Abstract: Systems and methods for managing data stream identity are provided. Ownership information regarding a data stream may be analyzed to identify at least one owner. The data stream may be filtered to identify at least one portion that is associated with the identified owner. A unique identifier may be assigned to the identified portion. The identified portion may be stored in memory in association with the assigned unique identifier and information regarding the identified owner. Access to the identified portion may be controlled based on settings set by the identified owner.

Abstract: Embodiments of the present disclosure relate to a method for encryption and decryption, a programmable switch, and a computer program product. The method comprises receiving, at a programmable switch, encrypted data to be sent to a certain Internet of Things (IoT) device, wherein the encrypted data is encrypted using a public key of the programmable switch. The method further comprises decrypting the encrypted data using a private key of the programmable switch to obtain decrypted data, and then sending the decrypted data from the programmable switch to the IoT device. According to the embodiments of the present disclosure, the encryption and decryption operations of the IoT device can be transferred to the programmable switch for processing, and the programmable switch is used to help the IoT device perform encryption and decryption.

Abstract: Disclosed are systems, methods, devices, and computer-readable media for offloading lattice-based cryptographic operations to hybrid cloud computing system. In one embodiment, a method is disclosed comprising receiving a first network request from a client device via a secure application programming interface (API), the request including unencrypted data; encrypting the unencrypted data using an algorithm that generates homomorphically encrypted data; issuing a second network request to a second API of a cloud platform, the second network request including the encrypted data; receiving a response from the cloud platform in response to the second network request; and transmitting, in response to the first network request, a result to the client device based on the response, the result obtained by decrypting an encrypted output returned by the cloud platform.

Abstract: Embodiments of this application provide a hybrid-cloud data storage method and apparatus, a related device, and a cloud system. The data storage method includes: obtaining, by a gateway of a private cloud, to-be-stored data; determining partial data to be encrypted in the to-be-stored data, to obtain first target data; obtaining a first ciphertext obtained after the first target data is encrypted, the first target data being encrypted according to a first key provided by an encryption chip connected to the gateway; generating second target data including the first ciphertext according to the first ciphertext; generating a data slice corresponding to the second target data according to the second target data; and transmitting the data slice corresponding to the second target data to a public cloud for storage.

Abstract: A secret computation system is a secret computation system for performing computation while keeping data concealed, and comprises a cyphertext generation device that generates cyphertext by encrypting the data, a secret computation device that generates encrypted basic statistics by performing secret computation of predetermined basic statistics using the cyphertext while keeping the cyphertext concealed, and a computation device that generates decrypted basic statistics by decrypting the encrypted basic statistics and performs predetermined computation using the decrypted basic statistics.

Abstract: Systems and method for generating and managing certificate authorities. For instance, a certificate service may provide one or more user interfaces for creating certificate authorities, such as a root certificate authority, a subordinate certificate authority, and/or an intermediate certificate authority. For example, a user may use a user device to create a certificate hierarchy. The certificate service may also provide one or more user interfaces for issuing certificates using the certificate authorities. One or more computing resources may then use the end-entity certificates issued from the certificate authority hierarchy for authentication and/or encryption. For security purposes, the certificate authority may also allow the user to set policies representing users that are able to access and/or utilize the certificate authorities to perform actions, such as issuing certificates.

Abstract: A method for facilitating a provision of a certificate that securely verifies an identification of an application is provided. The method includes: validating a bootstrap identity that identifies the application at a time of invocation; generating a first token that is signed with a first private key and transmitting the signed first token to the application; receiving, from an external server, a request for a public key to be used for verifying the first private key; and transmitting the requested public key to the external server in order to prompt the external server to provide the certificate to the application. When prompted to provide the certificate to the application, the external server generates a second token that is signed with a second private key and transmits the certificate in conjunction with the signed second token to the application. The private keys are never shared with the application.

Abstract: Systems and methods relating to settlement of securities without revealing ownership including the end owner are described. In some implementations, ownership or control of a security may be managed by using group membership technology to revoke the signing rights of the seller and adding signing rights to the buyer. Group membership with group signatures allow for one group public key and a plurality of private keys, where each private key is associated with a group member. Signatures create by different group members are indistinguishable to verifiers but a group manager is able to determine which member has signed, link member signatures, implement controls and/or limits, and revoke and add signatory capability when needed. In some implementations, revocation of signatory capability is done with the cooperation of a Digital Certificate Authority.

Abstract: Embodiments are directed to providing integrity-protected command buffer execution. An embodiment of an apparatus includes a computer-readable memory comprising one or more command buffers and a processing device communicatively coupled to the computer-readable memory to read, from a command buffer of the computer-readable memory, a first command received from a host device, the first command executable by one or more processing elements on the processing device, the first command comprising an instruction and associated parameter data, compute a first authentication tag using a cryptographic key associated with the host device, the instruction and at least a portion of the parameter data, and authenticate the first command by comparing the first authentication tag with a second authentication tag computed by the host device and associated with the command.

Abstract: The disclosed computer-implemented method may include (i) identifying a neural network that comprises an interconnected set of nodes organized in a set of layers represented by a plurality of matrices that each comprise a plurality of weights, where each weight represents a connection between a node in the interconnected set of nodes that resides in one layer in the set of layers and an additional node in the set of interconnected nodes that resides in a different layer in the set of layers, (ii) encrypting, using an encryption cipher, the plurality of weights, (iii) detecting that execution of the neural network has been initiated, and (iv) decrypting, using the encryption cipher, the plurality of weights in response to detecting that the execution of the neural network has been initiated. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method for facilitating credential management in a Structured Query Language (SQL) Server Integration Services (SSIS) environment is provided. The method includes identifying a credential update trigger event; accessing a user credential at an electronic password vault (EPV) in response to the credential update trigger event, the user credential including at least one string; parsing the user credential to identify a username and a password that are associated with the user credential; splitting the user credential into the username and the password; updating the password; and storing the updated password in a SSIS database.

Abstract: Techniques to facilitate prevention of malicious attacks on a web service are disclosed herein. In at least one implementation, a computing system intercepts a web request directed to a web server providing the web service. The computing system identifies whether or not the web request is malicious. When the web request is identified as malicious, the computing system redirects the web request to an isolated mitigation server configured to mimic responses of the web server. The isolated mitigation server processes the web request to generate artificial content based on the web request that appears to be genuine content provided by the web server, and presents the artificial content in response to the web request.

Abstract: Systems and methods relating to settlement of securities without revealing ownership including the end owner are described. In some implementations, ownership or control of a security may be managed by using group membership technology to revoke the signing rights of the seller and adding signing rights to the buyer. Group membership with group signatures allow for one group public key and a plurality of private keys, where each private key is associated with a group member. Signatures create by different group members are indistinguishable to verifiers but a group manager is able to determine which member has signed, link member signatures, implement controls and/or limits, and revoke and add signatory capability when needed. In some implementations, revocation of signatory capability is done with the cooperation of a Digital Certificate Authority.

Abstract: Application programming interfaces (API) are provided for notebook settings, for example, classroom notebook settings. The APIs allow for a teacher or other user of a class notebook to manage permissions to the class notebooks, and particularly allow for fine control over parts of the class notebook through a class notebook application. An API for generating a guest access link is provided. APIs for creating permission groups for a collaboration space are provided. A post permission API is provided that creates or updates the permission for a section group. A get permission API is provided that retrieves permission information of a section group. A delete permission API is provided that removes permission for a user of a section group.

Abstract: The disclosed exemplary embodiments include computer-implemented systems, apparatuses, and processes that perform homomorphic computations on encrypted third-party data within a distributed computing environment. For example, an apparatus receives a homomorphic public key and encrypted transaction data characterizing an exchange of data from a computing system, and encrypts modelling data associated with a first predictive model using the homomorphic public key. The apparatus may perform homomorphic computations that apply the first predictive model to the encrypted transaction data in accordance with the encrypted first modelling data, and transmit an encrypted first output of the homomorphic computations to the computing system, which may decrypt the encrypted first output using a homomorphic private key and generate decrypted output data indicative of a predicted likelihood that the data exchange represents fraudulent activity.

Abstract: In one implementation, the disclosure provides systems and methods for generating a secure signature using a device-specific and group-specific moving target authentication protocol. According to one implementation, generating the secure signature entails determining a state of a first device in association with a select time interval. The state of the first device is defined by one or more time-variable characteristics of the first device. The device computes an output for a signing function that depends upon the determined state of the first device associated with the first time interval.

Abstract: A communication device is installed in between a client terminal and a web server which performs communication with the client terminal. The communication device includes a memory, and processing circuitry coupled to the memory and configured to of information included in communication between the web server and the client terminal, perform obfuscation with respect to information related to web application, and send communication, which includes information obfuscated at the performing, to destination.

Abstract: A method of using an interexchange to process states of subsystems tracked by disparate block chains. The method comprises locating a first block comprising current state information associated with a first process stored in a first block chain by an interexchange application executing on a computer system, wherein the first process is performed by a first subsystem, reading the current state information of the first process by the interexchange application from the located first block, transcoding a representation of the current state information by the interexchange application to a representation associated with a second block chain, creating a block by the interexchange application, wherein the created block stores the transcoded representation of the current state information in a data field of the created block that the predefined block structure associates to the transcoded current state information, and attaching the created block to the second block chain.

Abstract: The application discloses a data analysis system and a data analysis method. The data analysis system includes a data provider host and a data analysis host. The data provider host is configured to perform a stream cipher algorithm based on raw data to obtain first data. The data analysis host is configured to perform a data analysis based on the first data to obtain an analysis result. The data provider host or the data analysis host is further configured to perform a block cipher algorithm based on the analysis result to obtain second data, and send the second data to an external device. The data provider host is further configured to calculate an attribute-value correspondence between the raw data and the second data, and send the attribute-value correspondence to the external device.

Abstract: A method for executing a binary code of a secure function includes obtaining a pointer containing: a first range of bits containing the address of a line of code, and a second, different range of bits containing an identifier of the pointer, storing the line of code, this line of code containing a first integrity tag constructed or encrypted using the identifier of the pointer, loading the line of code from the address contained in the first range of bits of the pointer, verifying the integrity of the loaded line of code by constructing a second integrity tag using the identifier of the pointer contained in the second range of bits of the pointer used to load it.