Abstract: In one example an apparatus comprises accelerator logic to pre-compute at least a portion of a message representative, hash logic to generate the message representative based on an input message, and signature logic to generate a signature to be transmitted in association with the message representative, the signature logic to apply a hash-based signature scheme to a private key to generate the signature comprising a public key, and determine whether the message representative satisfies a target threshold allocation of computational costs between a cost to generate the signature and a cost to verify the signature. Other examples may be described.

Abstract: Techniques of generating a lattice-based verification matrix and signature vector are disclosed. The method enables a generating device to sample a gadget matrix and then generate a reduced gadget matrix. The generating device may then sample a trapdoor matrix and use the trapdoor matrix and the reduced gadget matrix to generate a verification matrix. A sending device may receive the trapdoor matrix and the verification matrix from the generating device, in addition to receiving a message. The sending device may then use the trapdoor matrix and the verification matrix to generate a signature vector for the message. A verification device can receive the verification matrix, the message, and the signature vector. The verification device may use the verification matrix and the signature vector to verify the message.

Abstract: Systems and techniques for information-centric network namespace policy-based content delivery are described herein. A registration request may be received from a node on an information-centric network (ICN). Credentials of the node may be validated. The node may be registered with the ICN based on results of the validation. A set of content items associated with the node may be registered with the ICN. An interest packet may be received from a consumer node for a content item of the set of content items that includes an interest packet security level for the content item. Compliance of the security level of the node with the interest packet security level may be determined. The content item may be transmitted to the consumer node.

Abstract: A system and a method for tracking history of a digital object using cryptographic chain. The digital object is encrypted using a cryptographic technique to form a first time travel record of a cryptographic chain. Further, an update in the digital object is detected. Furthermore, an updated digital object is encrypted to form a second time travel record. The first time travel record and the second time travel record are linked to form the cryptographic chain through a composite key. Subsequently, an input from the user is received to identify a change in the digital object. The cryptographic chain is sequentially decrypted based on the input. Finally, a change in the digital object is identified based on a comparison of the first time travel record and the second time travel record, thereby tracking history of the digital object using the cryptographic chain.

Abstract: Various embodiments are directed to a system and method for establishing a secure communication pathway between a network-connected device and a computing platform. Such configurations encompass encrypting a device-specific installation package passed to the device using a device-generated cryptography key, verifying the identity of the computing platform at the device, encrypting a response message via a platform-generated cryptography key, transmitting the response message to the computing platform, verifying characteristics of the device via the response message, and establishing a secure communication platform upon verification of the device.

Abstract: The present disclosure provides methods and systems for method for regulating access to syndicated data across multiple communication channels, including online and offline channels. A syndicated data item may be activated upon performance or completion of a user activity (e.g., online user activity, offline user activity, etc.). A syndicated data item may have one or more expiration conditions, wherein after expiration, the syndicated data item becomes unavailable for activation. The systems and methods may simultaneously or substantially simultaneously, in real-time or in near real-time, assess the expiration status of a syndicated data item delivered to a user across multiple communication channels, including online and offline channels.

Abstract: A method by a web application layer attack detector communicatively coupled between web application clients and web application servers. The method includes receiving one or more data streams each carrying one or more web application layer requests, forming chunks from each of the one or more web application layer requests as it is being received, where each of the chunks is sized to be less than a preconfigured maximum chunk size, scanning the chunks for attacks as each of the chunks is formed without waiting to receive and store complete web application layer requests from which the chunks are formed, and sending each of one or more of the chunks that were determined, based on a result of the scanning, not to include an attack to the web application server for which the web application layer request from which that chunk was formed is intended.

Abstract: Embodiments include systems and methods for determining cryptographic address for a same entity across a plurality of distributed blockchain networks that use a same elliptic curve. In some embodiments the method includes computing a cryptographic address hash of the first cryptographic address using the cryptographic public key of the first cryptographic address, the cryptographic address hash being a common representation of the first entity on the first distributed blockchain network and the cryptographic address hash being derived via a cryptographic one-way hash function, the cryptographic one-way hash function following a protocol of performing a function on the cryptographic public key, the cryptographic public key being used on the first distributed blockchain network and a second distributed blockchain network, the first distributed blockchain network and the second distributed blockchain network using the same elliptic curve.

Abstract: A verification terminal includes a storage unit that stores partial block data. The partial block data is the latest data that a part of block data for update and addition in chronological order. The verification terminal selects a plurality of approval terminals to approve the partial block data stored in the storage unit. When a transaction included in the partial block data stored in the storage unit is updated by the verification terminal, the verification terminal transmits an approval request that requests the selected approval terminals to approve the updated partial block data to which the updated transaction and a hash value of the partial block data before updating are added. The verification terminal executes an update process of the partial block data based on approval results returned from the approval terminals in response to the approval request transmitted by the approval requesting unit.

Abstract: This disclosure relates generally to method and system for securing peer nodes in a blockchain network. The proposed disclosure is a robust model providing secure, scalable and efficient sharding committee reconfiguration technique where blockchain peer nodes organize themselves into each sharding committee among a plurality of sharding committees. The disclosure includes, generating a random number directory by each peer node communicating random numbers to the reference committee through leader node in the blockchain network. The reference committee initiates to reconfigure members of each sharding committee at predefined intervals. Further, a first message packet from each peer node is received by the reference committee based on which a second message packet is generated enabling each peer node of the block chain network to join one of the sharding committee.

Abstract: Embodiments are directed to managing cryptographic keys in a multi-tenant cloud based system. Embodiments receive from a client a request for a wrapped data encryption key (“DEK”). Embodiments generate a random key and fetch encryption context that corresponds to the client. Embodiments generate the wrapped DEK including the random key and the encryption context encoded in the wrapped DEK. Embodiments then return the wrapped DEK to the client.

Abstract: One or more implementations of the present specification provide a method and an apparatus for generating description information. The method for generating description information includes: determining local DIDs registered in a first blockchain, and generating a relationship graph of all local DIDs based on data that is related to individual local DIDs and that is maintained by a first blockchain node corresponding to the first blockchain; determining, from the relationship graph and based on a target local DID corresponding to a target object, an associated local DID related to the target local DID; and generating description information of the target object based on (a) an association relationship between the target local DID and the associated local DID and (b) data related to the associated local DID.

Abstract: Methods for detecting and preventing an adversarial network entity (e.g., fake base stations, etc.) from tracking a wireless device's location. A wireless device may be equipped with a random value (RAND) database or cache memory RAND values previously received by the wireless device. In response to receiving an authentication request message from a network component, performing AKA procedures and determining that the authentication failed, the wireless device may compare the RAND value included in the received authentication request message to RAND values stored in secure storage memory. The wireless device may generate an authentication response message that includes an error code that is different than standard error code used so that the target wireless device can't be differentiated from other wireless devices thereby preventing tracking in response to determining that the RAND value included in the received authentication request message is included in the RAND secure storage memory.

Abstract: Methods and systems enabling tracking and managing apparel items are described. The apparel item (e.g. clothing item, shoes, accessories, jewelry and other type of wearables) is tagged and tracked using an inimitable identification tag that is at least partially invisible to the naked human eye, and generating a record of the apparel item in a distributed ledger using the tag data of the inimitable identification tag. The record is associated with a non-fungible token (NFT) on the ledger that allows for tracking the item throughout its life. For example, it is possible to locate and authenticate the apparel item by using the private key associated with the NFT of the token. The apparel item may be tracked starting from a manufacturing phase of the apparel and extending throughout the lifespan of the apparel item. The authenticity of the apparel item can be shown throughout the manufacturing, distribution and ownership stages.

Abstract: In general, techniques are described for using zero-knowledge proofs and digital signatures to verify the authenticity of log records generated by multiple parties, at least in some cases without exposing personally identifiable information for the parties.

Abstract: A computer-implemented method includes receiving an original message from a trusted execution environment. The original message includes an original digital signature authored by the trusted execution environment. The method includes computing a proof of knowledge for the original digital signature and modifying the original message by replacing the original digital signature with the proof of knowledge.

Abstract: A key generation device generates a decryption key dkx having a tag-added decryption key and a decryption key adkx. The tag-added decryption key includes a decryption key tdkx in which a key attribute x is set and a tag tg? required to decrypt a ciphertext with the decryption key tdkx. In the decryption key adkx, the key attribute x is set. An encryption device generates an original ciphertext octy in which a ciphertext attribute y corresponding to the key attribute x is set and which can be decrypted with the tag-added decryption key. A re-encryption key generation device encrypts the decryption key tdkx by an attribute-based encryption scheme using a ciphertext attribute y?, so as to generate a re-encryption key rkx,y? which is a key for generating a re-encrypted ciphertext rcty? which can be decrypted with a decryption key adkx? in which a key attribute x? corresponding to the ciphertext attribute y? is set.

Abstract: A method for facilitating transactions between tenants in a multi-tenant architecture system is discussed. The method includes receiving a request, at a multi-tenant platform, from a first service of a first tenant of the multi-tenant platform to access a second service of a second tenant of the multi-tenant platform to perform a transaction, in which the request includes a first access token usable to authenticate the transaction with the first tenant. The method includes generating, by the multi-tenant platform using the first access token, a universal access token. The method includes generating, by the multi-tenant platform using the universal access token, a second access token useable to authenticate the transaction with the second tenant. The method includes using, by the multi-tenant platform, the second access token to communicate with the second service to perform the transaction.

Abstract: A target sends ID of a key table. The apparatus receives the ID. The apparatus sends ID of an authentication table to the target. The apparatus sends a challenge corresponding to a pair of the ID of the key table and the ID of the authentication table, to the target. The target obtains, from the key table, a key corresponding to a pair of the ID of the key table and the ID of the authentication table. The target generates a response from the challenge and the key. The target sends the response to the apparatus. The apparatus obtains, from the authentication table, a response corresponding to a pair of the ID of the key table and the ID of the authentication table. The apparatus authenticates the target based on the responses.

Abstract: Methods and systems can prove to an independent verifier that multiple activities registered on decentralized BASE network belong to the same user, without revealing true identity of the user. A selective linkability algorithm provides for linking together activities done under various of user's pseudonyms, without revealing the true user's identity. A reward calculation mechanism calculates a reward based on activities linked using the linking proof. For example, if user can prove that she already successfully completed 10 prior transactions, she might be deemed more valuable to the business making a new offer and hence eligible for a higher reward.