Abstract: In a general aspect, a supersingular isogeny-based cryptography process is performed. In some aspects, a cryptographic element is generated by executing a supersingular isogeny-based cryptography protocol. A generator of a first isogeny kernel is computed. A pre-determined tree topology is traversed. The tree topology includes nodes coupled by edges. The edges of the pre-determined tree topology include a first set of edges representing scalar multiplications and a second set of edges representing point evaluations. A plurality of isogeny kernels corresponding to respective nodes in the tree topology and having a lower order than the first isogeny kernel is computed by traversing a zigzag path through the tree topology. The zigzag path includes a series of scalar multiplications or a series of the point evaluations (or both) that terminates at a node above a leaf node in the tree topology.

Abstract: In a general aspect, a supersingular isogeny-based cryptography process is performed. In some aspects, a cryptographic element is generated by executing a supersingular isogeny-based cryptography protocol. A generator of a first isogeny kernel is computed. A pre-determined tree topology is traversed. The tree topology includes nodes coupled by edges. The edges of the pre-determined tree topology include a first set of edges representing scalar multiplications and a second set of edges representing point evaluations. A plurality of isogeny kernels corresponding to respective nodes in the tree topology and having a lower order than the first isogeny kernel is computed by executing batches of operations using a plurality of cryptographic co-processors. At least one of the batches includes two or more of the scalar multiplications represented in the tree topology.

Abstract: Distributed token-less authentication. In an embodiment, a partially-hashed personal identification number (PIN) is received from a terminal via at least one first network, wherein the partially-hashed PIN comprises an unhashed first portion that identifies a service-specific interface associated with the user account, and a hashed second portion. The partially-hashed PIN is relayed to the service-specific interface, identified by the first unhashed portion of the partially-hashed PIN, via at least one second network. Subsequently, a first-level confirmation or rejection is received from the service-specific interface via the at least one second network, and the first-level confirmation or rejection is relayed to the terminal via the at least one first network.

Abstract: Methods and apparati for permitting Computing Devices 200 to safely accept Payloads 220 from External Access Entity Devices 260, and to safely access external Networks 710. In an apparatus embodiment, a Computing Device 200 contains an Access Control Module 210 comprising an Access Verification Public Key 211 and a Device Signature Key 214. The Access Control Module 210 is configured to verify authorization of an External Access Payload 220 by verifying a digital signature affixed to the Payload 220 using the Access Verification Public Key 211. The authorized External Access Payload 220 is then permitted to execute on the Computing Device 200. The Access Control Module 210 is also configured to receive from a Network Access Device 600 information associated with a Network 710 access request, and to create a plurality of digital signatures, using the Device Signature Key 214, that link said information associated with the Network 710 access request with the Access Verification Public Key 211.

Abstract: A wearable device includes a user information obtainer configured to obtain user information, a controller configured to selectively generate, in response to a user being authenticated based on the user information, an encryption key for encryption of content of an external device; and a communicator configured to transmit the encryption key to the external device.

Abstract: A system and method for securing communications between a plurality of users communicating over an optical network. The system utilizes a fixed or tunable source optical generator to generate entangled photon pairs, distribute the photons and establish a key exchange between users. The distribution of entangled photon pairs is implemented via at least one wavelength selective switch.

Abstract: Time-based functionality restrictions may be provided. Periodic scans may be performed to identify requests to perform functions on user devices, to determine whether the functions are compliant with compliance rules associated with the user devices that specify time periods during which the user devices are authorized to perform the functions, and to perform remedial actions if the functions are not compliant with the compliance rules.

Abstract: A number of techniques facilitate generation of data points from observations about network traffic. An inferencing system can use these data points to determine whether a relationship exists between two entities or whether an existing relationship has terminated, without any external knowledge of the existence of or termination of such a relationship.

Abstract: A data enrichment environment using blockchain is disclosed. A client may interact with the data enrichment environment to generate an enrichment smart contract and deploy the enrichment smart contract to the blockchain. The enrichment smart contract may comprise data indicating the enrichment inquiry. One or more solvers may interact with the data enrichment environment to submit proposed enrichment solutions based on the enrichment inquiry. One or more observers may interact with the data enrichment environment to review and vote on the proposed enrichment solutions. The data enrichment environment may evaluate the proposed enrichment solutions based on contract conditions.

Abstract: System and methods for key printing may include a control panel operable to receive a mobile device identifier from a mobile device. A property management system in communication with the control panel may assign or allocate a room in a hotel to a guest. A lock server may be in communication with the property management system, the lock server may create a digital key. A virtual encoder may be in communication with the property management system and the lock server, the virtual encoder may transmit a room number, lock information, authorized zones, a start time, an expiration, and the digital key to the mobile device. A key printer may receive the digital key from the mobile device, authenticate the mobile device, and print a physical key based on the received digital key.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for implementing digital certificates. One of the methods includes: generating a digital certificate; generating a digital abstract of the digital certificate; transmitting the digital abstract of the digital certificate to one or more nodes of a blockchain for storage in the blockchain; obtaining a transaction identification associated with storing the digital abstract of the digital certificate in the blockchain; and associating a digital mark with the transaction identification.

Abstract: A method and system of providing private data privately when such data is requested from a VCD utilizes a communications network to communicate with a service containing the private data to determine if the data is private. Once the data is determined as being private, instead of being sent to the VCD to be broadcasted audibly, the data may be transmitted to a user's preferred device to be presented privately to the user.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for implementing digital certificates. One of the methods includes: generating a digital certificate; generating a digital abstract of the digital certificate; transmitting the digital abstract of the digital certificate to one or more nodes of a blockchain for storage in the blockchain; obtaining a transaction identification associated with storing the digital abstract of the digital certificate in the blockchain; and associating a digital mark with the transaction identification.

Abstract: An authentication system may receive a request signature corresponding to a user request to view secure user information on a user device and generate a server-side signature matching the request signature to authenticate the user device to receive the secure user information without authenticating the user. The request signature may include a device identifier corresponding to the device, a token code generated by the authentication system and stored by the user device, a timestamp corresponding to the transmission time of the request signature, and a version of the device identifier, the token code, and the timestamp encrypted using a signature key provided to the user device by the authentication system. The authentication system may generate the server-side signature using the timestamp and stored copies of the device identifier, the token code, and the signature key.

Abstract: Within a particular Top Level Domain (TLD), domain name allocation and domain name ownership may be subject to certain restrictions requiring verification. A processing platform and method is disclosed to process verification of a domain name and/or a domain name entity such as a registrant for domain name transactions with a domain name registry. The processing platform and domain name registry may be remotely located relative to one another.

Abstract: A managed server (MS) within an administrative domain is quarantined. The administrative domain includes multiple MSs that use management instructions to configure management modules so that the configured management modules implement an administrative domain-wide management policy that comprises a set of one or more rules. The quarantined MS is isolated from other MSs. A description of the MS is modified to indicate that the MS is quarantined, thereby specifying a description of the quarantined MS. Cached actor-sets are updated to indicate the quarantined MS's changed state, thereby specifying updated actor-sets. A determination is made regarding which updated actor-sets are relevant to an other MS, thereby specifying currently-relevant updated actor-sets. A determination is made regarding whether the currently-relevant updated actor-sets differ from actor-sets previously sent to the other MS.

Abstract: Example embodiments provide for secure storage and accessing of confidential information by a distributed system and for securely executing a function of the distributed system. Responsive to processing a function request identifying a function of the distributed system by a node computing entity, application program code corresponding to the function is accessed within a trusted execution environment. Based on data stored in a secure ledger maintained by the distributed system, the application program code is executed to generate a result within the trusted execution environment. A new entry comprising the result is generated and at least a portion thereof is encrypted using an encryption key within the trusted execution environment. The encrypted new entry is posted to the secure ledger.

Abstract: Intrusion-protected memory-containing assembly including a substrate, a data storage component and processor on the substrate, and a chassis intrusion detector assembly around the substrate. The chassis intrusion detector assembly includes a first plastic film, a mesh including conductor wires arranged on the first plastic film, and a second plastic film covering the mesh. The conductor wires are connected together in a single circuit with the processor to form a single transmission line. The second plastic film has sealed edges integrated with the mesh such that the edges are inseparable without breaking one of the conductor wires of the mesh. The processor takes action to prevent access to data in the data storage component upon detecting a variance in current through or impedance of the transmission line defined by the conductor wires caused by breaking of one of the conductor wires, e.g., causes the data storage component to self-destruct.

Abstract: Aspects provide for an automated computer security apparatus. A first sequential action data set of different actions performed sequentially in engaging a computer system to execute a data operation on the computer system is categorized as a normal or abnormal operation. Actions of the first sequential action data set and of another (second) sequential action data set of different actions having the same normal or abnormal category of the first set are randomly selected and combined to generate a random sequential action data set for the common category of the first and second sequential action data sets, to define a sequential order of actions performed sequentially in engaging the computer system to execute a random set data operation on the computer system.

Abstract: Provided is an adaptive dynamic analysis method, an adaptive dynamic analysis platform and a device equipped with the same. The adaptive dynamic analysis method for an application running in a container environment of a Linux host includes stopping execution of a first activity of the application, and acquiring analysis information for malicious code diagnosis of the application, conducting dynamic analysis using the analysis information, acquiring environment information to execute a second activity based on the dynamic analysis, and performing an execution environment update of the application by reflecting the environment information, and executing the application to enable the second activity to run.