Abstract: In general, the invention relates to a method for managing data. The method includes obtaining a data set from a local data system, identifying an audit tag associated with the data set, generating a table entry for a data registration table based on the data set and the audit tag, and storing the table entry in the data registration table, wherein the data registration table is stored in a data tracking service.

Abstract: Techniques are described for metadata processing that can be used to encode an arbitrary number of security policies for code running on a processor. Metadata may be added to every word in the system and a metadata processing unit may be used that works in parallel with data flow to enforce an arbitrary set of policies. In one aspect, the metadata may be characterized as unbounded and software programmable to be applicable to a wide range of metadata processing policies. Techniques and policies have a wide range of uses including, for example, safety, security, and synchronization. Additionally, described are aspects and techniques in connection with metadata processing in an embodiment based on the RISC-V architecture.

Abstract: Medical devices, systems, and methods related thereto a glucose monitoring system having a first display unit in data communication with a skin-mounted assembly, the skin-mounted assembly including an in vivo sensor and a transmitter. The first display unit and a second display unit are in data communication with a data management system. The first display unit comprises memory that grants a first user first access level rights and the second display unit comprises memory that grants a second individual second access level rights.

Abstract: An example private processing pipeline may include: a masked decryption unit to perform a masked decryption operation transforming input data into masked decrypted data; a masked functional unit to produce a masked result by performing a masked operation on the masked decrypted data; and a masked encryption unit to perform a masked encryption operation transforming the masked result into an encrypted result.

Abstract: A method includes monitoring user behavior in an enterprise system, identifying a given user of the enterprise system associated with a given portion of the monitored user behavior, determining a predicted impact of compromise of the given user on the enterprise system, generating a risk score for the given user based on the predicted impact of compromise and the given portion of the monitored user behavior, and identifying one or more remedial actions to reduce the risk score for the given user. The method also includes implementing, prior to detecting compromise of the given user, at least one of the remedial actions to modify a configuration of at least one asset in the enterprise system, the at least one asset comprising at least one of a physical computing resource and a virtual computing resource in the enterprise system.

Abstract: An information processing apparatus includes a processor that acquires an operation result on an input data by referring to a look-up table that stores an operation result of an operation process, including an obfuscating operation that includes ordering of bits, an exclusive-OR operation on a random number, and a multiplication on a Galois field, performed on data.

Abstract: An access control system controls access of a user to one or more operating functions of a technical installation. The access control system includes a receiving device configured to read access authorization data from a mobile data medium and an access control device configured to receive and validate the access authorization data from the receiving device. The receiving device continuously adds a dynamic portion to the access authorization data to create dynamic access authorization data and sends the dynamic access authorization data to the access control device. The access control device, in response to the dynamic access authorization data corresponding to a defined expectation, generates a release signal for those operating functions for which the access authorization data is valid.

Abstract: The disclosed computer-implemented method for authenticating digital media content may include (i) receiving digital media content that has been captured by a capturing device and digitally signed through a cryptoprocessor embedded within the capturing device to provide an assurance of authenticity regarding how the capturing device captured the digital media content, and (ii) encoding an identifier of the received digital media content and a digital signature to an encrypted distributed ledger, the digital signature including at least one of a digital signature of the digital media content by the capturing device or a digital signature of the digital media content by an entity encoding the received digital media content such that the encoding becomes available for subsequent verification through the encrypted distributed ledger. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: An indication of a mode of operation to be performed with a block cipher may be received. Logic associated with the block cipher may be configured based on the indicated mode of operation to be performed with the block cipher. Furthermore, an input data and a mask data may be received. The input data may be combined with the mask data to generate a masked input data based on the configured logic. The masked input data may be provided to the block cipher based on the configured logic and an output data may be generated with the block cipher based on the provided masked input data.

Abstract: The present disclosure is related to a sensing device. The sensing device includes a sensor, a memory, a processor, and two radio units. A first radio unit of the two radio units is configured for bidirectional communication with an external device using a first radio communication protocol. The bidirectional communication comprises receiving configuration data from the external device via a first radio signal from the external device. The second radio unit of the two radio units is configured for unidirectional communication with the external device using a second radio communication protocol. The unidirectional communication comprises the second radio unit transmitting a second radio signal to the external device. The second radio signal communicates data including one or more measurements obtained by the sensor.

Abstract: Pi and P+ have stored a+?{a0, a1, a2} and b+?{b0, b1, b2} therein, and Pi and P? have stored a??A? and b??B? therein. Here, P+?P(i+1)mod 3, P?=P(i?1)mod 3, and a and b are arbitrary values and satisfy a=a0+a1+a2 and b=b0+b1+b2, where A? is a complement of a+ in {a0, a1, a2} and B? is a complement of b+ in {b0, b1, b2}. Pi and P+ share r+, Pi and P? share r?, and Pi calculates c+=(a++a?)(b++b?)?a?b?+r+?r?. Pi sends c+ to P+.

Abstract: A server apparatus includes a total amount obtaining unit that obtains a total amount of use permitted according to a contract in a service used by plural users, an upper limit value obtaining unit that obtains an upper limit value of use of the service for each of the plural users, and a changing unit that changes, in a case where a user having a use amount of the service likely to exceed the upper limit value exists among the plural users, the upper limit value of the user to be increased within a range of the total amount.

Abstract: The present disclosure relates to an electronic device that is capable of multimodal biometric authentication and a method of controlling the electronic device.

Abstract: Techniques for improved masking data in an information processing system are provided. For example, a method comprises generating a data masking configuration file for use in an information processing system to mask at least a portion of a given data set, wherein the generation of the data masking configuration file further comprises attaching a masking algorithm function selected from a plurality of defined masking algorithm functions to each data element of the given data set to be masked.

Abstract: An encryption device divides a message M into blocks of b bits, so as to generate data M[1], . . . , data M[m]. The encryption device sets data S0 of n=b+c bits to a variable S, updates the variable S by calculating a block cipher E using as input the variable S, then updates the variable S by calculating an exclusive OR using as input the variable S that has been updated and data X[i] that is data M[i] to which a bit string of c bits is added, and generates data C[i] by extracting b bits from the variable S that has been updated, for each integer i=1, . . . , m in ascending order. The encryption device generates a ciphertext C of the message M by concatenating the respective pieces of the data C[i] for each integer i=1, . . . , m. The encryption device extracts t bits from the variable S as an authenticator T, where t is an integer of 1 or greater.

Abstract: Allowing a user access to a computer-controlled resource by transmitting an authentication challenge to a computing device of the user, receiving an authentication response as a human-inaudible acoustic signal automatically transmitted from the computing device without input from the user, and allowing access to the computer-controlled resource responsive to the received authentication response.

Abstract: Device, system, and method of policy enforcement for rich execution environment. An electronic device includes a Trusted Execution Environment (TEE), a Rich Execution Environment (REE), and a hardware-based secure sub-system which includes a cryptographic engine. The REE includes a cryptographic driver configured to initiate a request for TEE authorization to perform a particular cryptographic operation by the cryptographic engine on a data-item that is stored in a memory region that is accessible by the REE. The TEE includes a policies manager to determine whether the request from the REE is approved or rejected, and if approved, to inject data-items into the secure sub-system to enable performance of the requested cryptographic operation by the cryptographic engine.

Abstract: The invention is directed to a system that enables an authentication process that involves secure multi-party computation. The authentication process can be performed between a user device operated by a user and an access device. The user device and the access device may conduct the authentication process such that enrollment information and authentication information input by the user is not transmitted between the devices. Instead, the user device may determine and utilize obfuscated values associated with the authentication information. The user device may also determine an obfuscated authentication function that can be utilized to determine an authentication result without revealing enrollment information and authentication information associated with the user. The user can be authenticated based on the authentication result.

Abstract: A system includes a plurality of data input ports, each port corresponding to one of a plurality of different levels of security classification; a security device, configured for cryptographic processing, coupled to receive incoming data from each of the plurality of input ports, wherein the incoming data includes first data having a first classification level; a key manager configured to select and tag-identified first set of keys from a plurality of key sets, each of the key sets corresponding to one of the different levels of security classification, wherein the first set of keys is used by the security device to encrypt the first data; and a common encrypted data storage, coupled to receive the encrypted first data from the security device for storage.

Abstract: A block cipher method and apparatus using round repetition for providing, from a plaintext message, a ciphertext message and a global tag is disclosed; the plaintext message is converted into a plurality of ordered plaintext blocks which are successively processed during a round for computing: a cryptogram by encrypting input data using a single cryptographic key, said cryptogram comprising a first segment and a second segment; a ciphertext block by performing a first operation using, as operands: said first segment said current plaintext block and said second segment; at each next round said input data is newly determined based on the current ciphertext block and an updated reproducible data; the ciphertext message is determined by concatenating the ciphertext blocks and the global tag by a second operation using computed authentication local tags as operands.