Abstract: A method including encrypting, by a user device based at least in part on utilizing a symmetric key, a folder stored on the user device; encrypting, by the user device based at least in part on utilizing an assigned public key associated with the user device, the symmetric key to determine a single-encrypted symmetric key; encrypting, by the user device based at least in part on utilizing a trusted key specific to the user device, the single-encrypted symmetric key to determine a double-encrypted symmetric key; and storing, by user device, the double-encrypted symmetric key in an associated memory. Various other aspects and techniques are contemplated.

Abstract: A method for attestation of electronic components includes operating a system including the components. The components are configured for electronic communication with each other. A first electronic component provides plug-in hardware and/or configurable software. The method includes utilizing a second electronic component to perform attestation upon the first component using asymmetric key cryptography to verify authenticity. When using the asymmetric key cryptography successfully verifies the authenticity, the method includes selectively enabling one of power or data to the first component and communicating between the first component and the plurality of components to achieve tangible functions. When the cryptography fails to successfully verify the authenticity, the method includes selectively withholding one of power or data connection the first component.

Abstract: A system which includes a photon source configured to generate a spin-1 particle; an N-dimensional quantum random number generator (ND-QRNG); a processor; and a memory. The ND-QRNG includes a detector and an optical unit including: a preparation stage configured to enable certification via value indefiniteness; and a measurement stage configured to generate numbers and outcomes attained by measuring a state of a particle utilized to prepare an N-dimensional quantum system. The memory, includes instructions stored thereon, which, when executed by the processor cause the system to: generate a spin-1 particle; receive the spin-1 particle by the optical unit; generate by the optical unit a set of outcomes based on the state of the spin-1 particle; detect the set of outcomes; and output a sequence of N-ary numbers based on the detected set of outcomes.

Abstract: A method includes: receiving selection of a document; correlating sequences of words, in the document, with a set of language signals; generating a set of document tags representing the set of language signals; and retrieving a first data access policy: associated with a particular document tag in the set of document tags; and including a set of identities permitted to access a document associated with the particular document tag; receiving selection of a recipient account of the document; and in response to detecting the set of identities excluding the recipient account, restricting access to the document by the recipient account.

Abstract: It is hereby disclosed an apparatus for and a method of writing software objects into a rewritable nonvolatile memory of an electronic control unit of an internal combustion engine, wherein the method comprises: receiving an access request from a memory writing device, generating a seed code, transmitting the seed code to the memory writing device, generating a first key code on the basis of the seed code and a first identification code, generating a second key code on the basis of the seed code and a second identification code, receiving a reference key code from the memory writing device, comparing the reference key code with the first key code and/or with the second key code, and enabling the memory writing device to write software objects into the rewritable nonvolatile memory, if the reference key code corresponds to the first key code or to the second key code.

Abstract: A data management system (1) for securely managing data transactions comprises a computing system which incorporates, a public key distribution system, a trusted storage system which is in communication with the public key distribution system, the trusted storage system being configured to store a record for each respective party using the system, each record comprising a unique identifier and a public key for a respective party using the system. The system (1) comprises a verification system which is configured to check the identity of a party seeking to participate in a transaction involving an exchange of data. If the verification system is not able to verify the identity of the party seeking to participate in the transaction, the verification system prevents the transaction from being carried out.

Abstract: Some implementations of the technology relate to anonymizing personally identifiable information (PII) by creating a quick response (QR) code linked to a website that can verify that driver's license information and insurance information of a driver is available and valid, without showing the PII itself. Some implementations can allow another driver in an automobile accident to scan the QR code, enter her own insurance information, and can push the driver's PII to her insurance company. Some implementations can allow the other driver to download an encrypted file with the PII that can be shared with his insurance company. The QR code can be used in other contexts outside of automobile accidents as well, such as when a driver wishes to test drive a car, rent a car, buy a new car, etc., and needs to provide proof of a valid driver's license and insurance coverage.

Abstract: For a network including multiple computers acting as tunnel endpoints in a network, some embodiments provide a method for processing data messages in parallel using multiple processors (e.g., cores) of each computer. Each computer in some embodiments has a set of interfaces configured as tunnel endpoints connecting to multiple tunnels. In some embodiments, the multiple processors encrypt data messages according to a set of encryption parameters or multiple sets of encryption parameters that specify an encryption policy for data messages requiring encryption, an encryption algorithm, an encryption key, a destination network address, and an encryption-parameter-set identifier.

Abstract: Methods, systems, and devices for cryptographic key management are described. A memory device can issue, by a firmware component, a command to generate a first cryptographic key for encrypting or decrypting user data stored on a memory device. The memory device can generate, by a hardware component, the first cryptographic key based on the command. The memory device can encrypt, by the hardware component, the first cryptographic key using a second cryptographic key and an initialization vector. The memory device can store the encrypted first cryptographic key in a nonvolatile memory device separate from the hardware component.

Abstract: A system and method identifies activity data that is related to activity of a plurality of users of a gaming platform. The activity data is used by the gaming platform to perform a gaming process. The system and method identifies first data of the activity data based on a first characteristic. The first data is a subset of the activity data. The system and method determines a number of times that the first data of the activity data meets a first condition. The system and method responsive to determining that the number of times that the first data of the activity data meets the first condition satisfies a first threshold, modifies the activity data by removing the first data from the activity data. The system and method performs the gaming process using the modified activity data.

Abstract: A system and a method for protecting code are provided. Extraction of code to be protected takes place during an object-to-object transformation and that code is replaced with fake binary code. The extracted code to be protected may then be encrypted or otherwise obscured and stored in a separate region of an object file. A prior source-to-source file transformation can be provided to isolate and mark the code to be protected, and to inject additional source code to handle later decryption.

Abstract: The present invention provides an encrypting device including an encryption unit and a communications unit. Paired encrypting devices allow for communication of trusted data between trusted devices over an untrusted network. Data received by the encryption unit is encrypted and provided with a connectionless header for delivery to the communications unit. Data received by the communications units is provided with a complex header for delivery to the paired encrypting device. The encrypting devices may be implemented in hardware or may be virtualized on a server or a plurality of severs. Arrangement of the encrypting devices in a hub-and-spoke topology allows for communication amongst a plurality of trusted devices. The encrypting devices can be used to covert commercially available equipment suitable for high assurance environments.

Abstract: A server kernel processing system receives an input/output (I/O) request from a user mode computing environment. The I/O request is analyzed to determine whether it is a file open request. If so, target analysis logic determines whether the file open request is for a driver file or for a file within a protected volume that stores a driven whitelist file. If the file open request is for a file stored in a protected volume, the request is blocked. If the file open request is for a driver file, then the driver whitelist file is examined to determine whether the target driver is on the whitelist. If not, the file open request is also blocked.

Abstract: Systems, methods, and computer-readable media for communications between applications in a mobile operating system. A first application may receive a request for data from a second application. The first application may generate a first URL to the second application, a parameter of the first URL comprising an identifier of the first application. A mobile operating system may access the first URL to open the second application. The second application may validate credentials for an account and initiate a server on a port. The second application may generate a second URL to the first application, a parameter of the second URL comprising the port. The operating system may access the second URL to open the first application. The first application may establish a connection with the server using the port specified in the second URL and receive data from the second application via the connection with the server.

Abstract: A command to perform a data operation at a memory device is received. The command includes an encryption key tag. A first key table is accessed from local memory. The first key table includes a first set of key entries corresponding to a first set of encryption keys. The first key table is searched to determine whether it includes an entry corresponding to the encryption key tag. Based on determining the first key table does not include an entry corresponding to the tag, a second key table is accessed from RAM. The second key table includes a second set of key entries corresponding to a second set of encryption keys. A key entry corresponding to the encryption key tag is identified from the second key table. The key entry includes an encryption key corresponding to the encryption key tag. The command is processed using the encryption key.

Abstract: The present invention relates to a method of fusing at least two different candidate lists into a single candidate list, said at least two different candidate lists being generated by matching biometric data captured from an individual to be identified and biometric data enrolled from candidates to calculate match scores of candidates and ranking said match scores, the method comprising steps of: normalizing the match scores of the candidates of said at least two different candidate lists; ranking at least part of the candidates of said at least two different candidate lists in a single candidate list according to said normalized match scores to fuse said at least two different candidate lists; identifying at least one candidate belonging to multiple lists of said at least two different candidate lists; and raising said identified at least one candidate's rank in said single candidate list.

Abstract: Methods, systems, and apparatus for generating an encryption key. In one aspect, a method includes the generating and sending, by a first device, a stream of random challenges to other devices. Each other device proses, by a physically unclonable function (PUF) included in the device, the stream of random challenges twice to obtain pairs of responses and computes a first Bernoulli matrix vector. Each other device generates a first LPN instance using a pre-stored public matrix, a partial encryption key, and the first Bernoulli error matrix, and sends the first LPN instance to the first device. The first device computes a threshold number of the first LPN instances and an estimated combined error of PUFs included in the other devices. The first device generates an encryption key by recovering a summation of each partial encryption key encoded in the threshold number of first LPN instances.

Abstract: A distributed memory data repository of connected data centres. The network load balances by routing requests to different data centres for processing. The solution design provides a blue print to implement a distributed memory data repository based defense system across multiple nodes with dynamic fail-over capabilities. The defense system runs independently on a single node, exclusively leveraging memory for data storage and implementing a communication channel to interact with other nodes.

Abstract: An electronic device and a method for controlling thereof is provided. The electronic device includes a memory including a neural network model, a display, a communicator including circuitry, and a processor configured to identify, based on a user command to transmit a first image to an external device being input, whether private information of a user is included in the first image by inputting the first image in the neural network model, based on identifying that private information of the user is included in the first image, display a first user interface (UI) asking whether to process at least one private information based on the private information included in the first image, and based on a user command input through the first UI, process the first image and control the communicator to transmit the processed to the external device.

Abstract: A method for encryption that combines the steganographic method of concealing data inside a truly random string of bits with a cryptographic key that allows for the random distribution of this data, essentially creating a symmetrical cipher.