Abstract: A control method for monitoring and responding to hacking into a vehicle, which may monitor whether hacking is performed by cross-checking preset check values for each ID with each other in a state where a plurality of controllers mounted in an autonomous vehicle is connected like a blockchain, and response-control the vehicle in a safe state upon determining that a specific controller is hacked as a result of monitoring.

Abstract: The subject matter described herein provides a method and a system for continuous-variable quantum key distribution, CVQKD, between a sender sub-system and a receiver sub-system. The method includes transmitting a quantum key distribution, QKD, signal from a quantum communication transmitter to a quantum communication receiver over a quantum communication channel. The method further includes performing post-processing including forward error correction, FEC as a part of reverse reconciliation between the receiver sub-system and the sender sub-system, where erroneous frames are discarded for key establishment. A value of the reconciliation efficiency, VRE ?, is set to be larger than 1.

Abstract: A method for licensing a sensor at a central body, a method for licensing a receiver at a central body, a method for providing a list of sensor keys by using a central body, a method for registering a licensed sensor on a licensed receiver and a system for transmitting data from a licensed sensor to a licensed receiver, allow sensors and receivers to be licensed while also simultaneously ensuring secure delivery of the transmission key for communication purposes or for data exchange between the sensors and the receivers. The transmission key can be transmitted in an encrypted matter and there is no need to transmit the transmission key in an unencrypted manner. It is also possible to establish a licensing model for sensors and receivers by virtue of the secure delivery of the transmission key.

Abstract: A method includes storing user information including tying information and a password, wherein the tying information includes a communication address and a device identifier that ties the communication address to a communication device. The method also includes receiving the communication address and password encrypted using a digital certificate associated with the communication device with the digital certificate including the tying information. The method further includes determining that the tying information of the digital certificate matches the stored tying information and determining the encrypted password matches the stored password. The method further includes authenticating the user information for the communication device.

Abstract: Systems and methods are described for client-side rewriting of web page code. A proxy computing device receives a web page from a server computing device and analyzes the web page to identify a code component. The proxy computing device generates a modified version of the web page by replacing the identified code component with a wrapped code component and including a code rewriting and evaluation function in the web page. The wrapped code component includes a call to the code rewriting and evaluation function that includes the identified code component as an argument thereof. The code rewriting and evaluation function is configured to generate a rewritten code component by rewriting the identified code component and to evaluate the rewritten code component. The proxy computing device sends the modified version of the web page to a client computing device that is configured to load the modified version of the web page.

Abstract: Automatically generating and implementing access policies is provided. An output of a needed user access context to access a resource is obtained from a trained machine learning model based on an extracted attribute of the resource input into the trained machine learning model. The access to the resource by a user is controlled using the output of the needed user access context to access the resource as an access policy for the resource.

Abstract: Systems, apparatuses, methods, and computer program products are disclosed for authentication of devices. An example method includes an authentication technique utilizing multiple authentication factors. The first authentication factor includes obtaining identical quantum entangled particles by a first device and a second device. The first and second device may read the quantum entangled particles to obtain identical bit sequences associated with the quantum entangled particles. The first and second device may utilize the bit sequences, along with a second factor, to authenticate a connection between the devices. The second factor may be, for example, a user password. The first device may send a request for authentication including one of the bit sequences and an encrypted version of the user's password. The second device may authenticate the first device using an identical copy of the bit sequence and previously obtained knowledge of the user's password.

Abstract: Method and system for executing a one-time program comprising at least one instruction operating on at least one input value (a, b) and returning at least one output value (O), wherein each instruction of the one-time program is encoded onto a state of an elementary quantum system, comprising: encoding the at least one input value (a, b) onto a quantum gate according to a pre-defined input-encoding scheme; applying the quantum gate to the at least one elementary quantum system; making a measurement of a resulting state of the at least one elementary quantum system after the quantum gate; and determining the at least one output value from a result of the measurement.

Abstract: A scrambling method of data on a J1939 communication system of a vehicle involves at least moving data from one of a PGN and a PGN/SPN location to another PGN or PGN/SPN location at a first controller on the vehicle before transmitting data and then re-ordering the data at a second controller. Some embodiments further comprise encrypting data either before or after shifting, but before transmitting so as to further complicate efforts to interpret meaningful data from the transmission. The second controller may be on the vehicle or may be remotely located.

Abstract: A key generator provides a secure key for distribution of Information Technology (IT) service continuity documents. The key generator generates a pseudo-random number, a pseudo-random shift value, and a pseudo-random substitution number. The key generator creates a digit of the secure key by selecting a first digit and a second digit of the pseudo-random shift value based on the pseudo-random substitution number, swapping the first digit and the second digit, calculating a modified American Standard Code for Information Interchange (ASCII) character with the pseudo-random number and the pseudo-random shift value with the first digit and the second digit swapped, and populating a digit of the secure key with the modified ASCII character. The key generator repeats creating the digit of the secure key for a length of the secure key.

Abstract: A method for pushing a key includes the following steps: setting a plurality of keys, each of which corresponds to a different encrypted environment; configuring a user terminal with an environment switching interface for selection of an encrypted environment; and pushing a corresponding key to the user terminal according to a received key acquisition request.

Abstract: Embodiments of this application provide security protection methods and apparatuses. One method includes: obtaining, by a master station, a user plane security policy, wherein the user plane security policy indicates whether to activate a user plane security protection, the master station communicates with a secondary station under a dual connectivity scenario; sending, by the master station, a message comprising the user plane security policy to the secondary station; receiving, by the secondary station, the message from the master station; and determining, by the secondary station, a user plane security algorithm based on the user plane security policy.

Abstract: A device may include a processor configured to obtain a quantum key generated using quantum random numbers received from a quantum random number generator. The processor may be further configured to obtain a digital signature for a uniform resource locator (URL) associated with the obtained quantum key, wherein the digital signature is received from a security device configured to provide the quantum key to a user equipment (UE) device; receive a request from an application server to function as a proxy for a secure session with the UE device; authenticate the secure session with the UE device using the quantum key and the digital signature; and proxy the secure session between the UE device and the application server.

Abstract: According to an embodiment, a quantum cryptographic device includes a memory and one or more processors coupled to the memory. The one or more processors are configured to: tabulate information on an application key transmitted and received by using a quantum cryptographic key and output an application-key information tabulation result; calculate a unit price of the application key based on the application-key information tabulation result; and display information that is display information including the unit price of the application key.

Abstract: Techniques and systems can obtain a first private key usable with a classical cryptography algorithm and a second private key usable with a post-quantum cryptography algorithm based on classical and post-quantum public keys hosted by a computer-implemented storage of an online service provider. A plurality of keys to perform a cryptography operation on data hosted by the computer-implemented storage can be generated, the plurality of keys generated based on at least the first and second private keys and a cryptography derivation function identified in the computer-implemented storage. The plurality of keys can be used to perform the cryptography operation on the data hosted by the computer-implemented storage.

Abstract: Described embodiments relate to systems and method for conditioning, de-biasing and/or whitening raw entropy data or for hashing data. The method comprises receiving data; determining at least a first algebraic number from the data; calculating at least one solution to one or more transcendental equations using the at least the first algebraic number as an input parameter value, wherein the one or more transcendental equations comprise a transcendental function that is capable of generating transcendental number outputs from algebraic number inputs; determining one or more sequences of pseudo random numbers based on the at least one solution; and determining an output based on the one or more sequences of pseudo random numbers. For example, the data may be received from a raw entropy source and comprise raw entropy to be transformed. Alternatively, the data may be data to be hashed and the output may comprise a hash of the data.

Abstract: Methods and apparatuses for using secrets and a secrets framework are described. In some embodiments, the method comprises executing, by a computing system, application code that includes a reference to a secret value inaccessible to the application code, the reference being in the form of a handle that contains the secret value, including passing the handle to injector code; and executing the injector code, including accepting the handle; obtaining the secret value from the handle; and using the secret value in an operation on behalf of the application code.

Abstract: Embodiments of the present disclosure relate to utilizing an existing login process of a data repository to enable the data repository to delegate MFA functionality to an external MFA system. When a purported user attempts to log in to the data repository, a delegation module within the login process may insert a record into a table associated with the login process. A program executing on a security device external to the data repository may periodically poll the table for new records and upon detecting the new record, may call the external MFA system to verify the login attempt. The external MFA system may indicate to the program whether the login attempt was verified and the program may update the table with the indication. Upon detecting the indication, the delegation module may complete or terminate the login attempt based on the indication.

Abstract: The present disclosure relates to a method and system for constructing a fusion covert channel. A time covert channel is constructed by rearranging data packets of different terminals in the Internet of Things in a manner of carrying secret information, a storage covert channel is constructed by replacing a TCP sequence number field of a data packet with secret information, and a fusion covert channel is constructed by fusing the time covert channel and the storage covert channel. In this way, advantages of the two channels can be complemented, so that covertness of the fusion covert channel is improved and a capacity of the covert channel is increased.

Abstract: In embodiments detailed herein describe an encryption architecture with fast zero support (e.g., FZ-MKTME) to allow memory encryption and integrity architecture to work efficiently with 3DXP or other far memory memories. In particular, an encryption engine for the purpose of fast zeroing in the far memory controller is detailed along with mechanisms for consistent key programming of this engine. For example, an instruction is detailed which allows software to send keys protected even when the controller is located outside of a system on a chip (SoC), etc.

Abstract: In one embodiment, a method for secured communication between a medical sensor and a computing device includes receiving, by the medical sensor, an authentication request from the computing device. The method includes generating, based on values provided in the authentication request, a challenge-response message for the computing device. The method includes receiving, from the computing device, a responsive challenge-response message. The method includes verifying that the responsive challenge-response message includes an expected value and corresponds to an expected format. The method includes, in response to verifying the responsive challenge-response message, sending a sensor secret value to the computing device.

Abstract: Systems and methods verify that a person's mobile device was presumptively in a vicinity of a secure element (SE) at a certain time. In a scenario where a collection of SEs is used, the systems and methods can verify that the person's mobile device was in a vicinity of at least one of the SEs in the collection.

Abstract: A method of secure data transfer and storage using ae storage device storing encrypted information. The method uses a host that stores and transfers encrypted sensitive information and a customer that desires the information to be securely stored. The customer chooses a unique encryption code to encrypt sensitive information and uploads the information to a host. Then the host transfers the information to the storage device. Connections between the host and customer are intermittent and done so the storage device remains isolated from networks outside of the host.

Abstract: An automated login framework for dynamic application security testing is disclosed. A web application executing on a computing device is accessed and an automated login framework (ALF) is injected into an onload event of a web browser associated with the web application. The ALF is then accessed with a credential associated with the web application. A login page associated with application is identified by matching links or buttons with a user-defined regular expression and a user-defined wordlist. Then, a login form in the login page is detected by executing a signature technique, a dictionary technique, and a multistep signature technique. The login form is populated using the credential and submitted for authentication, and a status with a confidence score is received indicating whether the authentication was successful or failed.

Abstract: A proxy device coupled to a network receives communications between a client and a server on the network. The proxy device operates transparently to the client and the server, while coupled to receive and process the communications from a node on the network via a network port in a one-armed configuration. The proxy device communicates packets of the communications with an external tool coupled to the proxy device via a tool port and operates transparently to the nod and the tool. In certain embodiments, the tool may be a network security device, such as a firewall.

Abstract: One aspect of the present invention discloses a device for content security. The device includes: an application execution unit configured to generate and control content in response to a content control command requested by a user; and a DRM agent configured to communicate with the application execution unit, to detect the content control command generated by the application execution unit, and to perform control on the content, and the DRM agent comprises a tracing module configured to insert security information into the content in order to prevent and trace content leakage.

Abstract: A device and method for context-aware, intelligent beaconing in a mission include: determining a current location of a beacon device; obtaining context information from one or more of a plurality of sensors, a database, a server, the beacon device, and external devices, wherein the context information includes behavior of the beacon device, and mission objectives; dynamically fusing the context information together to produce fused context information; dynamically setting a frequency for transmission of a beacon, based on the fused context information; and transmitting the beacon at the set frequency.

Abstract: Systems, apparatuses, methods, and computer program products are disclosed for gathering performance information for post-quantum cryptography (PQC) is provided. An example method includes generating, by a quantum computing (QC) detection data generation circuitry, QC detection data and encrypting, by a PQC cryptographic circuitry and by a first neural network, the QC detection data based on a PQC technique, where the first neural network is trained to encrypt the QC detection data using the PQC technique. The example method further includes decrypting, by a PQC decryption circuitry and by a second neural network, the encrypted QC detection data wherein the second neural network is trained to decrypt data, and storing encryption metadata and decryption metadata as PQC cryptographic performance information associated with the PQC technique.

Abstract: Systems, apparatuses, methods, and computer program products are disclosed for post-quantum cryptography (PQC). An example method includes receiving data. The example method further includes receiving a set of data attributes about the data. The set of data attributes comprises one or more sets of data environment data attributes that are each representative of a set of data environments associated with the data. The example method further includes receiving one or more sets of data environment threat data structures associated with one or more data environments in the one or more sets of data environments associated with the data. The example method further includes selecting one or more cryptographic techniques for encrypting the data for at least the one or more data environments based on the set of data attributes, the one or more sets of data environment threat data structures, and a cryptograph optimization machine learning model.

Abstract: A method for privacy-preserving computation of aggregated private data of a group of client devices comprises: a server selecting at least t devices; being provided with key information including an encryption key e and a decryption key of a homomorphic threshold cryptosystem; obtaining a random value ri and being provided with the random values of the other devices in the group; the server transmitting client indices identifying selected devices, and signalling a device for aggregate encrypted data of each of the selected devices; the server receiving randomized encrypted data and an associated decryption share from each selected device, the decryption shares being configured such that decryption key d can be reconstructed on the basis of t decryption shares; and, the server aggregating the received randomized encrypted data of the selected devices using the homomorphic properties and using the decryption shares for decrypting the aggregated randomized encrypted data into cleartext.

Abstract: Disclosed are an optical path system for quantum communication and a quantum communication method. The optical path system for quantum communication includes a light source module, an intensity and polarization modulation module, a polarization maintaining interference ring, a phase and intensity modulation module, a first isolator, a first polarization beam splitter, a second isolator, a beam splitter, a second polarization beam splitter, a second phase modulator, and a 90-degree Faraday rotator mirror. An optical signal may pass through a first polarization beam splitter, bypass a phase and intensity modulation module, and directly reach a polarization maintaining interference ring, thereby solving a problem of series mode interference in an optical signal circuit, and greatly improving a modulation speed of the circuit.

Abstract: A multi-party privacy computing method and device based on semi-trusted hardware, wherein the method applied to semi-trusted hardware comprises the following steps: acquiring random number masks and random seeds of all user terminals; generating a garbled circuit seed according to the random seeds; generating a garbled circuit according to a predetermined circuit description and the garbled circuit seed, wherein the garbled circuit comprises garbled tables, wire labels and decoding information; sending the wire labels corresponding to the inputs of all user terminals to a user terminal corresponding to the semi-trusted hardware by using an oblivious transfer protocol; and sending the garbled table and the decoding information to the user terminal corresponding to the semi-trusted hardware, so that the user terminal can compute an output value according to the garbled tables, the decoding information and the wire label corresponding to the inputs of all user terminals.

Abstract: A packet capture operation is configured via a first computing device. The packet capture operation is configured to capture packets provided by a second computing device. The first computing device obtains an indication that a user is within a predetermined location proximity to the second computing device. The packet capture operation is initiated in response to obtaining the indication at the first computing device.

Abstract: A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The tunnel device is selected based on an attribute, such as IP Geolocation. A tunnel bank server stores a list of available tunnels that may be used, associated with values of various attribute types. The tunnel devices initiate communication with the tunnel bank server, and stays connected to it, for allowing a communication session initiated by the tunnel bank server. Upon receiving a request from a client to a content and for specific attribute types and values, a tunnel is selected by the tunnel bank server, and is used as a tunnel for retrieving the required content from the web server, using standard protocol such as SOCKS, WebSocket or HTTP Proxy. The client only communicates with a super proxy server that manages the content fetching scheme.

Abstract: Various embodiments include systems and methods to implement processing of web content for vulnerability assessments. A plurality of documents comprising web content may be obtained from multiple different web sources, and the documents may be parsed to determine a set of discrete document chunks. Parsing the documents includes determining whether a document satisfies a segmentation condition for segmenting the document into multiple discrete document chunks using a named-entity recognition system configured to segment the document based at least in part on a vulnerability identification. The discrete document chunks may be stored in a database, where vulnerability information is indexed such that each respective entry in the database corresponds to a respective vulnerability identification and a respective discrete document chunk.

Abstract: Techniques are disclosed for inline security key exchanges between network devices. An example network device includes one or more processors and memory coupled to the one or more processors. The memory stores instructions that, upon execution, cause one or more processors to obtain a first payload key and obtain a path key. The instructions cause the one or more processors to encrypt a first payload of a first packet using the first payload key and insert the first payload key into first metadata of the first packet. The instructions cause the one or more processors to encrypt the first metadata using the path key and send the first packet to another network device.

Abstract: An information processing apparatus according to an embodiment includes one or more hardware processor. The one or more hardware processor divides original data into a plurality of pieces of division data, each piece of the division data including a non-overlap with one another, and executes alteration processing in mutually different manners on the plurality of pieces of division data, the mutually different manners corresponding one-to-one to the plurality of pieces of division data.

Abstract: This disclosure provides techniques for recovering a root key from measurement of a circuit function. In some embodiments, a checkpointing feature is used to periodically mark measurements of this function and thereby track drift in the value of the root key over the life of a digital device; the checkpointing feature permits rollback of any measurement of the function in a manner that negates incremental drift and permits recovery of the root key for the life of a device (e.g., an IC circuit or product in which the IC is embedded). This disclosure also provides novel PUF designs and applications.

Abstract: A key generation method is provided. A first peer obtains an ephemeral key from a second peer via a server. The first peer uses the ephemeral key to compute a ciphertext that encrypts a first parameter. The first peer uses the first parameter to generate a session key. The ciphertext is sent to the server by the first peer to allow the second peer to generate the session key. The key may be subsequently used for communication, such as by using a key management algorithm such as Double Rachet.

Abstract: Embodiments include receiving input of a new message for a group of members having end-to-end encryption in which first keys encrypt and second keys decrypt the new message, determining that a subset of the members in the group is excluded from receiving the new message, and selectively encrypting the new message for the members of the group by encrypting the new message by first keys corresponding to ones of the members of the group while choosing not to encrypt the new message with first keys corresponding to the subset of the members. An aspect includes transmitting the new message encrypted by the first keys to the members, and in response to choosing not to encrypt the new message with first keys corresponding to the subset, causing a system message to be transmitted to the subset excluded from receiving the new message, the system message affecting a presentation to the subset.

Abstract: The present disclosure is directed to systems and methods of providing a secure quantum key distribution cryptosystem in which the quantum key data is exchanged between Alice and Bob using a quantum channel and the parity bits associated with the quantum key data are encrypted using a post-quantum computing (PQC) encryption method and communicated between Alice and Bob using a public channel.

Abstract: Systems and methods for managing group encryption are described. In certain methods, a content asset may be encrypted with an asset key. An account key may be determined. Using the account key, an encrypted content asset package may be generated. The asset key may make up at least a portion of the encrypted content asset package. The encrypted content asset package is decryptable with the account key. The encrypted content asset package and an identifier associated with the account key may be transmitted, for example to a playback device.

Abstract: A key-value storage device includes a nonvolatile memory device and a memory controller. The nonvolatile memory device stores a value, a key which is referenced to identify the value, and key age data which are changed based on an erase operation of the value, and the memory controller that receives an erase command directing erasing of the value corresponding to the key from a host, generates hash data, a size of which is smaller than a size of the key, in response to the erase command, and transmits a complete message to the host. The memory controller accesses the key and the key age data stored in the nonvolatile memory device based on the hash data and erases the value based on the accessed key and the accessed key age data during an idle time after the transmission of the complete message.

Abstract: A communication method implemented by a communications apparatus that is configured with a control rule parameter, where the control rule parameter includes a signature verification rule parameter, a message aggregation rule parameter, and a reporting control rule parameter, and the method includes receiving a first message, performing signature verification processing on the first message based on the signature verification rule parameter, performing, based on the message aggregation rule parameter, message aggregation processing on the first message after performing the signature verification processing to obtain a second message, and sending the second message to a server based on the reporting control rule parameter.

Abstract: Methods, apparatus and computer software are provided for authorizing an EMV transaction between a user device and a point of sale terminal, particularly, but not exclusively, in situations where a secure element is not made available for the deployment of a payment application on the user device. The payment application is instead deployed to a processing environment that is outside of any secure element on the user device. An ICC Master Key corresponding to the payment application is held by a trusted authority, such as the issuing bank. The trusted authority is adapted generate time-limited session keys on the basis of the ICC Master Key and distribute session keys to the payment application. Receipt of a session key by the payment application enables the payment application to conduct an EMV payment transaction. The session key is used to authorize a single EMV payment transaction.

Abstract: A system, method, computer program product, and service for encrypting a message. A plaintext message to be encrypted is received as input data into a computer. A processor on the computer encrypts the plaintext message, using a public key having two components, each component having degree 4. The encrypted version of the input plaintext message is output as a ciphertext having two components, each component having degree 4.

Abstract: Secure device data records (DDRs) are provided. In some embodiments, a system for secure DDRs includes a processor of a wireless communication device for wireless communication with a wireless network, in which the processor is configured with a secure execution environment, and in which the secure execution environment is configured to: monitor service usage of the wireless communication device with the wireless network; and generate a plurality of device data records of the monitored service usage of the wireless communication device with the wireless network, in which each device data record is associated with a unique sequence order identifier; and a memory coupled to the processor and configured to provide the processor with instructions. In some embodiments, the secure execution environment is located in an application processor, in a modem processor, and/or in a subscriber identity module (SIM).

Abstract: According to one example, a system includes a second computing device that has one or more processors configured to receive encrypted data from a first computing device, the encrypted data being encrypted based on a first encryption key. The one or more processors are further configured to generate a second encryption key that matches the first encryption key, decrypt the encrypted data using the second encryption key, and transmit the data for use.

Abstract: An anti-counterfeit product of manufacture includes a housing defining a cavity. The housing is constructed of a first and second bodies forming an original joint at a parting line. Inner workings of the product are enclosed within the cavity. An encryption device includes an encryption-coded ceramics-based pin grid array embedded in the first body of the housing. An RFID circuit is connected with the ceramics-based pin grid array. The RFID circuit is configured to report out a confirmation signal based on the code set by the connected ceramics-based pin grid array upon an RFID reader interrogation trigger. The RFID circuit is programmed to prevent future reporting of the confirmation signal upon detachment of the ceramics-based pin grid array from the RFID circuit, such that the confirmation signal is configured to confirm both product authenticity and integrity of the original joint.

Abstract: Disclosed are a communication scheme and a system thereof for converging an IoT technology and a 5G communication system for supporting a high data transmission rate beyond that of a 4G system. A method and an apparatus for configuring a connection with a second device, which provides access to a network, by a first device in a communication system, is provided. The method includes discovering the second device supporting a neighbor awareness network (NAN) and located within a predetermined range from the first device, exchanging an ephemeral key of the first device for identifying the first device and an ephemeral key of the second device for identifying the second device, and performing a secure connection between the first device and the second device.