Abstract: According to an example aspect of the present invention, there is provided an apparatus comprising at least one processing core, at least one memory including computer program code, the at least one memory and the computer program code configured to cause the apparatus to receive an identifier of a function, encrypted input data, an encrypted computation result, encrypted random data and an encrypted output of the function, when nm with the random data, obtain a homomorphic polynomial factorization of the function, comprising obtaining a decomposed representation of the function, the representation comprising a sum of polynomials, and verify that the computation result is correct by checking, whether a difference between the encrypted output and the encrypted computation result equals a value of the decomposed representation, wherein the encrypted random data and the encrypted input data are used as parameter values in the sum of polynomials.

Abstract: A method for protection of virtualized network functions may comprise: obtaining security orchestration information for one or more virtualized network functions; determining network interfaces relevant to protection of the one or more virtualized network functions based at least in part on network topology information, in response to the security orchestration information; and issuing a security instruction for the protection of the one or more virtualized network functions, according to the determined network interfaces.

Abstract: A method for mutual authentication between user equipment and a communications network. The network includes a mobility management entity and a home subscriber server. The method, implemented by the user equipment, includes: receiving an authentication challenge having an token based on a first index and a first authentication message calculated by the home subscriber server and based on a first sequence number; checking that a condition of a set is true, the set including: the first sequence number is the same as a second sequence number stored in the user equipment, and the first sequence number is the same as a preceding value of the second sequence number and the first index is higher than a second index stored in the client equipment; and calculating and sending, when a condition is true, an authentication result and an authentication message, based on the preceding value of the second sequence number.

Abstract: Disclosed herein are methods, systems, and apparatus for processing blockchain-based guarantee information. One of the methods includes receiving a first cyphertext of a first digital document specifying a guarantee from a first computing device associated with at least a first guarantor and one or more zero-knowledge proofs (ZKPs) related to one or more values associated with the guarantee, and the first digital document specifies one or more predetermined conditions of executing the guarantee; verifying that the one or more ZKPs are correct; storing the first cyphertext to a blockchain based on performing a consensus algorithm; receiving a first message from a second computing device associated with a beneficiary or a representative of the beneficiary.

Abstract: Memory devices, systems including memory devices, and methods of operating memory devices are described, in which security measures may be implemented to control access to a fuse array (or other secure features) of the memory devices based on a secure access key. In some cases, a customer may define and store a user-defined access key in the fuse array. In other cases, a manufacturer of the memory device may define a manufacturer-defined access key (e.g., an access key based on fuse identification (FID), a secret access key), where a host device coupled with the memory device may obtain the manufacturer-defined access key according to certain protocols. The memory device may compare an access key included in a command directed to the memory device with either the user-defined access key or the manufacturer-defined access key to determine whether to permit or prohibit execution of the command based on the comparison.

Abstract: In some examples, a computer system may receiving a request to allow a second user associated with a second user account to access at least one of a folder or a link associated with a first user account of a first user. The computer system may determine a first profile associated with the first user account, and may further determine whether sharing whitelisting is enabled for the first profile. Additionally, the computer system may determine a second profile associated with the second user account, and may determine whether the second profile is included in a sharing whitelist of the first profile. When sharing whitelisting is enabled for the first profile, the computer system may allow a client device associated with the second user account to access the folder and/or the link when the second profile is included in the sharing whitelist of the first profile.

Abstract: An example technique includes initializing, by an obfuscation computing system, communications with nodes in a distributed computing platform. The nodes include compute nodes that provide resources in the distributed computing platform and a controller node that performs resource management of the resources. The obfuscation computing system serves as an intermediary between the controller node and the compute nodes. The technique further includes outputting an interactive user interface (UI) providing a selection between a first privilege level and a second privilege level, and performing one of: based on the selection being for the first privilege level, a first obfuscation mechanism for the distributed computing platform to obfuscate digital traffic between a user computing system and the nodes, or based on the selection being for the second privilege level, a second obfuscation mechanism for the distributed computing platform to obfuscate digital traffic between the user computing system and the nodes.

Abstract: An electronic system includes a first circuit and a second circuit. The first circuit includes a first activation unit and a first functional unit. The first activation unit receives a first challenge string, generates a first response string according to the first challenge string and a first key, and outputs the first response string. The first functional unit performs first designated function. The second circuit includes a second activation unit and a second functional unit. The second activation unit sends the first challenge string to the first circuit during a first activation operation, and determines whether the first activation operation passes certification or not according to the first challenge string, the first response string and the first key. The second functional unit performs second designated function when the first activation operation is determined to have passed the certification.

Abstract: A shippable data transfer device includes a data storage medium encased in a chamber surrounded by an anti-tamper casing. The anti-tamper casing includes an anti-tamper layer with identifying elements arranged in a unique or otherwise identifiable pattern. The anti-tamper layer is configured to actively re-arrange, alter, or obscure the identifying elements in response to a breach of the anti-tamper casing.

Abstract: The secure chain of trust steps to boot-up a computing device are split between the shutdown procedure of the computing device and the boot-up procedure of the computing device to reduce the time required for the computing device to boot-up. The main image associated with a central processing unit of the computing device is validated during the shutdown procedure of the computing device such that the operating system for the central processing unit is available when the computing device receives an action to power on. The boot-up time for the computing device is reduced, which allows the computing device to boot-up within an established time frame.

Abstract: Disclosed is a method of generating secret information on the basis of a ring oscillator. According to an embodiment of the present disclosure, there is provided an apparatus for generating secret information on the basis of a ring oscillator, the apparatus including: multiple PUF information generation units each including at least one ring oscillator cell and generating physically unclonable function (PUF) information generated by the at least one ring oscillator cell; a phase checking unit cross-checking phases for the multiple pieces of the PUF information that are output from the multiple PUF information generation units, respectively; and a secret key generation unit outputting secret key information based on a result of comparing the multiple phases received from the phase checking unit.

Abstract: A method is disclosed. A node in a plurality of nodes can perform an identity set generation process. The node can then determine a leader node. The node may diffuse an identity set from each node of the plurality of nodes to the plurality of nodes. The node can then determine a majority set including identities occurring in at least one half of the identity sets, wherein the leader node diffuses the majority set of the leader node to the plurality of nodes. The node can verify the majority set of the leader node. The node may then update the identity set based on the majority set of the leader node.

Abstract: Systems, methods, software and apparatus enable end-to-end encryption of group communications by implementing a pairwise encryption process between a pair of end user devices that are members of a communication group. One end user device in the pairwise encryption process shares a group key with the paired end user device by encrypting the group key using a message key established using the pairwise encryption process. The group key is shared among group members using the pairwise process. When a transmitting member of the group communicates with members, the transmitting member generates a stream key, encrypts stream data using the stream key, encrypts the stream key with the group key, then transmits the encrypted stream key and encrypted stream data to group members. The group key can be updated through the pairwise encryption process. A new stream key can be generated for each transmission of streaming data such as voice communications.

Abstract: According to an aspect, there is provided a first node for use in a system, the system comprising one or more trusted source nodes, one or more worker nodes and a verifier node, wherein the first node is configured to determine a trusted input commitment key for a trusted input to be input into a computation that is to be evaluated by the one or more worker nodes, wherein the trusted input commitment key is for use by the one or more trusted source nodes in forming a trusted input commitment of one or more trusted inputs; determine a computation evaluation key for use by the one or more worker nodes in determining a proof that a computation on one or more trusted inputs is correct and that the one or more trusted inputs were used in the computation, wherein the computation evaluation key comprises key material for one or more trusted input wires that are for inputting the one or more trusted inputs into the computation, wherein the key material is derived from a trapdoor value, one or more polynomials evaluat

Abstract: There is provided a requestor device for digital signing of a message, comprising: at least one hardware processor executing a code for: transmitting the message for signing thereof, in a single request session over the network to each one of a plurality of validator devices, wherein a beacon device computes and transmits over a network to each one of a plurality of validator devices a signature-data value computed and signed by the beacon device, receiving in a single response session from each one of the plurality of validator devices, a respective partial-open decrypted value computed for the signature-data value and the message, and aggregating the partial-opens decrypted values received from the plurality of validator devices to compute the digital signature of the message.

Abstract: Approaches for securely constructing a trusted operating environment. A trusted operating environment manager executes on a device and instantiates a trusted operating environment on the device by composing at least of portion of the trusted operating environment using data from an untrusted operating environment also executing on the device. The trusted operating environment manager only permits the trusted operating environment to access the data upon the trusted operating environment manager successfully confirming that the data is presently in a state that has been deemed trustworthy.

Abstract: Systems, software, techniques and apparatuses are disclosed herein for facilitating context-based possession-less access to secure information. More specifically, the systems, software, techniques and apparatuses described herein eliminate the need for enterprises to provide employees with direct access to confidential or sensitive enterprise information. Instead, the confidential or sensitive enterprise information can be indirectly provided to and hidden by an access systems used by the employees to request the information prior to being provided to a corresponding resource. For example, in some embodiments, the confidential or sensitive enterprise information is provided to an access system with formatting instructions for hiding the confidential or sensitive enterprise information in a browser session.

Abstract: A system and method improves operational performance of a computer by enhancing digital security with an added electronic circuit. The electronic circuit stores sensitive data in an un-erasable state such that the sensitive data may not be altered. The electronic circuit limits transfer of the sensitive data only once after each power-up or after each reset of the computer. The electronic circuit prevents access to the sensitive data by an authorized program. The electronic circuit utilizes its own storage medium and a random access memory, the latter of which can receive and store the sensitive data from the non-transitory computer storage medium. The method uses a software driver and a copy-of-copy of first security key obtained from the sensitive data stored on the electronic circuit. The software driver installs a software module on the computer using the copy-of-copy of first security key to encrypt each installed file.

Abstract: A method and an apparatus for generating cover images for steganography are provided. The steganographic framework is designed based on an image generation system. The apparatus may encode a message to obtain a binary sequence. The apparatus may obtain a plurality of binary segments of a particular length based on the binary sequence. For each binary segment of the plurality of binary segments, the apparatus may select an image of a semantic content (e.g., a numeral digit) from a dictionary of images of random semantic contents (e.g., random numeral digits) based on the binary segment. The apparatus may combine the selected images to form at least a portion of a cover image denoting a combination of the semantic contents of the selected images (e.g., a plurality of numeral digits).

Abstract: A secure programming system and method for provisioning and programming a target payload into a programmable device mounted in a programmer. The programmable device can be authenticated before programming to verify the device is a valid device produced by a silicon vendor. The authentication process can include a challenge-response validation. The target payload can be programmed into the programmable device and linked with an authorized manufacturer. The programmable device can be verified after programming the target payload by verifying the silicon vendor and the authorized manufacturer. The secure programming system can provision different content into different programmable devices simultaneously to create multiple final device types in a single pass.