Abstract: An encryption device for generating an electronic signature for security includes a random number generation module configured to generate at least one random number, a random number adjusting module configured to generate a one-time random number satisfying a random number condition in an elliptic curve cryptography-based digital signature algorithm (ECDSA) by adjusting the at least one random number; and an electronic signature generation module configured to generate the electronic signature using the one-time random number based on the ECDSA.

Abstract: A semiconductor memory device includes a memory core including a plurality of memory cells, an on-chip processor and a memory security controller. The on-chip processor performs on-chip data processing. The memory security controller decrypts encrypted data provided from the memory core or from a memory controller and to provide the decrypted data to the on-chip processor and encrypts result data from the on-chip processor to provide result-encrypted data to the memory core or the memory controller. Data processing efficiency may be enhanced without degradation of data security by decrypting the encrypted data in the semiconductor memory device to perform the on-chip data processing.

Abstract: Technology is disclosed herein for a timestamped license data structure. In at least one implementation, program instructions stored on one or more computer readable storage media, when executed by a processing system, direct the processing system to at least, responsive to a launch of an application, obtain a license file for the application, the license file comprising a license data structure comprising: a user license; a licensing service signature; a licensing service public key; and a trusted timestamp package. The processing system is also directed to analyze the license data structure using the trusted timestamp package to determine if the licensing service public key was valid when the user license was signed by the licensing service signature if the licensing service public key is invalid. If the licensing service public key was valid when the user license was signed by the licensing service signature: enable features of the application.

Abstract: Disclosed are a robust and reliable edge storage method for the Internet of Things and a system therefor. A data owner server splits and encrypts raw data into an encrypted data segment, sets a trusted data access control policy and sends it to a third-party proxy server, and sends the encrypted data segment and the trusted data access control policy to a processing server; the processing server stores the encrypted data segment based on a totally local reconstruction code scheme, and forwards the request sent by a data requester server to the third-party proxy server; the third-party proxy server determines whether the data requester server that sends the request is trustable according to the trusted data access control policy, if it is trusted, then sends decrypted information to the data requester server through the processing server; the data requester server decrypts the encrypted data segment according to the decrypted information to obtain the raw data.

Abstract: A system and a method are provided for a parameter update. In an embodiment, the method includes obtaining, by a first entity, a function and parameter data from a second entity; selecting data samples provided by the first entities; providing a plurality of mutually isolated computing instances; assigning and providing the selected data samples to the computing instances; calculating, within each computing instance, results of the function; calculating averages over the results; determining whether the function fulfils a security criterion, and, if so: providing the calculated average for the gradient of the loss function and/or the calculated average of the output value and/or updated parameter data to the second entity.

Abstract: A method for automatically encrypting files is disclosed. In some cases, the method may be performed by computer hardware comprising one or more processors. The method can include detecting access to a first file, which may be stored in a primary storage system. Further, the method can include determining whether the access comprises a write access. In response to determining that the access comprises a write access, the method can include accessing file metadata associated with the first file and accessing a set of encryption rules. In addition, the method can include determining whether the file metadata satisfies the set of encryption rules. In response to determining that the file metadata satisfies the set of encryption rules, the method can include encrypting the first file to obtain a first encrypted file and modifying an extension of the first encrypted file to include an encryption extension.

Abstract: Methods, systems, and computer-readable storage media for receiving, by an intermediate system from a web browser, a request to access a target system, in response to the request, transmitting, by the intermediate system, a request for a reentrance ticket to a target system, the request for a reentrance ticket including user credentials, and transmitting, by the intermediate system, the reentrance ticket to the web browser, the web browser transmitting a request for a security session to the target system, and executing one or more calls to the target system during the security session.

Abstract: Systems and methods are provided for determining an access request provided by an entity that seeks to interact with one or more backend systems through a middleware system, the access request including a genuine access token. The entity can be authenticated based on the genuine access token. When a client request is made to the middleware system with a genuine access token, the request can be made through a smart ingress and egress proxy which intercepts the request and replaces the genuine access token with an invalid access token. The middleware system can subsequently make authorized requests to downstream systems on behalf of the middleware system's client by treating the smart proxy as an egress proxy for those subsequent requests, and the smart proxy replaces the invalid access token with a genuine one.

Abstract: A risk assessment platform receives an indication of a first user authentication event associated with a user's attempt to access a first protected resource, and collects first user and device attributes associated with a first authentication process applied to the user and the user's device. The risk assessment platform receives an indication of a second user authentication event associated with the user's attempt to access a second protected resource, and collects second user and device attributes associated with a second authentication process applied to the user and the user's device. The risk assessment platform determines a level of risk of identity fraud associated with the user based on the first and second user and device attributes, and grants or denies the user access to the second protected resource based on the determined level of risk of identity fraud associated with the user.

Abstract: In one embodiment, data at rest is securely stored. A data safe performing data plane processing operations in response to requests of received read data requests, received write data requests, and received read information responses, with the data safe being immutable to processing-related modifications resulting from said performing data plane processing operations. In one embodiment, performing these data plane processing operations does not expose any pilot keys outside the data safe in clear form nor in encrypted form. The pilot keys are used to encrypt information that is subsequently stored in a storage system. One embodiment uses pilot keys to encrypt data that is subsequently stored in a storage system. One embodiment uses data cryptographic keys to encrypt data, uses the pilot keys to cryptographically-wrap (encrypt) the data cryptographic keys, and stores the cryptographically wrapped data keys and encrypted data in a storage system.

Abstract: A computer-implemented method of detecting an email spoofing and spear phishing attack may comprise generating a contact model of a sender of emails; determining, by a hardware processor, a statistical dispersion of the generated contact model that is indicative of a spread of a distribution of data in the generated model and receiving, over a computer network, an email from the sender.

Abstract: The present disclosure relates to a method for processing queries in a database system having a first database engine and a second database engine. The method includes: encrypting at least one predefined column of a first instance of a first table, resulting in a second instance of the first table containing at least part of the data of the first table in encrypted format. It may be determined whether to execute a received query in the first database engine on the first instance of the first table or in the second database engine on the second instance of the first table, where the determination involves a comparison of the query with encryption information.

Abstract: A second device seeking to access a network can be detected using a first device communicatively coupled to the network. Responsive to detecting the second device seeking to access the network, the first device can be caused to communicatively uncouple from the network and whether the second device poses a risk of corrupting the network's intended functioning if the second device accesses the network can be determined by the first device.

Abstract: One or more networks each include a plurality of sensor nodes operable to communicate public data with each other. Each of the plurality of sensor nodes is operable to gather sensor node data and store the sensor node data locally on the sensor node. Duplicate portions of the sensor node data are distributed to the public data of others of the plurality of sensor nodes via the public data paths for backup storage. The system includes a host that is coupled to individually communicate private data with each of the plurality of sensor nodes. Each of the sensor nodes protects the private data from others of the sensor nodes using distributed key management to ensure distributed encryption.

Abstract: A method includes: a supervisor writes a digital certificate and a corresponding first public key into an intelligent contract of a blockchain corresponding to an asset type to be supervised, so that all institutions with asset accounts under the asset type can obtain the first public key of the supervisor through the digital certificate, so as to generate an additive homomorphic key for homomorphic encryption of the balance of an asset account; when checking the balance of a new account of a transactor, the supervisor obtains a public key in a public-private key pair corresponding to the new account, generates an additive homomorphic key based on a supervision private key corresponding to the supervisor and a predetermined key exchange protocol and the public key in the public-private key pair according to the key exchange protocol, and decrypts the encrypted balance of the new account, using the generated additive homomorphic key.

Abstract: A method for outsourcing exponentiation in a private group includes executing a query instruction to retrieve a query element stored on an untrusted server by selecting a prime factorization of two or more prime numbers of a modulus associated with the query element stored on the server, obtaining a group element configured to generate a respective one of the prime numbers, generating a series of base values using the prime factorization and the group element, and transmitting the series of base values from the client device to the server. The server is configured to determine an exponentiation of the group element with an exponent stored on the server using the series of base values. The method also includes receiving a result from the server based on the exponentiation of the group element with the exponent.

Abstract: An enterprise security system is improved by managing network flows based on an application type. When a network message having an unknown application type is received at a gateway, firewall, or other network device/service from an endpoint, the endpoint that originated the network message may be queried for identifying information for the source of the network message and the application type may be determined, or the endpoint may periodically communicate application type information to the network device in a heartbeat or other periodic communication or the like. The network message may be managed along with other network traffic according to the application type.

Abstract: A computer-implemented method includes: retrieving a plurality of blocks from a blockchain node of a blockchain network. The plurality of blocks are encoded using error correction coding (ECC) as encoded blocks. For each encoded block: The encoded block is divided into a plurality of datasets. Hash values of the plurality of datasets are calculated. A request that includes at least one of the plurality of datasets, the hash values, and a data storage scheme that provides assignments of the plurality of datasets to the plurality of blockchain nodes is sent to each of the plurality of blockchain nodes of the blockchain network. Responses for accepting the request is received from at least a number of blockchain nodes that equals a number of the one or more datasets of information bits. Each of the plurality of blockchain nodes is sent a notification for adopting the data storage scheme.

Abstract: An electronic device includes a power button, a fingerprint sensor, and a controller. The fingerprint sensor is integrated into the power button. The controller connects to the fingerprint sensor and the power button. The controller performs a booting process of the electronic device when the power button is pushed by an external object. The controller then compares the fingerprint pattern of the external object sensed by the fingerprint sensor with a previously stored fingerprint pattern. If the fingerprint pattern does not match the previously stored fingerprint pattern, the controller stops the booting process.

Abstract: A method of detecting and responding to anomalous activity within a system involves, based upon pivot feature information, for a snapshot interval, generating a frequency structure interrelating a pivot feature, a binning feature and counts, using the frequency structure, generating a graphical image of a pre-specified width and height in pixels, and wherein the pre-specified width corresponds to a cyclical repeating interval made up of multiple bins, the graphical image having been generated such that a bin of the multiple bins, is the bin having a highest count, and the bin is scaled to the pre-specified height, and counts of all other bins in the interval are scaled relative to that highest count, graphically comparing the generated graphical image to an immediately preceding graphical image for similarity, and if a result of the comparison fails to satisfy a pre-specified similarity threshold, automatically triggering an appropriate anomaly detection-based follow-on action.