Abstract: Example systems and methods for a node of a blockchain are disclosed. The node may receive a request message for placing an entry on the blockchain, the message including; a request specification including an action and identity of a party subject to the action, an indicator that the entry was authorized by a trusted entity, and a plurality of cryptographic verification codes generated by a plurality of trust verifiers, each cryptographic verification code including an encoded action-payload from the trusted entity and cryptographically signed by one of the trust verifiers. The node may apply a public encryption key of each trust verifier to its cryptographic verification code to decrypt an encoded action-payload, and then verify that at least a threshold, number of the decrypted corresponding encoded action-payloads are identical. The node may then submit the entity for processing to be added to the blockchain responsive to at least the verification.

Abstract: An apparatus includes a processing device, communications hardware configured to enable wireless communication by the apparatus, and a universal integrated circuit card (UICC). The UICC stores a decentralized electronic subscriber identity module (dSIM) that hosts a decentralized access application that is configured to exchange information with a decentralized mobile network core utilizing the communications hardware to perform an asymmetric authentication session.

Abstract: The disclosure relates to the field of computer security. Provided are a method for implementing a firmware root-of-trust, and an apparatus, a device, and a readable storage-medium thereof. The method includes: setting a storage-medium for storing state-data of the firmware root-of-trust; integrating a processing-logic of an instruction of the firmware root-of-trust into a system-firmware; initializing the firmware root-of-trust, according to the state-data of the firmware root-of-trust and a startup-command of the firmware root-of-trust; creating a node of a device-tree for the firmware root-of-trust, for an operating-system to load a driver-program corresponding to the firmware root-of-trust; and registering an instruction-interface of the firmware root-of-trust into an interface-list.

Abstract: A method including determining, by a first device, an assigned key pair including an assigned public key and an assigned private key; determining, by the first device for a folder associated with encrypted content, a folder access public key and a folder access private key; determining, by the first device for a group, a group access public key and a group access private key; encrypting, by the first device, the folder access private key by utilizing the assigned public key; encrypting, by the first device, the folder access private key by utilizing the group access public key; and accessing, by a second device, the folder based on decrypting the folder access private key by utilizing the group access private key or based on decrypting the folder access private key by utilizing the assigned private key, the first device being different than the second device. Other aspects are contemplated.

Abstract: Compiling a compression function of a lattice-based cryptographic mechanism by (i) basing the compression function on a lossy compression function, (ii) determining an error based on a loss introduced by an integer division, and (iii) determining an output of the compression function based on the error.

Abstract: A live media streaming architecture with real-time live watermarking wherein watermarks are added at a frame or subframe level. The architecture can use a UDP/WebRTC architecture, without requiring a content delivery network, which is not dependent on transmitting media by segments, thus allowing insertion of the watermark at a frame or subframe level. By inserting watermarks at a frame or subframe level, latency is minimized for media delivery to under 500 milliseconds (ms) and for extraction to about five to fifteen seconds.

Abstract: A method that automatically generates blacklists for a sandbox application. The method first obtains a set of disassembled operating system (OS) dynamic-link libraries (DLLs) and then identifies application programming interfaces (API) functions that have respective kernel interruptions. The identified API functions that have kernel instructions are saved to an interrupt list. Based on the interrupt list, a processor generates a blacklist that includes for each of the DLLs, the identified API functions in the interrupt list, all API functions that directly or indirectly invoke one of the identified API functions in the interrupt list via one or more nested API functions. The method outputs the blacklist to the sandbox application that operates on a sample file to emulate API functions of the sample file that match the blacklist. All other APIs not identified as being blacklisted, are then considered whitelisted and are allowed to run natively.

Abstract: A method including determining, by a device, an assigned key pair including an assigned key pair including an assigned public key and an assigned private key; determining, by the device for a folder associated with encrypted content, a folder access key pair including a folder access public key and a folder access private key; determining, by the device for a group, a group access key pair including a group access public key and a group access private key; encrypting, by the device, the folder access private key by utilizing the assigned public key; encrypting, by the device, the folder access private key by utilizing the group access public key; and accessing, by the device, the folder based on decrypting the folder access private key by utilizing the group access private key or based on decrypting the folder access private key by utilizing the assigned private key. Other aspects are contemplated.

Abstract: A method including determining, by a first device for a folder associated with encrypted content, a folder access key pair including a folder access public key and a folder access private key; determining, by the first device for a group, a group access key pair including a group access public key and a group access private key; encrypting, by the first device, the folder access private key by utilizing the group access public key; and accessing, by a second device, the folder via the group based at least in part on decrypting the folder access private key, the second device being different than the first device. Various other aspects are contemplated.

Abstract: A method and system for communicating between Apple mobile device and Apple peripheral. The Apple application runs a first script and sends a credential creating request to a server; when the first script receives a challenge code returned by the server, takes data to be processed as a parameter of user information and a parameter of server information to generate the user information and the server information, sets values of a first extension and a key storing identification to preset values; the Apple application generates register data and sends the register data to the Apple peripheral; the Apple peripheral obtains the data to be processed from the register data and processes the data to be processed, takes the obtained processing result as a second extension to generate a register response; the first script obtains the processing result from the register response.

Abstract: A method including determining, by a device for a folder associated with encrypted content, a folder access key pair including a folder access public key and a folder access private key; determining, by the device for a group associated with the folder, a group access key pair including a group access public key and a group access private key; encrypting, by the device, the folder access private key by utilizing the group access public key; and accessing, by the device, the folder via the group based at least in part on decrypting the folder access private key. Various other aspects are contemplated.

Abstract: Described are a system and computer program product for secure n-party computation. The system includes a computing device programmed or configured to communicate an input to a trusted execution environment (TEE), and receive a first encrypted output. The computing device is also programmed or configured to post the first encrypted output on a blockchain and receive a first proof of publication. The computing device is further programmed or configured to communicate the first proof of publication to the TEE and receive the first function output of the n-party computation. The computing device is further programmed or configured to communicate a witness to the TEE and receive a second encrypted output. The computing device is further programmed or configured to post the second encrypted output on the blockchain, receive a second proof of publication, communicate the second proof of publication to the TEE, and receive the second function output.

Abstract: A secure, integrated data system and method users both blockchain and Trusted Execution Environment (TEE) technologies to achieve information provenance for data, particularly, mobile health device data. Using a blockchain to record and enforce data access policies removes the need to trust a single entity with gatekeeping the health data. Instead, participants form a consortium and collectively partake in verifying and enforcing access policies for data stored in private data silos. Data access and computation takes place inside of TEEs, which preserves data confidentiality and provides a verifiable attestation that can be stored on the blockchain for the purpose of information provenance.

Abstract: Various arrangements for wireless network provisioning using a pre-shared key (PSK) are presented. A plurality of wireless network access profiles that indicate a plurality of PSKs may be stored. An access point may receive, from a wireless device, a first value based at on the PSK. The access point can transmit the first value to a cloud-based provisioning system. A plurality of values based on the plurality of PSKs of the plurality of wireless network access profiles may be created and a match between a second value of the plurality of values and the transmitted first value may be identified. A third value may be provided to the access point based on the PSK of the wireless network access profile of the plurality of wireless network access profiles used to generate the value. Network access can then be granted based on the third value.

Abstract: A computer-implemented method is provided for exchanging cryptographic key information between a device and a central point comprises obtaining a cryptographic secret, wherein the cryptographic secret is known to the central point. The method furthermore comprises obtaining a public key of the central point. The method furthermore comprises generating a cryptographic key pair for the device with a private key of the device and a public key of the device. The method furthermore comprises signing the cryptographic secret with the private key of the device. The method furthermore comprises encrypting the cryptographic secret signed with the private key of the device with the public key of the central point. The method furthermore comprises providing the encrypted and signed cryptographic secret, an address of an electronic mailbox of the device, and the public key of the device for the central point via an electronic mailbox of the central point.

Abstract: The present disclosure relates to system(s) and method(s) for generating an Omni-channel support platform. The method comprises integrating a multi-channel support system with a blockchain framework. Further, the method comprises generating an Omni-channel support platform based on the integration. The Omni-channel support platform comprises an Omni-channel support block for a user from a set of users. The Omni-channel support block comprises a support ledger and a support smart contract for the user. The Omni-channel support block further comprises capturing transaction data associated with the user from the multiple support channels. Further, the Omni-channel support block comprises recommending one or more resolutions to each user upon based on a support request.

Abstract: The present disclosure discloses a cloud platform resource cross-project transfer method and system, and a computer storage medium. The method includes: generating a slot position and an authentication key for a resource to be transferred based on a transfer request; generating a transfer Identity (ID) of the resource to be transferred, acquiring a project ID where the resource to be transferred is located based on a resource ID, constructing a transfer structure body, and writing the transfer structure body into a database; generating a transfer record of the transfer structure body in the database, and setting a resource status of the resource to be transferred as waiting for transfer in the transfer record; and returning the transfer ID, the authentication key, a transfer description, and the resource ID to a transfer user based on the transfer request.

Abstract: An information handling system may include at least one processor and a memory. The information handling system may be configured to determine names for a plurality of other information handling systems that are on-premises at a particular datacenter having a local network associated therewith; poll a selected subset of the plurality of other information handling systems via the local network; based on results of the polling, determine whether the information handling system is on-premises at the particular datacenter; and in response to a determination that the information handling system is on-premises at the particular datacenter, enable access to at least one sensitive administration operation associated with the particular datacenter.

Abstract: This invention presents a computer processing system and method designed to execute cryptographic operations while providing selective protection against side-channel attacks. It comprises a configuration of unprotected and protected hardware modules, the latter of which is equipped with data isolators, and a protected arithmetic logic unit (ALU) for secure data processing. The system enhances cryptographic security by selectively transmitting and computing input shares to generate side-channel protected output shares, ensuring robust protection during cryptographic operations.

Abstract: Disclosed are a method and an apparatus for implementing privacy amplification in quantum key distribution. Participants of the quantum key distribution include a first participant and a second participant, which share a first key pool including at least one key. The method is executed on a terminal of either of the first and second participants, and includes: acquiring an auxiliary string to be used in current privacy amplification processing, wherein the auxiliary string is determined based on a seed key determined from the first key pool and a first Hash function agreed with the other participant; acquiring, in a stream way, at least one first bit in a first key subjected to information reconciliation; and performing a preset inter-bit operation between the at least one first bit and bits at corresponding positions in the auxiliary string to obtain at least one second bit for forming a privacy-amplified second key.