Abstract: A method for storing a data file (DF) on a storage entity (SE) includes receiving, by a proxy (PE) and from a computing entity (CE), a plurality of hash values corresponding to a plurality of blocks of the DF. The PE may check whether the plurality of blocks of the DF are stored in the SE based on the plurality of hash values. Based on determining that at least a subset of the plurality of blocks of the DF are not being stored in the SE, the PE may compute a secret associated with an encryption key. The PE may transmit, to the CE, the secret. The PE may receive, from the CE, information including storage locations of the subset of the plurality of blocks within the SE and one or more hash values, of the plurality of hash values, associated with the subset of the plurality of blocks.

Abstract: A method, apparatus, and system for provisioning a device onto a network using a non-secure communication channel between the device and a provisioner is described. The provisioner receives a timestamp-based on-time password (TOTP), and a universal resource identifier (URI) from the device and provides the TOTP and an out-of-band (OOB) UUID to a remote server over a secure communication channel identified by the URI. The device is then provisioned onto a network based on comparisons of the UUID and the TOTP.

Abstract: A quantum communication control apparatus, a quantum communication system having the quantum communication control apparatus, and a method for designing the quantum communication control apparatus. The quantum communication control apparatus includes a first control board configured to include a plurality of connectors and to reconstruct respective functions or signal standards of the plurality of connectors, and at least one second control board configured to include a connector to be connected to any one of the plurality of connectors and to control an optical system implemented according to a protocol or a modulation scheme of quantum communication.

Abstract: A method and a system for encryption and decryption based on continuous-variable quantum neural network CVQNN. The method includes: updating a weight of the CVQNN with a training sample; triggering, by a sender, a legal measurement bases synchronization between the sender and the CVQNN; converting, by the sender, the information to be sent into a quadratic plaintext according to the synchronized measurement bases, and sending the quadratic plaintext to the CVQNN; encrypting, by the CVQNN, a received quadratic plaintext, and sending an encrypted quadratic plaintext to a receiver; after receiving the encrypted quadratic plaintext, sending by the receiver the encrypted quadratic plaintext to the CVQNN for decryption to obtain decrypted information. The embodiments implement data encryption and decryption by introducing CVQNN model and synchronization measurement technology. The embodiments provide advantages of high reliability, high security and easy realization.

Abstract: Cryptographic systems and methods are disclosed, including numerous industry applications. Embodiments of the present invention can generate and regenerate the same symmetric key. The cryptographic systems and methods include a key generator configured to use two or more inputs to reproducibly generate the symmetric key and a cryptographic engine configured to use the symmetric key for encrypting and decrypting data.

Abstract: Methods, systems, and devices for public key protection techniques are described. An embedded multimedia card (eMMC) may be formatted to include a permanent write protect group that is configured to prevent disabling of write protection for data stored in the permanent write protect group. The eMMC may store a public key associated with a first host device in the permanent write protect group of the eMMC. A data package may be received from the host device and authenticated by using the public key stored in the permanent write protect group. The embedded memory controller may be configured to prevent modifying or writing data to a permanent write protect group.

Abstract: This disclosure relates to an authentication information transmission method and system, a key management client, and a computer device, belonging to the field of communication technologies.

Abstract: A registration device (200) generates an encryption keyword by encrypting a keyword with a registration key, generates an index including the encryption keyword and identification information which identifies a corresponding ciphertext, generates a conversion key from the registration key and a search key, and registers a plurality of ciphertexts, the index, and the conversion key in a server device (400). A search device (300) generates a search query by encrypting a keyword, and transmits the search query to the server device (400).

Abstract: A method of decrypting an encrypted message. The method comprises storing a wearer decryption code in a memory of a wearable mobile device having a head-worn augmented display which generates an augmented reality view for a wearer of the wearable mobile device, capturing using the wearable mobile device a video sequence including at least one frame imaging a visible code using an image sensor of the wearable mobile device, processing the video sequence to identify the visible code, decrypting the visible code using the wearer decryption code to create an decrypted content, and presenting the decrypted content on top of at least some of the visible code in the augmented reality view.

Abstract: A system for authorizing a serverless application function having a plurality of tenants, each tenant may include one or more entities that share a common access to a processing space and a data store. The system includes a gateway that receives a request from a tenant, an authorization component that access a public key assigned to the tenant, and a serverless processor that generates public and private keys for the tenant. The serverless processor also generates an access token for the first tenant that is signed using the private key and requests a transaction token from the authorization component using the access token. The authorization component transmits a transaction token to the serverless processor, which is used to make further requests to a virtual environment.

Abstract: A device that includes a secure element or a secure environment receives a token for authenticating a user that has an account with a service provider. The device generates, based on the token, a set of keys that include at least a private key and a public key. The device performs a key authentication procedure to compare the set of keys and a configured set of keys and selects a public key, of the set of keys or the configured set of keys, based on a result of the key authentication procedure. The device causes a device identifier of the device and the public key to be provided to another device that uses the device identifier and the public key to perform an authentication procedure to authenticate the user. The device receives, from the other device, an indication of whether the device is connected to a network.

Abstract: Techniques regarding the use of digital identity tokens describing a computer application to obtain authorization to confidential data based on one or more policies are provided. For example, one or more embodiments described herein can comprise a system, which can comprise a memory that can store computer executable components. The system can also comprise a processor, operably coupled to the memory, and that can execute the computer executable components stored in the memory. The computer executable components can comprise a trusted platform module component that can generate a digital identity token that is bound to a computer application process. The computer executable components can also comprise a key authenticity component that can compare the digital identity token to a security key to retrieve a security credential.

Abstract: A biometric authentication platform (10) uses fault-tolerant distributed computing to determine if a supplied biometric sample and a sample stored in a registry are from the same person. A collection of reference samples may be maintained in a distributed user ledger (115), and results of matching are stored in a separate distributed authentication ledger (125). Coordinated use of both ledgers (115, 125) enable biometric authentication of registered users (140) in real time. Variations enable use of a user ledger (115) without an authentication ledger (125), and use of an authentication ledger (125) without a user ledger (115). Either or both ledgers (115, 125) may be shared, private, or combinations of shared and private. Secondary channel audits verify reliability of nodes within a network. Samples may be subdivided and processed in parallel. Sample encryption may be maintained for each processor in a node network.

Abstract: The invention relates to distributed ledger technologies such as consensus-based blockchains. Computer-implemented methods for locking and unlocking transaction inputs and outputs are described. The invention is implemented using a blockchain network, which may be, for example, a Bitcoin blockchain. A group of entities form a group in with membership may be proven using an accumulation tree. A variety of methods are described for generating the accumulation tree, including methods that use a central authority and methods that use a decentralized protocol in place of the central authority. In various implementations, parties are able to unlock transaction outputs that are based on group membership without revealing their identity generally.

Abstract: A communication device is described including a receiver configured to receive a message including message data and a message authentication code, a first register for storing a received message authentication code and a second register for storing a computed message authentication code. The device also includes a first processor configured to extract the message authentication code from the message and to store the message authentication code in the first register, a second processor configured to compute a message authentication code based on the message data and to store the computed message authentication code in the second register, and a comparing circuit configured to compare the contents of the first register and the second register and to provide a comparison result.

Abstract: Devices and circuitry for computing hash values.

Abstract: Methods, systems, and devices for payload validation for a memory system are described. A payload receiver may be a device that includes an array of memory cells configured to store data, and a payload transmitter may be a host of a payload receiver (e.g., a host device) or another device that is in communication with the payload receiver. A payload receiver may be configured to receive an information payload and a signature associated with the information payload. The received signature may be based on the information payload and an identifier of the payload receiver previously provided to the payload transmitter. The payload receiver may generate a signature based on the information payload and the identifier of the payload receiver (e.g., as stored or cached at the payload receiver), and authenticate the information payload based on the received signature and the generated signature.

Abstract: Some embodiments are directed to a system for selectively disclosing attributes and data entries of a record. An issuer device generates a digital signature on a message comprising the attributes and a secret record identifier, and digital signatures on messages comprising respective data entries and each comprising the secret record identifier. The record, secret record identifier, and signatures are provided to a selector device. The selector device selectively discloses attributes and data entries of the record to a receiver device, proving authenticity by means of a zero-knowledge proof of knowledge of the signature on the attributes and signatures on respective data entries. The receiver device verifies the proof with respect to the public key of the issuer and the received attributes and data entries.

Abstract: A device includes a sensor configured to detect authentic audio and/or visual content. The device also includes a processor including an asymmetric cryptographic function using a mathematically paired private key and public key. The processor is configured to extract using a predetermined algorithm at least one predetermined parameter from the detected authentic audio and/or visual content, quantize the at least one extracted predetermined parameter into at least one first data sequence associated with the authentic audio and/or visual content, and encrypt using the asymmetric cryptographic function and the private key the at least one first data sequence to generate at least one signal. The device also includes a transmitter configured to transmit the at least one signal. The signal is embeddable as a digital signature in a recording of the authentic audio and/or visual content and is generated based on the authentic audio and/or visual content.

Abstract: A computer system obtains a request to apply a signed patch to a piece of signed executable code. The computer system determines whether the signed patch is allowed to be applied to the signed executable based on a set of patch policies. If the patch policies allow the patch to be applied, the patch is applied to the signed executable code. The computer system generates a new digital signature for the modified executable code thereby allowing the resulting signed patched executable code to be verified and executed by the computer system.

Abstract: A tampering detection system according to an embodiment includes one or more first terminals connectable to any of one or more peers and one or more detectors. The first terminal includes an acquiring unit acquiring a block hash in a blockchain from the peer, and a transmitting unit transmitting a first transaction record that contains a first digitally signed message containing the block hash and data based on a transaction content of the first terminal and contains a digital signature for the first digitally signed message, to the peer. The detector includes a receiving unit receiving the blockchain from the peer and a detecting unit detecting blockchain tampering if the digital signature contained in the first transaction record in a block of the blockchain is invalid or if the blockchain contains no block hashes identical to the block hash contained in the first transaction record in the block.

Abstract: A computer-implemented method includes: determining assets held by a remitter, the assets to be spent in a remittance transaction between the remitter and one or more payees, in which each asset corresponds to a respective asset identifier, a respective asset amount, and a respective asset commitment value; determining a remitter pseudo public key and a remitter pseudo private key; determining a cover party pseudo public key, in which the cover party pseudo public key is obtained based on asset commitment values of assets held by the cover party; and generating a linkable ring signature for the remittance transaction.

Abstract: An infrastructure delivery platform provides a proxy service as an enhancement to the TLS/SSL protocol to off-load to an external server the generation of a digital signature, the digital signature being generated using a private key that would otherwise have to be maintained on a terminating server. Using this service, instead of digitally signing (using the private key) “locally,” the terminating server proxies given public portions of ephemeral key exchange material to the external server and receives, in response, a signature validating the terminating server is authorized to continue with the key exchange. In this manner, a private key used to generate the digital signature (or, more generally, to facilitate the key exchange) does not need to be stored in association with the terminating server. Rather, that private key is stored only at the external server, and there is no requirement for the pre-master secret to travel (on the wire).

Abstract: An example disclosed method for use in a device configured to communicate using digital certificates includes, in response to a request, receiving a digital certificate for use in secure communications between the device and another device; evaluating, using a logic circuit, the digital certificate to determine a validity of the digital certificate; when the digital certificate is valid, allowing use of the digital certificate by the device; and when the digital certificate is invalid, preventing use of the digital certificate by the device.

Abstract: Disclosed are various approaches for signing documents using mobile devices. A request is sent to a certificate authority for a signing certificate. The signing certificate is then received from the certificate authority. The signing certificate is then stored in the memory. Next, a file is received from a client application executed by the processor of the computing device. Then, the file is signed with the signing certificate to create a signed file. The signed file is then returned to the client application.

Abstract: A blockchain based integrated identity and authentication management service method is a method of allowing a user who is subscribed to a provider to use a partner service through a virtual ID registered in a private blockchain managed and operated by the provider without subscribing to the partner service, in order to use the partner service associated with the provider. The user creates the virtual ID and registers the virtual ID in the private blockchain through the provider, and the user sends the virtual ID to a partner and requests a service. The partner verifies the virtual ID through the private blockchain, acquires a public key of the user from the private blockchain, and provides the service to the user via mutual authentication with the user, wherein additional personal information required is obtained through a separate personal information database held by the provider, not by the private blockchain.

Abstract: An anti-counterfeiting tag, system and method of manufacturing and authentication therefor are provided. The tag comprises a substrate; and a plurality of layers printed on at least a portion of the substrate; wherein one of said plurality of layers is configured to generate a self-forming three dimensional (3D) raised random pattern comprising physically unclonable function (PUF) and the other layers are configured to facilitate formation of the 3D pattern and/or to protect the formed 3D pattern.

Abstract: Disclosed herein is a method of operating an authentication server based on a Physical Unclonable Function (PUF), which includes transmitting a Challenge-Response Pair (CRP) update request message to a user device when a CRP update event occurs, receiving a CRP update response message from the user device in response to the CRP update request message, generating a secret key corresponding to the CRP update request message, decrypting the CRP update response message with the secret key, and updating a CRP corresponding to the secret key in a database using the decrypted CRP update response message.

Abstract: A chassis front-end is disclosed. The chassis front-end may include a switchboard including an Ethernet switch, a Baseboard Management Controller, and a mid-plane connector. The chassis front-end may also include a mid-plane including at least one storage device connector and a speed logic to inform at least one storage device of an Ethernet speed of the chassis front-end. The Ethernet speeds may vary.

Abstract: A method includes determining, during auxiliary power operating mode of an information handling system, devices connected to peripheral component interconnect (PCI) slots and identifying, via a controller of the IHS, when a Virtual Ethernet Bridge (VEB) is present on a first communication path, which indicates that a high power consuming device with sideband enablement is present in a corresponding one of the PCI slots. The method includes configuring, via the first communication path, an uplink port on the VEB, collecting information about the VEB, including a VEB MAC address and capabilities of the VEB, setting a VLAN/MAC filter rule for NC-SI pass-through in the VEB, and configuring an intermediate device within a second communication path between the controller and the VEB for NC-SI pass-through utilizing a management MAC address, enabling NC-SI pass-through of traffic routed between the controller and the VEB.

Abstract: A method and apparatus for updating a User Equipment (UE) policy and a computer storage medium are provided. The method includes that: UE receives a first UE policy and/or first indication information from a network device; and the UE executes an operation of updating an association between an application data stream and a Protocol Data Unit (PDU) session and/or an operation of updating Wireless Local Area Network (WLAN) access selection and/or an operation of updating network slice information and/or an operation of updating a PDU session based on the first UE policy and/or the first indication information.

Abstract: Aspects of the subject disclosure may include, for example, determining content information associated with participant information from a plurality of data channels associated with a plurality of participants in a communications session, modifying the participant information responsive to identifying non-conforming participant information, generating categorized participant information according to the content information associated with the participant information from the plurality of data channels, aggregating, by the processing system, the categorized participant information from the plurality of data channels to generate group information, sending the group information to a common data channel, wherein the common data channel is presented to each participant of the plurality of participants in the communications session, and sending a first notification to a first participant via a first data channel of the plurality of data channels responsive to identifying an involvement level associated with the fir

Abstract: A method, computer system, and computer program product for web conference replay association are provided. The embodiment may include recording a web meeting utilizing web conference software. The embodiment may also include parsing meeting invitation information associated with the recorded web meeting. The embodiment may further include extracting meeting-related information associated with the recorded meeting. The embodiment may also include updating meeting replay information based on the extracted meeting-related information by modifying an original meeting invitation. The embodiment may further include sending an update notification to a required participant.

Abstract: Provided in embodiments of the present disclosure are a method and a device for bearing a multicast virtual private network. The method includes: assigning, by a BFIR accessing a VRF, a global VPN identifier to a multicast VRF, and carrying the global VPN identifier to notify a route to a BFER accessing the multicast VRF; after receiving a packet of the multicast VRF, encapsulating, by the BFIR, the packet with a BIER header and forwarding the packet, the forwarded packet carrying the global VPN identifier.

Abstract: Technologies for sharing packet replication resources include a network switch. The network switch includes a network communicator, an entity manager, and a tag manager. The network communicator is to receive a data packet, and the entity manger is to identify an entity associated with the data packet and determine a tag associated with the entity. Additionally, the tag manager is to determine a packet replication configuration associated with the tag, and perform one or more per-port forwarding actions based on the packet replication configuration. The packet replication configuration includes one or more destination ports to be masked and a number of copies to be replicated to be sent out on each destination port.

Abstract: The techniques disclosed herein provide a notification to a user that has been invited to participate in a communication session (e.g., a virtual meeting such as a video conference). The notification informs the user of contextual information associated with a meeting and provides a mechanism for the user to efficiently join the meeting. The notification can be provided based on different types of join events signaling that the meeting may be able to start. One type of join event can occur when the first person joins the meeting. Other types of join events can occur when an organizer of the meeting joins the meeting, when a required attendee is the first required attendee to join the meeting, when an external user is the first external user to join the meeting, or when a representative from each of a plurality of different stakeholder groups has joined the meeting.

Abstract: Apparatus and methods for displaying data in an immersive environment wherein sensor (e.g., IoT sensor) data is aggregated via a gateway and various different types of air interfaces depending on application and location (e.g., LoRa, Wi-Fi, 5G NR, C-band, 60 GHz, CBRS, etc.), aggregated at a cloud service, processed through an analytics platform, and transmitted to a UI platform for display on a user interface. One implementation of displaying the sensor data comprises overlaying the sensor data in virtual reality in an immersive video wherein the video is a live stream from a 360-degree 8K camera. A user may interact with the overlaid sensor data within the user interface in a virtual environment to change settings to a desired degree. Artificial intelligence and machine learning may automatically suggest actions to the user or change settings based on sensor data.

Abstract: Various implementations relate to generating, locally at an assistant client device, specific control commands that, when transmitted to a corresponding smart device, are directly interpretable by the corresponding smart device to effectuate a state change at the corresponding smart device, or at a corresponding additional smart device directly controlled by the corresponding smart device. Various implementations additionally or alternatively relate to utilizing local assistant client devices in discovering, provisioning, and/or registering smart devices for an account of a user.

Abstract: An application gateway including application service programming positioned at a user premises can provide voice controlled and managed services to a user and one or more endpoint devices associated with the application gateway. The application gateway can be controlled remotely by the application service provider through a service management center and configured to execute an application service provided from the application service provider. The application gateway can execute the application service at the user premises upon voice command by a user and independent of application services executing on the application service provider's network. An application service logic manager can communicate with an application service enforcement manager to verify that the request conforms with the policy and usage rules associated with the application service in order to authorize execution of the application service on the application gateway, either directly or through endpoint devices.

Abstract: The display control method includes determining whether each of a plurality of home appliances is a first type home appliance installed in a predetermined area or a second type home appliance movable in a plurality of areas based on first information, identifying the area where each of the plurality of home appliances exists based on second information, generating a first display object representing a state of each of the plurality of home appliances based on the first information and the third information, arranging and displaying the first display object of the first type home appliance in a first mode corresponding to the area where each of the first type home appliances is installed, and arranging and displaying the first display object of the second type home appliance in a second mode different from the first mode.

Abstract: Systems and methods herein represent an IoT device as an endpoint of private cloud. A virtualization service receives an IoT identifier for an IoT device and a network address for a virtual endpoint for the IoT device. The virtual endpoint for the IoT device is included in a host cloud platform. The virtualization service maps the IoT identifier to the network address in a distributed data structure for the service provider network and provides instructions, for an edge node for the service provider network, to provide network-layer access controls based on the mapping. The edge node for the service provider network receives an access request from the IoT device, applies a network-layer access control for the IoT device based on the instructions, receive IoT data from the IoT device when the edge node permits access by the IoT device, and forwards the IoT data to the virtual endpoint.

Abstract: A voice inputting device inputs a voice operation of a user, and transmits voice data based on the voice operation to a first cloud server. The first cloud server receives the voice data from the voice inputting device, analyzes the received voice data, and determines an operational skill level of the user and the details of the voice operation. A second cloud server generates a control command for an air conditioner based on the operational skill level and the details of the voice operation determined by the first cloud server, and transmits the generated control command to the air conditioner.

Abstract: Embodiments of this present disclosure may include an industrial control system that uses a daisy chain communication network to couple point-to-point sensors (P2P sensors) for communication of data between respective P2P sensors and a controller. Each P2P sensor may couple to the daisy chain communication network via accessing circuitry. The accessing circuitry may include switching circuitry and flip-flop circuitry to control when each P2P sensors may communicate with the controller via the daisy chain communication network.

Abstract: An example apparatus includes a discernment logic circuit and logic circuitry. The discernment logic circuit discerns whether a requested communications transaction received over the management communications bus from another of the plurality of logic nodes involves a first type of transaction or a second type of transaction. The second type of transaction has a plurality of commands associated with the requested communication transaction to convey respectively different parts of the requested communications transaction including an address part and a data part. The logic circuitry accesses, in response to discerning that the requested communications transaction involves the second type of transaction, a register of the plurality of registers associated with the first type of transaction, wherein the plurality of registers associated with the first type of transaction are mapped into a set of addresses for the second type of transaction.

Abstract: A transceiver device for a bus system and a method for reducing conducted emissions. The transceiver device has a transmitting stage for transmitting a transmit signal to a first bus wire of a bus of the bus system, in which bus system an exclusive, collision-free access of a user station to the bus of the bus system is at least temporarily ensured, and for transmitting the transmit signal to a second bus wire of the bus, a receiving stage for receiving the bus signal transmitted on the bus wires, and an emission reduction unit for controlling a switch-on path of a first stand-off device in the transmitting stage as a function of whether or not a dominant stage of the transmit signal occurs.

Abstract: A communication system, including: a trailer module disposed on a cargo trailer, the trailer module including a trailer identification number for the cargo trailer; a tractor module disposed on a cargo tractor, the tractor module to electrically couple to the trailer module; and a communications bus to couple the trailer module to the tractor module when the trailer is coupled to the tractor, wherein, when coupled to the tractor module, the trailer module communicates the trailer identification to the tractor module.

Abstract: The invention relates to a vehicle having fail-safe internal data transfer. The vehicle comprises a vehicle body and a wired data transfer network provided on the vehicle body. Furthermore, network subscribers are provided on the vehicle body, which network subscribers are connected to each other via respective network nodes of the data transfer network. The data transfer network has a data-transferring ring wiring.

Abstract: A network node may receive a packet having an inner internet protocol (IP) header and an outer IP header. The inner IP header may be encrypted. The network node may generate a copy of the packet to obtain a copied packet. The network node may perform decryption on one of the packet or the copied packet to identify a recipient address of the inner IP header. The network node may update the outer IP header of the other of the packet or the copied packet to obtain an updated packet with an updated outer IP header. A destination address of the updated outer IP header may be updated to a tunnel endpoint of a receiving network node that is associated with the recipient address. The network node may route the updated packet according to the updated outer IP header.

Abstract: A first message of a first type and having a first destination address is received in a provider network. The first destination address is associated with a virtual network address of the provider network and an address of a first device in an extension of the provider network, the extension of the provider network in communication with the provider network via at least a third-party network. A message state data store is updated based on at least a portion of the first message. A first payload of the first message is sent to the first device a first secure tunnel through the third-party network.

Abstract: A method for establishing a tunnel between VTEPs includes receiving at an SDN controller a tunnel creation request to establish a VxLAN tunnel from a first VTEP to a second VTEP, determining a VxLAN tunnel of network nodes coupling the first VTEP to the second VTEP, assigning a SvcPI to the VxLAN tunnel, and sending a tunnel initiation command to the first VTEP, the tunnel initiation command causing the first VTEP to convert an Ethernet frame to a path-ID frame by adding an NSH encapsulation header and to forward the path-ID frame to the next network node in the VxLAN tunnel.