Abstract: The present disclosure relates to a method for decrypting encrypted data. The method includes generating a first count value by a monotonic counter of a processing device, deriving, using a key derivation circuit, a first encryption key based on the first count value, transmitting the first encryption key to a cryptographic processor; and decrypting, based on the first encryption key, first encrypted data.

Abstract: A method and apparatus are provided for delivering user equipment (UE) new radio (NR) security capabilities and mobility management entity interworking. In the embodiments, adding the UE NR security capabilities in a new information element over a non-access stratum (NAS) is compatible with a legacy mobility management entity and eliminate any potential of bidding-down attack and is more advantageous and serves the security solution better. As long as the UE is connected to the long term evolution (LTE) and all UE security capabilities including LTE security capabilities have been replayed correctly and successfully in the NAS security mode command (SMC) message, the UE may not consider the absence of the UE NR security capabilities in the NAS SMC as a security vulnerability.

Abstract: Provided are a method and system for verifying a liveness detection of a user. The method includes: obtaining a video of a user speaking a phrase in response to a question or a randomly generated phrase presented to the user; inputting video data and audio data of the obtained video to a first determination model to obtain a first determination indicative of whether a mouth movement of the user is synchronized with the audio data; inputting, to a second determination model, a first input corresponding to the audio data and a second input corresponding to a predetermined phrase, to obtain a second determination indicative of whether the predetermined phrase is spoken by the user; and determining whether the first determination indicates that the mouth movement is synchronized with the audio data and whether the second determination indicates that the predetermined phrase is spoken by the user.

Abstract: Systems and methods for cybersecurity operations threat modeling are disclosed. In one embodiment, a method may include: (1) receiving threat actor data and threat actor group data; (2) processing the threat actor data and the threat actor group data; (3) for each threat actor group, generating a threat actor group profile; (4) collecting operational data from an organizational system; (5) generating a threat model by applying the threat actor group profile to the operational data; and (6) deploying at least one countermeasure to the organizational system in response to the threat model.

Abstract: Embodiments of the present invention provide systems, methods, and computer storage media directed to propagating and authenticating border gateway protocol route advertisements. A trusted authority device stores and distributes routing information for various autonomous systems. The trusted authority device also issues and maintains digital certificates that are each assigned to one of the autonomous systems. The digital certificate can be utilized by autonomous systems to verify the authenticity of routing information advertised by another autonomous system. Each autonomous system can employ a routing device that can generate a route advertisement based on routing information received from the trusted authority device. The route advertisement can include a digital signature, a digital certificate, and a time-to-live value, among other things, each of which can be utilized by routing devices of other autonomous systems to determine the authenticity and validity of received routing information.

Abstract: Systems, devices, and methods are provided for performing compound operations on a security module. In some embodiments, a hardware security module (HSM) comprises executable code that, as a result of execution by one or more processors of the HSM, causes the HSM to obtain a request to perform a compound operation, parse the compound operation to determine a sequence of operations, perform the sequence of operations within a protected execution environment, wherein one or more intermediate results of the sequence of operations are programmatically unexportable from the protected execution environment, determine, based on complete execution of the sequence of operations, an output, and export the final output from the protected execution environment, thereby making it available to external devices.

Abstract: A method includes receiving a message and a digital signature associated with a signing party and the message, verifying authenticity of the digital signature using elliptic curve cryptography (ECC), and authenticating use of the message based, at least in part, on the confirmed authenticity of the digital signature. The verifying includes one or more computations involving computing modular inverses. Computing modular inverses includes identifying first and second integer of a modular inverse operation, performing a first iterative process that, at each iteration: (i) initializes a third integer with a pre-defined number of most significant bits of the first integer and a fourth integer with the pre-defined number of most significant bits of the second integer and (ii) computes a quotient and a remainder, determining a resultant inverse value using the quotient; and confirming the authenticity of the digital signature based, at least in part, on the resultant inverse value.

Abstract: A gateway device configured to receive, from an integrated development environment (IDE), a system configuration for a target device including application code for execution on the target device, the configuration being received via an encrypted network connection. The gateway device provisions the target device with the application code, receives, from the IDE, instructions via the encrypted network connection to execute the application code on the remote device and instructs the application code to execute on the remote device.

Abstract: An example method for a first host, being an owner of an object stored in a virtual storage area network (vSAN) cluster, to perform encryption and decryption operations during a rekey in the vSAN cluster is disclosed. The method includes obtaining a first encryption key and a first key identifier (ID) of the first encryption key; transmitting the first key ID and an active key index to a second host; using the first encryption key to perform encryption and decryption operations; and in response to a determination of receiving a key change notification from a master node of the vSAN cluster, terminating a connection with the second host.

Abstract: The disclosure describes systems and methods for wirelessly authenticating devices based on proximity using time-of-flight.

Abstract: The application provides a data security processing terminal, system and method, and is related to a field of data processing. The data security processing terminal includes: an image acquisition device configured to acquire image data and transmit the image data to a Trust Execution Environment through a secure channel; an image acquisition driver operating in the Trust Execution Environment and configured to drive, in response to a drive instruction from a processor, the image acquisition device to acquire the image data; the processor operating in the Trust Execution Environment and configured to send the drive instruction to the image acquisition driver, obtain the image data, encrypt the image data using a stored first key to obtain image ciphertext data, and output the image ciphertext data. The technical solution of the present applicant can be used to ensure the security of image data.

Abstract: Multiple systems may determine neural-network output data and neural-network parameter data and may transmit the data therebetween to train and run the neural-network model to predict an event given input data. A data-provider system may perform a dot-product operation using encrypted data, and a secure-processing component may decrypt and process that data using an activation function to predict an event. Multiple secure-processing components may be used to perform a multiplication operation using homomorphic encrypted data.

Abstract: An image archiving facility creates an image and other data archive relating to an event at a location when prompted by a downloaded application for a host user. The host user may approve guest users to upload to the archive, Approval may come from an image of a person uploaded to the data archive and recognized from biometric data as an approved user. The host may control viewing of images in the archive either individually or generically.

Abstract: Provided are a system, method, and computer program product for patient authentication and identity risk assessment. The method includes receiving an initial patient authorization request from a medical provider computing device. The initial patient authorization request includes a patient identifier communicated by a mobile device of a user to the medical provider computing device. The method also includes generating, using an identification risk assessment model and based at least partly on the initial patient authorization request, an authenticity score. The method further includes communicating the authenticity score to an insurance provider system to cause the insurance provider system to approve or decline the initial patient authorization request. The method further includes receiving a primary insurance provider response from the insurance provider system and communicating at least a portion of the primary insurance provider response to the medical provider computing device.

Abstract: An information processing apparatus, a service providing system, and a method. The information processing apparatus stores in one or more memories, information on execution of each of a plurality of applications, which are available for use under a license contract and outputs suggestion to change the license contract according to a usage count of each application obtained from the information on execution of each application.

Abstract: Aspects and embodiments of the present invention relate to a method and system for generating a private cryptographic key for use in a secure cryptogram for transmission between a first entity and a second entity. The method may comprise: selecting a random vector defined in an n-dimensional vector space shared between the first entity and the second entity, the vector comprising one or more component coordinates defined in the n-dimensional vector space, each component coordinate being associated with one or more bits; determining the one or more bits associated with each component coordinate comprised in the random vector; and generating the private key in dependence on the one or more bits associated with each component coordinate comprised in the random vector.

Abstract: System and methods discussed for automatically optimizing application and notification delivery based on user preferences and historical application usage. Applications that a user is likely to want to use at the present time or in the near future are displayed in an organizationally distinct way in an application catalog so they are easy to find and are pre-loaded on an application delivery server so they are available with minimal system lag caused by application loading processes. Application notifications are also optimized such that notifications that are likely to be relevant to users at the current time are identified and presented to them in an organizationally distinct way.

Abstract: In some examples, a system for decorating network traffic flows with outlier scores includes a processor and a memory device to store traffic flows received from a network. The processor is configured to receive a set of traffic flows from the memory device and generate a tree model to split the traffic flows into clusters of traffic flows. Each cluster corresponds with a leaf of the tree model. The processor is further configured to generate machine learning models for each of the clusters of traffic flows separately. For a new traffic flow, the processor is configured to identify a specific one of the machine learning models that corresponds with the new traffic flow, compute an outlier score for the new traffic flow using the identified specific one of the machine learning models, and decorate the new traffic flow with the outlier score.

Abstract: An encryption method, includes performing, by an encryption system, bit reversal permutation of pixel data of a 2D image, arranging the pixel data as first-pixel data, and applying the 2D image to a butterfly algorithm of fast Fourier transform; determining, by the encryption system, a plurality of data paths based on the first-pixel data; and performing, by the encryption system, a first encryption of the first-pixel data into second-pixel data on a specific data path based on a number of the specific data path among the plurality of data paths.

Abstract: A database stores a document as a plurality of encrypted records, where each record is indicative of an incremental change to the state of the document, and encrypted using a document key. The document key is stored with encryption decryptable using a group key, and the group key is stored with encryption decryptable using a first access key. In response to a request to rotate from the first access key to a second access key, the database decrypts the group key using the first access key, a stores a group key re-encrypted with the second access key.