Abstract: A secure calculation is performed on at least one input value. The calculation includes a number of operations, with a first operation performed on the input value, and subsequent operations performed on results produced by previous operations. An initial encryption rank is set, based on the number of operations to be performed in the calculation. The input value is encoded, together with the initial encryption rank. The calculation is then performed, such that the first operation is performed on the encoded input value to produce an encoded result, and subsequent operations are performed on respective encoded results produced by previous operations to produce further encoded results. A new encryption rank is set when an operation in the calculation is performed on the encoded input value or on an encoded result produced by a previous operation, such that the encoded result of said operation in the calculation has the new encryption rank.

Abstract: Elliptic curve cryptographic schemes performed between a pair of cryptographic correspondent computing devices. In an aspect, a first entity generates a first basis point in a first selected basis being, either a first basis (A) or a second basis (B), and performs a first key generation in the selected basis. A second entity receives the public key and determines the product of a predetermined scalar in a second selected basis being either the first basis (A) or the second basis (B) and one of the first auxiliary points. If the product is an identity point, performs second key generation in the second selected basis, otherwise performing second key generation in either of the first basis (A) or the second basis (B). A common key is generated using the private keys and public keys. In another aspect, a scheme is performed symmetrically between two entities to generate a common key.

Abstract: Various embodiments relate to a method and apparatus for using blockchains as an integrity tracking tool for network elements, the method including the steps of receiving, by a blockchain network, a patch request from a patch initiator, validating, by the blockchain network, the patch request and writing the patch request on the blockchain, transmitting, by the blockchain network, the patch request to a network element, receiving, by the blockchain network, a patch report from the network element, and validating, by the blockchain network, the patch report and writing the patch report on the blockchain.

Abstract: A method for executing an operation by a circuit, may include using a first mask set of mask parameters including a same number of occurrences of all possible values of a word of an input data in relation to a size thereof, using an input set including for each mask parameter in the first mask set a data obtained by applying XOR operations to the input data and to the mask parameter and providing an output set including all data resulting from the application of the operation to a data in the input set. The output data may be obtained by applying XOR operations to any of the data in the output set and to a respective second mask parameter in a second mask set including a same number of occurrences of all possible values of the second mask parameters in relation to a size of thereof.

Abstract: In some examples, a system includes a propulsor engine and a controller configured to determine a frequency for a new communication session on a communication channel based on a frequency of a previous communication session, wherein the frequency for the new communication session is different than the frequency of the previous communication session. In some examples, the controller is further configured to establish the new communication session via the communication channel with the propulsor engine. In some examples, the controller is also configured to exchange information with the propulsor engine at the frequency for the new communication session via the communication channel.

Abstract: A method and an apparatus are provided for controlling a graphical user interface to display information related to a communication session. Information relating to data produced by a first participant to the communication session is displayed on a first display unit, wherein the information produced by the first participant is displayed at a first position on the first display unit. Data is received from a second participant to the communication session, and information relating to the data received from the second participant is displayed on the first display unit, wherein the information received from the second participant is displayed at a second position on the first display unit. The first and second positions are horizontally spaced apart.

Abstract: A system and method for transmitting user credentials to another device. According to some embodiments, a method is described of receiving into a first portable electronic device a set of credentials from a user, the set of credentials to include a WLAN SSID and a network key, the set of credentials to allow the first device to connect to the WLAN. The set of credentials is used to connect the first device to the WLAN. The first device creates a message for wireless transmission, the message includes the set of credentials for accessing the WLAN and is adapted to be delivered to a second device. Finally, the first device transmits the message over the air, wherein the message is addressed to the second device. The second device receives the message and uses the credentials in the message to connect to the WLAN. Other embodiments are also described.

Abstract: Aspects provide for a virtual machine structure wherein processors are configured to create an encrypted code virtualization machine for code machine instructions of a retrieved package that has a security field value that indicates secure code, wherein the code machine instructions of the first retrieved package are allocated to encrypted code memory regions of a computer memory resource. Configured processors further create a non-encrypted code virtualization machine in non-encrypted code memory regions of a computer memory resource comprising code machine instructions of another retrieved package that has a security field value that does not indicate secure code; and define a union mixed secure virtual machine image to include (as a function of) the encrypted code virtualization machine and the non-encrypted code virtualization machine.

Abstract: A communication apparatus determines whether the communication apparatus is connected with a wireless network, and accepts an instruction for starting setting processing of a communication parameter, which is used in performing wireless communication, with another communication apparatus that has read an image including information about a frequency channel used in the setting processing. If the communication apparatus is determined to be connected with the wireless network, the communication apparatus does not start waiting for a request for the setting processing even when the instruction is accepted. If the communication apparatus is determined not to be connected with the wireless network, the communication apparatus starts waiting for the request for the setting processing in response to acceptance of the instruction.

Abstract: A method for behavioral analysis of scripting utility usage in an enterprise is described. In one embodiment, the method describes receiving, by a processor, data associated with execution of a scripting utility operating on a plurality of computing devices; executing a clustering algorithm on the received data; identifying at least one cluster based at least in part on executing the clustering algorithm; identifying an existence of an anomalous event associated with the scripting utility based at least in part on executing the clustering algorithm; and transmitting an indication of the anomalous event to an administrator.

Abstract: A method for anonymously communicating data that defines a token from a source system to a destination system via a block-chain distributed database includes receiving, at a token distribution system, request information from a source system. The request information specifies source identifying information and an address for receiving one or more tokens. The token distribution system determines one or more tokens for allocation to the source system and communicates the allocated tokens to the address defined in the request information via a zero-knowledge transaction. The source system moves the tokens to a different address for communicating a block-chain transaction and communicates the tokens at the different address to a destination address associated with the destination system via a block-chain transaction.

Abstract: Aspects of the present disclosure relate to adaptive and user-defined security against side-channel attacks in a virtual network. Traffic in the virtual network can be monitored at the hypervisor level and network security levels, such as padding and inclusion of dummy packets in the traffic stream, may be adaptively switched based on the monitored traffic information. In addition, user-defined security policies can be input to a management console. Thus, the security levels can be adaptive to real-time traffic bandwidth usage in the network and also flexibly specified by the user/administrator, which may be more efficient.

Abstract: Methods and devices for establishing secure communications with an implantable medical device (IMD) are provided. The method and devices receive a credential from an external instrument (EI). The credential is signed utilizing a private key, and the credential includes at least two of a credential time to live (TTL) indicator, an IMD Identifier (ID), and an EI ID. The method and device authenticate the credential using a public key and verify the at least two of the TTL indicator, the IMD ID, and the EI ID. The method and device establish a secure communications session with the EI based on the verification and authentication.

Abstract: A system and method for providing an authentication state of a function execution device to a communication terminal is described. In some examples, the authentication state indicates whether authentication information is needed from the communication terminal before the communication terminal can request performance of one or more functions performable by the function execution device. In other examples, the communication terminal may provide to the communication terminal the authentication information irrespective of whether the function execution terminal has previously provided its authentication state to the communication terminal.

Abstract: Certain implementations include systems and methods for improving knowledge-based-authentication (KBA) identity authentication questions.

Abstract: The example embodiments are directed to an application and a system capable of identifying levels of secure data within electronic message content. In one example, the method includes at least one of: receiving an electronic message from a user device, the electronic message including message content and at least one recipient, determining that the message content includes a plurality of different levels of secure content corresponding to a plurality of different authentication levels, shielding each portion of the secure content, and providing an indicator indicating a level of authentication associated with each respective shielded portion of secure content from among the plurality of different levels of authentication, and transmitting the electronic message to the at least one recipient including the shielded secure content and the indications of the plurality of different levels of authentication.

Abstract: Described is a system for protecting sensitive information that is hardcoded in polynomial-size ordered binary decision diagram (POBDD) form. A software executable represented as a POBDD having sensitive information embedded therein is obfuscated into an obfuscated POBDD. An input query on the obfuscated POBDD is evaluated, and the sensitive information is revealed only if the input query is a correct input. Thus, an adversary is prevented from extracting the sensitive information embedded in the POBDD.

Abstract: The disclosed embodiments provide a system for processing user actions with a service. During operation, the system uses a statistical model to obtain a first metric associated with a user action received by a service. Next, the system applies a set of static decisions to the metric and one or more attributes of the user action to determine a first response to the user action. The system then uses a set of dynamic rules to produce a first modification to the first response. Finally, the system generates output for applying the first response to the user action.

Abstract: A user of a client device that is protected by a firewall may navigate to a website using a particular browser process (e.g., a window/tab of a browser) of the client device, sending a content request toward a web content server in the process. The firewall may intercept the content request, and may also receive information from the client device identifying which browser process initiated the content request. Before passing the content request to the appropriate web content server, the firewall may request and download a security policy from a security policy server. The security policy may notify the firewall which hosts are authorized/unauthorized for use with a particular domain, and which file types from each of these hosts are authorized/unauthorized for use with the particular domain. The firewall may then filter content related to the identified browser process based on the security policy.

Abstract: Space-efficient key allocations in broadcast encryption systems are provided. In some embodiments, a key bundle is read. The key bundle includes a first cryptographic key, an associated first key identifier, and an associated first cryptographic function identifier. A plurality of encrypted keys is received. Each encrypted key has an associated identifier. A first encrypted key is selected from the plurality of encrypted keys such that the key identifier of the first encrypted is equivalent to the first key identifier. A first cryptographic function is determined corresponding to the first cryptographic function identifier. The first cryptographic function is applied to the first encrypted key using the first cryptographic key to obtain a first intermediate cryptographic key. A content cryptographic key is determined using the first intermediate cryptographic key. The content cryptographic key is adapted for decryption of encrypted content.