Abstract: A technique is provided for a personalized access to a storage device from a communication device through a local network, with public data and private data being stored in the storage device. The storage device is configured to retrieve an identifier of the local network, allow access to the public data and a set of private data if the retrieved identifier is included in a first list of local networks, and deny access to the set of private data if the retrieved identifier is not included in the first list of the local networks.

Abstract: A process for loading a secure memory image for a startup procedure of a microcontroller from an external non-volatile memory has the microcontroller configured to assume a locked state in which execution of any program is prevented pending a restart of the microcontroller when a data section of a secure memory image is faulty. The process includes the following steps: detection of the locked state of the microcontroller by a controller located outside of the microcontroller, institution of precautionary measures that lead to modified read data values of the memory image in a subsequent attempt by the microcontroller to read the memory image; and initiation of a restart of the microcontroller to cancel the locked state, and thus initiation of a renewed attempt to load the memory image. An assembly including a microcontroller, an external non-volatile memory and a controller implements such a process.

Abstract: Implementations of the present specification disclose a consensus verification method, apparatus, and device. In the implementations of the present specification, for each piece of service data, if first consensus verification on the service data fails, a first node determines whether the service data satisfies a predetermined retry condition instead of directly considering the service data to be invalid. If the predetermined retry condition is satisfied, then the service data is stored as service data to be retried. The first node can perform the first consensus verification on the service data to be retried in response to determining that a predetermined retry execution condition is triggered.

Abstract: According to embodiments of the present invention, trust evaluation is performed on network entities including a host and a network node with privacy preservation to determine an unwanted traffic source. The trust evaluation is based on detection reports from the hosts and monitoring reports from the network nodes. The network nodes do not know contents of the detection reports, and an entity which executes the trust evaluation does not know real identifiers of the hosts and network nodes.

Abstract: Disclosed herein are methods and systems of detecting malicious files. According to one aspect, a method comprises receiving one or more call logs from respectively one or more computers, each call log comprising function calls made from a file executing on a respective computer, combining the one or more call logs into a combined call log, searching the combined call log to find a match for one or more behavioral rules stored in a threat database, determining, when the behavioral rules are found in the call log, a verdict about the file being investigated and transmitting information regarding the verdict to the one or more computers.

Abstract: Method and system disclosed herein facilitate retrieval of a blockchain key. The method comprises receiving a key store comprising a first encryption method, a second encryption method, and identification information of one or more network nodes storing a plurality of encrypted storage keys; displaying an authentication request and receiving and input form the user in response to the authentication request; upon the input received matching a record within a database, instructing the one or more network nodes to transmit the encrypted key segments; decrypting each encrypted key segment based on the first encryption method; and generating a blockchain key by appending the strings of the key segments based on the second encryption method.

Abstract: A method for execution in a dispersed storage network operates to determine one or more slice names of one or more slices and determine whether to establish a new access policy corresponding to the one or more slices. When the new access policy is to be established, the method determines a timestamp; determines a new access policy; and sends the new access policy and the timestamp to one or more storage units that store the one or more slices.

Abstract: Embodiments of the present disclosure disclose an application program integrity verification method and a network device. The method includes: performing eigenvalue calculation on data of an application program when the application program starts, to obtain a first digest of the application program (101); decrypting a stored digital signature of the application program according to a public key in an embedded key pair to obtain a second digest of the application program, where the digital signature is obtained, according to a private key in the key pair, by signing data of the application program each time the application program is updated (102), and the key pair is a manufacturer key pair corresponding to the application program; and determining that integrity verification of the application program passes if the first digest and the second digest are the same, otherwise, determining that integrity verification of the application program does not pass (103).

Abstract: A method for providing a proof-of-work includes computing, by a verification computing device (VCD), a first linear feedback shift register sequence (LFSR-S) using a first polynomial having a first degree and computing, by the VCD, a second LFSR-S based on a second polynomial. A challenge, generated by the VCD and using elements of the second LFSR-S, is transmitted to the PCD. The PCD recursively computes all elements of the first LFSR-S by using the elements and coefficients of the second LFSR-S. A solution for the received challenge is computed based on the computed elements of the first LFSR-S. A proof-of-work is provided by verifying, by the VCD, the transmitted solution by: recomputing a solution to the challenge using initial state parameters and coefficients of the first LFSR-S, and comparing the computed solution of the PCD with the recomputed solution of the VCD.

Abstract: A system and method for preserving the privacy of data while processing of the data in a cloud. The system comprises a computer program application and a client encryption key, The system is operable to encrypt the computer program application and data using the client encryption key; upload the encrypted computer program application and encrypted data in the cloud; enable the computer platform to undertake processing of the encrypted data in the cloud using the encrypted computer program application; output encrypted processing results; and, enable decryption of the encrypted processing results using the client encryption key.

Abstract: A client establishes a network session with a server. The network session is used to establish an encrypted communications session. The client establishes another network session with another server, such as after terminating the first network session. The client resumes the encrypted communications session over the network session with the other server. The other server is configured to receive encrypted communications from the client and forward them to the appropriate server.

Abstract: A method and apparatus for location sharing, consisting of sending a location report by a location determining device to a plurality of network enabled devices over a peer-to-peer network, the location determining device being associated with a first digital key pair. A first of the plurality of network enabled devices, associated with a second digital key pair, performs a validation computation on the location report and submits a validation computation result and the location report to a remainder of the plurality of network enabled devices for inclusion in a shared ledger. Including the location report creates commercially-valued credits associated with the public key of the second digital key pair recorded in the shared ledger. A transfer of commercially-valued credits from association with the first public key of the first digital key pair to the public key of the second digital key pair is also recorded in the shared ledger.

Abstract: A server for identity authentication includes a variable keypad generating unit for generating a variable keypad including encryption keys and a signature input part which receives an input of the signature of a user, wherein the position of each of the encryption keys is changed every time the encryption keys are generated; an authentication information saving unit for saving authentication information of a user of a mobile terminal; and an authentication unit for receiving, from the mobile terminal, position information of the encryption keys according to the order inputted by the user, and signature information inputted by the user on the signature input part, and using same to authenticate identity.

Abstract: An authentication device outputs a first challenge value corresponding to a random number along with a first authentication request. A second challenge value is input to the authentication device along with a second authentication request, and the authentication device outputs a second response value which is obtained by encrypting a value corresponding to the second challenge value by using a common key by a symmetric key cryptosystem. A first response value corresponding to the first challenge value is input to the authentication device, and the authentication device decides whether or not a decrypting result which is obtained by decrypting the first response value by using the common key and a value corresponding to the first challenge value coincide with each other.

Abstract: Authentication of a user device, and/or associated user, to a system is a key component of many systems whereby access is restricted to only authorized personnel. Spatial challenges require a user, as determined by at least a sensor of a user device, to perform a particular spatial action. A sensor in the user device provides output signals and, if the output signals are associated with compliance with the spatial challenge, authorization to access a secured asset may then be granted.

Abstract: A static code analysis unit specifies an implementation portion of a Java code in a cooperation mechanism that sends and receives data between an Android application implemented by the Java code and Web content implemented by a JavaScript code and specifies a method in which a return value that can be called by the JavaScript code is set in the cooperation mechanism; a code converting unit inserts, into the Java code, a call code of a simulation function in which the return value of the specified method is inserted into an argument; and a data flow analysis unit analyzes a data flow by observing, by using the argument and the return value of the simulation function and the specified method, the data that is sent and received between the Android application implemented by the Java code and the Web content implemented by the JavaScript code.

Abstract: Various embodiments of the invention implement countermeasures designed to withstand attacks by potential intruders who seek partial or full retrieval of elliptic curve secrets by using known methods that exploit system vulnerabilities, including elliptic operation differentiation, dummy operation detection, lattice attacks, and first real operation detection. Various embodiments of the invention provide resistance against side-channel attacks, such as sample power analysis, caused by the detectability of scalar values from information leaked during regular operation flow that would otherwise compromise system security. In certain embodiments, system immunity is maintained by performing elliptic scalar operations that use secret-independent operation flow in a secure Elliptic Curve Cryptosystem.

Abstract: Method for retrieving data entered during a server connection, the server having access to a memory including a generated hashed word of a first input data, which corresponds to the data modified by a processing function, the capacity of the hashed word being lower than a predefined capacity, a generated security key of a second input data, which corresponds to the data modified by a processing function, the capacity of the security key being equal to the difference between the predefined capacity and the hashed word capacity, the security key not being stored, method wherein: —after a request to retrieve the data, the hashed word and the security key are concatenated in order to reach the predefined capacity, and —an inverse hash function, using an algebraic solving of the hash function, is applied to the concatenation of the hashed word and security key, to retrieve the data.

Abstract: A certificate manager for a multi-tenant environment can be authorized to automatically renew a certificate for a customer of the environment. Prior to the end of the validity period of the certificate, the certificate manager can obtain a new certificate on behalf of the customer and notify the customer that the certificate is ready to be deployed. The certificate will not be deployed until the customer releases the hold on the certificate. If no such instruction is received, notifications can be sent to the customer about the upcoming end of the validity period, and those notifications can be sent with increasing frequency. If no notification is received before the validity period is to expire, the certificate manager can automatically deploy the certificate to ensure that a valid certificate remains in place for the customer on the associated resource(s).

Abstract: A blockchain database employs cryptography and other methods to implement and protect a distributed, publicly-amendable ledger. Transactions in a blockchain ledger are intentionally anonymous; however, there are cases where it would be useful to be able to verify or disprove a claim of identity of a contributor of a blockchain transaction. Biometrics can be used to link a human being to digital information using their unique physical traits in a way that is analogous to a handwritten or digital signature. An exemplary embodiment disclosed herein describes methods to create and store data in a blockchain transaction such that it can be used in the future to biometrically verify the identity of the contributor of the transaction, and use encoded biometric data to determine whether the blockchain transaction was created or not created by a particular individual.