Abstract: A decryption-enabling device for decrypting a disk image of a computer device, comprising a processor, memory and a hardware connector for connecting to the hardware interface connection of the computer device. The decryption-enabling device is arranged to create using the processor a copy of the random-access memory of the computer device, analyse using the processor the copy of the random-access memory to extract one or more potential decryption keys, and store the one or more potential decryption keys in the memory.

Abstract: The present invention relates to a weight management method and system for neural network processing. The method includes two stages, i.e., off-chip encryption stage and on-chip decryption stage: encrypting trained neural network weight data in advance, inputting the encrypted weight into a neural network processor chip, and decrypting the weight in real time by a decryption unit inside the neural network processor chip to perform related neural network calculation. The method and system realizes the protection of weight data without affecting the normal operation of a neural network processor.

Abstract: An information processing system includes a first authentication terminal for authenticating a first user, a second authentication terminal for authenticating a second user, a device for authenticating the device, and an authentication server that performs authentication using a registered authentication function. The authentication server registers an authentication function of the first authentication terminal based on an operation of the first user. When authentication using the first authentication terminal is requested through the device, the authentication server authenticates the first user and registers an authentication function of the device. When registration of an authentication function of the second authentication terminal is requested through the device, the authentication server registers the authentication function when the authentication function of the device has been registered.

Abstract: An identity information processing method, a device, and a system, the method including obtaining, by a first network element, a first parameter, where the first parameter is associated with a domain to which a network slice belongs, and determining, by the first network element, according to the first parameter, whether the network slice is managed by an operator.

Abstract: Determining whether to allow access to a message is disclosed. A message is received from a sender. The message is associated with a first time-to-live (TTL) value. A determination is made that the first time-to-live value has not been exceeded. The determination is made at least in part by obtaining an external master clock time. In response to the determination, access is allowed to the message.

Abstract: A secure method and/or system allowing a user to import, export, recover and use their private keys based in part on the user's location information, to allow for reliable, consistent, and easy management of user identity and private keys across all of a user's devices and eliminate of traditional username/password authentication schemes.

Abstract: A communication system includes a mediation apparatus communicating with a device via a local network and an information processing apparatus communicating with the mediation apparatus through firewall. The information processing apparatus including a first control device. The mediation apparatus includes a second control device transmitting to the information processing apparatus through the firewall a first request for requesting transmission of a first command for the device, and a second request for requesting transmission of a second command for the mediation apparatus. In response to receiving the first command, the second controller transmits to the device via the local network a device command. In response to receiving the second command, the second controller performs a second-command dependent instruction. In response to receiving the first request and the second request, the first control device transmits respectively the first command and the second command to the mediation apparatus.

Abstract: Natural language processing is enhanced by linguistically extracting intelligence about a user. A history of user queries is analyzed by a natural language classifier to determine various user intents, and these intents are combined to form a user intent profile. The profile includes elements of sentiment, emotion and tone. The profile can be used in various ways including restricting access to documents in a collection, or refining a cognitive analysis of a query. For access restriction, a determination is made that the user intent is inconsistent with a document, and the user is denied access to the document. This determination involves a user intent score which is compared to a score of the document. For cognitive analysis, searching of reference documents is filtered by excluding documents based on the user intent. The searching includes a comparison of meta-data tags of the documents to the user intent.

Abstract: A computer program product, a computer-implemented method, and a computer system include a processor(s) that obtains side channel emanations from a device. The processor(s) analyzes the side channel emanations to identify distinct emanation patterns and timing characteristics, wherein the timing characteristics are associated with transitions between the distinct emanation patterns. The processor(s) generates a non-deterministic finite automaton (NFA) by correlating the distinct emanation patterns with states of the device, where the NFA captures states and state transitions of the device. The processor(s) identifies an anomaly in the device, based on deviation in emanations from the device.

Abstract: Techniques are provided for automated key management for accessing remote devices using single sign-on techniques. One method comprises maintaining a data record identifying target user devices that a given source user device is authorized to access; and initiating storage of a public key of the given source user device in a file of at least one target user device, wherein the given source user device accesses the at least one target user device using a secure remote connection protocol based on the public key of the given source user device stored in the file of the at least one target user device. The data record may further comprise a fingerprint of a key of the at least one target user device, and the method may further comprise comparing a fingerprint of the key returned by the at least one target user device to the fingerprint of the key obtained from the data record.

Abstract: A method executed by a dynamic session key acquisition (DSKA) engine residing in a virtual environment includes receiving session decryption information extraction instructions that configure the DSKA engine to obtain session decryption information for at least one communication session involving a virtual machine and obtaining the session decryption information from the virtual machine in accordance with the session decryption information extraction instructions. The session decryption information includes cryptographic keys utilized by an application server instance in the virtual machine to establish the at least one communication session. The session decryption information obtained from the virtual machine is stored and provided to a network traffic monitoring (NTM) agent. The NTM agent utilizes the session decryption information to decrypt copies of encrypted network traffic flows belonging to the at least one communication session involving the virtual machine.

Abstract: A system, method, and computer-readable medium are disclosed for performing a security operation.

Abstract: Techniques are presented herein for engagement and disengagement of Transport Layer Security proxy services with encrypted handshaking. In one embodiment, a first initial message of a first encrypted handshaking procedure for a first secure communication session between a first device and a second device is intercepted at a proxy device. The first initial message includes first key exchange information for encrypting the first encrypted handshaking procedure. A copy of the first initial message is stored at the proxy device. A second initial message of a second encrypted handshaking procedure for a second secure communication session between the proxy device and the second device is sent from the proxy device to the second device. The second initial message includes second key exchange information for encrypting the second encrypted handshaking procedure. The proxy device determines, based on the second encrypted handshaking procedure, whether to remain engaged or to disengage.

Abstract: A method for protected communication is provided. The method comprises defining master keys for different service domains within the scope of influence of a vehicle manufacturer generating a master key reference for the vehicle within the range of influence of the vehicle manufacturer, securely introducing one or more of the cryptographic keys derived from at least one of the defined master keys and the associated master key reference into the vehicle, and transmitting to an external server a message signed with one of the derived cryptographic keys, which is additionally provided with the master key reference and the current status of the vehicle. The method further comprises deriving the at least one cryptographic key in the external server from the master key identified by the master key reference depending on the key status of the vehicle, and checking the authenticity of the signed message with the derived cryptographic key.

Abstract: The disclosure provides a method, a device and a system for encrypting interactive data. In an aspect, the method includes: receiving a request for accessing a network from a terminal device, the request includes a device identifier of the terminal device; generating a random encryption code according to the device identifier; and feeding back the random encryption code to the terminal device so that the terminal device encrypts interactive data using the random encryption code after accessing the network. In another aspect, the method includes: transmitting a request for accessing a network to a gateway device, the request includes a device identifier of a terminal device; receiving a random encryption code fed back by the gateway device, the random encryption code is information for encrypting interactive data during the terminal device accessing the network; and encrypting interactive data with the random encryption code.

Abstract: A digital computing device controlling the access to encrypted digital information includes a control unit, peripheral devices connected to the control unit, a hard disk connected to the control unit storing the digital data, and a data encryption key configured for encrypting the digital data. The control unit is configured to detect the peripheral devices, read identification information from the peripheral devices that denotes the respective peripheral device, generate for the peripheral devices a respective key encryption key on the basis of the read identification information, initially store at least one encrypted data encryption key that is generated by encrypting the data encryption key using the respective key encryption key, in a memory area of the hard disk, and after the initial storage determine the data encryption key by decrypting the encrypted data encryption key using the respective key encryption key derived from the respective identification information.

Abstract: A system and method that utilize an encryption engine endpoint to encrypt data in a data storage system are disclosed. In the system and method, the client controls the encryption keys utilized to encrypt and decrypt data such that the encryption keys are not stored together with the encrypted data. Therefore, once data is encrypted, neither the host of the data storage system, nor the encryption engine endpoint have access to the encryption keys required to decrypt the data, which increases the security of the encrypted data in the event of, for example, the data storage system being accessed by an unauthorized party.

Abstract: The disclosed embodiments are related to securely updating a semiconductor device and in particular to a key management system. In one embodiment, a method is disclosed comprising storing a plurality of activation codes, each of the activation codes associated with a respective unique identifier (UID) of semiconductor device; receiving, over a network, a request to generate a new storage root key (SRK), the request including a response code and a requested UID; identifying a selected activation code from the plurality of activation codes based on the requested UID; generating the SHRSRK value using the response code and the selected activation code; associating the SHRSRK value with the requested UID and storing the SHRSRK value; and returning an acknowledgement in response to the request.

Abstract: A biometric data processing method implemented by a proof entity and a verification entity that are connected. The proof entity has a candidate biometric data, a reference biometric data, cryptographic footprints of the reference biometric data, and the candidate biometric data. The verification entity has a set of cryptographic footprints of reference biometric data of authorized users. The method includes generating the proof entity of a zero-knowledge proof of the fact that the candidate biometric data and the reference biometric data match. Transmitting to the verification entity the zero-knowledge proof of the cryptographic footprints of the candidate biometric data and the reference biometric data. Verifying that the zero-knowledge proof is valid, and the received cryptographic footprint of the reference biometric data belongs to the set of cryptographic footprints of reference biometric data in the possession of the verification entity.

Abstract: In some examples, a device includes a memory, a processor, and a controller separate from the processor to derive a security credential based on information comprising a key accessible by the controller. The controller communicates the derived security credential in a secure manner to a program code executable on the processor, and uses the derived security credential to protect data stored in the memory against unauthorized access.