Abstract: An apparatus for masking power consumption associated with one or more operations of a logic circuitry of a processor. The apparatus comprises power-complementing circuitry configured to provide a second power consumption to directly power-complementing the power consumption associated with the one or more operations of the logic circuitry. The second power consumption complements the power consumption associated with the one or more operations of the logic circuitry. The apparatus further comprises header circuitry configured to enable a common node to vary in voltage corresponding to the one or more operations of the logic circuitry. The power-complementing circuitry and the header circuitry are each coupled to the logic circuitry at the common node.

Abstract: The present disclosure provides a method, apparatus, node, signature device and system for generating block of blockchain. The method for generating the blockchain block is applied to a first node in a blockchain network and includes: generating an original block according to a blockchain protocol; performing a digital signature operation on the original block to generate a signature block; and broadcasting the signature block in the blockchain network. By adoption of the method, a block generator of the block in the blockchain network may be confirmed via the digital signature thereof, and verifiable information is provided for the security of the blockchain network.

Abstract: In some embodiments, systems, methods, and devices disclosed herein enable trusted sharing of private data and/or transactions via a distributed ledger, while maintaining data consistency properties. Some embodiments provide and utilize one or more independent and/or dependent channels. In particular, in some embodiments, one or more independent and/or dependent channels can exist on a single distributed ledger, wherein participants or nodes that are members of a particular channel can view and access the information in a given network transaction. To other participants or nodes not on the particular channel, however, only an encrypted or redacted version of the information can be viewable, thereby not disclosing the transaction information to such participants or nodes. In some embodiments, consistency properties may be preserved even in the presence of selective sharing of transaction information with proofs of validity.

Abstract: Network attack defense includes: obtaining a set of one or more statistical attributes for a protected site by gathering statistics for a set of one or more site attributes of the protected site, the site attributes indicating an operation mode of the protected site; determining, based on the set of one or more statistical attributes, that the protected site is to transition from a current operation mode to a target operation mode, wherein the current operation mode has a current defense strategy different from a target defense strategy of the target operation mode; and if the protected site is to transition from the current operation mode to the target operation mode, transitioning from the current operation mode to the target operation mode and applying the target defense strategy for the protected site instead of the current operation mode.

Abstract: A data transmitting apparatus include a measurement control unit to measure an amount relating to biological information; an encryption key generation control unit to generate, as an encryption key, information calculated from first shared information and second shared information that is shared with a receiving apparatus; an encryption control unit to encrypt the biological information with the encryption key and generate encryption data; a packet generation control unit to generate a one-way transmission packet that includes the first shared information and the encryption data; and a transmitter to transmit the packet.

Abstract: The systems and methods of a blockchain platform for distributed applications includes flexibility to implement a variety of client systems with a token usage and distributed computing based on separation of roles for a miner and a blobber. The message flow model between different parties including a client, a blobber and a miner allows for fast transactions on a lightweight blockchain by lightening the load on a mining network, i.e. a network of one or more miners. Offloading the work to a different group of machines allows for greater specialization in the design and specifications of the machines, allowing for the blockchain platform miners to be optimized for fast transaction handling and blockchain platform blobbers to be efficient at handling data for given transaction types.

Abstract: A streaming one time Pad cipher using rotating ports for data encryption uses a One Time Pad (OTP) to establish multiple secure point-to-point connections. This can be used to implement a streaming OTP point-to-point firewall, virtual private network or other communications facility for communicating secure information across one or more insecure networks.

Abstract: A cybersecurity server receives an executable file to be classified. A call graph of the executable file is generated. Functions of the executable file are represented as vertices in the call graph, and a vertex value is generated for each vertex. The vertex values are arranged in traversal order of the call graph to generate a call graph pattern. A digest of the call graph pattern is calculated and compared to one or more malicious digests.

Abstract: A system and method of security assessment of a network is described. The system may include one or more security assessment computers controlled by a security assessor, and connected to a network, and first executable program code for acting as an agent on a first end device on the network. The first executable program code is configured to be executed by a browser application of the first end device, and is configured to collect software information, hardware information, and/or vulnerability information of the first end device and transmit the same to a first security assessment computer of the one or more security assessment computers. The information may be transmitted as part of a domain name server (DNS) request. The DNS request may include information identifying the first end device to thus allow modification of the first end device in response to analysis of the collected information.

Abstract: Achieving certificate pinning security in reduced trust networks. A client establishes a first communications channel with a server only upon verifying that a first certificate offered by the server is certified by a pinned certificate. The client receives a second certificate from the server over the first communications channel. The server and the client establish second communications channels with an untrusted computer system. The client sends a request towards the server via the second communications channels, and the request is received by the server. The server generates a response comprising a payload, a timestamp, a URI portion, and a signature that is generated using the second certificate, and sends the response via the second communications channels. The client receives the response and uses the second certificate to verify that the response is authentic and that the timestamp and URI portion are valid. The client then processes the payload.

Abstract: A method for initiating a login of a user into a system, the login being passed by inputting a username into a username field, inputting a password into a password field, and verifying whether the inputted username is stored by the system and whether the inputted password is a stored password corresponding to the inputted username. The method can include the system requiring during inputting character by character of the username and/or the password in addition waiting a predefined delay and/or inputting at least one character at at least one position within a character sequence of the username and/or the password, respectively, wherein the at least one character differs from the character of the username at the at least one position when inputting the username and/or differs from the character of the password at the at least one position when inputting the password.

Abstract: A method for sharing read access to a document stored on memory hardware. The method includes receiving a shared read access command from a sharor sharing read access to a sharee for a document stored on memory hardware in communication with the data processing hardware, and receiving a shared read access request from the sharee. The shared read access command includes an encrypted value and a first cryptographic share value based on a write key, a read key, a document identifier, and a sharee identifier. The method also includes multiplying the first and second cryptographic share values to determine a cryptographic read access value. The cryptographic read access value authorizes read access to the sharee for the document. The method also includes storing a read access token for the sharee including the cryptographic read access value and the encrypted value in a user read set of the memory hardware.

Abstract: A method for IP traceback is provided comprising receiving a traceback request including the identity of a traceback-deployed autonomous system closest to the destination node in a network routing path, recursively querying a traceback server associated with the traceback-deployed autonomous system to receive the identity of a preceding traceback-deployed autonomous system in the network routing path, and determining the network routing path based on the received identities of traceback-deployed autonomous systems. Additionally, authentication for traceback request is achieved using token delivery, wherein token is fragmented and marking of a packet is performed when a field on the packet matches at least one token fragment.

Abstract: The disclosed embodiments generally relate to detecting malware through detection of micro-architectural changes (morphing events) when executing a code at a hardware level (e.g., CPU). An exemplary embodiment relates to a computer system having: a memory circuitry comprising an executable code; a central processing unit (CPU) in communication with the memory circuitry and configured to execute the code; a performance monitoring unit (PMU) associated with the CPU, the PMU configured to detect and count one or more morphing events associated with execution of the code and to determine if the counted number of morphine events exceed a threshold value; and a co-processor configured to initiate a memory scan of the memory circuitry to identify a malware in the code.

Abstract: A method for delegating access rights to a secured object includes generating a first-order data packet in a trusted central management device. The data packet contains a first identifier, a first data set having access rights to a secured device and a first data secret key for encryption and signature. A second-order data packet is signed via the first data secret key and is created in the first mobile communication device and contains a unique identifier, reference data, a second data set having access rights, a second data secret key for encryption and a first data container. The first data container is encrypted via the first data secret key and contains the first identifier and the second data secret key. The signed second-order data packet is transmitted to a second mobile communication device of a second user.

Abstract: System and methods are disclosed that enable data sharing across networks, including peer-to-peer sharing of content over wireless networks using peer mobile devices. A database may store content associated with a first peer mobile device. A request from a requester peer mobile device for content associated with a user of the first peer mobile device may be received at a server. The encrypted request is transmitted by the server to the first peer mobile device which may decrypt the request. An authorization token may be transmitted by the first peer mobile device to the server which may then enable the requesting peer mobile device to access the requested content, which may be accessed from the first peer mobile device and/or a cloud storage system.

Abstract: A method for anonymized storage of personal data and a method for managing access to the data. The anonymization of data is achieved by making independent, thanks to the use of a blockchain, the identifiers of the data sources and the users on the one hand, and the personal data on the other hand. The personal data are stored at addresses indexed by their hashed values in a first database and the identifiers are stored with their corresponding access profiles in a second database. The link between these two independent databases is ensured by cryptographic elements recorded in the ledger of the blockchain.

Abstract: Embodiments of the present disclosure relate to anti-tamper computer systems, in particular to methods and systems which can embed protection code into software. Among other things, the protection code helps prevent (and make it more costly) to reverse engineer to tamper with the protected software with malicious intent, such as, but not restricted to: the removal of a license protection mechanism; the removal of code displaying advertisements; the injection of a malicious thread into the program memory space; illicit usage; or any other kind of unauthorized modification of the software.

Abstract: A digital rights management system and a digital rights management method are provided. The digital rights management system includes an authority management module, a user confirmation module and an authority blockchain. The authority management module is configured for: receiving a user authority information corresponding to a user end from a service providing; sending user authority information to the user confirmation module; receiving an identification code corresponding to the user authority information from the user confirmation module; and sending and storing the user authority information and the identification code into the authority blockchain. Therefore, the authority management module, the user confirmation module and the authority blockchain manage and protect digital rights.

Abstract: Provided is a block generation method in blockchain-based system. The block generation method comprises calculating, by a first blockchain node among the plurality of blockchain nodes, a first node score, propagating, by the first blockchain node, the first node score to the plurality of blockchain nodes, receiving, by the first blockchain node, a delegation of a block generation authority from a second blockchain node among the plurality of blockchain nodes, the second blockchain node having received the first node score and initiating, by the first blockchain node, generation of a new block based on a determination that a block generation node condition, that is based on the block generation authority, has been satisfied.