Abstract: Systems, methods and devices for implementing cryptographic and security-in-depth techniques on-board spacecrafts or satellites are provided, to allow users to task activities or retrieve satellite data from the satellite system in an anonymous, secure, safe, and private manner, such that no other user sharing the satellite system resources can know what has been tasked or transmitted to the ground. Considerable advantages can be realized by providing spacecraft or satellite systems with a substantial capacity of applying security-in-depth and cryptographic techniques and protocols to data and requests, based on autonomous tasking, allowing a secure, safe and private use of spacecraft or satellite resources.

Abstract: An apparatus in an illustrative embodiment comprises a client device configured for communication with a storage system, with the client device comprising a processor coupled to a memory. The client device is further configured to generate a data encryption key for a data item by computing a function of at least the data item, to encrypt the data item using the data encryption key for the data item, to encrypt the data encryption key using a secret key of the client device, and to send the encrypted data item and the encrypted data encryption key to the storage system for storage in the storage system. The client device is still further configured to retrieve the encrypted data item and the encrypted data encryption key from the storage system, and to perform an integrity check on the retrieved encrypted data item using a result of decrypting the retrieved encrypted data encryption key.

Abstract: A trusted computing technology is shown. An isolated memory stores a security interrupt descriptor table (SIDT) to correspond to security interrupts triggered by security peripherals. A first register of the trusted core stores a first address pointing to the SIDT. A local advanced programmable interrupt controller in the trusted core provides an interrupt arbiter that arbitrates between peripheral interrupts received from the chipset. When producing an arbitration result showing that a target interrupt is a security interrupt, the interrupt arbiter outputs a security interrupt request and a security interrupt vector to trigger the trusted core to search the SIDT indicated by the first register, to get a target security interrupt descriptor for execution of the corresponding interrupt program.

Abstract: Systems, computer program products, and methods are described herein for monitoring access to a virtual environment using device tagging. The present disclosure is configured to receive, from a user input device, a request from a user to establish a first virtual object to access a virtual environment; receive parameters associated with the first virtual object; determine device information associated with the user input device; generate a first unique key based on at least the parameters and the device information; link the user input device and the first virtual object with the first unique key; store the first unique key in a key repository; and establish the first virtual object for the user to access the virtual environment, wherein the first virtual object is established to access the virtual environment exclusively with the user input device.

Abstract: The present disclosure generally relates to digital identification credential user interfaces.

Abstract: A system includes a primary asset custody subsystem in a first cloud computing data center and a backup asset custody subsystem in a second cloud computing data center different from the first cloud computing data center. The primary subsystem includes a plurality of primary multi-party computation (MPC) clusters, where each primary MPC cluster is allocated to an asset owner and includes a primary MPC client and a plurality of primary MPC nodes. The backup subsystem includes a plurality of backup MPC clusters corresponding to the plurality of primary MPC clusters, where each backup MPC cluster is allocated to the asset owner of its corresponding primary MPC cluster and includes a backup MPC client and a plurality of backup MPC nodes. The backup MPC client sends an export public key from each backup MPC node to the primary MPC client, where each export public key is part of a corresponding export public key-export private key pair.

Abstract: Embodiments of the present disclosure may include a key generation device of a lattice-based public key cryptosystem. In some embodiments, the key generation device may include a communication unit, a storage unit, and a processor that may be configured to control the key generation device to perform operations. In some embodiments, the operations may include generating a public key by using a public key polynomial, where the public key polynomial may belong to a first polynomial ring. In some embodiments, the operations may additionally include generating a secret key that may correspond to the public key. In some embodiments, the secret key may be generated by using a secret key polynomial that may belong to a second polynomial ring. In some embodiments, the operations may additionally include storing the public key and the secret key.

Abstract: A method, a network device, and a non-transitory computer-readable storage medium are described in relation to a multifaceted detection of fraudulent data usage service. The multifaceted detection of fraudulent data usage service may apply fraudulent detection to multiple facets of network usage including end device identifier analysis, end device registration analysis, traffic analysis, and end device examination analysis. The multifaceted detection of fraudulent data usage service may include weightings and scoring associated with the examinations.

Abstract: A computer for an aircraft includes a dock part installed fixedly in the aircraft: configured so as to be connected to at least one avionics equipment by way of a bidirectional data bus, comprising a docking station, a server part installed removably on the docking station of the dock part, configured so as to exchange data and signals with the dock part through a connector, and configured so as to be connected to at least one non-avionics equipment through at least one communications link, the dock part being configured so as to implement a pairing mechanism with the server part in order to authorize or prevent the transmission of data between the server part and said at least one avionics equipment.

Abstract: An apparatus comprising a network interface card (NIC), including packet processing circuitry to determine whether the NIC is to operate according to a first telemetry protection mode to prevent copying of packet data payloads for telemetry or a second telemetry protection mode to enable copying of packet payloads for telemetry.

Abstract: Provided are systems, software, and methods for phishing analysis and detection. The provided systems, software, and methods may comprise interfaces configured to capture and scan network session activity in real-time to detect a phishing attack using a set of trained machine learning classifiers, detect a phishing attach, classify the attack into one or more phishing classes, block the phishing attack and provide a safe preview of the blocked phishing attack. The machine learning classifiers may be deployed remotely. The systems, software, and methods may further comprise a web application programing interface configured to integrate the one or more analysis interfaces into at least one external software or application.

Abstract: A method, in a server, for exchanging cryptographic keys for quantum-secure communication between the server and a client. The method includes: receiving a request message for a secure communication channel from a client, including at least one quantum-secure public ephemeral key and a first secret text; decapsulating the first secret text with a decapsulation function using a quantum-secure secret static key of the server, including generating a first secret; encapsulating the quantum-secure public ephemeral key with an encapsulation function including generating a second secret text and a second shared secret; encapsulating a quantum-secure public static key of the client using the encapsulation function, including generating a third secret text and a third shared secret; generating symmetric keys using at least the first, second, and third secrets; and sending a response message to the client, including the second and third secret texts.

Abstract: A device may receive input key material, and may process the input key material, with a trained generative adversarial network (GAN) model, to generate an encryption key with a maximized entropy. The trained GAN model may include a key generator network model trained to generate encryption keys that generalize key derivation functions with higher entropy to enhance cryptographic security, and a key discriminator network model trained to predict authenticities of the encryption keys generated by the key generator network model. The device may perform one or more actions based on the encryption key.

Abstract: An access control method and a communications device are provided. The method includes: sending first information and/or first indication information to a first target end, where the first information includes at least one of the following: index information of a second authentication server, vendor-related information of the first communications device, and address-related information of the second authentication server; and the first indication information is used for requesting to obtain a credential related to a first network, or used to indicate that an access type is a restricted service.

Abstract: The present disclosure is directed toward systems, methods, and non-transitory computer readable media for generating content clusters from topic data and focus data, generating content collections from content clusters, storing and restoring desktop scene layouts, and storing and arranging video call scenes. In some embodiments, the disclosed systems generate content clusters based on topic data and focus data associated with content items within a content management system and/or accessed via the internet. The disclosed systems can also generate content collections for a user account of the content management system from the content clusters. In some embodiments, the content scene system can further store and restore desktop scene layouts for arranging application windows presenting content items. Further, the disclosed systems can store and arrange particular desktop scene layouts for video call scenes.

Abstract: A pre-shared key (PSK) updating method is disclosed. A first communication apparatus stores a first PSK for processing, within an aging periodicity of the first PSK, a packet exchanged between the first communication apparatus and a second communication apparatus. The first communication apparatus may receive, within the aging periodicity of the first PSK, a first protocol packet that is sent by the second communication apparatus and includes a first PSK key material for generating a second PSK. The second PSK is for processing, within an aging periodicity of the second PSK, a packet exchanged between the first communication apparatus and the second communication apparatus.

Abstract: The present disclosure relates to a communication method and system for converging a 5th-Generation (5G) communication system for supporting higher data rates beyond a 4th-Generation (4G) system with a technology for Internet of Things (IoT). The present disclosure may be applied to intelligent services based on the 5G communication technology and the IoT-related technology, such as smart home, smart building, smart city, smart car, connected car, health care, digital education, smart retail, security and safety services. The present disclosure describes a method and device for setting the state of a bundle after the bundle has been transmitted between smart security media.

Abstract: The present application discloses a method, system, and computer system for determining whether a registered domain is malicious. The method includes that a newly registered domain is registered, applying a malicious domain detector in connection with determining whether the newly registered domain is malicious, and in response to determining that the newly registered domain is malicious, sending to a security entity an indication that the newly registered domain is malicious.

Abstract: A computer includes a processor including a plurality of registers, a memory, and a storage medium. A processor of a computer is configured to execute an encryption process of generating encrypted user data including a plurality of encrypted data blocks using the plurality of registers, and add a DIF including CRC to the encrypted data blocks and store the result in a storage medium. The encryption process includes repeatedly executing a first process of reading partial data from a predetermined number of the data blocks and storing the partial data in a first register, a second process of storing encrypted partial data obtained by encrypting the partial data stored in the first register in a second register, and a third process of executing an operation for calculating CRC using the encrypted partial data stored in the second register and storing a result of the operation in a third register.

Abstract: A system and method securely and selectively provide visibility along a communication path in end-to-end communications, while ensuring security of the transmission, and while further ensuring that unauthorized persons cannot view network packets. A separate parallel channel is used to provide visibility into data in transit to authorized parties, without revealing such data to unauthorized parties. In at least one embodiment, the separate parallel channel is implemented using a secure group messaging platform. In addition, all needed equipment is integrated in the end-to-end connection across layers and protocols into the secure messaging group. Secure, scalable messaging groups can be based on a ratchet tree protocol so as to guarantee forward as well as post-compromise security.