Abstract: A system and method for the analysis of log data is presented. The system uses SuperMinHash based locality sensitive hash signatures to describe the similarity between log lines. Signatures are created for incoming log lines and stored in signature indexes. Later similarity queries use those indexes to improve the query performance. The SuperMinHash algorithm uses a two staged approach to determine signature values, one stage uses a first random number to calculate the index of the signature value that is to update. The two staged approach improves the accuracy of the produced similarity estimation data for small sized signatures. The two staged approach may further be used to produce random numbers that are related, e.g. each created random number may be larger than its predecessors. This relation is used to optimize the algorithm by determining and terminating when further created random numbers have no influence on the created signature.

Abstract: A host device, a storage device, and a method employ a vendor unique command (VUC) authentication system. The storage device includes a memory and a memory controller which includes a VUC authentication module and controls the memory. The VUC authentication module transmits first memory information about the memory to the host device, receives from the host device a one-time password generated by the first memory information, verifies the one-time password, and receives a vendor unique command from the host device when the one-time password is correct.

Abstract: Techniques and apparatuses for processing data unit are described. In one embodiment, for example, an apparatus for networking may include at least one memory, logic, at least a portion of the logic comprised in hardware coupled to the at least one memory, the logic to access an encrypted packet having an encrypted portion, determine at least one flow control segment of the encrypted portion, decrypt the at least one flow control segment to generate a partially-decrypted packet comprising a decrypted at least one flow control segment and an encrypted remainder portion, the remainder portion comprising a portion of the encrypted packet that does not include the decrypted at least one flow control segment, access process information in the decrypted at least one flow control segment, and process the partially-decrypted packet according to the process information. Other embodiments are described and claimed.

Abstract: A system and method for authenticating a system user across multiple digital systems using a single biometric key employs a scanning device to preclude the use of passwords and login identifiers when signing into secured digital environments. The scanning device performs a primary biometric scanning operation to obtain a primary multipoint digital image for an anatomical feature of the system user. The primary multipoint digital image is then associated with a system password and username for each of a plurality of secured digital systems. By connecting the scanning device to an external computing device and performing a subsequent biometric scanning operation, the scanning device is able to authenticate the system user and retrieve the system password and username for a specific secured digital system from the plurality of secured digital systems. A data vault is provided to back-up data and restore the scanning device when the system user is authenticated.

Abstract: Embodiments provide session synchronization across multiple devices. Embodiments receive, at a single sign-in (“SSO”) service, user credentials from a user in response to the user signing into the first device. In response to receiving the user credentials, embodiments create a primary SSO session by the SSO service. In response to an attempt by the second device to create another SSO session, subsequent to the creating of the primary SSO session, embodiments create an alias SSO session linked to the primary SSO and set an encrypted session cookie containing the alias SSO session and returning an authorization code including the alias SSO session to the second device. Embodiments verify the second token using a second public key of the second device and send user information of the user to the second device, where the second device uses the user information to automatically sign the user into the second device.

Abstract: A memory module includes: a plurality of memories, wherein each of the memories comprises: an encryption key storage circuit suitable for storing an encryption key; an address encryption circuit suitable for generating an encrypted address by encrypting an address transferred from a memory controller by using the encryption key stored in the encryption key storage circuit; and a cell array accessed by the encrypted address, wherein the encryption key storage circuits of the memories store different encryption keys.

Abstract: A method and apparatus may include configuring, by a network node, a user equipment to use an aggregation of radio technologies. At least one radio bearer is established between the user equipment and the network node and is routed over an access point of an alternate wireless network. The method may also include determining whether trustworthy security is provided by the access point of the alternate wireless network. The method may also include instructing the user equipment to turn off ciphering based on the determining, wherein the ciphering is turned off for the at least one radio bearer between the user equipment and the apparatus. The method may also be used for configuring specific ciphering on selective radio bearers.

Abstract: A memory may include: a pseudorandom number generator suitable for generating a pseudorandom number using an initial value transferred from a memory controller; an access key register suitable for storing an access key transferred from the memory controller; a counter suitable for counting the number of times that the access key register is updated to generate an update number; a logic operation circuit suitable for generating an authentication key by performing a logic operation on the pseudorandom number and the update number; a comparison circuit suitable for comparing the access key and the authentication key; and a security area to which access is allowed when the comparison result of the comparison circuit indicates that the access key and the authentication key are the same.

Abstract: In modern object-oriented programming, programs are written using typed objects like classes and instances that interact with one another via rules of composition, inheritance, encapsulation, message passing, and polymorphism. Some embodiments described herein can include a method for tokenizing such modern objects that maintains their interactive properties on a blockchain. It improves upon, and diverges from, the smart contract model used mainly on account-based blockchains today to create a generally-programmable token system that is native to UTXO-based blockchains, where individually-owned software objects interact with other software objects owned by other individuals. These tokenized objects are called jigs. Jigs, an abstraction like objects, enable applications to build their own digital assets that interact with other jigs from other applications. Jogs enable users to own their data as tokens and use their data independent of any one application's complete control.

Abstract: This application relates to an apparatus and a non-transitory computer readable medium applying to the internet of vehicles. Embodiments of this application implement a distributed authentication process, which including sending information used to indicate a to-be-authenticated device to the to-be-authenticated device. Compared with a centralized authentication mechanism, the authentication manner in the embodiments of this application reduces load of a device because one intermediate node does not need to perform authentication on a plurality of nodes. If the to-be-authenticated device fails to be authenticated, because the authentication is an authentication process related to a first service, the determined execution policy is an execution policy related to the first service, and the determined execution policy better meets a service requirement.

Abstract: Systems and methods of authenticating voice data using a ledger (blockchain). Examples include a scalable and seamless system that uses blockchain technologies to distribute trust of a conversation, authenticate persons in a conversation, track their characteristics and also to keep records of conversations. In some examples, smart phones, wearables, and Internet-of-Things (IoT) devices can be used to record and track conversations between individuals. These devices can each be used to create entries for the blockchain or a single device could be used to keep track of the entirety of the conversation. Fuzzy hashing may be used to compare newly created entries with previous entries on the ledger.

Abstract: A device includes an encoder and a decoder using physically unclonable functions. The encoder includes a first generator for generating a first hash value based on first input data; a first exclusive OR (XOR) operator for performing an XOR operation between second input data and a cryptographic value to generate a first operation value; a second XOR operator for performing an XOR operation between the first hash value and the first operation value to generate a second operation value; a second generator for generating a second hash value based on the first operation value; and an encoding component for encoding the first input data, the second operation value and the second hash value to output first to third encoded data. The decoder contains the same generators and XOR operators as the encoder. It additionally includes a decoding component and a comparator for checking a validity of first and second input data.

Abstract: An apparatus and method are described for aligning corresponding elements in multiple streams of elements. An apparatus is provided comprising both first generation circuitry to generate a first stream comprising first elements and second generation circuitry to generate a second stream comprising second elements. The first generation circuitry is arranged to insert a first element in the first stream to identify each occurrence of a corresponding second element in the second stream. Key generation circuitry is used to generate, for each instance of the first element to be included within the first stream, an associated key value determined from a set of key values, the set of key values being insufficient to allow unique key values to be generated for each instance of the first element. The first generation circuitry is then arranged to indicate within the first stream the associated key value for each instance of the first element.

Abstract: A system and method are disclosed for allowing a plurality of augmented and/or virtual reality users to interact with higher dimensional virtual or augmented environment models in which a plurality of objects are placed throughout in a pseudorandom fashion. The placed plurality of objects are subsequently assigned values either in a predetermined or real time manner. The system and method enable security countermeasures, thereby protecting the higher dimensional environmental model from malicious users.

Abstract: A system comprises one or more storage entities (SEs) each configured to store data for applications that rely on higher levels of data integrity, wherein each of the SEs has its own cryptographic identity in the form of a unique root identity key pair of public and private keys created at manufacturing time. Each SE generates one or more SE-specific asymmetric data owner keys upon invocation of a smart contract by a prospective data owner. The system further comprises a distributed ledger provisioned to the SEs and configured to maintain all public keys and/or public key certificates of the SEs. The system also comprises a key manager configured to hold all SE-specific data owner public keys and SE data access control keys, wherein the data stored on the SEs is protected by the SE-specific data access control keys wrapped by the SE-specific data owner keys based on current data ownership.

Abstract: A medical device of a medical system is configured for communicating with an external programmer over a wireless communications link. The medical device comprises a wireless communications module configured for receiving a first unencrypted version of a random number and a first encrypted version of the random number from the external programmer over the wireless communications link. The medical device further comprises control circuitry configured for performing an authentication procedure on the external programmer based on the first unencrypted version of the random number and the first encrypted version of the random number, and preventing the external programmer from commanding the medical device to perform an action unless the authentication procedure is successful.

Abstract: Methods and systems for secure authentication in an extended reality (XR) environment are described herein. An XR environment may be output by a computing device and for display on a device configured to be worn by a user. A first plurality of images may be determined via the XR environment. The first plurality of images may be determined based on a user looking at a plurality of objects, real or virtual, in the XR environment. The first plurality of images may be sent to a server, and the server may return a second plurality of images. A public key and private key may be determined based on different portions of each of the second plurality of images. The public key may be sent to the server to register and/or authenticate subsequent communications between the computing device and the server.

Abstract: A method and system for securing data transmission in communication networks is disclosed. The method includes the steps of allocating a sequence ID (SQID) to each of a plurality of packets. The SQID is embedded in an Internet Protocol (IP) header of an associated packet from the plurality of packets. The method further includes grouping the plurality of packets into at least one cluster based on at least one of a distance amongst at least one IP attribute associated with destination address of each of the plurality of packets and variance in IP attributes associated with destination address of each of the plurality of packets. The method includes transmitting each of the at least one cluster to an associated destination address. Each cluster in the at least one cluster includes a set of packets from the plurality of packets and at least a domain-name is same in destination address.

Abstract: A system provides cloud-based identity and access management. The system receives a request for an identity management service, authenticates the request, and forwards the request to a microservice configured to perform the identity management service, where the microservice is implemented by a microservice virtual machine provisioned by a provisioning framework, and the forwarding is according to routing information configured based on metadata information stored in a registry by the provisioning framework. The system then performs the identity management service by the microservice.

Abstract: A distributed file integrity checking system is described. The described peer integrity checking system (PICS) may negate an attack by storing a properties database amongst nodes of a peer-to-peer network of hosts, some or all of which co-operate to protect and watch over each other.