Abstract: A method for determining a terminal ID from a message received from a terminal in a communication system avoids sending the terminal ID in the clear. In this system each terminal ID has an associated encryption key. A transmitted message comprises at least a Message Authentication Code (MAC), a n-bit hash, and encrypted message text. At least the terminal key and a nonce is used to generate the MAC, and neither the terminal ID or the terminal key are included in the transmitted message. An authentication broker stores the set of all (terminal ID, terminal key) pairs for the plurality of terminals in the communication system. The set of all terminal keys is grouped into at least two partitions, and on receipt of a message the authentication broker identifies the partition that includes the terminal key of the terminal that transmitted the received message using the n-bit hash (the search partition).
Abstract: There is disclosed a blockchain-based system, and an electronic apparatus and a method in the system. The electronic apparatus at a control node end includes a processor configured to: verify, in response to an ownership declaration for a new object that is first introduced from a to-be-verified node in the system, the ownership declaration; and sign, in a case that the verification is successful, the ownership declaration to be returned to the to-be-verified node, so that the signed ownership declaration is verified by other nodes in the system and a record regarding the ownership declaration is added to the blockchain. According to the embodiment of the disclosure, it is possible to verify the newly introduced object in the blockchain-based system without binding with a cipher coin, while maintaining a peer-to-peer architecture of the blockchain-based system.
Abstract: A computer-implemented method for detecting cyber-attacks affecting a computing device includes retrieving a plurality of sensor datasets from a plurality of sensors, each sensor dataset corresponding to involuntary emissions from the computing device in a particular modality and extracting a plurality of features from the plurality of sensor datasets. One or more statistical models are applied to the plurality of features to identify one or more events related to the computing device. Additionally, a domain-specific ontology is applied to designate each of the one or more events as benign, failure, or a cyber-attack.
Abstract: A method for secure multiparty computation of an inner product includes performing multiparty additions to generate a first sum share and a second sum share between two shares of alternating elements from corresponding pairs of elements in a first vector and a second vector, performing multiparty multiplications with at least one other node to generate inner product pair shares corresponding to products of the first sum shares and the second sum shares corresponding to pairs of elements in the first and second vectors, and performing another multiparty addition of each inner product pair share with a first negated shares of pair products corresponding to pairs of elements in the first vector and a second negated shares of pair products corresponding to pairs of elements in the second vector to generate a share of an inner product of the first and second vectors.
Abstract: The present disclosure describes a combined network and physical security appliance. The appliance may be wired to or communicate with automation systems, IoT devices, physical sensors, computing devices and servers on an internal or local network, and other computing devices on an external network. By combining network security and physical security into a single device, a combination security appliance may correlate physical sensor signals with packet inspection results, providing enhanced protection against network threats to physical security systems, and physical protection against network threats.
Abstract: Systems and methods for malware detection techniques, which detect malware by identifying the C&C communication between the malware and the remote host. In particular, the disclosed techniques distinguish between request-response transactions that carry C&C communication and request-response transactions of innocent traffic. Individual request-response transactions may be analyzed rather than entire flows, and fine-granularity features examined within the transactions. As such, these methods and systems are highly effective in distinguishing between malware C&C communication and innocent traffic, i.e., in detecting malware with high detection probability and few false alarms.
Abstract: Various text or other messages may be overlayed on top of these messages. This processing of selecting different content postings from different channels may be determined by the likes on a posting, an editorial account, a recommendation system, or an automated algorithm that looks for curated postings. These postings may be collated into a story based on time of posting, likes, location, users who posted them, high follower posters, low follower posters and other factors. These can be collated into a story1 and a story 2.
Abstract: Methods, systems and computer readable media are disclosed for providing a quantum cipher based on phase inversion, A shared key is established between a first party and a second party. A Hadamard transformation is applied to a message intended for a second party from the first party to produce an equal superposition state. A key phase inversion is applied to the output of the Hadamard transformation. A multiple phase inversion transformation is applied to the output of the key phase inversion to produce an encrypted quantum state with a uniform probability and relative phase distributions. The result is sent to the second party.
Abstract: A domain module computation unit has as a single board computer (1) a central processing unit (CPU) in communication with both a first bus and with a second bus with all communication between the first bus and the second bus being-through the CPU, (2) the first bus communicating with a plurality of internal modules and (3) the second bus communicating with an input/output (I/O) unit enabling communication with devices external to the single board computer. Representative internal modules include a kernel non-volatile memory, a working non-volatile memory, a random access memory and an encryption/decryption unit. The single board computational unit is configured to execute software code modeled in a form embedding data and software instructions in a single model.
Abstract: Exemplary privacy management platforms are described herein. Such platforms may be embodied in systems, computer-implemented methods, apparatuses and/or software applications. The described privacy management platform may be configured to scan identity, primary and/or secondary data sources in order to provide users with visibility into stored personal information, risk associated with storing such information and usage activity relating to such information. The platform may correlate personal information to specific data subjects to provide an indexed inventory across multiple data sources.
Abstract: Methods and systems for authenticating a user requesting to access one or more resources via a device are described herein. Authentication may be based on or otherwise rely on a plurality of devices. For example, aspects described herein are directed towards a system and method for receiving an authentication request from a first user device. A second user device may send a request for and receive a public key of the first user device and receive. The second user device may verify the authentication request using the public key of the first user device and perform authentication based on an authentication secret received from a user.
Type:
Grant
Filed:
April 24, 2020
Date of Patent:
April 5, 2022
Assignee:
Citrix Systems, Inc.
Inventors:
Georgy Momchilov, Chris Pavlou, Ola Nordstrom, Christopher Wade
Abstract: A communication network encrypts a first portion of a transaction associated with point-to-point communications using a point-to-point encryption key. A second portion of the transaction associated with end-to-end communications is encrypted using an end-to-end encryption key.
Type:
Grant
Filed:
October 15, 2021
Date of Patent:
March 29, 2022
Assignee:
Seven Networks, LLC
Inventors:
Lee R. Boynton, Trevor A. Fiatal, Scott M. Burke, Mark Sikes
Abstract: Embodiments provide for distributed transaction-based provenance tracking of agricultural data, secured access to authorized user accounts, auditability of the data, and transactional oversight of the data when exchanged between user accounts. A distributed ledger network including a primary node and a plurality of secondary nodes can store transactions generated based on various operations on or associated with agricultural data, including the certification of select portions of agricultural data collected by a data collection device, commands received from client devices associated with user accounts purchasing or licensing the agricultural data, and detected attempts to access the agricultural data, among other things.
Type:
Grant
Filed:
November 25, 2019
Date of Patent:
March 22, 2022
Assignee:
Farmobile LLC
Inventors:
Jason Tatge, Chris Schibi, Daniel Mola, Jason Munro, Aeron Bowden
Abstract: An information processing device according to the present invention includes: a memory storing instructions; and at least one processor configured to execute the instructions to perform: acquiring a first time; generating, based on the first time, a term of validity of a first access token, and generating a policy including the first access token, the term of validity, and identification information of a receiver of the first access token; generating a digital signature, based on the policy; generating a second access token including the policy and the digital signature; and transmitting the second access token to another device.
Abstract: Various arrangements relate to a method performed by a processor of a computing system. An example method includes hashing a first salted value to generate a first hashed salted value. The first salted value includes a first salt value and a value. A first tuple is generated. The first tuple includes the first hashed salted value and a first token. The first token is associated with the value. A first BAT message is generated. The first BAT message includes the first salt value. The first BAT message is associated with the first tuple. A second salted value is hashed to generate a second hashed salted value. The second salted value includes a second salt value and a value. A second tuple is generated. The second tuple includes the second hashed salted value and a second token. The second token is associated with the value. A second BAT message is generated.
Type:
Grant
Filed:
May 17, 2019
Date of Patent:
March 1, 2022
Assignee:
Wells Fargo Bank, N.A.
Inventors:
Phillip H. Griffin, Jeffrey J. Stapleton
Abstract: Techniques are disclosed for data valuation using language-neutral content addressing techniques in an information processing system. For example, a method comprises the following steps. The method obtains original content in an original language. The method generates a language-neutral representation of the original content. The method then generates an object comprising the language-neutral representation of the original content and at least one valuation algorithm, wherein the at least one valuation algorithm is configured to perform content valuation. The method generates a cryptographic hash value of the object, and stores the object for access using the cryptographic hash value.
Abstract: Disclosed in some examples are methods, systems and machine-readable mediums which allow for more secure authentication attempts by implementing authentication systems with credentials that include interspersed noise symbols in positions determined by the user. These systems secure against eavesdroppers such as shoulder-surfers or man-in-the middle attacks as it is difficult for an eavesdropper to separate the noise symbols from legitimate credential symbols.
Abstract: A network device may include a memory and one or more processors configured to analyze execution of suspicious data; detect one or more states of execution of the suspicious data; determine that the one or more states of execution are to be assigned a priority level; and extract at least a portion of the suspicious data from one or more locations based on determining that the one or more states of execution are to be assigned a priority level.
Abstract: In various implementations, a network device receives a packet from a content producer. The packet includes data and further includes a signature generated by the content producer, based on the data, using a private key of the content producer. The network device modifies the packet without affecting the signature and forwards the modified packet toward a user device. The network device also sends the user device a manifest specifying how the packet was modified. The user device receives the packet and manifest, restores the packet's original data based on the manifest, and verifies the original data using the signature and a public key corresponding to the private key of the content producer. In response to verification of the original data, an application on the user device is allowed to use the data.
Type:
Grant
Filed:
July 25, 2018
Date of Patent:
February 8, 2022
Assignee:
CISCO TECHNOLOGY, INC.
Inventors:
Alberto Compagno, Michele Papalini, Luca Muscariello, Giovanna Carofiglio
Abstract: The invention relates to blockchain technologies such as the Bitcoin blockchain. The invention uses a novel technique to decompose the functionality of a blockchain transaction script into several chunks or functional parts, and to use the output of a chunk as the input of the next chunk. Advantageously, this allows the blockchain to be used for ever complex tasks and computations while minimising script size, and also provides a novel architecture for the distributed execution of computational processes.