Abstract: A method of operating a homomorphic encryption operation accelerator includes performing a number theoretic transform (NTT) operation on each of first homomorphic ciphertext and second homomorphic ciphertext, and performing a base conversion operation by adding a partial sum using a first value of the NTT operation.

Abstract: A network system to allow global usage of data while allowing regional jurisdictions control over sensitive data. Different jurisdictions may declare different types of data as sensitive data that is not to be discoverable by another party. The system may receive data that includes encoded data at a first device from a second device (e.g., associated with a remote datacenter). The system may store the data at the first device. In response to receiving a request from a third entity, the system may request a cryptographic key for decoding one or more data fields of the encoded data. Based on decoding the associated field data, the system may transmit a response to the data request that includes the decoded data.

Abstract: A server device includes a memory; and a processor configured to execute instructions stored on the memory to cause the server device to obtain unique data associated with a network device, store, into the memory, at least one of a first key and a first seed, the first key being associated with the network device and being based on the unique data, the first seed being associated with the network device, being based on the unique data, and for use to create a second key, obtain user information identifying a user to be associated with the network device, store, into the memory, the association of the user with the network device, obtain service provider information identifying a first service provider to provide service to the user via the network device, and store, into the memory, the association of the first service provider with the network device.

Abstract: In some implementations, a system may obtain dynamic radio frequency (RF) response information associated with a user equipment and additional dynamic information associated with the user equipment. The system may determine, based on the dynamic RF response information and the additional dynamic information, a current behavior profile of the user equipment. The system may compare the current behavior profile and a baseline behavior profile of the user equipment to generate comparison information. The system may grant or deny, based on the comparison information, the user equipment access to a resource of a private network.

Abstract: In some implementations, a system may receive a shell script associated with a computing device. The system may generate a character frequency feature vector based on the shell script. The system may input text of the shell script to a convolutional neural network (CNN) branch of a trained deep learning model. The system may input the character frequency feature vector to a feedforward neural network (FNN) branch of the trained deep learning model. The system may determine using the trained deep learning model, respective probability scores for each of a plurality of obfuscation types for the shell script based on a combined output of the CNN branch and the FNN branch. The system may detect whether the shell script is obfuscated based on respective probability scores for each of the plurality of obfuscation types determined for the shell script.

Abstract: In some implementations, a user device may detect a communication associated with the user device and a user. The user device may analyze, using a machine learning model, a context of the communication to determine a risk score associated with the communication, the risk score indicating a likelihood that the communication is associated with a fraudulent actor attempting to solicit sensitive information from the user. The user device may monitor the communication to identify a trigger in the communication that indicates that sensitive information is to be shared, wherein monitoring the communication includes performing one or more operations to secure the communication based on the risk score satisfying one or more thresholds. The user device may detect, based on monitoring the communication, a portion of the communication that includes the sensitive information. The user device may obfuscate the portion of the communication.

Abstract: Content management systems are implemented according to a multitenant architecture by which software and its supporting architecture serves multiple customers of a service. Each tenant may be given a share of the application's data, configuration, user management, and other aspects of the application. Each tenant's data is isolated and typically remains invisible to other tenants so that tenants do not share or see each other's data. Embodiments described herein provide mechanisms by which a tenant can delegate administrator rights to an external user such that the external user can grant other users access to the tenant's content while the tenant controls the level of access that is provided to the external users.

Abstract: In order to perform data aggregation using an appropriate data aggregation method among a plurality of data aggregation methods used to narrow down candidate data for in-packet analysis from communication data, a data aggregation apparatus 100 includes: an obtaining unit 101 configured to obtain communication data via a communication network; a selecting unit 103 configured to select one or more first data aggregation methods based on user operation, from a plurality of data aggregation methods used to narrow down candidate data for in-packet analysis from the communication data; an aggregating unit 107 configured to perform data aggregation of the communication data, based on the one or more first data aggregation methods; and a display processing unit 109 configured to display, on a screen, an aggregated value related to the data aggregation.

Abstract: The disclosed technology includes systems and methods for determining secondary authentication of a user's log-in attempts by comparing received behavioral biometric data and/or received scenario-specific data to saved behavioral biometric data and/or saved scenario-specific data, respectively. Responsive to determining that the received behavioral biometric data and/or received scenario-specific data is above a predetermined threshold of similarity with respect to the saved behavioral biometric data and/or saved scenario-specific data, respectively, the systems and methods can determine that the corresponding log-in attempt is secondarily authenticated. of a user device via behavioral biometric data. Responsive to determining that the level of similarity is not above the predetermined threshold, the systems and methods can initiate a secondary authentication method and can associate the received behavioral biometric data with a second user model.

Abstract: An authentication system for authenticating an authentication-target apparatus by transmitting challenge data from an authenticating apparatus to the authentication-target apparatus and transmitting response data from the authentication-target apparatus to the authenticating apparatus. The authentication-target apparatus updates ae secret key and an encrypted original key stored in a memory using a new secret key and a new encrypted original key, derives an authentication key based on an original key, and generates the response data based on a challenge data received from the authenticating apparatus and the authentication key. The authentication apparatus derives an authentication key based on identification information of the authentication-target apparatus and an authentication original key, generates response data for verification based on the challenge data and the authentication key, and obtains an authentication result.

Abstract: A method, system and apparatus for provisioning a computation into a trusted execution environment, including verifying the trusted execution environment, generating integrity information of the computation, generating sealed data, sending information of the computation, the sealed data, and integrity information to the trusted execution environment, confirming the sealed data, and verifying integrity of the computation information from the integrity information and the computation information.

Abstract: The embodiments provide a system and method for improved CAPTCHA challenges that utilize user-specific information. In some embodiments, personalized information about assets currently or previously owned assets, including properties and/or vehicles, are collected. The system then builds a dataset (a “user-specific CAPTCHA dataset”) that is comprised of images including the user-owned assets. The user-specific CAPTCHA dataset can then be used to create personalized, or user-specific, CAPTCHA challenges that include images from the datatset. For systems that implement CAPTCHA challenges for multiple different users, each user-specific dataset may be associated to a particular user identifier (such as a username or email address).

Abstract: A secure enclave may be used to satisfy privacy requirements and audit requirements. Code may be loaded into the secure enclave. The code may generate a predefined report based on data and added noise. The pre-defined report may be subject to audit requirements. The data may be subject to the privacy requirements. The secure enclave may generate an encryption key and a decryption key based on the code. Only the secure enclave may have access to the decryption key. And the secure enclave may allow only a verified copy of the code to access the decryption key. With the added noise, the report may satisfy a pre-defined differential privacy guarantee. Encrypting the code and ensuring that the report satisfies the differential privacy guarantee may satisfy the privacy requirements. Retaining the report, the code, the secure enclave, and the encrypted data may satisfy the audit requirements.

Abstract: A system for managing an authorization for a vehicle includes a vehicle-based memory module, and a communication module. The memory module includes a key list containing a multiplicity of entries for a multiplicity of digital keys, which can be allocated to individual users via a first electronic apparatus. Each digital key represents a vehicle authorization for a user, and each entry in the key list is assigned a unique identifier. The communication module is configured to transfer from the vehicle to the first electronic apparatus at least one identifier assigned to an unallocated entry in the key list.

Abstract: A user environment is controlled and altered based on one or more user conditions received from a biometric tracking services associated with a biometric device of a user. A user can set up a user profile that includes one or more user preferences including a biometric parameter, an asset parameter, a biometric service parameter and/or a location parameter. Based on the user preferences a user device and/or an access point device can control the user environment by altering one or more assets of one or more network devices specified by any one or more user preferences. The asset state of an asset can be altered based on one or more user conditions associated with a biometric parameter such that the user environment is automatically altered based on monitoring the one or more user conditions so as to provide the user an enhanced user environment experience.

Abstract: Virtual private network (VPN) service provider infrastructure (SPI) receives a request to access a VPN from a client device. The VPN SPI selects an Internet Protocol (IP) address for access to the VPN by the client device from a pool of IP addresses. The VPN SPI provides access to the VPN for the client device via the IP address. The VPN SPI receives one or more handshake notifications from the client device. The VPN SPI determines that a threshold time period has passed since a latest-in-time handshake notification of the one or more handshake notifications. The VPN SPI disconnects the client device from the VPN in response to determining that the threshold time period has passed. The VPN SPI adds the IP address to the pool of IP addresses in response to disconnecting the client device from the VPN.

Abstract: A local buffer is integrated with a witness generator and a proof generator on a cryptographic processor and is separate from host memory accessed by a host processor operating with the cryptographic processor in a proving computing system. The witness generator: receives, from software program running on the host processor, compiled code of a zero-knowledge-proof (ZKP) program and specific input to the ZKP program; executes the ZKP program by way of executing the compiled code; records specific output generated from the ZKP program with the specific input, intermediate variable values, and the specific input, as a specific witness of executing the ZKP program; stores the specific witness in the local buffer. The proof generator: receives, from the software program running on the host processor, a proving key; accesses the specific witness in the local buffer; generates a specific zero-knowledge proof for executing the ZKP program with the specific input.

Abstract: Cryptographic techniques are provided for generating, distributing, validation, and processing secure commands on different devices and/or peripherals. A control device generates and encrypts a key corresponding to a secure command using a private key of control device to produce a key envelope. Control device further encrypts the key envelope with a recipient's public key producing a recipient envelope. The recipient envelope is delivered to a recipient's device. The recipient's device decrypts the recipient envelope with a private key of the recipient's device producing the key envelope. The key envelope is delivered back to the control device. The control device decrypts the key envelope producing the key, validates the key, and processes a secure command on behalf of a secure resource or delivers the secure command to the secure resource for processing. In an embodiment, control device maintains audit records/audit trail, which is maintained on the control device.

Abstract: A customer of a computing resource provider is associated with a key provided by a key management system. When the key is generated, a value is generated and encrypted with the key. In response to a detection of a trigger to re-encrypt the customer's key, the encrypted value is used to verify validity of the re-encrypted customer's key before committing it to storage and made available for use.

Abstract: Embodiments described herein provide cryptographic techniques to enable a recipient of a signed message containing encrypted data to verify that the signer of the message and the encryptor of the encrypted data are the same party, or at the least, have joint possession of a common set of secret cryptographic material. These techniques can be used to harden an online payment system against interception and resigning of encrypted payment information.