Abstract: A method and device for establishing a communication along a communications channel between a first device (200A) and a second device (200B). The method comprises mutually discovering the first device (200A) and the second device (200B), validating (F5, F6, F7) the communications channel between the first device (200A) and the second device (200B) by exchange of data messages, exchanging a secret between the first device (200A) and the second device (200B) and then exchanging encrypted messages along the communications channel.

Abstract: Provided herein are techniques to facilitate enhanced cloud access security broker (CASB) functionality via in-band application observability in which a CASB can be implemented in-line between the client device and an embedded application security service. In one instance, a method may include, obtaining, by a CASB from a client device, a first message for an application transaction involving an application operating via the client device. The first message can be augmented to include first security metadata and can be forwarded to trigger one or more actions by an embedded application security service associated with the application. The CASB may obtain a second message from the embedded application security service that includes second security metadata, and one or more actions can be triggered at the CASB based, at least in part, on the second security metadata included in the second message.

Abstract: An online security analysis system determines a categorical value in an online activity and also determines conversion factors that are associated with the categorical value. Based on the conversion factors, the online security analysis system identifies at least one aggregated value for a numerical feature that is associated with previous online activities for the categorical value. In addition, the online security analysis system generates an embedding vector that describes the aggregated value associated with the categorical value. The embedding vector is provided to an online activity analysis model that is trained to generate prediction data for the online activity, based on the aggregated values associated with the categorical value. The prediction data is transmitted to an online system for use in controlling access of a client device to a function of the online system.

Abstract: The disclosure proposes a method for switching from a first subscription of a first telecommunication network operator to a second subscription of a second telecommunication network operator on a plurality of smart cards, the method comprising, for each smart card pre-provisioning the smart card with a batch of secret keys at the level of a personalization factory; thanks to a first input file transmitted by the first telecommunication network operator to the personalization factory, generating at the personalization factory an output file comprising a first secret key selected in the batch, a corresponding first IMSI and a first ciphered operator code; transmitting the output file to the first telecommunication network operator; and transmitting OTA keys and the first IMSI to an OTA server of a service provider managing the smart card in order to attach the smart card to the first telecommunication network.

Abstract: Method and system for authenticating a candidate user are disclosed. The method includes acquiring, by a second service from a first service, a request for a candidate User-Service Unique Identifier (USUID) associated with the candidate user. The candidate USUID is unique for a candidate user-first service pair. The method includes generating, by the second service, the candidate USUID, and sending a token indicative of the candidate USUID. In response to the candidate USUID matching a target USUID, the first service authenticates the candidate user as a target user without prompting the candidate user to provide additional information.

Abstract: As described herein, a system, method, and computer program are provided for synthesizing user transactional data for de-identifying sensitive information. In use, transactional data of a plurality of users is identified. Additionally, the plurality of users are clustered based on the transactional data, to form groups of users having transactional data representing similar transactional behavior. Further, synthesized transactional data is generated for the users in each group by: identifying a subset of the transactional data that corresponds to the users in each group, shuffling the transactional data in the subset across the users in each group, and perturbing portions of the shuffled transactional data.

Abstract: A semiconductor device includes a one-time programmable (OTP) memory device, a key register and a key protection control logic. The OTP memory device stores a secret value, a key protection bit indicating whether to protect the secret value, and an end of life bit indicating whether to discard the semiconductor device. The key register loads the secret value from the OTP memory device and stores the secret value. The key protection control logic controls loading of the secret value from the OTP memory device to the key register based on the key protection bit and the end of life bit. Security of the secret value is enhanced and utilization of the secret value is optimized using the key protection bit and the end of life bit.

Abstract: An example system includes a processor to compute a tensor of indicators indicating a presence of partial sums in an encrypted vector of indicators. The processor can also securely reorder an encrypted array based on the computed tensor of indicators to generate a reordered encrypted array.

Abstract: A method for encrypting messages is provided. The method for encrypting messages includes: generating a seed; generating a mask based on the seed; generating a masked message by masking an original message using the mask; acquiring a target message by performing white box encryption on the masked message; and disclosing the target message and the seed.

Abstract: A terminal device according to this disclosure is a terminal device including a controlling portion, a storage portion, and a communication portion. The controlling portion stores electronic tickets in the storage portion. The controlling portion executes authentication of a user through communication with a server. In a case where the user is authenticated successfully, the controlling portion causes an electronic ticket associated with the user to be displayable from among the electronic tickets stored in the storage portion. In a case where a non-communicable state in which the communication with the server is not performable is established, the controlling portion causes a corresponding electronic ticket to be displayable from among the electronic tickets stored in the storage portion.

Abstract: This application provides an encrypted packet inspection method and a protection device, and pertains to the field of communication technologies. In this application, a process of performing SSL handshake between a protection device and a client device is associated with a process of performing SSL handshake between the protection device and a server. The protection device sends a same DH parameter to each of the client device and the server, and reuses DH parameters on the two sides when generating session keys, where the session key is used to decrypt an encrypted packet sent by the client device or the server, and encrypt plaintext data obtained after decryption and inspection. In embodiments of this application, a computation amount caused by DH parameter generation is reduced, and resource usage of a protection device such as a firewall is reduced.

Abstract: The present disclosure discloses a method for encrypting a visually secure image based on adaptive block compressed sensing and non-negative matrix decomposition. Firstly, the Tetrolet transform is performed on the plain image, then the sparsity degree is optimized on the sparsity matrix and the matrix scrambling is performed, such that the sparsity degree in each block region of the image matrix is equalized. Then according to the image information, the sampling number of the block region is calculated, the measurement matrix is constructed and optimized, and the image is compressed by using the optimized measurement matrix. The compressed image is then scrambled and diffused to complete the encryption process. Finally, the image information is embedded into the carrier image through non-negative matrix decomposition to obtain a visually safe ciphertext image. The decryption process is the inverse of the encryption process.

Abstract: A method may include an aggregator node in a distributed computer network: generating an aggregator node public/private key pair; communicating the aggregator node public key to participant nodes; receiving, from each participant node, a message comprising a local machine learning (ML) model encrypted with a participant node private key and the aggregator node public key, and a participant node public key encrypted with the aggregator node public key; decrypting the local ML models and the participant node public keys using the aggregator node public key; decrypting the local ML models using the participant node public keys; generating an aggregated ML model based on the local ML models; encrypting, with each participant node public key, the aggregated ML model; and communicating the encrypted ML models to all participant nodes. Each participant node decrypts one of the encrypted ML models and modifies its local ML model with the aggregated ML model.

Abstract: Systems and methods for authentication may include a first device having an association with a first account, including a memory containing one or more applets, a counter value, and transmission data, a communication interface, and one or more processors in communication with the memory and communication interface. The first device may create a cryptogram based on the counter value, wherein the cryptogram includes the counter value and the transmission data. The first device may transmit, after entry of the communication interface into a communication field, the cryptogram, and update, after transmission of the cryptogram, the counter value. The first device may receive, via the communication interface, one or more encrypted keys and one or more parameters. The first device may decrypt the one or more encrypted keys and, after decryption of the one or more encrypted keys, switch an association from the first account to a second account.

Abstract: Aspects of the present disclosure involve a method and a system to perform a cryptographic operation that involves a number theoretic transformation of a first vector to a second vector by obtaining components of the first vector, performing a plurality of iterations that each include determining a plurality of output values, wherein each of the plurality of output values is a linear combination of two or more input values, the input values into a first iteration being the components of the first vector and the output values of the last iteration being representative of components of the second vector, and wherein one or more of the output values of at least one iteration are randomized by multiplying at least one input value by a random number, and determining, based on the output values of the last of the plurality of iterations, the components of the second vector.

Abstract: A method for key refreshment in a wireless network system using a salt. The method includes receiving, from each of a plurality of secondary nodes communicably coupled to a primary node, a current session number. The current session numbers are compared to a session number at the primary node to identify a mismatch, and a salt is generated responsive to identifying the mismatch. The method further includes sending the salt to each of the plurality of secondary nodes having a current session number matching the session number at the primary node.

Abstract: A processing device disposed inside a transmitter/receiver intended for use in optical fiber sensing using an optical fiber in order to enable restricting utilization of a prescribed range of acquired data, the processing device comprising: a mask unit which masks a prescribed range of acquired data, which is the data acquired by the transmitter/receiver through the optical fiber sensing; and an output unit which outputs post-masking data, which is the data that has undergone the aforementioned masking, to the outside of the transmitter/receiver, wherein the acquired data prior having the masking performed thereon for the prescribed range is not outputted to the outside.

Abstract: One example method includes receiving, by a client computing device, a request to open a superfile stored in a memory device at the client computing device, the superfile comprising encrypted content, the request comprising user credential information; in response to receiving the request to open the superfile, communicating, by the client computing device, a request to a remote server to access the superfile, the request including a credential associated with the user account; receiving, from the remote server, cryptographic information; decrypting, using the cryptographic information, the encrypted content; accessing and presenting the decrypted content; and maintaining communications with the remote server while the decrypted content is accessed.

Abstract: A method is for data communication in a network including a first network area and a second network area. The method includes provisioning medical patient data; provisioning identification data for identification of a patient; provisioning a code linked to the identification data; sending medical patient data and the code from the first network area to a server in the second network area; and processing the patient data by the server. The method further includes provisioning identification data or input of identification data for identification of a patient by the user; establishing of a code linked to the identification data; automatic sending of the code to the server; establishing the status of the processing patient data linked to the code; creating a corresponding status notification by the server; and sending the status notification to the user.

Abstract: Systems, methods, and computer-readable for endpoint integration and mapping are disclosed. A system can include one or more processing circuits configured to identify endpoints and access information. The processing circuits can generate an object package corresponding to the endpoint by initiating the object package based on an identifier corresponding to an endpoint type of which the object package is structured and mapping the access information to an access scheme corresponding to formatted requests to access the endpoints for protection data. The processing circuits can perform an endpoint request by invoking the object package using at least one formatted request and receiving output data with a response to the endpoint request by a DCDSI system. The processing circuits can further update a distributed ledger or data source based on the output data.