Abstract: A computer-implemented method and system for computing large-degree isogenies of a base degree raised to a power of form ak+b and including the steps of providing at least one computer processor resident on an electronic computing device, performing, with the at least one processor, a large-degree isogeny by chaining together a plurality of scalar point multiplications, a plurality of isogeny computations, and a plurality of isogeny evaluations, wherein the large-degree isogeny includes a sequence storing at least one pivot point computed by one of the plurality of scalar point multiplications followed by an isogeny computation of degree b, performing at least one of the plurality of isogeny evaluations following one of the plurality isogeny computations, and performing an ak-isogeny through another sequence of a isogeny computations.

Abstract: A system, method, and apparatus for carrying out a value transfer is provided. A method includes receiving, by a computing system of a financial institution, a de-signcrypted value transfer message including terms of a value transfer from an account of a sending party to an account of a merchant, wherein a receiving party desires to make a purchase from the merchant and the value transfer is a payment from the sending party account to the merchant account; and one or more spending limitations on the desired purchase, wherein the payment is contingent on the desired purchase meeting the spending limitations. The method then includes verifying the authenticity of the de-signcrypted message using a public key of the sending party and a private key of the financial institution; and dispersing funds according to the terms of the value transfer.

Abstract: Aspects of the disclosure relate to using secure authentication tokens to grant power of attorney. A computing platform may receive user input indicating a task and requesting that a power of attorney be granted to an individual. The computing platform may generate an authority token granting the individual the power of attorney to perform the task, and may send the authority token, along with task information indicating the task, to the individual. The computing platform may receive a validation request including the authority token and the task information. Based on successful validation, the computing platform may send validation information to an event processing system. After receiving confirmation that the task has been performed by the individual, the computing platform may update dashboard information to indicate that the task has been completed, which may cause the user device to display a dashboard indicating completion of the task.

Abstract: The purpose of the present invention is to provide a portable terminal and an application software start-up system whereby the application software that is started up is limited depending on the state of a user, thereby providing an improved ease of use. For this purpose, an application software start-up method for an information processing device comprises: performing identity authentication based on static biological information; determining the state of the user by comparing dynamic biological information acquired from the body of the user with previously measured dynamic biological information; and limiting the application software that is started up in accordance with the determined state of the user and on the basis of a permission level that is set in advance for each application software item.

Abstract: An example method includes initializing, by an obfuscation computing system, communications with nodes in a distributed computing platform, the nodes including one or more compute nodes and a controller node, and performing at least one of: (a) code-level obfuscation for the distributed computing platform to obfuscate interactions between an external user computing system and the nodes, wherein performing the code-level obfuscation comprises obfuscating data associated with one or more commands provided by the user computing system and sending one or more obfuscated commands to at least one of the nodes in the distributed computing platform; or (b) system-level obfuscation for the distributed computing platform, wherein performing the system-level obfuscation comprises at least one of obfuscating system management tasks that are performed to manage the nodes or obfuscating network traffic data that is exchanged between the nodes.

Abstract: A wireless input device includes an information receiving terminal and an information outputting terminal. The information receiving terminal generates a first-portion key. The information outputting terminal receives the first-portion key and generating a second-portion key. An original information is converted into an encrypted information by the information outputting terminal according to the first-portion key, the second-portion key and an encryption algorithm. The encrypted information and the second-portion key are transmitted from the information outputting terminal to the information receiving terminal. The encrypted information is restored to the original information by the information receiving terminal according to the first-portion key, the second-portion key and an encryption algorithm.

Abstract: Various embodiments relate to a method for multiplying a first and a second polynomial in the ring [X]/(XN?1) to perform a cryptographic operation in a data processing system, the method for use in a processor of the data processing system, including: receiving the first polynomial and the second polynomial by the processor; mapping the first polynomial into a third polynomial in a first ring and a fourth polynomial in a second ring using a map; mapping the second polynomial into a fifth polynomial in the first ring and a sixth polynomial in the second ring using the map; multiplying the third polynomial in the first ring with the fifth polynomial in the first ring to produce a first multiplication result; multiplying the fourth polynomial in the second ring with the sixth polynomial in the second ring to produce a second multiplication result using Renes multiplication; and combining the first multiplication result and the second multiplication result using the map.

Abstract: A method of performing cryptographic key exchange while overcoming a malicious adversary party using a multi-party computation (MPC) process performed by the multiple parties, where the parties hold initial shares of a secret used an as exponentiation of the key exchange, where the parties do not reveal the initial shares during the entire process, and where arithmetical computations are performed on the initial shares and on random values outputted during MPC processes.

Abstract: According to one aspect of the present disclosure, provided is a method for providing a notary service for a file, the method comprising the steps in which: (a) when a notary service request for a specific file is obtained, a server generates, by using a hash function, or supports the generation of, a message digest of the specific file; and (b) if a predetermined condition is satisfied, the server registers, in a database, or supports the registration of, a representative hash value or a value obtained by processing the representative hash value, the representative hash value being generated by calculating at least one neighboring hash value that matches a specific hash value, wherein the specific hash value is a hash value of the result of encrypting the message digest with a private key of a first user, a private key of a second user and a private key of the server.

Abstract: A method implemented on a visual computing device to authenticate one or more users includes receiving a first three-dimensional pattern from a user. The first three-dimensional pattern is sent to a server computer. At a time of user authentication, a second three-dimensional pattern is received from the user. The second three-dimensional pattern is sent to the server computer. An indication is received from the server computer as to whether the first three-dimensional pattern matches the second three-dimensional pattern within a margin of error. When the first three-dimensional pattern matches the second three-dimensional pattern within the margin of error, the user is authenticated at the server computer. When the first three-dimensional pattern does not match the second three-dimensional pattern within the margin of error, user is prevented from being authenticated at the server computer.

Abstract: An encryption and decryption system includes a first electronic device and a second electronic device. The first electronic device includes a memory device and an encryption device. The memory device can store plaintext data. The encryption device can generate first pseudo data and first pseudo key. The encryption device encrypts first pseudo data by the first pseudo key and encrypt the plaintext data by a key, and outputs the ciphertext data generated by encrypting plaintext data by the key. The second electronic device includes a decryption device for generating second pseudo data and the second pseudo key. The decryption device decrypts the second pseudo data by the second pseudo key, and decrypts the ciphertext data by the key, and outputs the plaintext data, which is generated by decrypting the ciphertext data by the key.

Abstract: A first executable program on a computer system is enabled to exchange communications with a second executable program on the computer system by determining that the first executable program requests to exchange information with the second executable program, using the second executable program to challenge the first executable program for a digital certificate, and using the second executable program to exchange information with the first executable program when the digital certificate is verified.

Abstract: In one embodiment, a secure chip apparatus, includes a memory to store an encrypted value E and a one-way function output-value H, which is an output value of a one-way function computed with a nonce N as input, an interface to transfer data with an external device, and chip security circuitry to lock a portion of the chip apparatus from use, receive an unlock request from an unlocking hardware security module (HSM) via the interface, provide the encrypted value E to the HSM responsively to the unlock request, receive a value N? from the HSM, the value N? being a decrypted value of the encrypted value E, compute a one-way function output-value H? responsively to the value N?, compare the value H? to the value H, and unlock the portion of the chip apparatus for use responsively to a match between the value H? and the value H.

Abstract: A system of smart edge sensors, wherein security and encryption is pushed to the edge of the network. In one example, an electronic device includes several sensors. The device is operated by a microprocessor. A plurality of smart edge devices are each interposed between a respective sensor and the microprocessor and intercepts communication between the sensor and the microprocessor. The smart edge device encrypt any data output by the sensor, and decrypt any data received from the microprocessor. A JTAG access is connected to a co-processor where executes a JTAG dongle to authenticate the sensor and an interface with the sensor.

Abstract: Systems and methods for monitoring states of operation of a computer environment can include one or more computer servers identifying a target asset of the computer environment and establishing a communication link with a computing device associated with the target asset. The one or more computer servers can determine a first set of parameters for profiling the target asset, transmit a first query for the first set of parameters to the computing device via the communication link, and receive one or more first parameter values corresponding to the first set of parameters responsive to the query. The one or more computer servers can compare the one or more first parameter values to one or more first criteria or threshold values, an determine a state of operation of the target asset based on the comparison. The state of operation can be indicative of an abnormal behavior associated with the target asset.

Abstract: Methods and systems for processing cryptographically secured connections by a gateway, between a client and a server, are performed. Upon receiving TCP and TLS/SSL handshakes associated with a client side connection, from a client (client computer) to the gateway, a probing connection is established. The probing connection completes the handshakes, and based on the completion of the handshakes, the gateway renders a decision, to bypass, block or inspect, the connections between the client and the server, allowing or not allowing data to pass through the connections between the client and the server.

Abstract: A method of generating a biometric electronic signature authenticated key exchange (“BESAKE”) token. The method begins when a biometric sample captured from a signing party is received. A secret knowledge factor is received. An encryption key is generated using the secret knowledge factor as an input to a password authenticated key exchange protocol. The biometric sample is encrypted with the encryption key. The BESAKE token is generated and includes the encrypted biometric sample and a signing party identifier associated with the secret knowledge factor. The BESAKE token can be verified using a decryption key generated using a stored knowledge factor as an input to the password authenticated key exchange protocol. The secret knowledge factor is retrieved based on the signing party identifier. The identity of the signing party can be authenticated by decrypting the biometric sample from the BESAKE token using the decryption key and matching the decrypted biometric sample.

Abstract: Techniques in electronic systems, such as in systems including a processing chip and one or more external memory chips, provide improvements in one or more of system security, performance, cost, and efficiency. For example, the processing chip includes one or more CPUs and circuitry enabling the CPUs to securely boot from an external, non-volatile memory chip containing encrypted, executable code. The circuitry comprises immutable hardware to hold the CPUs in a reset state while performing a serial presence detect on external interfaces of the processing chip and generating an address map according to results of the serial presence detect. In response to an initial instruction fetch of an initial one of the CPUs, the circuitry is able to return one or more instructions via the address map associating an address of the initial instruction fetch with one of the external memory chips.

Abstract: According to one aspect, methods and systems are provided for modifying an encryption scheme in a database system. The methods and systems can include at least one internal database key; at least one database configured to be encrypted and decrypted using the at least one internal database key; a memory configured to store a master key; a key management server interface configured to communicate with a key management server; and a database application configured to receive, into the memory, the master key from the key management server via the key management server interface, and encrypt and decrypt the at least one internal database key using the master key.

Abstract: Verifiable, secure communications between a sender and a receiver on at least one shared communication channel is provided. A manicoded key encoder produces an argument of knowledge for a secret key to the at least one shared communication channel, and a manicoded message encoder provides an implication argument indicating that knowledge of the secret key enables access to message content of the manicoded message. The argument of knowledge is included in a key manifest for the secret key within a manicoded key, and the implication argument is included in a message manifest of a manicoded message. In this way, the sender may provide message content within the manicoded message, and the receiver may operate a decoder to access the message content. A verifier may use the manicoded key and the manicoded message to verify that the receiver has access to the message content.