Abstract: A system for enhanced public key infrastructure is provided. The system includes a computer device. The computer device is programmed to receive a digital certificate including a composite signature field including a plurality of signatures. The plurality of signatures include at least a first signature and a second signature. The computer device is also programmed to retrieve, from the digital certificate, a first key associated with the first signature from the digital certificate. The computer device is further programmed to retrieve the first signature from the composite signature field. In addition, the at least one computer device is programmed to validate the first signature using the first key.

Abstract: A method and a system for analysis of executable files are provided. The method comprises: obtaining a plurality of training executable files including at least one malicious executable file and at least one benign executable file; analyzing the plurality of training executable files to extract therefrom data including a plurality of features; transforming the data organizing the plurality of features in sets of features, a given one of which includes features of a respective predetermined type; identifying, in the given set of features, informative features indicative of a given training executable file being one of malicious and benign; combining, over the plurality of training executable files, for the respective predetermined data type, the informative features to generate at least one feature vector; and training, based on the at least one feature vector, at least one of classifier to determine if an in-use executable file is one of malicious and benign.

Abstract: A system and method for receiving secure data in a client device. In one embodiment, the method comprises (a) receiving a token having a token ID and a digital certificate generated by a certificate authority (CA) having client device fingerprint data generated from client device parameters, (b) accepting a request in the client device to provide secure data to the client device, (c) regenerating the client device fingerprint data from the client device parameters, (d) determining, in the client device, differences between the client device fingerprint data of the digital certificate from the regenerated client device fingerprint data, and (e) transmitting a request to a secure data service to provide secure data based upon the determination.

Abstract: Systems, computer program products, and methods are described herein for tracking resources using non-fungible tokens. The present invention is configured to electronically receiving, over a distributed computing network from a computing device of a user, a request for a non-fungible token (NFT) for a resource; initiating a non-fungible token (NFT) generator on the resource in response to receiving the request; generating a unique digital signature for the resource; generating, using the NFT generator, the NFT, wherein the NFT comprises at least the unique digital signature for the resource; and record the NFT for the resource on a distributed ledger.

Abstract: Techniques are provided for multi-cloud authentication of data requests. One method comprises obtaining, by a first authentication entity of a first cloud environment, from a service on the first cloud environment, a request for data stored by a second cloud environment; determining a signature for the service; verifying the determined signature for the service by requesting a signature for the service registered with a second authentication entity of the second cloud environment; requesting the data from the second authentication entity of the second cloud environment in response to the determined signature being verified; and providing the requested data to the service. The requested data from the second cloud environment may be encrypted with an encryption key, and the method may further comprise decrypting the requested data with a decryption key obtained from the second cloud environment. The signature for the service may be registered as part of a deployment of the service.

Abstract: An example operation may include one or more of receiving a request to certify a digital record, retrieving a first hashed data value of the digital record from a data block included among a first hash-linked chain of blocks on a first blockchain, retrieving a second hashed data value of the digital record from a second data block included among a second hash-linked chain of blocks on a second blockchain which is different from the first blockchain, determining whether the digital record is valid based on a cross-validation of the first hashed data value and the second hashed data value, and storing the determination of the validity of the digital record in a data block among a third hash-linked chain of blocks.

Abstract: The present disclosure describes techniques that facilitate the encryption of data communications between a home and VPLMN, along with the verification of a content and origin of encrypted messages at each end of a data communication. In one non-limiting example, the process of verifying the content and origin of an encrypted message is facilitated partly by an exchange of network public keys between the HPLMN and VPLMNs. In another example, a network certificate aggregator (NCA) may act as a certificate authority (CA) by verifying the identities of interacting home and VPLMNs. The NCA may facilitate and exchange public keys between a home and VPLMN, whereby the HPLMN and VPLMNs need only trust and verify an identity of the NCA. Alternatively, the NCA may act as a conduit for data communications between the HPLMN and VPLMN.

Abstract: A method for utilizing a registration authority computer to facilitate a certificate signing request is provided. A registration authority computer may receive a certificate signing request associated with a token requestor. The registration authority computer may authenticate the identity of the token requestor and forward the certificate signing request to a certificate authority computer. A token requestor ID and a signed certificate may be provided by the certificate authority computer and forwarded to the token requestor. The token requestor ID may be utilized by the token requestor to generate digital signatures for subsequent token-based transactions.

Abstract: Disclosed is a method for cross-authenticating non-credentialed devices and trusted blockchain enabled applications using multiple communications modalities and gathering information upon request for a blockchain network.

Abstract: A terminal device may obtain a third public key of a communication device, in a case where the third public key is obtained, send a third authentication request in which the third public key is used to the communication device, receive a third authentication response from the communication device, and send third connection information to the communication device. The third connection information may include a first identifier and a second identifier, the first identifier for identifying a first wireless network in which a first access point operates as a parent station, and the second identifier for identifying a second wireless network in which a second access point operates as a parent station.

Abstract: One example method includes detecting a threat in a data confidence fabric, assigning a data confidence score to data implicated by the threat, generating trust insertion metadata concerning the threat, creating a ledger entry based on the data confidence score and the trust insertion metadata, and using the ledger entry to determine an overall data confidence score for the data confidence fabric. A data threat portfolio view is generated based on the data confidence score and the trust insertion metadata, and the data threat portfolio view is presented to a user.

Abstract: A method for blockchain nodes, the method including: sending security data of an Internet of Things system to other blockchain nodes, so that each blockchain node stores the security data in a blockchain database for that blockchain node; and obtaining one or more pieces of security data of the Internet of Things system from a blockchain database for a current blockchain node, and performing a corresponding operation on the Internet of Things system based on the obtained security data. There is also provided a device, a computer system and a computer readable medium for blockchain nodes.

Abstract: In an aspect, the present disclosure provides an electronic device for OTP authentication of a present location, comprising: a power source, a processor, and a memory in a housing; a strap comprising first and second ends, and a first wire extending from the first end to the second end of the strap and forming an external loop, wherein the first wire establishes a first electrical connection between the power source and the processor; and a second electrical connection operatively connected to the processor and the memory, the processor configured to generate an OTP, only when the processor is connected to the power source by the first electrical connection without interruption once the first electrical connection is established. The OTP authentication may be time-based one-time password (TOTP) authentication, and the generated OTP may be a time-based one-time password (TOTP).

Abstract: A security authentication method and device are provided. The method includes performing, based on a transmitted password authentication message, password authentication with a server and acquiring a result of the password authentication; sending a request authentication message to the server in a case that the result of the password authentication is determined to indicate that the password authentication is successful; performing security authentication through digitally signing by the server all intercommunicated messages and verifying the digital signature by the client, or through encrypting a local random number and all intercommunicated messages by the client using a public key and verifying a random number returned by the server.

Abstract: This application provides an identity management method, a device, a communications network, and a storage medium. The method includes generating, by a first control plane node, a first identification, a first public key, and a first private key for user equipment. The method also includes signing the first identification and the first public key based on a second private key of the first control plane node, to obtain first transaction data. The method further includes broadcasting the first transaction data in a blockchain network, where the first transaction data is to be used for consensus calculation in the blockchain network.

Abstract: An encryption/decryption method including the steps of encrypting a message, beginning with the encrypting of the message using a key and a salt, the salt being a random number; stopping the encrypting step when the message is encrypted resulting in an encrypted message; encrypting the salt with the key resulting in an encrypted salt; and assembling the encrypted salt, a demark character, the encrypted message and padding to form a data set.

Abstract: Improvements to post-quantum lattice-based digital signature schemes are disclosed. By sampling cryptographic material, including cryptographic key matrices and masking vectors from a uniform distribution, embodiments eliminate the need for a security check during generation of a digital signature vector. As a result, digital signatures can be generated faster and at a lower failure rate. A generating device can generate a verification matrix A and a secret matrix S from a uniform distribution, and an error matrix E from a special distribution (such as a Gaussian). The generating device can combine the three matrices to generate a public matrix Y. The first and the fourth matrices (A, Y) can be used as a public key used to verify digital signatures. The second and the third matrices (S, E) can be used as a private key used to generate digital signatures.

Abstract: The present invention discloses a cloud-side collaborative multi-mode private data circulation method based on a smart contract, including: S1, a system is initialized; S2, the original data are encrypted into private data, an encryption certificate z? for storage is generated, and z? includes metadata and a data certificate key?; S3, the DO calls a smart contract program to realize uplink of the encryption certificate z? and releases z? to a block chain through a smart contract, wherein the smart contract is open to all user accounts; S4, rapid data circulation is realized: when DO releases the data certificate, DU has been identified, a DU's account IDDU is set through an access policy, the DU obtains an encryption key for data access by executing a smart contract and a key algorithm, private data are obtained through metadata and decrypted to obtain a plaintext; and S5, the data circulation is confirmed.

Abstract: A proof of time (PoT) protocol implemented on a network of nodes to add a block to a timechain is provided. In order to participate in the consensus process, the nodes in the network have to stake a predefined number of tokens with the network. Further, the nodes have to register their participation keys with the network. Thereafter, the nodes of the network are classified into time nodes and time electors. Determination of the nodes which will serve as the time nodes and which will serve as the time electors is done by running a verifiable delay function (VDF) based on a ranking score and fixed stake of each node. The block is added to the timechain in a period called a slot. The network releases a random number called a seed that each node uses to compute VDF based on its ranking score and the fixed stake.

Abstract: A method for securely sharing and authenticating a last secret can include splitting a secret into a first split and a second split, the secret comprising a cryptographic element and controlling access to a first key, the secret comprising at least one of a password, a second key, and a tokenized value, and the first key controlling access to a secure computing system, encrypting the first split by an encryption key established between the dealer computing system and the combining computing system, encrypting the second split by the encryption key established between the dealer computing system and the combining computing system, transmitting the encrypted first split to a first share-holder, transmitting the encrypted second split to a second share-holder, designcrypting the encrypted first split, and designcrypting the encrypted second split.