Abstract: A subset of data encryption keys are stored in plain text form in system memory of an information handling system. A master key and another subset of the data encryption keys are stored in a credential vault of the information handling system. The credential vault forms part of an out-of-band management platform and is protected by an AES key. A request is received for a data encryption key to decrypt a unit of data backed up to backup storage of the information handling system, the unit of data having been encrypted by the data encryption key, and the data encryption key having been encrypted by the master key and stored at the backup storage as an encrypted data encryption key. One or more locations are checked for the data encryption key. The one or more locations include the system memory, credential vault, and backup storage.

Abstract: A method is provided for generating a key ladder for securely communicating between a first device and a second device using a first device symmetric key and a chip-unique private key. The method includes generating a second processor-specific first device symmetric key from a first processor-specific first device symmetric key and a first identifier (CPU_ID), generating a chip-unique first device application private key (CUAPrK) from a second identifier and the second processor-specific first device symmetric key, generating a chip-unique first device application public key (CUAPuK) from the chip-unique first device application private key (CUAPrK), and transmitting the chip-unique first device application public key (CUAPuK) and an identifier of the processor to the second device.

Abstract: The invention relates to the field of software management and is intended to invent a blockchain-based software version data management system and an establishing method thereof. The system mainly comprises a data acquisition module, a data transmission module and a data consensus module, wherein the data acquisition module involves data generation, data splicing, and data encapsulation, and provides functions such as acquisition of software version data and structural processing function; the data transmission module involves data communication, data parsing and data forwarding and provides a transmission function for the software version data; the data consensus module involves block synchronization, data verification and consensus mechanism and provides reliability test for the software version data, system new block generation and node data synchronization.

Abstract: A method of securely replacing a first data value with a second data value and related systems are disclosed. The method includes generating a first public key and a first private key, generating a cryptographic seed value, and passing the cryptographic seed value through an elliptic curve to generate a second public key and a second private key. The method further includes combining the first public key with the second private key using public key cryptography to create a shared encryption key and passing the shared encryption key through a symmetric algorithm to encrypt the cryptographic seed value.

Abstract: A method and device for protecting encrypted data are disclosed. In an embodiment an integrated circuit includes a secure module including a first register containing a first mask and a second register containing masked data, the first mask and the masked data forming a secret key and a processor configured to generate a second mask and mask the secret key with the second mask when the secret key is not used for an encryption operation and during reception of a validation signal, wherein the first and second registers are disposed in the secure module so that the outputs of the registers are not simultaneously optically viewable.

Abstract: A security device to support secure communication via a field bus, has a connecting apparatus for the direct coupling of the security device to a network interface of a field bus subscriber, which is formed for connecting to a field bus and which is not formed for secure communication via the field bus. In the coupled state, there is a link between the security device and the field bus subscriber such that, if the link is disconnected or damaged, proper operation of the security device is reversibly or irreversibly blocked. Further, a transmitting and receiving apparatus is provided which is formed to securely transfer data coming from a directly coupled field bus participant, which is not formed for secure communication, via the field bus according to a predetermined security protocol, and which is further formed to receive data transferred via the field bus and intended for the field bus participant according to the predetermined security protocol and to deliver them to the field bus participant.

Abstract: A method, system, and digital recording medium provides for convenient and trustworthy user authentication with a computing device combining four authentication factors through use of a remote authentication system (RAS). An identity token (Device-ID) cryptographically bound to the user's computing device is generated as a first authentication factor. A password known only to the user is a second factor. Cryptographic signatures generated from the user's biometric minutiae is a third factor. A random challenge received from the RAS is a fourth factor.

Abstract: A source device being associated with an account uses playback of a media content item to cause a target device to become associated with the account. The target device enters an association mode and records a portion of the playing content. The target device provides the recording to a server that identifies the song (e.g., using a music fingerprint service) and uses the identification of the song to find the account that caused playback of the identified song. With the account identified, the server provides credentials of the account to target system. The target device accesses content or services using the account. As confirmation of receiving the credentials, the server causes playback of the content to transition to from the source device to the target device.

Abstract: In an example, a logic circuitry package is configured to communicate with a print apparatus logic circuit. The logic circuitry package may be configured to respond to communications sent to a first address and to at least one second address. The logic circuitry package may comprise a first logic circuit, wherein the first address is an address for the first logic circuit. The package may be configured such that, in response to a first command indicative of a task and a first time period sent to the first address, the package is accessible via at least one second address for a duration of the time period.

Abstract: The present disclosure relates to an integrated circuit and a method of using the integrated circuit used to perform authentication using a challenge-response method. The challenge-response method includes an internal challenge generator, a physically unclonable function (PUF) block, and a response generator. The internal challenge generator is configured to receive a challenge, generate a plurality of internal challenges corresponding to the challenge, and generate at least one valid internal challenge among the plurality of internal challenges using screen information. The physically unclonable function (PUF) block is configured to generate a plurality of valid internal responses respectively changing according to the plurality of valid internal challenges. The response generator is configured to output a response generated using the plurality of valid internal responses.

Abstract: An information processing device includes a memory; and a processor coupled to the memory and configured to identify a location where a user is present, when the user accesses a resource by using a remote desktop connection, set access authority of the user over the resource to an allowed state or a prohibited state in accordance with whether or not the location is within an allowed region in which access to the resource is allowed, when it is determined that the location is out of the allowed region while the user is accessing the resource by using the remote desktop connection, start measurement of time without setting the access authority of the user over the resource to a prohibited state, and when it is determined that a predetermined time has elapsed after the measurement is started, terminate the remote desktop connection.

Abstract: A method encrypts, using an encryption circuit, a first data value having a number n of first binary words, each word having a number m of bits. The encrypting includes generating a second data value having a same number n of second binary words of m bits each and outputting a result of the encryption. The number n is an integer greater than or equal to 3, m and n do not have a common integer division, and n or m is even. A second binary word of the second data value having a rank i is equal to a sum of: a first binary word having a same rank i; and a product of: a complement of a first binary word having rank ((i+1)modulo n), shifted by a first number of bit positions; and a first binary word having rank ((i+2)modulo n), shifted by a second number of bit positions.

Abstract: A technique for ciphering source data (306) into target data (308) is described. As to a method aspect of the technique, a level (302) of ciphering is determined for the source data (306). A key sequence (304) is generated depending on the determined level (302) of ciphering. The source data (306) and the key sequence (304) are combined resulting in the target data (308).

Abstract: The present invention relates to an encrypting/decrypting method for a multi-digit number and an encrypting/decrypting server.

Abstract: A circuit for data encryption is provided. The circuit includes an encryption controller configured to randomly generate a frequency parameter defining different timeframes corresponding to different frequencies. The circuit also includes a random-clock-signal generator configured to receive the frequency parameter to synthesize an encryption clock signal based on a base clock signal. The encryption clock signal includes a random combination of different clock frequencies respectively over multiple different timeframes. Additionally, the circuit includes an encryption sub-circuit configured to receive plain data and to encrypt the plain data by a sampling replacement driven by the encryption clock signal to obtain encrypted data.

Abstract: A computing system includes persistent storage configured to store a plurality of software applications and a distribution application configured to perform operations. The operations include obtaining a first cryptographic key of a pair of asymmetric cryptographic keys, where a second cryptographic key of the pair is stored by an on-premises computational instance, obtaining a selection of a software application from the plurality of software applications for installation, and obtaining an identifier associated with the on-premises computational instance. The operations additionally include encrypting the software application by way of a symmetric encryption algorithm and using a third cryptographic key, and encrypting the third cryptographic key by way of an asymmetric encryption algorithm and using the first cryptographic key.

Abstract: A system and a method for protecting code are provided. Extraction of code to be protected takes place during an object-to-object transformation and that code is replaced with fake binary code. The extracted code to be protected may then be encrypted or otherwise obscured and stored in a separate region of an object file. A prior source-to-source file transformation can be provided to isolate and mark the code to be protected, and to inject additional source code to handle later decryption.

Abstract: A secure computation device obtains a first concealed verification value [z]i=[w??]i with secure computation by using concealed authentication information [w]i which is preliminarily stored and concealed authentication information [?]i which is inputted, obtains a concealed extension field random number [rm]i?[F?] which is a secret sharing value of an extension field random number rm, obtains a second concealed verification value [ym]i in which ym is concealed with secure computation by using the first concealed verification value [z]i, and obtains a third concealed verification value [rmym]i with secure computation by using the concealed extension field random number [rm]i and the second concealed verification value [ym]i and outputs the third concealed verification value [rmym]i.

Abstract: A distributed memory data repository of connected data centres. The network load balances by routing requests to different data centres for processing. The solution design provides a blue print to implement a distributed memory data repository based defense system across multiple nodes with dynamic fail-over capabilities. The defense system runs independently on a single node, exclusively leveraging memory for data storage and implementing a communication channel to interact with other nodes.

Abstract: In a client server environment a method of securely storing data; said method comprising generating a data element at a second location; transmitting the data element to a first location separate and remote from the second location; encrypting the data element at the first location thereby to form an encrypted data element; transmitting the encrypted data element to the second location separate and remote from the first location and storing the encrypted data element at the second location; and wherein the second location is constituted as a client device.