Abstract: An executable version of an application is deployed at a dynamically provisioned execution resource. An encryption key, based at least partly on an analysis of the execution resource, is transmitted to the execution resource after the application is instantiated. In response to a software verification request, which includes a security artifact, a verification response indicating that the software used for the application at the execution resource meets a trust criterion is provided. The security artifact is generated using the encryption key, and the verification response is based on analysis of the security artifact.

Abstract: The present invention generally relates to mental performance monitoring of brain activity that implements computing using blockchain and artificial intelligence technologies. Specifically, this invention relates to creating a blockchain from data obtained from a mental performance monitoring device that measures in real-time the mental activity and applying artificial intelligence machine-learning for pattern recognition of ‘best performance’ envelope to raise work efficiency, certify cognitive biometric status, detect cerebral microemboli, perform motor, sensory, facial, object and color processing tasks.

Abstract: A method for detecting relay attacks between two communication platforms, the method including: receiving, at a first communication platform, a first signal sent via a first communication channel from a second communication platform, the first signal including information about a challenge; receiving, at the first communication platform, a second signal sent via a second communication channel from the second communication platform, the second signal being a start clock; receiving, at the first communication platform, a third signal sent via the second communication channel from the second communication platform, the third signal including the challenge; outputting, from the first communication platform, a response to the challenge via the first communication channel to the second communication platform; and determining, at the second communication platform, whether a relay attack has occurred based on a time elapsed from when the start clock began to when the response is received at the second communication p

Abstract: In an approach, a processor obtains a plurality of security policies for managing security of a database, the security policies defining respective sets of items to be monitored. A processor stores, respectively, the sets of items defined by the plurality of security policies in one or more item tables based on a predetermined criterion, the predetermined criterion comprising security policy relevance, security policy structure, and available space in the one or more item tables. A processor creates, for each of the one or more item tables, one or more respective index tables associated with the items in the respective item table. A processor creates, for each of the one or more item tables, a fast traverse block (FTB) associated with the created one or more respective index tables.

Abstract: Provided are an apparatus and method for forgery prevention of digital information. The apparatus for forgery prevention of digital information includes: a digital information obtaining unit configured to obtain digital information in real time; a seed value generator configured to generate a seed value carrying characteristics of the digital information obtained using the digital information obtaining unit; an information piece generator configured to divide the digital information obtained using the digital information obtaining unit, into continuous information pieces with a sequence; and a hash value generator configured to generate a hash value of a first information piece from the seed value and the first information piece and generate a hash value of a subsequent information piece by using a hash value of a previous information piece and the subsequent information piece as inputs.

Abstract: There is provided an encryption processing method performed by an encryption processing apparatus. The encryption processing method comprises compressing data to obtain compressed data, determining, within the compressed data, a section to be encrypted and encrypting the section to obtain partially encrypted data.

Abstract: Technologies for token-based access authorization to an application program interface (API) include an access management server to receive a service request message from an application executed by a remote computing device. The service request message includes a digitally signed license token previously generated by the access management server and distributed to the remote computing device. The service request message also includes a request from the executed application to access data or a service of the resource server via an exposed API. The access management server verifies the digital signature of the digitally signed license token and generates a digitally signed Security Assertion Markup Language (SAML) token. The digitally signed SAML token is transmitted to the resource server for verification and local caching. The resource server receives the service request message and determines whether access to the requested data or service is authorized based on the locally-cached SAML token.

Abstract: Implementations described provide hardware support for the co-existence of restricted and non-restricted encryption keys on a computing system. Such hardware support may comprise a processor having a core, a hardware register to store a bit range to identify a number of bits, of physical memory addresses, that define key identifiers (IDs) and a partition key ID identifying a boundary between non-restricted and restricted key IDs. The core may allocate at least one of the non-restricted key IDs to a software program, such as a hypervisor. The core may further allocate a restricted key ID to a trust domain whose trust computing base does not comprise the software program. A memory controller coupled to the core may allocate a physical page of a memory to the trust domain, wherein data of the physical page of the memory is to be encrypted with an encryption key associated with the restricted key ID.

Abstract: One example method includes inserting a signal layer in an image, the signal layer indicating that a sensitive layer in the image is a candidate for encryption, creating a single layer archive file that includes the sensitive layer, encrypting the single layer archive file to create an encrypted layer, constructing a new image that includes the encrypted layer, inserting, in the new image, a decryptor layer that is operable to decrypt the encrypted layer, and designating the decryptor layer as an entry point of the new image.

Abstract: Many-to-many cryptographic systems and methods are disclosed, and a network employing the same, including numerous industry applications. The embodiments of the present invention can generate and regenerate the same symmetric key from a random token. The many-to-many cryptographic systems and methods include two or more cryptographic modules being in communication with each other and may be located at different physical locations. The cryptographic modules are configured to encrypt and/or decrypt data received from other cryptographic modules and to provide encrypted and/or decrypted data to other cryptographic modules. Each cryptographic module includes a key generator configured to use two or more inputs to reproducibly generate the symmetric key and a cryptographic engine configured to use the symmetric key for encrypting and decrypting data. Corresponding methods, and network employing the same, are also provided.

Abstract: An electronic device includes a memory and a processor. The memory includes a data partition, a key storage partition, and a key backup partition. The processor operatively connected to the memory. The processor is configured to generate an encryption key with respect to at least one data folder generated in the data partition to store the encryption key in the key storage partition. The processor is also configured to store a backup encryption key equal to the encryption key, in the key backup partition. The processor is further configured to store an integrity file including a checksum of the encryption key in the key backup partition.

Abstract: Aspects of the present invention disclose a method for handling incoming microservice requests at an application server. The method includes one or more processors identifying a microservice request of a user at an application server. The method further includes querying a database associated with the application server for a feedback history corresponding to the microservice request. The method further includes collecting a response corresponding to the microservice request of the user. The method further includes generating a rule corresponding to the microservice request based at least in part on the response corresponding to the microservice request.

Abstract: Blockchain environments may mix-and-match different encryption, difficulty, and/or proof-of-work schemes when mining blockchain transactions. Each encryption, difficulty, and/or proof-of-work scheme may be separate, stand-alone programs, files, or third-party services. Blockchain miners may be agnostic to a particular coin's or network's encryption, difficulty, and/or proof-of-work schemes, thus allowing any blockchain miner to process or mine data in multiple blockchains. GPUs, ASICs, and other specialized processing hardware components may be deterred by forcing cache misses, cache latencies, and processor stalls. Hashing, difficulty, and/or proof-of-work schemes require less programming code, consume less storage space/usage in bytes, and execute faster. Blockchain mining schemes may further randomize byte or memory block access, further improve cryptographic security.

Abstract: A method of encrypting and storing a data item; said method comprising: a data encryption step wherein the data item is encrypted to form an encrypted data item; a mathematical disassembly step wherein the encrypted data item is mathematically disassembled into two or more encrypted data item component parts comprising at least a first component part and a second component part; storing at least a one of the component parts at a location separate from the others of the component parts.

Abstract: Techniques are provided for using tokenization in conjunction with “behind-the-wall” JWT authentication. “Behind-the-wall” JWT authentication refers to JWT authentication techniques in which the JWT stays exclusively within the private network that is controlled by the web application provider. Because the JWT stays within the private network, the security risk posed by posting the JWT in a client cookie is avoided. However, because JWT is used behind-the-wall to authenticate a user with the services requested by the user, the authentication-related overhead is significantly reduced.

Abstract: A device, system and method for linking encrypted data sets using common encrypted identifiers in encrypted space. A first and second parties' encrypted data sets may include first and second respective encrypted data and associated first and second respective encrypted identifiers. The first and second encrypted identifiers may be converted into a first and second respective sets of a plurality of elemental identifier components. Each of the plurality of elemental identifier components in each component set characterizes a distinct numeric property of the corresponding converted encrypted identifier. The first and second sets of the plurality of elemental identifier components may be composed, component-by-component, to generate a plurality of component-specific results.

Abstract: A database management system stores an entry in a journal. Upon storage of the entry, the journal comprises a plurality of threaded leaf nodes and a hierarchy of interior nodes comprising hash values computed from the threaded leaf nodes. A first set of hash values is provided to prove that the entry is stored in a first version of the journal. A second set is provided to prove that the entries stored in the first version of the journal are unmodified and stored in a second version of the journal.

Abstract: A method of facilitating the exchange of data between a user having a computing device, and a remote entity, where a first connection has been established between the user and the remote entity, and where the user has associated data exchange information with an application on the computing device, the data exchange information defining properties of the data to be exchanged between the user and the remote entity.

Abstract: A system and method for generating a cryptographic key using a sequence of data segments selected by a user from one or more data resources. Raw data from the one or more data resources corresponding to each of the selected data segments, and the sequence in which such data segments are selected, is extracted and processed to generate a key. The key can be used for any cryptographic and authentication purpose. By enabling a user to select the sequence of data segments from the one or more data resources in any manner the user desires, the user can create a strong key, but also easily remember the underlying data resource and chosen sequence. This technique provides enhanced security while maintaining ease of creation and use of such security.

Abstract: A method for storing encrypted data in a non-volatile memory device, that includes receiving, by a processor, an indication of a power interruption event; disabling, based on the indication, decryption of encrypted data read from a volatile memory module; copying the encrypted data from the volatile memory module to cache; and copying the encrypted data from the cache to the non-volatile memory device.