Abstract: A method for sequential authentication based on chain of authentication using public key infrastructure (PKI) is provided. The method includes generating, by a user, a first private key and a first public key corresponding to each other; generating, by an nth service provider, an nth private key and an nth public key corresponding to each other; transmitting, from the user to the nth service provider, a level n key; verifying, by the nth service provider, the level n key; generating, by the nth service provider, a level (n+1) key by concatenating the level n key and the nth public key signed with the nth private key; and transmitting, by the nth service provider, the level (n+1) key to the user, where n is a natural number, and when n=1, the level 1 key is the first public key signed with the first private key.

Abstract: The present disclosure provides a description of exemplary systems and methods for enabling faster proof-of-work in a distributed ledger. The methods and systems may include a processor which may generate a first hash having a first difficulty level as a first proof of work associated with a first plurality of selected transactions. The first hash not being accepted by a distributed ledger network. The processor may receive a second plurality of selected transactions and determine a second difficulty level for a second proof of work associated with the second plurality of selected transactions. The processor may compare the first difficulty level to the second difficulty level. In response to determining that the first difficulty level is less than the second difficulty level, the processor may generate a second hash as a second proof-of-work for the second plurality of selected transactions having a residual difficulty level.

Abstract: An anonymous signature system in which a signature ? is anonymized by an agent specified by a signer, includes computers each including a memory and a processor configured to, from a security parameter, generate a system parameter ? independent of the agent; from ?, generate an agent secret key w and an agent public key gA; from ?, generate a secret key x and a public key y of the signer; from x, a message m on which ? is to be put, and gA, generate ? to be put on m; from an identifier i of the signer, w, ?, a ring L representing a group to which the signer belongs, a list yL of public keys y of signers in L, and m, generate a ring signature ?? by anonymizing ?; and from L, yL, m, and ??, output a verification result b form.

Abstract: The present invention provides a method, an apparatus, and a system for transmitting and receiving information by using a QR code. The method can receive a first QR code including second terminal identification information from a second terminal, transmit the second terminal identification information to a server, receive, from the server, encryption information of the second terminal on the basis of the second terminal identification information, generate first terminal encryption information by using encryption information of the second terminal to encrypt encryption information of a first terminal, transmit the first terminal encryption information to the second terminal, receive, from the second terminal, a second QR code that is generated on the basis of the first terminal encryption information and that includes information data, and obtain the information data by using decryption information of the first terminal to decrypt the second QR code.

Abstract: A system, method, and device are provided for detecting and mitigating a storage attack at the block level by generating canary blocks by marking blocks of data (referred to as memory blocks) such that other programs do not modify these canary blocks that are monitored to detect data storage attacks that attempt to modify the canary blocks and/or by monitoring statistical and behavioral features of activities over blocks, whether they can be modified by other programs or not. The system and method also backup the memory blocks by backing up memory blocks as they are modified. When a data storage attack is detected, the attack is stopped, and the files are remediated using the backup of the affected memory blocks.

Abstract: Disclosed herein are methods and systems for executing verifiable computation modules to process private data at private data owner platform, comprising obtaining a computation module having a unique identifier recorded in a distributed ledger controlled by a plurality of computing nodes, generating a key pair comprising a signing key and a verification key derived from the signing key, recording, in the distributed ledger, an execution record associating an execution instance of the computation module with the verification key, initiating the execution instance of the computation module to process a private dataset incorporated with the signing key. outputting a computation outcome, computing an execution result signature for the execution instance based on the unique identifier and the private data and the signing key, and recording the execution result signature in the distributed ledger to enable verification of the execution instance.

Abstract: A fraud detection system including at least one processor configured to: calculate a fraud level of a user who uses a service based on a behavior of the user; obtain a determination result as to whether the behavior is actually fraudulent; and calculate accuracy of fraud detection for each user based on the fraud level and the determination result.

Abstract: Embodiments described herein include methods and systems for remotely managing appliances, including enabling communication between a user of the appliance and third party systems. The third party systems can include any entity that has a relationship with the user of the appliance, such as a payment infrastructure handling incremental payments for the appliance, and managing access to the appliance accordingly. In some embodiments, the appliance being controlled is a mobile phone that also includes third party operating system software. Various methods for preventing alteration or replacement of the third party operating system are also described.

Abstract: Methods and systems are configured to store user data and control access to the user data, wherein the data is stored remotely from the user (such as external to a user's computing device) and the user's data is maintained anonymously. Content is stored in association with a user identifier and access by third parties is controlled by linked third party identifiers.

Abstract: In an approach for conversational interchange optimization, a processor monitors conversations in a communication system. A processor generates a list of topics in the conversations. A processor determines a flow for each topic based on length of time, number of participants, and sentiment associated to each topic. The flow is the progress of interactions and shifts for each topic. A processor builds a statistical model for each topic based on the flow to predict success or failure of a topic progression for an incoming conversation. A processor updates the topic progression for the incoming conversation based on the predicted success or failure.

Abstract: Methods, systems, and devices for transitioning an information handling system (IHS) to a predetermined operating state is disclosed. During the transition, the IHS may obtain data from a variety of sources which may subject it to compromise. To reduce the likelihood that the IHS is compromised, the IHS may evaluate its environment and its own operation to determine its security state. Depending on its security state, the IHS may perform various actions to reduce the likelihood of it being compromised through its transition process.

Abstract: Some embodiments of the invention provide a novel method for performing firewall operations on a computer. The method of some embodiments instantiates first and second firewall processes on the computer. These two processes are two separate processes, which in some embodiments have separate memory allocations in the memory system of the computer. The method uses the first firewall process to examine a data message to determine whether an encryption based firewall policy (e.g., a TLS-based firewall policy) has to be enforced on the data message. Based on a determination that the encryption-based firewall policy has to be enforced on the data message, the method provides metadata, which is produced by the first firewall process in its examination of the data message, to the second firewall process. The second firewall process then uses the provided metadata to perform an encryption-based firewall operation based on the encryption-based firewall policy.

Abstract: This disclosure is directed to automated processes for attesting to trustworthiness of a host considered for connection to a data center network. The attestation process is performed in two attestation phases. In the first phase, attestation is performed on a smart network interface controller (“SNIC”) connected to an internal bus of the host using a first trusted platform module (“TPM”) of the SNIC. In the second phase, attestation is performed on the host by the SNIC using a second TPM connected to the internal bus of the host in response to a determination that the SNIC is trustworthy. The host is connected to the data center network in response to a determination by the SNIC that the host is trustworthy.

Abstract: A method of digital radio communication between a first device and a second device is disclosed. An advertising packet is transmitted between first and second devices, wherein the packet includes a first address and a data portion. Additionally, an encryption key is transmitted between the devices. The first device generates a second address by encrypting an identity value derived from part of the first address using the encryption key and the data portion. The result is encrypted to generate second portion of the second address. The first device then transmits a connection request including the second address. The second device decrypts the second portion and uses the encryption key to determine correspondence with the first portion. If said correspondence is determined, the second device decrypts the first portion using at least the encryption key and compares it to an expected identity value derived from the first address.

Abstract: An example computer-implemented system maintains user profiles and displays external content. Method and system are provided for performing attribution of conversions with respect to the external content in a privacy safe manner by anonymizing personally identifiable information utilizing cryptographic salt.

Abstract: Systems, methods, apparatuses, and computer program products directed to next generation (e.g., 5G systems) key set identifier(s) are provided. One method includes requesting, by a network node, authentication of a user equipment with an authentication server, receiving a master key and authentication parameters/vectors from the authentication server when authorization is successful, and verifying validity of the authentication request. When the verification is successful, the method may further include instantiating a security context for the user equipment and assigning a security context identifier for next generation system security context to the user equipment, and then sending a security mode command message to instruct the user equipment to instantiate security context using the security context identifier.

Abstract: MBS key distribution includes processing group information associated with an MB session context received from an AF. At least a portion of the group information comprises a TMGI. A plurality of session join requests received from a plurality of UEs are processed. Each of the plurality of session join requests include the TMGE and are associated with the MB session context. A request associated with the MB session context for transmission to an MB-SMF is encoded. A response associated with the MB session context received from the MB-SMF is processed. The response includes a key derived for each of a portion of the plurality of UEs using a UE ID and the TMGI. A DL NAS message and an N2 message are encoded for the plurality of UEs and a base station, respectively. The DL NAS message and the N2 message include the derived key.

Abstract: The present invention provides a method for packet processing according to a access control list table, comprising: receiving a packet, wherein the packet includes a packet information and match items for matching; providing an access control list (ACL) codeword table; providing a mask table, wherein the ACL codeword table corresponds to the mask table; obtaining a hash key by performing a multiplexing logic operation, wherein the hash key is made by combining a multiplex result of the packet information and the mask table; obtaining a hash value by performing a hash function based on the hash key, wherein the hash value is composed of X+Y, wherein X is a signature table (hash table) index and Y is a key digest; performing a hash table indexing, based on the signature table index, wherein the signature table index is the index to an address of signature table; performing a fast pattern match, wherein the signature table contains signature fields, and if any second signature field in the signature table is mat

Abstract: A subscription system and method of facilitating permission-based access to a subset of vehicle sensor data in a vehicle electronic control unit (ECU) to augment an information application. The system includes a vehicle subscription server. The method includes generating, by the vehicle subscription server, a sensor key and a subscription key, installing in a memory of the vehicle ECU the vehicle sensor key. In response to a request for a subscription by a mobile device, transmitting by the vehicle subscription server the subscription key. The vehicle ECU uses the subscription key to authenticate the mobile device as having a current subscription, and augments the information application with the subset of vehicle sensor data accessed based on the sensor subscription key.

Abstract: A method, performed by an image processing device, of encrypting image data includes: selecting an encryption target unit from among a plurality units constituting an image; generating a table including identification information about the encryption target unit; generating a first encryption unit including data obtained by encrypting the encryption target unit; generating a second encryption unit including data obtained by encrypting the table; and generating a bitstream including the first encryption unit, the second encryption unit, and units other than the encryption target unit among the plurality of units constituting the image.