Abstract: A working method includes: a client receives and parses an authentication request to obtain an application identifier, an authentication policy and a challenge value; generates a signature key identifier list according to the authentication policy; sends an identity information verifying instruction generated according to the challenge value, the application identifier and the signature key identifier list; an authenticator obtains a signature private key and a signature key identifier according to the signature key identifier list and the application identifier; generates a final challenge hash value according to the application identifier and the challenge value; generates a signature value according to the final challenge hash value, the preset authenticator identifier and the signature key identifier; sends the signature value to a server; the server receives the signature value and verifies the signature value, determines whether the verifying is successful, if yes, the verifying is successful; otherwise

Abstract: It is detected whether a next-to-last raw data block in a raw data segment has been written into an input buffer. If so, the next-to-last raw data block is read from the input buffer for encryption immediately after a current raw data block is read from the input buffer for encryption. Reading continues for a subsequent raw data block after the current raw data block is read from the input buffer for encryption, after the next-to-last raw data block is read from the input buffer for encryption. Encryption is performed, using Advanced Encryption Standard (AES) processing and a CipherText Stealing (XTS) working mode, on a last raw data block in the raw data segment by providing an intermediate encrypted data block, where the intermediate encrypted data block is obtained by encrypting the next-to-last raw data block, and the last raw data block is read from the input buffer.

Abstract: Sharing data in a data exchange across multiple cloud computing platforms and/or cloud computing platform regions is described. An example computer-implemented method can include creating a listing in a data exchange, the listing including a data set hosted by a first cloud computing entity. The data set can be shared with a second cloud computing entity. The method further includes receiving a request associated with a customer account of the second cloud computing entity to access the data set of the listing hosted by the first cloud computing entity and replicating at least a subset of the data set of the listing from the first cloud computing entity to a provider account at the second cloud computing entity to be accessible by the customer account at the second cloud computing entity.

Abstract: Examples herein relate to an interface selectively providing access to a memory region for a work request from an entity by providing selective access to a physical address of the memory region and selective access to a cryptographic key for use by a memory controller to access the memory region. In some examples, providing selective access to a physical address conversion is based on one or more of: validation of a certificate received with the work request and an identifier of the entity being associated with a process with access to the memory region. Access to the memory region can be specified to be one or more of: create, read, update, delete, write, or notify. A memory region can be a page or sub-page sized region. Different access rights can be associated with different sub-portions of the memory region, wherein the access rights comprise one or more of: create, read, update, delete, write, or notify.

Abstract: A method including determining a first master key based on receiving a master string; decrypting, based on utilizing the first master key, an encrypted first cryptographic key; decrypting, based on utilizing the first cryptographic key, first factor authentication information to enable determination of a first factor; transmitting the first factor for authentication of the first factor; transmitting, based on successful authentication of the first factor and on verifying biometric information, a decryption request including an encrypted second cryptographic key in association with an identifier to indicate that the encrypted second cryptographic key is to be decrypted based on utilizing a second master key identified by the second identifier; decrypting, based on receiving the second cryptographic key, second factor authentication information to enable determination of a second factor; and transmitting the second factor for authentication to enable receipt of a service based on successful authentication of th

Abstract: A method for obtaining a cluster feature code includes: determining a plurality of key nodes from respective nodes in a cluster; obtaining plaintexts of feature codes of the respective key nodes; according to the plaintexts of the feature codes of the respective key nodes, obtaining ciphertexts of the feature codes of the respective key nodes, by utilizing a first-level public key; calculating a check code according to the ciphertexts of the feature codes of the respective key nodes; and according to the check code, obtaining the cluster feature code, by utilizing a second-level public key. By means of the present application, the scope of influence on the entire system when system nodes change is reduced.

Abstract: One or more computing devices, systems, and/or methods for data fragmentation and reconstruction are provided. Random number generation information, indicating a number of fragments into which data stored by a client device is to be fragmented, is received. The data is fragmented according to the number of fragments as a set of fragments. Authentication data is incorporated with the set of fragments. A set of entities capable of storing the set of fragments with the authentication data is identified. The set of fragments with the authentication data are stored across the set of entities.

Abstract: A method includes: receiving selection of a document; correlating sequences of words, in the document, with a set of language signals; generating a set of document tags representing the set of language signals; and retrieving a first data access policy: associated with a particular document tag in the set of document tags; and including a set of identities permitted to access a document associated with the particular document tag; receiving selection of a recipient account of the document; and in response to detecting the set of identities excluding the recipient account, restricting access to the document by the recipient account.

Abstract: Techniques for improving a natural language processing (NLP) system by providing controlled access to event data to third party systems. For example, the system may control access to event data in a secured way that allows for expanded functionality such as at home games using existing sensors/devices. The system may generate event data using sensor data received from the devices and may enable a customer to configure which devices/sensors a third party system is allowed to access. In addition, the system may only send event data after receiving permission from the customer, such as upon receiving a command to begin a game. The third party system may use the event data to provide additional functionality to the customer during a period of time, which ends at the conclusion of the game, a command from the user to end the game, and/or after a timeout even occurs.

Abstract: The present disclosure relates to implementations of physically unclonable functions (PUFs) for cryptographic and authentication purposes. Specifically, the disclosure describes implementations of systems using PUFs that may replace existing public key infrastructures (PKIs).

Abstract: A protection system and a protection method for software and firmware or information capable of encrypting and adding software and firmware or information to an electronic component, so that the software and firmware or the information is protected during the process of adding to the electronic component at a manufacturing end. Even if the encrypted software and firmware or information is obtained, the original content thereof cannot be acquired. When the electronic component is activated and used, the software and firmware or the information stored therein is then decrypted. In this way, the software and firmware or the information in the electronic component can be protected from being stolen, and the cost of the electronic component can be reduced and is easy to promote.

Abstract: In the field of image encryption and decryption, in order to solve the problem of small key space in the encryption process caused by low dimension of one-dimensional chaotic map and few initial values and control parameters, the present disclosure provides an image encryption and decryption communication algorithm based on two-dimensional lag complex Logistic map, which expands the variables of one-dimensional Logistic map from the real number domain to the complex number domain, improves the dimension of the mapping system, increases the number of keys, and expands the mapping range, wherein the new mapping system is more sensitive to small disturbances of initial values and parameters, which can break the strong correlation between pixels in the original image, so that the pixels of the encrypted image are uniformly distributed in the whole plane, and the features of the original image are hidden.

Abstract: For a network including multiple computers acting as tunnel endpoints in a network, some embodiments provide a method for processing data messages in parallel using multiple processors (e.g., cores) of each computer. Each computer in some embodiments has a set of interfaces configured as tunnel endpoints connecting to multiple tunnels. In some embodiments, the multiple processors encrypt data messages according to a set of encryption parameters or multiple sets of encryption parameters that specify an encryption policy for data messages requiring encryption, an encryption algorithm, an encryption key, a destination network address, and an encryption-parameter-set identifier.

Abstract: A processing device sets a first flag that indicates whether a first critical security parameter (CSP) file exists. The first CSP file includes a first set of CSPs for a memory device. The processing device sets a second flag that indicates whether the first CSP file is valid. The processing device sets a third flag that indicates whether a second CSP file exists. The second CSP file includes a second set of CSPs for the memory device. The processing device sets a fourth flag that indicates whether the second critical security parameter file is valid. The processing device selects one of the first or second CSP file as an active CSP file based on an evaluation of the first, second, third, and fourth flags.

Abstract: A command to perform a data operation at a memory device is received. The command includes an encryption key tag. A first key table is accessed from local memory. The first key table includes a first set of key entries corresponding to a first set of encryption keys. The first key table is searched to determine whether it includes an entry corresponding to the encryption key tag. Based on determining the first key table does not include an entry corresponding to the tag, a second key table is accessed from RAM. The second key table includes a second set of key entries corresponding to a second set of encryption keys. A key entry corresponding to the encryption key tag is identified from the second key table. The key entry includes an encryption key corresponding to the encryption key tag. The command is processed using the encryption key.

Abstract: A unique hardware key is recorded a secure hardware environment. A first logic circuit of the secure hardware environment is configured to generate a unique derived key from said unique hardware key and at least one piece of information. The at least one piece of information relates to one or more of an execution context and a use of a secret key. The secure hardware environment further includes a first encryption device that performs a symmetric encryption of the secret key using the unique derived key. This symmetric encryption generates an encrypted secret key for use outside of the secure hardware environment.

Abstract: The present disclosure describes techniques for dynamically monitoring and collating data associated with an agricultural operation for the purpose of demonstrating compliance with an agricultural compliance plan (ACP). More specifically, a decentralized governance compliance (D-GRC) controller is described that is configured to generate a distributed ledger that dynamically processes compliance of individual actions associated with an ACP. The distributed ledger may be configured to track regulatory compliance associated with a cycle of agricultural activities associated with an agricultural product. Agricultural activities may include an inventory inspection of agricultural products, a facility inspection of a facility used for an agricultural operation, or vehicle inspection of vehicles used to transport agricultural products.

Abstract: Systems and methods for protection of data across multiple users and devices are disclosed. According to one embodiment, in privacy server comprising at least one computer processor, a method for protection of data across multiple users and devices may include: (1) receiving, from a first user device, a data sharing permission for the first user device and a data sharing permission for a second user device, the first user device and the second user device associated with the same user; (2) provisioning the data sharing permission for the second user device; and (3) communicating the provisioned data sharing permission to the second user device, wherein the second user device shares data with the first user device according to the provisioned data sharing permission.

Abstract: A processor includes a register to store an encoded pointer to a memory location in memory and the encoded pointer is to include an encrypted portion. The processor further includes circuitry to determine a first data encryption factor based on a first data access instruction, decode the encoded pointer to obtain a memory address of the memory location, use the memory address to access an encrypted first data element, and decrypt the encrypted first data element using a cryptographic algorithm with first inputs to generate a decrypted first data element. The first inputs include the first data encryption factor based on the first data access instruction and a second data encryption factor from the encoded pointer.

Abstract: Systems, methods, and computer-readable media for communications between applications in a mobile operating system. A first application may receive a request for data from a second application. The first application may generate a first URL to the second application, a parameter of the first URL comprising an identifier of the first application. A mobile operating system may access the first URL to open the second application. The second application may validate credentials for an account and initiate a server on a port. The second application may generate a second URL to the first application, a parameter of the second URL comprising the port. The operating system may access the second URL to open the first application. The first application may establish a connection with the server using the port specified in the second URL and receive data from the second application via the connection with the server.