Abstract: Devices, systems, and methods of detecting whether an electronic device or computerized device or computer, is communicating with a computerized service or a trusted server directly and without an intermediary web-proxy, or indirectly by utilizing a proxy server or web-proxy. The system searches for particular characteristics or attributes, that characterize a proxy-based communication session or channel and that do not characterize a direct non-proxy-based communication session or channel; or conversely, the system searches for particular characteristics or attributes, that characterize a direct non-proxy-based communication session or channel and that do not characterize a proxy-based communication session or channel; and based on these characteristics, determines whether or not a proxy server exists and operates.

Abstract: A method for operating a beacon may include repeatedly emitting an identification number. The identification information is encrypted multiple times in a different manner by a one-way function and is emitted during the repeated emission in a differently encrypted form.

Abstract: A method in one example implementation includes extracting a plurality of data elements from a record of a data file, tokenizing the data elements into tokens, and storing the tokens in a first tuple of a registration list. The method further includes selecting one of the tokens as a token key for the first tuple, where the token is selected because it occurs less frequently in the registration list than each of the other tokens in the first tuple. In specific embodiments, at least one data element is an expression element having a character pattern matching a predefined expression pattern that represents at least two words and a separator between the words. In other embodiments, at least one data element is a word defined by a character pattern of one or more consecutive essential characters. Other specific embodiments include determining an end of the record by recognizing a predefined delimiter.

Abstract: A method of selecting a distributed framework includes identifying, by a selection device coupled to a memory, at least a first cryptographic evaluator of a plurality of cryptographic evaluators, wherein identifying the at least a first cryptographic evaluator further comprises and evaluating a secure proof generated by the at least a first cryptographic evaluator, and identifying the at least a first cryptographic evaluator as a function of the secure proof, assigning, by the selection device, a confidence level of the at least a first cryptographic evaluator, and selecting, by a selection device, a distributed framework from the plurality of cryptographic evaluators as a function of the confidence level, and assigning a task to the distributed framework.

Abstract: Some embodiments are directed to a server device (100) and a client device (200) arranged to authenticating a user of client device (200). The user has access to an authentication string. Server device (100) is configured to encrypt a set of character/position data according to a homomorphic encryption algorithm. The client device allows the user to select a subset from the encrypted set from which a verification number is computed using the homomorphic operation.

Abstract: A computer-implemented method according to an aspect includes determining a sensitivity level for an instance of data, comparing the sensitivity level to one or more policies, and conditionally performing a backup of the instance of data, based on the comparing.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for identity verification are provided. One of the methods includes: generating a security question for verifying a target user; determining an answer for the target user to match the security question; determining a category identification of the answer for the target user; determining users' data corresponding to the category identification of the answer for the target user; searching, in the determined users' data, for one or more pieces of the users' data related to the answer for the target user to serve as one or more distraction answers; and verifying the target user according to the security question, the answer for the target user, and the one or more distraction answers.

Abstract: A Paillier decryption system, IC, and method. The IC includes: a modular exponentiation module, for performing modular exponentiation operations related to a first subitem and a second subitem, where a Paillier decryption process of encrypted data is divided into a first subitem and a second subitem according to the Chinese remainder theorem, the first subitem corresponding to a first prime, the second subitem corresponding to a second prime, a public key of the encrypted data being a product of the first prime and the second prime, a bit width of the first prime being the same as a bit width of the second prime; a first module combination corresponding to the first subitem, for determining a computation result of the first subitem; and a second module combination corresponding to the second subitem, for determining a computation result of the second subitem.

Abstract: An encryption specification named “MetaEncrypt” implemented as a method and associated apparatus is disclosed for unbreakable encryption of data, code, applications, and other information that uses a symmetric key for encryption/decryption and to configure the underlying encryption algorithms being utilized to increase the difficulty of mathematically modeling the algorithms without possession of the key. Data from the key is utilized to select several encryption algorithms utilized by MetaEncrypt and configure the algorithms during the encryption process in which block sizes are varied and the encryption technique that is applied is varied for each block. Rather than utilizing a fixed key of predetermined length, the key in MetaEncrypt can be any length so both the key length and key content are unknown.

Abstract: Embodiments disclosed herein are related to computing systems and methods for a DID owner to select a permission scope for sharing DID-associated data. A set of permission scopes are accessed for DID-associated data. The DID-associated data is associated with a DID of a DID owner. The set of permission scopes define entities whom are to be given access to the DID-associated data by the DID owner. The DID owner is prompted to select a specific permission scope of the set of permission scopes for one or more of the DID-associated data. The selected permission scope is applied to the one or more of DID-associated data. The selected permission scope defines the specific entities that are to be given access to the one or more of the DID-associated data.

Abstract: A method and a computer system is provided for executing the method for providing a registration data directory service (RDDS). The method includes obtaining, at a RDDS, a RDDS query comprising a location assertion from a RDDS client from a RDDS client; providing, by the RDDS, a request for personally identifying information (PII) for the RDDS query from a privacy provider, wherein the request comprises the location assertion; obtaining, by the RDDS, the PII for the RDDS query; and providing, by the RDDS, a response to the RDDS query to the RDDS client, wherein the response comprises PII.

Abstract: A database management tool performs updates or sequential operations to large databases. A configuration file specifies source, destination (if different than source), encryption status, order, throttling limits, and number of threads to maintain, among other settings. A queue table points the tool at the database to be converted and maintains current row ID and status. The queue table may also hold the location of a hardware security module (HSM) if one is used for encryption, decryption, or hashing. The database management tool may use the configuration file to retrieve a record, perform the specified action, such as sending the record to an HSM for decryption with an old key and encryption with a new key, and replacing the old record with the updated record. The queue table may be updated with a running record of where the last operation occurred to allow rollbacks if necessary.

Abstract: Systems and methods are described based on an integrated circuit that performs a challenge-response physically unclonable function (PUF). The PUF is used for challenge-response authentication. The integrated circuit includes a PUP block configured to output an n-bit internal response corresponding to a challenge that requests a response where n is an integer greater than 1 and a response generator configured to calculate a Hamming weight of the internal response and output the response by comparing the Hamming weight with at least one reference.

Abstract: A plurality of memory cells, in which each memory cell includes two corresponding supply terminal inputs, is powered up while applying a voltage differential between the corresponding supply terminal inputs for each of the plurality of memory cells. After powering up, the plurality of memory cells is read and a physically unclonable function (PUF) response is generated from data of the reading.

Abstract: A method is provided for authenticating one device to another device. In the method, a first device proves to a second device that a first credential comprising multiple first attributes is valid. The second device proves to the first device that a second credential comprising multiple second attributes is valid. The first device reveals a first attribute of the multiple first attributes to the second device. The second device verifies the first attribute and decides whether to continue revealing attributes. If continuing, the second device reveals to the first device a first attribute of the multiple second attributes. The first device verifies the first attribute of the multiple second attributes. The first device decides whether to continue revealing attributes. Attributes can be revealed until one of the first or second devices end the method or until no attributes of the multiple first and second attributes remain to be revealed.

Abstract: In some examples, a Domain Name System (DNS) server receives, over a network, DNS queries containing domain names, extracts a common domain name shared by the domain names, determines whether a measure of an amount of data relating to the DNS queries containing the common domain name exceeds a threshold, and in response to determining that the measure of the amount of data relating to the DNS queries containing the common domain name exceeds the threshold, trigger a countermeasure action to address a threat associated with the DNS queries.

Abstract: An information security system and method that provides electric power to an authorized user and denies electric power to an unauthorized user. An administrator requests access for a user, and a site controller generates a key/receptacle tuple for the use. The key/receptacle tuple is communicated to a site power source, which broadcasts the key/receptacle information to all secure receptacles in a facility, or other infrastructure. The key is also communicated to the user. The user plugs in a device into a secure receptacle and provides the key via a secure adapter between the device and the secure receptacle. If the key is valid, the users' device is supplied with electric power; otherwise, electric power is denied to the unauthorized user's device. The usage of the secure receptacles are logged and analyzed by the site controller and reports are communicated to the administrator.

Abstract: In response to receiving a login request message with a security indicator enabled for security, a storage port establishes a security association by transmitting a response indicating a login accept with the security indicator enabled for security. In response to establishing the security association, the storage port modifies a protocol behavior for transmitting and receiving information units.

Abstract: Disclosed herein is a method for generating a composite cryptographic signature. The method comprises receiving a message and a first part of a first party signature, wherein the first part of the first party signature is derived from the message and a first share of a first private key. The method further comprises generating a first party signature from the first part of the first party signature and a second share of the first private key and generating a second party signature from the message and a second private key. The method further comprises combining the first party signature and the second party signature to generate a composite cryptographic signature. An apparatus, a computer-readable medium for implementing this method are also disclosed.

Abstract: A method for performing encrypted search includes receiving a search query for a plurality of keywords from a user device that appear in one or more encrypted documents stored on an untrusted storage device. The method also includes accessing an encrypted search index to obtain a first list of document identifiers each representative of a document that includes a first keyword and a second keyword of the plurality of keywords. The method also includes, for each remaining keyword, determining a corresponding list of document identifiers each representative of a document that includes the first, second, and respective remaining keyword. The method includes determining, based on the first list of document identifiers and each corresponding list of document identifiers, a second list of document identifiers each representative of a document that includes each of the plurality of keywords. The method also includes returning the second list to the user device.