Abstract: A system and method of verifying a user for participation in a block chain of a distributed network. The method includes receiving, by one or more validation devices of the distributed network, a request for participation in adding transaction records to the block chain, the request being received from a mobile communication device of the user and including behavioral data collected by the mobile communication device. In response to determining that the behavioral data satisfies a human characteristic threshold, determining that the behavioral data is not associated with another device of the distributed network. In response to both those conditions above, verifying the user and enabling the user to participate in the block chain distributed network by adding a block including transaction records to the block chain via the mobile communication device.

Abstract: Systems and methods of generating a security key for an integrated circuit device include generating a plurality of key bits with a physically unclonable function (PUF) device. The PUF can include a random number generator that can create random bits. The random bits may be stored in a nonvolatile memory. The number of random bits stored in the nonvolatile memory allows for a plurality of challenge and response interactions to obtain a plurality of security keys from the PUF.

Abstract: To achieve an improvement in security in encryption of an image signal obtained through imaging by an array sensor. A sensor device includes: an array sensor in which a plurality of pixels including light-receiving elements for visible light or invisible light are arrayed 1-dimensionally or 2-dimensionally; and an encryption unit configured to encrypt a read signal from the pixels of the array sensor. By encrypting a read signal, it is possible to achieve an improvement in security by enabling the image signal not to be stored in plain text in a memory.

Abstract: The disclosed technology teaches facilitate User and Entity Behavior Analytics (UEBA) by classifying a file being transferred as encrypted or not. The technology involves monitoring movement of a files by a user over a wide area network, detecting file encryption for the files using a trained classifier, wherein the detecting includes processing by the classifier some or all of the following features extracted from each of the files: a chi-square randomness test; an arithmetic mean test; a serial correlation coefficient test; a Monte Carlo-Pi test; and a Shannon entropy test, counting a number of the encrypted files moved by the user in a predetermined period, comparing a predetermined maximum number of encrypted files allowed in the predetermined period to the count of the encrypted files moved by the user and detecting that the user has moved more encrypted files than the predetermined maximum number, and generating an alert.

Abstract: A computer-implemented method can include: a computer program file open request providing read access to text or binary plaintext file data residing on a data storage means; processing the plaintext file data in an input data buffer area following a computer program file data read operation to improve performance by creating a multiplicity of processing threads to perform concurrent, usually non-overlapping encryption processing operations; and an encryption program constructing a previously constructed complex of Pseudo Random Number Generator (PRNG) means to provide on-demand Pseudo Random Number (PRN) values.

Abstract: In general, this disclosure describes techniques for replacing target cryptographic primitives in executable binary files with other, potentially more secure, cryptographic primitives. In some examples, a computing system for augmenting cryptographic executables includes a locator to determine if an executable program in an executable binary file includes a target cryptographic primitive. The computing system can include a patch generator to generate patch instructions in response to a determination by the locator that the executable program includes the target cryptographic primitive. The patch instructions cause the executable program to execute a replacement cryptographic primitive instead of the target cryptographic primitive. A rewriter engine of the computing system can modify, based on the patch instructions, the executable program to generate a modified executable binary file.

Abstract: Aspects of the disclosure relate to providing a secure collaboration between one or more PCIe accelerators and an enclave. An example system may include a PCIe accelerator apparatus. The PCIs accelerator apparatus may include the one or more PCIe accelerators and a microcontroller configured to provide a cryptographic identity to the PCIe accelerator apparatus. The PCIe accelerator apparatus may be configured to use the cryptographic identity to establish communication between the PCIe accelerator apparatus the enclave.

Abstract: An allowed client server, that is authorized to access a resource server over a given port, receives a client request, from a client computing system, to access the resource server. The allowed client server authenticates and authorizes the request, using an authentication and authorization mechanism, and selects a port with which to communicate with the client computing system. The identity of that port is provided to the client computing system, and a port forwarding mechanism forwards traffic between the client computing system and the resource server, through the client-facing port and to the given port on the resource server.

Abstract: Certain aspects of the present disclosure provide techniques for privacy preserving sharing and validation of sensitive information in a computing environment. An example method generally includes generating a hashed value of a sensitive data item. A set of modulo values is calculated for the hashed value of the first sensitive data item using a set of prime numbers between an upper bound number and a lower bound number. A request to validate the first sensitive data item is transmitted to a target computing system. The request includes the set of prime numbers and the set of modulo values. An indication of whether a match was found for each respective modulo value in the set of modulo values is received from the target computing system, and a request associated with the first sensitive data item is processed based on the indication.

Abstract: There is a need for more effective and efficient secure data transmission. This need can be addressed by, for example, solutions for secure data transmission that utilize per-user-functionality secret shares. In one example, a method includes generating a hashed user identifier based on a received user identifier; transmitting the hashed user identifier to an external computing entity; and receiving a data retrieval secret share from the external computing entity, wherein: (i) the data retrieval secret share is selected from a plurality of per-user-functionality secret shares, (ii) the plurality of per-user-functionality secret shares are generated based on a secret value, (iii) the secret value is generated based on the hashed user identifier, (iv) the secret value is used to generate a user data private key, and (v) the external computing entity is configured to encrypt user-provided data using the user data private key prior to transmission of the encrypted user-provided data.

Abstract: A source device being associated with an account uses playback of a media content item to cause a target device to become associated with the account. The target device enters an association mode and records a portion of the playing content. The target device provides the recording to a server that identifies the song (e.g., using a music fingerprint service) and uses the identification of the song to find the account that caused playback of the identified song. With the account identified, the server provides credentials of the account to target system. The target device accesses content or services using the account. As confirmation of receiving the credentials, the server causes playback of the content to transition to from the source device to the target device.

Abstract: A computer-implemented method for generating a ciphertext may include (1) generating a header for the ciphertext, including data configuring one or more permissions for decrypting the ciphertext; (2) generating instructions for the ciphertext; (3) generating a ciphertext body, which may include receiving data to be encrypted, retrieving at least one encryption value set (which may include a mixing scheme, a bit value, a first matrix size, a second matrix size, an encryption decider, and a decryption decider), generating at least one character matrix based on the data to be encrypted, executing at least one transformation operation on the at least one character matrix to generate the ciphertext body based on the at least one encryption value set, and generating at least one decryption value set based on the at least one encryption value set; and (4) compiling the header, the instructions, and the ciphertext body into the ciphertext.

Abstract: A method, system, and digital recording medium provides for convenient and trustworthy user authentication with a computing device combining four authentication factors through use of a remote authentication system (RAS). An identity token (Device-ID) cryptographically bound to the user's computing device is generated as a first authentication factor. A password known only to the user is a second factor. Cryptographic signatures generated from the user's biometric minutiae is a third factor. A random challenge received from the RAS is a fourth factor.

Abstract: The present invention discloses a method for protecting a deep learning model based on confidential computing. In this solution, a use process of a deep learning model is divided into two stages: Data preprocessing and inference. At the data preprocessing stage, a data preprocessing model is mainly used to process inference data of an authorized user. The data preprocessing model is a lightweight processing module, which occupies less computing resources, and the data preprocessing model is deployed in a confidential computing environment. At the inference stage, an inference model is used to perform inference on preprocessed data, and the inference model is deployed in a common computing environment. In the entire process, copyright attestation of the deep learning model can be implemented without affecting inference accuracy of the model, and the infringement of the model copyright can be effectively resisted through model forgery, transfer learning, knowledge distillation, and the like.

Abstract: A method for a quantum key distribution from a first target node to a second target node across a network via an entanglement-based protocol, including the following steps: transferring entangled particles from a load node to the first target node and to at least one intermediate node; generating a quantum key with the entangled particles transferred to the first target node and the at least one intermediate node; transmitting the quantum key to the second target node on a first path located on the network with a stage of secure quantum key transmission agreement starting from the at least one intermediate node by encrypting intervals of binary nodes with pre-shared quantum keys; and providing a secure communication with the quantum keys between the first target node and the second target node on a second path located on the network.

Abstract: Described herein are techniques and technologies to identify an encrypted content within a field of view of a user of a VR/AR system and process the encrypted content appropriately. The user of the VR/AR technology may have protected content in a field of view of the user. Encrypted content is mapped to one or more protected surfaces on a display device. Contents mapped to a protected surface may be rendered on the display device but prevented from being replicated from the display device.

Abstract: Providing a method and a corresponding system for encrypting customer workload data through a trusted entity such as a self-boot engine (SBE). More specifically, there is a method and a corresponding system for securely extracting out customer centric data in a manner that requires the customer payloads and/or workloads to register with the SBE and share the encryption key.

Abstract: A working method includes: a client receives and parses an authentication request to obtain an application identifier, an authentication policy and a challenge value; generates a signature key identifier list according to the authentication policy; sends an identity information verifying instruction generated according to the challenge value, the application identifier and the signature key identifier list; an authenticator obtains a signature private key and a signature key identifier according to the signature key identifier list and the application identifier; generates a final challenge hash value according to the application identifier and the challenge value; generates a signature value according to the final challenge hash value, the preset authenticator identifier and the signature key identifier; sends the signature value to a server; the server receives the signature value and verifies the signature value, determines whether the verifying is successful, if yes, the verifying is successful; otherwise

Abstract: It is detected whether a next-to-last raw data block in a raw data segment has been written into an input buffer. If so, the next-to-last raw data block is read from the input buffer for encryption immediately after a current raw data block is read from the input buffer for encryption. Reading continues for a subsequent raw data block after the current raw data block is read from the input buffer for encryption, after the next-to-last raw data block is read from the input buffer for encryption. Encryption is performed, using Advanced Encryption Standard (AES) processing and a CipherText Stealing (XTS) working mode, on a last raw data block in the raw data segment by providing an intermediate encrypted data block, where the intermediate encrypted data block is obtained by encrypting the next-to-last raw data block, and the last raw data block is read from the input buffer.

Abstract: Sharing data in a data exchange across multiple cloud computing platforms and/or cloud computing platform regions is described. An example computer-implemented method can include creating a listing in a data exchange, the listing including a data set hosted by a first cloud computing entity. The data set can be shared with a second cloud computing entity. The method further includes receiving a request associated with a customer account of the second cloud computing entity to access the data set of the listing hosted by the first cloud computing entity and replicating at least a subset of the data set of the listing from the first cloud computing entity to a provider account at the second cloud computing entity to be accessible by the customer account at the second cloud computing entity.