Abstract: Systems and methods for digital property authentication and management are disclosed. A document representing a trade secret may be requested to be registered with a trade secret registry. A document obfuscation value corresponding to the document may be generated and may be registered with a blockchain. A record of the registration may be generated for the trade secret registry. The registry may be searchable and/or offer functionality such as valuation, insurance provision, and/or verification, among other benefits and functionalities.

Abstract: There is disclosed a novel system and method for decentralized digital structured data storage, management, and authentication. In an embodiment, the present system comprises pieces of digital structured data (including but not limited to, digital images, digital videos, digital audio, digital text, and digital computational graph representations), computer nodes for storing pieces of digital structured data and for creating references to portions of stored pieces of digital structured data, a network connecting the computer nodes, and a blockchain. In an embodiment, a piece of digital structured data is stored on a computer node, and the computer node creates a reference to a portion of the stored piece of digital structured data. The computer node then broadcasts a request for the reference to be added to the blockchain to all computer nodes through a network connecting all computer nodes.

Abstract: A system, method and elliptic curve cryptography scheme using an Edwards-form elliptic curve. The elliptic curve cryptography scheme having a blinding protocol resistant to differential side channel attacks. The elliptic curve defined over field F and having a point P with coordinates located on the elliptic curve. The blinding protocol including: randomly selecting a random element I; and determining coordinates of a blinded point PB by performing a multiplication of a random element I by at least one of the coordinates of point P.

Abstract: A trusted component is suggested to be added to off the shelf computing systems such as PCs or smartphone providing secure functions for access management and credential protection—safe authentication, maintaining session integrity and validation of content modification. An additional advantage of the solution that it detects malware/hacking attempts on first try allowing of taking action while oblivious to the malware/hacker to avoid retaliation.

Abstract: Embodiments disclosed herein are related to computing systems and methods for a DID owner to control the delegated use of DID-related data. Delegation permissions are attached to DID-related data objects that are provided by the DID owner to a first third-party entity. The delegation permissions specify interactions that should occur between a DID owner and second third-party entities who receive the DID-related data objects from the first third-party entity. The DID-related data objects are provided to the first third-party entity. Various interactions are received from the second third-party entities who attempt to use the DID-related data objects. The second third-party entities are allowed to use the DID-related data objects when the received interactions satisfy the delegation permissions.

Abstract: A method may achieve an agreement among a plurality of nodes executed by one or a plurality of processors of a blockchain system including a distributed network of the plurality of nodes. The method may comprise: receiving a candidate block in a N-th round (N is a positive integer) by an arbitrary node among the plurality of nodes able to be promoted to producer nodes having a block generation status at a predetermined time for each round, determining whether the received candidate block is a valid candidate block, determining whether the valid candidate block is an unapproved block, and determining whether to vote for approval of the unapproved block by determining whether the unapproved block is a first received candidate block which is a first received candidate block within the N-th round by the arbitrary node.

Abstract: Aspects of the present disclosure are directed to systems and methods for authenticating a user requesting access to a computing resource based on telematics data. A system may include a telematics device associated with a vehicle having one or more sensors arranged therein, a mobile device, and a server computer. The server computer may receive telematics data of a user associated with the vehicle from the telematics device, store the telematics data in memory, receive a request to authenticate the user, generate one or more questions for authenticating the user based on the telematics data, transmit the one or more questions for presentation to the user, receive one or more answers to the one or more questions from the mobile device, and transmit, to the mobile device, an indication of whether the user is authenticated based on the one or more answers.

Abstract: The present disclosure provides a security control method and device of an application, and an electronic device. The method includes: determining whether running information of the application meets a preset security control condition; calling a preset service if the running information of the application meets the preset security control condition, the preset service being configured to enable the application to run in a trusted execution environment; and executing an authentication service corresponding to the running information of the application in the trusted execution environment.

Abstract: A method of a local bundle assistant (LBA) negotiating a certificate with a secondary platform bundle manager (SPBM) in a wireless communication system including: transmitting a request message requesting information of certificates supported by a secondary secure platform (SSP) to a secondary platform bundle loader (SPBL) of the SSP; receiving the information of certificates supported by the SSP including information of certificate issuers corresponding to a family identifier from the SPBL; transmitting the information of certificates supported by the SSP to the SPBM; and receiving a certificate of the SPBM for key agreement, information of public key identifiers of certificate issuers to be used by the SSP, and information of the family identifier from the SPBM.

Abstract: Inferential analysis includes: assessing risk of a cyber security failure in a computer network of an entity, using a computer agent configured to collect information from at least one accessible Internet elements; automatically determining, based on the assessed risk, a change or a setting to at least one element of policy criteria of a cyber security policy; and automatically recommending, based on the assessed risk, a computer network change to reduce the assessed risk.

Abstract: A protection system, method, and a security device can protect an Internet of things (IOT) system having connected hardware equipment, including at least an interface that can receive a control communication for controlling at least one connected device. They feature tasks/steps that intercept control communication between a controller and a connected device, determine whether the received control communication contains an undesirable control command, and either pass or block the received control communication to the connected device depending on whether the received control communication contains an undesirable control command. The security device can be disposed between a source of communication in an IOT network and the connected device for protection.

Abstract: Assessing risk of a cyber security failure in a computer network of an entity includes: assessing risk of an entity, using a computer agent configured to collect information from at least publicly accessible Internet elements, and automatically recommending, based at least in part on the assessed risk, changes to reduce the assessed risk to mitigate the theoretical damage. The assessed risk comprises a cyber security failure risk in a computer network of the entity; and the assessing of risk comprises: generating a disaster scenario that comprises elements of a disaster event; modeling the disaster scenario against a profile of the entity; and determining theoretical damage based at least in part on the modeling.

Abstract: Disclosed is an orthogonal access control system based on cryptographic operations provided by multi-hop proxy re-encryption (PRE) that strictly enforces only authorized access to data by groups of users, scalable to large numbers of users. Scalable delegation of decryption authority can be shared with a plurality of members of a group whether those members be users or devices, and members of a group can further create sub groups and delegate decryption authority to those members, whether users or devices. Members are granted access via generation of transform keys, and membership or access can be revoked merely be deleting the transform key—no elimination of the encrypted data, regardless of its storage location, is needed.

Abstract: An example operation may include one or more of storing state information of a system component via a data block included among a hash-linked chain of data blocks of a blockchain, the state information identifying operating features of the system component at a first point in time, receiving, from the system component, re-computed state information of the system component captured at a second point in time that is subsequent to the first point in time, determining an integrity of the system component based on the re-computed state information and the previously stored state information of the system component stored among the hash-linked chain of data blocks, and transmitting information about the determined integrity to a computing system associated with the system component.

Abstract: A method for issuing a virtual document by a first computer system of an issuer, includes creating the virtual document; calculating a hash value of the virtual document; sending a signed entry request including the hash value to a blockchain server; receiving the signed entry request by the blockchain server; and executing, by the blockchain server, program instructions of a program module identified by the signed entry request, wherein the execution of the program instructions includes checking the signature of the entry request, using a public cryptographic key of the issuer registered in the blockchain, and, if the signature is valid, generating an additional block of the blockchain for the issue of the virtual document, wherein the generated block includes an entry associated with the program module and including the first hash value.

Abstract: A technique to secure a wireless communication link that is being shared among a wireless access point (AP), and each of a set of wireless clients (each a mobile station (STA)) that are coupled to the AP over the communication link. A typical implementation is a WPA2-PSK communication link. In this approach, and in lieu of a single secret key being shared by all AP-STA pairs, each AP-STA pair derives its own unique WLAN shared secret, preferably via a Diffie-Hellman (DH) key exchange. The WLAN shared secret is then used to generate WPA2-PSK keys, namely, pairwise master key (PMK) and pairwise transient key (PTK), that establish an 802.11 standards-compliant secure link.

Abstract: A system is provided for the storage of data, the system having: an encrypted host platform disposed in a specific territory and upon which regulatory controlled data is stored; a controller configured to allow a primary user to set permission settings and identify authorized end users and degrees of access granted to each the authorized end user, the authorized end user being pre-cleared for compliance with regulatory controls pertaining to the regulatory controlled data; the controller configured to permit access to the encrypted host platform only if the host platform is located within a specific territory and if the hosting platform is in compliance with predefined data security protocols the controller configured to allow the authorized end user access to the regulatory controlled data, and the controller configured to exclude access to both a provider of the system for storage and a system host platform provider; at least one individual computing device accessible by at least one the authorized end user

Abstract: The present invention relates to the field of tracing and anti-counterfeit protection of physical objects, and particularly to preparing and performing a secure authentication of such objects. Specifically, the invention is directed to a method and a system for preparing a subsequent secured authentication of a physical object or group of physical objects by a recipient thereof, to a method and system for authenticating a physical object or group of physical objects, to a method and system of securely providing a time-variant combination scheme for authenticating a physical object or group of physical objects according to the above methods, and to related computer programs corresponding to said methods. The invention is based on the concept of increasing the security level by increasing the information entropy of the data on which the anti-counterfeit protection is based by means of random data communicated to authenticating entities in an algorithmically hidden way.

Abstract: A packet network includes packet engines that perform packet handling. Cipher engines are provided separately from the packet engines for encryption and/or authentication operations. To preserve relative timing and ordering of data packets, a packet engine performs pre-shaping of data traffic, wherein the packet engine inserts dummy packets into a data flow. The packet engine provides the pre-shaped data traffic to a cipher engine.

Abstract: A chip fingerprint management device includes: a one-time programmable (OTP) memory including a first storage region, the first storage region being readable by hardware and access restricted by software; and an OTP controller which generates a chip fingerprint based on a random number, and programs the generated chip fingerprint into the first storage region in the OTP memory.