy data (050) is provided defining computer-readable criteria for limiting a selection of medical image data (030) to a subset of the medical image data to obfuscate an identity of the at least one patient. The medical image data is selected based on the computer-readable criteria to obtain privacy policy-compliant training data (060) for transmission to another entity. The system and method enable medical data collection at clinical sites without requiring manual oversight, and enables such selections to be made automatically, e.g., based on a request for medical image data which may be received from outside of the clinical site.

Abstract: A method for distributing multiple cryptographic keys used to access data includes: receiving a data signal superimposed with an access key request, wherein the access key request includes at least a number, n, greater than 1, of requested keys; generating n key pairs using a key pair generation algorithm, wherein each key pair includes a private key and a public key; deriving an access private key by applying the private key included in each of the n key pairs to a key derivation algorithm; generating an access public key corresponding to the derived access private key using the key pair generation algorithm; and electronically transmitting a data signal superimposed with a private key included in one of the n key pairs for each of the n key pairs.

Abstract: An example operation may include one or more of receiving a request to verify a first encrypted document from a computing device, retrieving a second set of encrypted tokens of a second encrypted document from a blockchain, determining a similarity value of the first encrypted document with respect to the second encrypted document based on a first set of encrypted tokens in the first encrypted document and the second set of encrypted tokens in the second encrypted document, and outputting the determined similarity value to the computing device in response to the request.

Abstract: An example operation includes one or more of initiating a transaction of a blockchain by a contributing member of a group to assign a digital data based document to itself or to at least one other member of the group, validating a block of the blockchain associated with the transaction by the contributing member or the at least one other member that are verified, sending an ephemeral location of the document to the contributing member or the at least one other member that are verified, and modifying the document in the ephemeral location by the contributing member or the at least one other member that is verified.

Abstract: Set of two or more dongles for providing a digital signature, wherein each dongle holds a secret key, wherein each dongle is configured to receive a message, to compute a digital signature of the received message using the secret key, and to transmit the computed digital signature, wherein at least one of the dongles is configured to, before computing the digital signature, verify the presence of at least one other dongle belonging to the set, and to compute the digital signature only upon successful verification of the presence of one or more other dongles.

Abstract: Provided is a data security sharing method for multiple edge nodes to operate in a collaboration mode under an industrial cloud environment. The method includes: firstly, edge nodes that need collaborative computing separately applying for a shared key to an authority center; secondly, the authority center generating a shared key and issuing the key to each of the edge nodes applying for participation in the collaborative computing; again, the edge nodes combining industrial characteristics to generate an interference factor set, and adding different interference factors for different types of data; then, the data of the edge nodes is implemented with improved homomorphic encryption and is uploaded to an industrial cloud platform; and finally, the industrial cloud platform performing homomorphic analysis and computing on the data uploaded by each of the edge nodes, and issuing the data back to each of the edge nodes.

Abstract: In one embodiment, a computer-implemented method of digitally signing input by a data processing (DP) accelerator operation, and embedding the digitally signed input into an output, includes receiving, from a host device, a signature kernel specifying input to the signature kernel and executing the signature kernel to: extract a watermark from the input and obtain a hash for the watermark; generate output from the input; and embed the hash into the output. The DP accelerator provides the output to the host device. In an embodiment, the input includes an artificial intelligence (AI) model that is executed by the DP accelerator. The DP accelerator receives second input from the host, thereby producing an inference output from the AI model. The digitally signed watermark of the AI Model is embedded into the inference output and is provided to the host device.

Abstract: A method for creating a hierarchical threshold signature digital asset wallet using a hierarchical distributed key generator (DKG) and a signature protocol includes steps of generating a public key by users and the digital asset wallet service platform, securing and controlling a portion of shares, sending a transaction signing request, validating the transaction signing request, creating a signature of the signed transaction, and uploading the signed transaction to the corresponding digital asset blockchain network and monitoring the execution of the signed transaction.

Abstract: There is disclosed in one example a computing apparatus, including: a processor and memory; and instructions encoded within the memory to instruct the processor to: identify a scripted process for security analysis; hook application programming interface (API) calls of the scripted process to determine a plurality of pre-execution parameters and runtime parameters; assign individual scores to the pre-execution parameters and runtime parameters; compute a sum of the individual scores; compare the sum to a threshold; and detect malicious or suspicious activity if the sum is above the threshold.

Abstract: In an approach for securing data, a processor publishes a traditional public key in a traditional certificate and a PQC public key in a PQC certificate. A processor encrypts data with a hybrid shared secret, the hybrid shared secret generated with a key derivation function by using a traditional shared secret based on the traditional public key and a PQC shared secret based on the PQC public key. A processor decrypts the data with the hybrid shared secret based on a traditional private key and a PQC private key. A processor signs the data with a traditional signature followed by a PQC signature.

Abstract: A system and method for digitally signing data. A method includes generating, by a first device, at least one first secret share based on a secret key chosen by the first device, wherein the first device is offline with respect to a second device; partially signing data by the first device using the at least one secret share, wherein the data is received from the second device without establishing direct communications between the first device and the second device; and sending the partially signed data from the first device to the second device, wherein the second device generates signed data using the partially signed data, wherein the signed data corresponds to a public key generated based on the at least one first secret share and at least one second secret share generated by the second device.

Abstract: Techniques for providing an intelligent-interaction honeypot for IoT devices in accordance with some embodiments. In some embodiments, a system/process/computer program product for providing an intelligent-interaction honeypot for IoT devices includes receiving a request from an attacker sent to an IP address that is associated with a honeypot instance for Internet of Things (IoT) devices; determining a response to the request using a data store that stores a plurality of responses and associated IoT device information, wherein the plurality of responses and associated IoT device information is generated based on automated machine learning of active probing of physical IoT devices on the Internet; and sending the response from the honeypot instance for IoT devices to the attacker, wherein the attacker is unable to detect that the response is associated with an emulated IoT device.

Abstract: This invention is a computer-implemented method and system of using a secondary classification algorithm after using a primary source code vulnerability scanning tool to more accurately label true and false vulnerabilities in source code. The method and system use machine learning within a 10% dataset to develop a classifier model algorithm. A selection process identifies the most important features utilized in the algorithm to detect and distinguish the true and false positive findings of the static code analysis results. A personal identifier is used as a critical feature for the classification. The model is validated by experimentation and comparison against thirteen existing classifiers.

Abstract: A system, method, and computer program product are provided for sending and receiving messages using a noisy cryptographic system. To send a message, N secret keys are negotiated using a noisy cryptographic system, where K secret keys are expected to be noiseless. A secret polynomial that includes the N secret keys is generated, and K points on the secret polynomial are derived. For each of the N secret keys, a secret key MAC key is derived and a secret key MAC is calculated using the derived secret key MAC key. A secret key MAC header is generated that includes an array of each of the secret key MACs and possibly a corresponding public key. Message integrity plaintext is generated that includes an encrypted message, the secret key MAC header, and an array of the K points on the secret polynomial. A final message that includes the message integrity plaintext is generated for being sent.

Abstract: Cryptographically secure data communications between layered groups of devices in a wireless cooperative broadcast network encrypts datagrams twice prior to transmission by a source device, first using an inner layer key that is shared by a first group of devices, and second using an outer layer key that is shared by a second group of devices; the devices of the first group being members of the second group. Received datagrams are recovered by first decrypting with the outer layer key and second decrypting with the inner layer key.

Abstract: Disclosed are a system and method for an identity integration platform to leverage decentralized Internet identity services to streamline and secure the credentialing process for a variety of identity providers, credentialing service providers, and their users. The identity integration platform may operate as a conduit between these entities in a platform agnostic manner to ensure compatibility across a variety of entities without standardization. An application programming interface to facilitate interoperability is also described.

Abstract: A communication method for the secure management of keys and identities of an Object manufactured by a Manufacturer having a Manufacturer key pair (Ksman, Kpman) and a client having a Client key pair (Ksclient, Kpclient), that is carried out at least partially on a decentralized blockchain database by generating by the Manufacturer two diversified symmetric keys from its key pair and from diversifiers, sharing keys with the object, publishing and recording the decentralized identifier (DID) in the database, wherein when a Client purchases the object from the Manufacturer, providing the identifier of the object DID by the Manufacturer, updating the blockchain, when the object is initially switched on, auto-enrolling by generating new symmetric keys, sending two new encrypted diversifiers to the client with the public client key, publishing and recording new encrypted diversifiers with the public client key in the blockchain.

Abstract: A method performs cryptographic operations on data in a processing device. An iterative operation between a first operand formed by a given number of words and a second operand using a secret key is performed. The iterative operation includes, for each bit of the secret key, applying one of a first set operations and a second set of operations to the first operand and to the second operand depending on of the bit, and conditionally swapping words of the first and the second operand based on a control bit value obtained by applying a logic XOR function to a random bit.