Abstract: A computer device may include a memory storing instructions and processor configured to execute the instructions to host a network function container that implements a microservice for a network function in a wireless communications network, wherein the network function container is deployed by a container orchestration platform; host a service proxy container associated with the network function container, wherein the service proxy container is deployed by the container orchestration platform; and configure the hosted service proxy container to apply a wireless network policy to the microservice for the network function. The processor may be further configured to intercept messages associated with the microservice for the network function using the configured service proxy container; and apply the wireless network policy to the intercepted messages using the configured service proxy container.

Abstract: Systems and methods for tokenization to support pseudonymization are provided herein. An example method includes receiving an input set, seeding a random number generator with one or more secret data, transposing the input set using a first random number/transposition parameter generated by the random number generator to create a transposed input set, transposing a token set using a second random number/transposition parameter generated by the random number generator to create a transposed token set, and generating a token by substituting transposed input set values with transposed token set values.

Abstract: Tools, strategies, and techniques are provided for evaluating the identities of different entities to protect individual consumers, business enterprises, and other organizations from identity theft and fraud. Risks associated with various entities can be analyzed and assessed based on analysis of social network data, professional network data, or other networking connections, among other data sources. In various embodiments, the risk assessment may include calculating an authenticity score based on the collected network data.

Abstract: Techniques for stream-based key management are disclosed. A system obtains a first payload to be published to a first set of one or more subscribers, encrypts the first payload using a symmetric key, to obtain a first payload ciphertext, encrypts the symmetric key using an attribute-based encryption (ABE) policy associated with the first payload, to obtain a key ciphertext, and publishes the first payload ciphertext and the key ciphertext. The system obtains a second payload to be published to a second set of one or more subscribers. Responsive at least to determining that each subscriber in the second set of one more subscribers is in the first set of one or more subscribers and the ABE policy is associated with the second payload, the system encrypts the second payload using the symmetric key, to obtain a second payload ciphertext, and publishes the second payload ciphertext without republishing the key ciphertext.

Abstract: An individual data unit for enhancing the security of a user data record is provided that includes a processor and a memory configured to store data. The individual data unit is associated with a network and the memory is in communication with the processor. The memory has instructions stored thereon which, when read and executed by the processor cause the individual data unit to perform basic operations only. The basic operations include communicating securely with computing devices, computer systems, and a central user data server. Moreover, the basic operations include receiving a user data record, storing the user data record, retrieving the user data record, and transmitting the user data record. The individual data unit can be located in a geographic location associated with the user which can be different than the geographic locations of the computer systems and the central user data server.

Abstract: A cryptographic method is provided. The cryptographic method comprises an initialisation phase for determining a provisional generator point G? equal to a first product G?=[d?]G, where d? is a first random scalar forming a secret key of N bits and G is a generator point of an elliptical curve, and determining a provisional key Q? equal to a second product Q?=[d?]Q, where Q is a point of the elliptical curve forming a public key. During an encryption phase a second random scalar forming a second secret key k of M bits, with M<N; a public key P is calculated such that P=[k]G?; a coordinate of an intermediate point SP1, of the elliptical curve, equal to a fourth product SP1=[k]Q?; at least one key by application of a derivation function (F1); and data (T1) are encrypted based on said at least one key.

Abstract: Systems, methods, and computer-readable storage media are provided for sharing user-information with bots. An automated task to be performed on behalf of a user is determined from at least one user message provided to a user interface of a first bot. A second bot is determined that is capable of performing the automated task on behalf of the user. User information of the user to provide to the second bot for the performing of the automated task is determined. Content of the user information is based on a trust level of the second bot and service parameters for completing the automated task. The first bot provides the determined user information to the second bot using one or more network communications.

Abstract: A baseband processor of a communication device, the baseband processor including an encryptor block that encrypts a transmit data stream into an encrypted data stream, at least one transmit chain block that transforms the encrypted data stream into an analog transmit signal, and a randomness inspector unit that is in communication with the encryptor block, the randomness inspector unit accessing the transmit data stream and the encrypted data stream from the encryptor block as first and second input streams, respectively, to the randomness inspector unit, and determining a randomness gain by comparing a first randomness measurement associated with the first input stream to a second randomness measurement associated with the second input stream.

Abstract: The invention is notably directed to a method for encoding information. This method first comprises generating an encryption key according to polymorphic features of nucleic acids from one or more entities. Next, information is encrypted based on the generated key. Finally, the encrypted information is encoded into synthetic DNA. Another aspect concerns a method for retrieving information. Consistently with the above encoding scheme, synthetic DNA in provided, which encodes encrypted information. Such information is read by sequencing the synthetic DNA and by decrypting the information read using a decryption key. The latter is generated according to polymorphic features of nucleic acids from one or more entities (e.g., from the legitimate individual(s) requesting access to information). Thus, the encoded information cannot be interpreted unless a suitable decryption key is available. The invention is further directed to related DNA samples and systems, including DNA vaults.

Abstract: The present disclosure relates to a transmitting device and a transmitting method, and a receiving device and a receiving method which are capable of improving confidentiality and communication resistance in low power wide area (LPWA) communication. The transmitting device generates a key stream on the basis of GPS time information, encrypts transmitted data on the basis of the key stream to generate encrypted data, and transmits the encrypted data to the receiving device. The receiving device generates a key stream on the basis of GPS time information and decodes the encrypted data into the transmitted data on the basis of the key stream. The present disclosure can be applied to an LPWA communication system.

Abstract: A method including determining, by a processor, an assigned key pair associated with a user device, the assigned key pair including an assigned public key and an assigned private key; authenticating, by the processor, received biometric information; selectively transmitting, by the processor to a trusted device based at least in part on a result of authenticating the received biometric information, an encryption request to encrypt the assigned private key; and encrypting, by the processor based at least in part on selectively transmitting the encryption request, content based at least in part on utilizing the assigned public key is disclosed. Various other aspects are contemplated.

Abstract: According to one example, a system includes a first computing device that performs one or more tests that indicate whether the first computing device is compromised. In response to a determination that the first computing device passed the one or more tests, the first computing device manipulates an authentication code to generate a first seed value. In response to a determination that the first computing device failed the one or more tests, the first computing device manipulates the authentication code to generate a second seed value. The first computing device also determine data for transmittal to a second computing device, modifies the data using the first seed value or the second seed value, and transmits the modified data for receipt by the second computing device.

Abstract: A system for security key rotation in a cloud computing environment is disclosed. The system performs steps to at least initiate, at a predetermined interval, a call to determine whether to initiate generation of a public-private key pair for a client application. The system determines whether to initiate generation of the public-private key pair for the client application and based on determining to initiate generation of the public-private key pair for the client application, transmits a control signal requesting generation of the public-private key pair The system generates the public-private key pair and transmits a private key associated with the public-private key pair to a secure storage location for later retrieval by the client application and transmits a public key associated with the public-private key pair to a public key service for later retrieval by a client associated with the client application.

Abstract: Technologies for secure data transfer of MMIO data between a processor and an accelerator. A MIMO security engine includes a first block cipher pipeline to encrypt a count using a key; a first exclusive-OR (XOR) to generate a first XOR result of the encrypted count and a length multiplied by an authentication key; a second block cipher pipeline to encrypt (count+1) using the key; a second XOR to generate a second XOR result of plaintext data and the encrypted (count+1); a plurality of Galois field multipliers (GFMs) to perform Galois field multiplication on additional authenticated data (AAD), powers of the authentication key, and ciphertext data; and a plurality of exclusive-ORs (XORs) to combine results of the GFMs and the first XOR result to generate an authentication tag. Other embodiments are described and claimed.

Abstract: Methods, systems, and devices supporting virtual cryptographic key ceremonies are described. A server may receive a plurality of public keys and a plurality of digital signatures comprising data encrypted using a plurality of private keys, where each private key of the plurality of private keys corresponds to a respective public key of the plurality of public keys. The server may generate a quorum token based on the plurality of signatures and the plurality of public keys, where generating the quorum token is based on the plurality of signatures representing at least a threshold number of pools. The server may receive a plurality of encrypted shares associated with respective pools of a plurality of pools, generate a master wrapping key based on generating the quorum token and receiving the plurality of encrypted shares, unwrap a root key using the master wrapping key, and generate a certificate based on the root key.

Abstract: Embodiments described herein relate to credential wrapping for secure transfer of electronic SIMs (eSIMs) between wireless devices. Transfer of an eSIM from a source device to a target device includes re-encryption of sensitive eSIM data, e.g., eSIM encryption keys, financial transaction credentials, transit authority credentials, and the like, using new encryption keys that include ephemeral elements applicable to a single, particular transfer session between the source device and the target device. The sensitive eSIM data encrypted with a symmetric key (Ks) is re-wrapped with a new header that includes a version of Ks encrypted with a new key encryption key (KEK) and information to derive KEK by the target device. The re-encrypted sensitive SIM data is formatted with additional eSIM data into a new bound profile package (BPP) to transfer the eSIM from the source device to the target device.

Abstract: Embodiments disclosed herein are directed to methods and systems of password-based threshold authentication, which distributes the role of an authentication server among multiple servers. Any t servers can collectively verify passwords and generate authentication tokens, while no t?1 servers can forge a valid token or mount offline dictionary attacks.

Abstract: Methods, systems, and devices for facilitating joint submissions. In an example embodiment, a system may facilitate a joint submission from multiple devices. For example, a primary device may receive data for a joint submission with a peripheral device, and the data may be segmented into sensitive and non-sensitive data.

Abstract: A method of controlling a device performing communication with a terminal is provided. A random number is generated for attempting a communication connection with the terminal. Hashing is performed on the generated random number with a shared key using a hash-based message authentication code algorithm to obtain a hash value. The obtained hash value is encrypted to generate an advertising (ADV) signal. The generated ADV signal is periodically transmitted. Communication with the terminal is performed in response to receiving a communication connection signal from the terminal. At least one load is operated based on information transmitted from the terminal. The periodical transmission of the ADV signal includes periodically generating the random number, periodically generating the ADV signal in response to the periodic generation of the random number, and periodically transmitting the ADV signal.

Abstract: A method performed by a first UE. The method includes: the first UE sending via a first signaling protocol to a network node a service capabilities request, the service capabilities request requesting service capability information for a second UE; the first UE receiving from the network node a response to the service capabilities request, the response rejecting the service capabilities request; and as a result of receiving the response rejecting the service capabilities request, the first UE sending to the second UE, via a second signaling protocol other than the first signaling protocol, a service capabilities exchange invitation requesting an exchange of service capabilities.