Abstract: A system and method perform assessments of technical systems or institutions by applying one or more standards of practice to one or more entities. The system and method may apply those one or more standards of practice in a distributed piece-meal fashion allowing less trained personnel to accomplish more assessments with lower cost and in less time.

Abstract: Systems and methods for establishing a wireless connection using a connection identifier. The systems include a dust extractor and a power tool. The dust extractor includes an extractor electronic processor. The power tool includes a tool electronic processor. The extractor electronic processor is configured to: broadcast a connection advertisement; establish the wireless connection with a power tool when the connection advertisement is received; receive a request for the connection identifier; and provide a response including the connection identifier; provide a first indication of a successful wireless connection.

Abstract: Methods, systems, and devices for providing for trust in a distributed environment are disclosed. In a distributed environment, various devices may be remote to one another and may interact with one another via one or more operable connections. Through the operable connections, various communications may be exchanged. However, the operable connections may not natively support authentication of any particular device in the distributed system. Consequently, entities in the distributed system may not intrinsically trust that the communications received through the distributed environment are authentic. The entities of the system may mutually authenticate one another prior to trusting communications from the other entities. For example, in a scenario where a client wishes to access data hosted by a data source, the client and data source may go through a process of mutually authenticating one another. By doing so, a trusted environment may be established.

Abstract: Techniques include securely accessing data associated with at least one identity capable of accessing one or more access-controlled network resources; generating an intermediate value based on the data associated with the at least one identity; generating, based on application of a secret logic algorithm to the intermediate value, a secret data element; making available, the secret data element, to be embedded in an authentication credential associated with the at least one identity; identifying an attempt to change the authentication credential, the attempt including new authentication credential data to replace data in the authentication credential; validating, conditional on a determination whether the new authentication credential data includes the secret data element in a predefined location, the attempt to change the authentication credential; and determining, based on the validating, whether to perform a control action based on the new authentication credential data.

Abstract: Methods, devices, and systems are provided for user authentication on a gateway device to perform steps of, receiving a user request communicated via a local area network (LAN) from a user system or device connected to the LAN, checking whether the gateway device is operating in a disconnected operational mode in response to the user request, selectively initiating a user authentication protocol when the gateway device is operating in the disconnected operational mode, wherein the user authentication protocol uses secret information stored in a user hardware token uniquely assigned to a particular user, authenticating the administrator user using the user authentication protocol that requires administrator secret information stored in a master hardware token connected to a system or device operated by the administrator user, and selectively authenticating the particular user based at least in part on results of the user authentication protocol.

Abstract: An image backup method of a computing system including a host and a memory system includes receiving, by the host, a first image, together with a backup request, performing, by the host, a similarity determination between the first image and images stored in the memory system, based on a first hash function, selectively providing, by the host, the first image to the memory system according to a result of the similarity determination, performing, by the memory system, an identity determination between the first image and the images, based on a second hash function, and providing, by the memory system, the host with information for determining a storage method of the first image according to a result of the identity determination.

Abstract: Method and system for executing a one-time program comprising at least one instruction operating on at least one input value (a, b) and returning at least one output value (O), wherein each instruction of the one-time program is encoded onto a state of an elementary quantum system, comprising: encoding the at least one input value (a, b) onto a quantum gate according to a pre-defined input-encoding scheme; applying the quantum gate to the at least one elementary quantum system; making a measurement of a resulting state of the at least one elementary quantum system after the quantum gate; and determining the at least one output value from a result of the measurement.

Abstract: A device receives a video stream, where one or more frames of the video stream include embedded metadata that is embedded directly into the one or more frames. The device extracts the embedded metadata from the one or more frames. The device makes an authentication determination regarding the video stream, based on whether the embedded metadata includes a digital signature associated with a sender of the video stream. The device controls, based on the authentication determination, presentation of the video stream to a recipient user.

Abstract: This disclosure generally relate to a method and system for network policy simulation in a distributed computing system. The present technology relates techniques that enable simulation of a new network policy with regard to its effects on the network data flow. By enabling a simulation data flow that is parallel and independent from the regular data flow, the present technology can provide optimized network security management with improved efficiency.

Abstract: A method for distributing encryption keys includes receiving a table associated with a particular user, the table including a plurality of data blocks and splitting the table into a plurality of tablets including a corresponding portion of data blocks. The method also includes generating a resource key uniquely associated with the table and for each tablet generating a unique data encryption key for the corresponding tablet to encrypt with the unique data encryption key. The method also includes encrypting each data encryption key with the resource key and distributing control of each encrypted tablet and each corresponding encrypted data encryption key to a plurality of tablet servers, each controlling one or more of the encrypted tablets. The resource key transmits to a remote entity causing the remote entity to encrypt the resource key with a user key associated with the particular user and transmit the encrypted resource key.

Abstract: A computer-implemented method may include: receiving, from at least one camera, image data associated with a first user at a public access user computing device; detecting, based on the received image data, by employing a machine learning model trained using a dataset of actions collected from a plurality of previous users, that the first user has moved away from the public access user computing device; automatically encrypting, based upon the detection, a user session associated with the first user, wherein the encrypted user session is configured to be subsequently activated by the first user; and initiating a new generic user session on the public access user computing device for a second user.

Abstract: A program identity of an unknown binary is inferred in response to a trigger (e.g., a request to access or execute the unknown binary, etc.). One or more authentication factors are then executed to authenticate the inferred program identity of the unknown binary as being one of a plurality of different programs. The program can be selectively provided with access to system resources and/or sensitive operations can be limited based on a program nature of the authenticated program identity. In some variations, the authentication factors cause a modified authentication workflow in which a human user provides input as to whether or not to authenticate the inferred program identity.

Abstract: A file access right authentication method and system allows right authentication to be performed on an access request for accessing a file in a system to thereby improve system security. The method includes: receiving, by an electronic device, a file access request, where the file access request is used to request to access a first file on the electronic device; obtaining a first process identifier in the file access request, and determining first fixed identity information corresponding to the first process identifier; and matching the first fixed identity information with authorized fixed identity information corresponding to the first file), and when the matching succeeds, determining that authentication of the file access request is successful.

Abstract: The invention relates to an information processing apparatus that generates a pair of a first signature key and a first verification key, publishes the first verification key outside the information processing apparatus, acquires a second verification key that is generated and published by an own apparatus, generates a secret value table including a plurality of secret values and indices, transmits signed transmission data obtained by signing transmission data with the first signature key, the transmission data including processing target data comprising at least a part of delivery target data and an index corresponding to a secret value that has been associated with the processing target data based on the secret value table, receives certification data from the own apparatus, verifies a signature of the certification data using the second verification key, and transmits the certification data to a data providing apparatus, when the signature of the certification data is successfully verified using the second

Abstract: Disclosed are methods and systems to use p-adic numbers to permit a RSA cryptosystem to send rational numbers or to add randomness to the RSA cryptosystem. An embodiment may convert at the source device a rational number to an integer as p-adic based Hensel code representation of the rational number at the source device and then recover the rational number at the destination device by reversing the Hensel code back to the original rational number. Another embodiment may use a g-adic inverse of a message value together with a random number to obtain a different rational number to encrypt for each different random number resulting in different ciphertexts representing the same message value while still recovering the original message value despite having a different ciphertexts for the same message value. The various embodiments further retain the multiplicative homomorphism of the RSA cryptosystem since the p-adic Hensel codes are also multiplicative homomorphic.

Abstract: Systems and methods are described for enrolling a user device in a Unified Endpoint Management (“UEM”) system over a closed network. After an initial boot or factory reset of a user device, a user can scan a Quick Response code, or other scannable code, that is embedded with enrollment configuration data that includes configuration settings for communicating with a UEM server in the UEM system. Using the enrollment configuration data, the user device can retrieve an installation file for a management application. The user device can install the management application and give the management application access to the enrollment configuration data. The management application can disable hardcoded open network endpoints on the user device and configure the user device for UEM communications on the closed network. The user device can connect to the UEM server over the closed network and request enrollment in the UEM system.

Abstract: Techniques are described herein for authenticating a plurality of components of a user equipment to enable one or more functionalities of the components. The techniques include receiving a component identifier corresponding to a hardware component of the user equipment; verifying that the component identifier matches a network record in a data store, the network record corresponding to the hardware component; enabling one or more functionalities of the user equipment, based at least in part on verifying the component identifier with the network record; and activating the hardware component for use on the user equipment via a communications network.

Abstract: The present disclosure provides an anti-malicious method, device and medium for secure three-party computation, and relates to the field of data security. The method includes the following: Respective private data matrices of three participants are determined; each participant receives a corresponding random matrix pair generated by a commodity server node; and based on the random matrix pair, a corresponding internal matrix is generated in a computational process of the three participants, and corresponding security constraints are separately added to a computational process in which a collusion behavior exists and no collusion behavior exists. The security constraints implement a constraint on a rank of an internal matrix, so that any participant in the computational process cannot predict private data matrices of another two participants. The present disclosure can improve data security of the secure three-party computation.

Abstract: At a first time, a system identifies a set of data files which are stored in a part of a data storage system. At a second time, the system identifies each newly encoded data file based on identifying each data file in the set of data files which is encoded and created and/or updated since the first time. The system identifies each compressed data file based on identifying each newly encoded data file which is reduced in size since the first time. The system determines a file compression success rate based on a total count of each compressed data file relative to a total count of each newly encoded data file. If the system determines that the file compression success rate does not satisfy the file compression success rate threshold, the system outputs an alert about an unauthorized encryption in the data storage system.

Abstract: Example implementations include a method of generating a first authentication code based at least partially on an authentication key and an application key, transmitting to a secure subsystem of the local processing device the authentication key, the application key, and the first authentication code, generating, at the secure subsystem, a second authentication code based at least partially on the authentication key and the application key, and generating, at the secure subsystem, a secure application key, in accordance with a determination that the first authentication code and the second authentication code satisfy an authentication criterion.