Abstract: Methods, apparatuses and systems for peer-to-peer secure communication are disclosed. In an example, a mobile security apparatus (“MSA”) is connected to a first endpoint device and includes a memory device storing a list of MSAs that are designated as being within a circle of trust (“CoT”) of the MSA. The list includes an Internet Protocol (“IP”) address, a public key, and an identifier of at least one endpoint device for each of the MSAs. The apparatus also includes a processor configured to receive a selection of content from the first endpoint device for transmission to the second endpoint device. After determining the second endpoint device corresponds to a second MSA that is included within the CoT, the processor encrypts a message including the content using the public key associated with the second MSA and transmits the encrypted message using the IP address of the second MSA.

Abstract: A server may receive, from a virtual private network (VPN) client of a client device, a message which indicates a request for a policy rule for communications with a network-based application (e.g. provided via a data center or cloud computing services). The server may obtain source attributes of the client device and a user thereof based on source identifiers, and destination attributes of the application based on a destination identifier, and select a policy rule associated with the attributes (e.g. indicative of security, risk, cost, load, and/or business function). The server may send a message which indicates a response and includes the policy rule for application at the VPN client. The policy rule may indicate a policy action for selecting a path, of a plurality of paths, identified by a path identifier, and specify conditions such as a location and/or a date, day, and/or time of the client device.

Abstract: Systems and methods that may be used to provide policies and protocols for blocking decryption capabilities in symmetric key encryption using a unique protocol in which key derivation may include injecting a random string into each key derivation. For example, a policy may be assigned to each client device indicating whether the client device has been assigned encryption only permission or full access permission to both encrypt and decrypt data. The disclosed protocol prevents client devices with encryption only permission from obtaining keys for decryption.

Abstract: An electronic device of a content producer generates a chunk of data, associates a location-independent name with the chunk of data, generates a signature for the chunk of data, attaches the signature to the chunk of data, and transmits the chunk of data, with the signature attached, to one or more user devices in response to respective requests. The signature is generated based on the data in the chunk, using a private key of the electronic device. The electronic device also stores information, including a specification of a public key associated with the private key, in a first ledger entry of a blockchain, to provide the one or more user devices with access to the public key. A user device may obtain the public key and use it to verify the chunk of data.

Abstract: The technology described herein detects a first device associated with a user that is within a detectable range of a second device. The system requests authentication information. In response to receiving the authentication information, a token generator associated with the user can generate a secure token. The secure token can be sent to the server. Once the secure token is verified, the user is granted access to one or more services.

Abstract: An online service store to configure services for endpoints in connection with validating authenticity of the endpoints. For example, a service can be ordered for an endpoint prior to the use of the endpoint. After receiving a request having identity data generated by a memory device configured in the endpoint, a server system can determine, based on a secret of the memory device and other data stored about the endpoint, the validity of the identity data and thus the authenticity of the endpoint. Based on the service ordered for the endpoint, the server system causes the endpoint to be connected to a client server to receive the service. The server system can cause the firmware of the endpoint to be updated to enable the endpoint to receive the service from the client server.

Abstract: Embodiments for a system and method for secure authentication of backup clients in a way that eliminates the need to create users for backup client authentication anywhere in the backup ecosystem, and which eliminates the need for credentials, such as passwords that need protection, updating and synchronization. Such embodiments use a short-term token, such as a JSON web token, for both client and server authentication within the system, and verifies that the tokens grant access using the public key corresponding to the private key assigned to the directory objects by the creator of the directory objects.

Abstract: An area efficient architecture for lattice based key encapsulation and digital signature generation having a co-processor with a polynomial arithmetic submodule configured to process polynomial arithmetic and generate integer values representing polynomial coefficients, a hash submodule operably configured to perform hash operations and to generate pseudorandom numbers, a polynomial format submodule communicatively coupled to the polynomial arithmetic submodule and the hash submodule and operably configured to encode polynomials and decode polynomials, a memory bank communicatively coupled with and operably configured to receive and store temporary values from the polynomial arithmetic submodule, the hash submodule, the polynomial format submodule, and a data interface, and with a control unit operably configured to manage the data interface at selectively controlled time intervals and to utilize the polynomial arithmetic submodule, the hash submodule, and the polynomial format submodule to perform the plural

Abstract: A communication system including an operational network including a host and a learning and detection server, and a staging network including a host of the same type as the host, a test execution server, and a learning and detection server. The test execution server performs a communication test by transmitting test communication in a normal state to the host and receiving communication performed by the host. The learning and detection server learns the communication of the host, generates an initial model for detecting an anomalous communication of the host, and transmits the initial model to the learning and detection server. The learning and detection server learns the communication of the host and generates a model for detecting an anomalous communication of the host, while monitoring the communication of the host using the initial model received from the learning and detection server.

Abstract: A device generates a biometric public key for an individual based on both the individual's biometric data and a secret S, in a manner that verifiably characterizes both while tending to prevent recovery of either. The biometric data has a Sparse Representation and is encoded in a manner to include a component of noise, such that it is challenging to identify which locations are actually encoded features. Accordingly, the biometric data are encoded as a vector by choosing marker at locations where features are present and, where features are not present, choosing noisy data. The noisy data may be chaff bit values selected collectively from a group of (a) random values and (b) independent and identically distributed values. The biometric public key may be later used to authenticate a subject purporting to be the individual, using a computing facility that need not rely on a hardware root of trust.

Abstract: An apparatus for determining a vulnerability of a deep learning model according to an embodiment includes a converter configured to generate an input image for the deep learning model by transforming an original image selected from an image dataset, a measurer configured to measure neuron coverage of the deep learning model by inputting the input image into the deep learning model, and an inspector configured to detect, based on a prediction result of the deep learning model for a class of the input image and a class of the original image, an error in the prediction result.

Abstract: Key management for encrypted data includes establishing a cache of key decryption keys and periodically evicting the keys from the cache. A pool of key encryption keys also is created and periodically, selected key encryption keys are removed from service. Notably, the rate of removal of the encryption keys differs from the rate of cache eviction for the decryption keys. Thereafter, clear data is encrypted with a cipher to produce cipher text, and the cipher is encrypted with a selected key encryption key from the pool. Finally, in response to an access request for the clear data, an attempt to locate in the cache a key decryption key for the encrypted cipher is made. If attempt fails, the key decryption key is retrieved from remote memory. Finally, the encrypted cipher is decrypted with the located key, and the cipher text decrypted to produce the clear data.

Abstract: The implementations provide a method and an apparatus for establishing a trusted cluster. The method is used to form a trusted computing cluster by using N trusted computing units, the method including: grouping the N trusted computing units into a plurality of groups; identifying a first trusted computing unit in each group, and causing first trusted computing units in the plurality of groups to each respectively perform inter-unit trust authentication with other trusted computing units in a same group in parallel; performing inter-group trust authentication between/among the plurality of groups in parallel to obtain the N trusted computing units on which trust authentication succeeds; and propagating secret information in the N trusted computing units on which trust authentication succeeds, so that the N trusted computing units obtain the same secret information to form the trusted computing cluster.

Abstract: Embodiments of the invention are directed to systems, methods, and computer program products for generation of dynamic authentication tokens for use in system-to-system transaction authorization and user identity verification. The system utilizes user biometric data to generate unique authentication tokens which are customized to a particular user. Furthermore, the system rotates not only the encryption algorithms used, but also the datasets being encrypted in order to provide a high level of security such that even if a user's biometric data was compromised, it would be highly unlikely that an attacker would be able to recreate the authentication token stemming from said biometric data at any given point in time. The system eliminates the need for user-provided authentication credentials and provides a more secure and more efficient method of authenticating data exchange between multiple systems or applications.

Abstract: The invention is directed towards an apparatus and method for generating an endpoint path associated with a user. A processor is configured to receiver user data relating to an action datum. The processor is configured to select an endpoint. The endpoint is then used to generate an endpoint path where a user's skills are taken into account. Once the user completes an endpoint, a token certificate is generated.

Abstract: Methods and systems for receiving a detection of a physical presence of a user and, in response, initiating a start-up process on an enterprise device according to a profile associated with the user are described. Thereafter, the system receives authentication credentials at the enterprise device and the user is granted access to the enterprise device after the authentication credentials are verified.

Abstract: The disclosed technique secures a seed phrase configured to access a digital wallet, which holds private keys to access digital assets on a blockchain. Copies of portions of the seed phrase are stored at multiple electronic devices. The seed phrase can be reconstructed at a particular device by retrieving a necessary and sufficient number of the portions from the other devices. In one example, the portions can be shared among devices when in physical proximity to each other and/or when the devices are authenticated as belonging to the same user, which owns the digital wallet. As such, the seed phrase can be stored securely across multiple devices and retrieved even when one of those devices is lost, damaged, or stolen.

Abstract: A computing system can receive location data from computing devices of drivers, each of the computing devices operating a designated application associated with an application service. The system can determine a set of locational attributes of a respective driver and determine whether one or more anomalous locational attributes are present in the set of locational attributes of the respective driver. In response to determining that one or more anomalous locational attributes are present, the system can associate a data set with a driver profile of the respective driver.

Abstract: The present invention relates to virtual code-based control system, method and program, a control device and a control signal generating means. A control method on the basis of a control signal comprising a virtual code according to an embodiment of the present invention comprises: a control signal receiving step for a control module receiving, from a control signal generating means, a control signal generated by means of combining a plurality of specific codes in accordance with a particular rule; a step for the control module extracting the plurality of specific codes comprised in the virtual code; and a command searching step for the control module searching for a storage location comprising a particular command on the basis of the plurality of specific codes.

Abstract: This invention relates generally to blockchain implementations and is suited for, but not limited to, use with the Bitcoin blockchain. It can be used for the implementation of automated processes such as device/system control, process control, distributed computing and storage and others. The invention provides an event detecting, monitoring and/or counting mechanism. The event may be, for example, a vote, decision or selection which is made by a given entity. The invention provides a counting solution in which a computing resource, running simultaneously and in parallel to the blockchain, manages a loop-based operation. The computing resource continuously monitors the state of the blockchain as well as any other off-blockchain input data or source. The execution of the loop is influenced by the state of the blockchain. Each iteration of the loop that is executed by the computing resource is recorded in a transaction that is written to the blockchain. It is stored as a hash within the transaction's metadata.