Abstract: A communication process is provided for sending a qubit message between Alice and Bob using a quantum channel for obviating a faked-state attack by Eve. The qubit message is composed of ensemble bits and transmitted as a plurality of photons into the quantum channel. Each photon has a corresponding bit value. The process includes: Alice preparing three uniformly random bit strings each of length 4N to produce strings R (raw key), P (bit basis) and U (unitary operation), and Bob preparing two uniformly random bit strings of the same length to produce strings M (bit basis) and V (unitary operation). Alice broadcasts P, applies her unitary operation and records a first weak measurement to the photons for transmission. Meanwhile Bob broadcasts M, applies his unitary operation and records both a second weak measurement and a strong measurement to the photons.

Abstract: The imager and controller of an information apparatus images the back face of another information apparatus to acquire the manufacturing number of the other information apparatus corresponding to the two-dimensional bar code provided on the back face of the other information apparatus and acquire visible light information corresponding to blinking of light emitted by the light emitter arranged on the back face of the other information apparatus. Furthermore, the controller controls the imager so as to be able to image the two-dimensional bar code and the light emitted by the light emitter.

Abstract: A system and method for preventing piracy of a given software application limits the number of times that such software application is activated. A given software application must be activated in order to become fully functional. The user must provide a unique software identification code, relating to the specific software which the user is attempting to activate, to a remote provider. The remote provider determines the number of times that such specific software has already been activated, and provides an activation code to the user unless the number of activations exceeds a predetermined threshold. Once activated, the software becomes fully operational, and the user is allowed complete access to its functions.

Abstract: A method, a device, and a communication system include receiving one or more concurrent transmissions from one or more source devices in the communication system; responsive to the one or more concurrent transmissions comprising a single source transmission from a single source device, retransmitting the single source transmission either clear or encrypted based on the single source transmission; responsive to the one or more concurrent transmissions comprising multiple transmissions from multiple source devices, performing one of: summing audio to create a summed resultant stream and broadcasting the summed resultant stream based on matching encryption parameters associated with each of the multiple transmissions; and broadcasting only a selected transmission of the one or more concurrent transmissions from a higher priority source device based on an encryption parameter mismatch between the multiple transmissions, wherein the selected transmission is broadcast based on encryption parameters associated with

Abstract: Embodiments of the present invention relate to providing encrypted content to authorized content consumers while providing robust traitor tracing. In one embodiment, a key bundle comprising at least one device key is read. A key block is read. A media key precursor is determined from the key block and the at least one device key. A security program is read. At least one encrypted block key is read. The security program is executed to determine a decrypted block key from the media key precursor and the encrypted block key. Encrypted content is read. The decrypted block key is applied to the encrypted content to obtain decrypted content.

Abstract: A method of transferring files in a data-processing network using a current node within the network includes reading an outbound content and outbound characteristics of an outbound file. An outbound message is created having outbound strings including a first set of the outbound strings representing the outbound characteristics and a second set of the outbound strings representing the outbound content. The outbound message is sent to a receiver node within the network. An inbound message is received from a sender node within the network. The inbound message has inbound strings including a first set of the inbound strings representing inbound characteristics and a second set of the inbound strings representing inbound content. An inbound file having the inbound content is stored, and the inbound characteristics are applied to the inbound file.

Abstract: Technologies are generally described for providing an encryption method using real-world objects. In some examples, a method may include capturing, by a first electronic device, an external object, generating an object signal associated with the external object, generating an encryption key based on the object signal, and transmitting data encrypted by the encryption key to a second electronic device.

Abstract: A probabilistic system and method facilitates the sharing of a secret among participating users in a private way. The secret shares satisfy the condition that their sum equal a predefined number that is chosen by a third party aggregator. Without interacting with any other user, each user computes a secret share according to a predefined probability density function. If enough parties join, their secret shares can be combined by the aggregator with relative efficiency into a secret with a high likelihood of success.

Abstract: A quantum computer may include topologically protected quantum gates and non-protected quantum gates, which may be applied to topological qubits. The non-protected quantum gates may be implemented with a partial interferometric device. The partial interferometric device may include a Fabry-Pérot double point contact interferometer configured to apply “partial” interferometry to a topological qubit.

Abstract: Described herein are techniques related to implementation of a quantum key distribution (QKD) scheme by a photonic integrated circuit (PIC). For example, the PIC is a component in a wireless device that is used for quantum communications in a quantum communications system.

Abstract: A system, apparatuses and methods are provided to download and process data and other content streamed over a wide area network using one or more dynamically fetched, material specific, data handlers (e.g., download assistants). A download assistant fetches a data stream from a remote location and processes the streamed data iteratively using buffers and multi-threaded processes through the decoder (e.g., codec), allowing source material-specific processing of the data as it is streamed from one or more download sources as well as content-indifferent and platform-indifferent decoding. To minimize versioning issues, payload construction for secure delivery is simplified to packing and encrypting a directory tree containing any number of files or other digital media into an archive and, when needed, dividing a payload into multiple files or archives with a descriptor that lists the archives.

Abstract: The present invention relates to a method for providing a Law Enforcement Agency with user data related to a target subscriber. A Multiservice Proxy (30) is hereby acting as Intercepting Control Element (16). The method comprises the following steps: A request to intercept traffic data related to the target is received (40,41) to the Intercepting Control Element (16). User data related to the target subscriber for which traffic data has been requested is collected (44) in the Intercepting Control Element. The collected data is forwarded (45,46) to a Law Enforcement Management Function.

Abstract: A mobile computing system for providing a high-security execution environment is provided. The mobile computing system separates execution environments in the same mobile device on the basis of virtualization technology and manages user-specific execution environments using the same hardware security module, thereby facilitating protection of personal privacy.

Abstract: Embodiments of the present invention are directed to a method and system for developing an analytic process. The method includes displaying, within an electronic system, a plurality of components operable to be used for designing a data analysis process. A user makes a selection of a data access component from the plurality of components. The data access component is operable for configuring access to a data source. The method further includes the user making a selection of a data selection component from the plurality of components and a data display component. The data selection component is operable for selecting data accessed via the data access component. The data display component is operable for configuring display of data based on the data selection component. Configuration data corresponding to the data access component, the data selection component, and the data display component can then be stored.

Abstract: Field programmable gate arrays can be used as a shared programmable co-processor resource in a general purpose computing system. Components of an FPGA are isolated to protect the FPGA and data transferred between the FPGA and other components of the computer system. For example, data written by the FPGA to memory is encrypted, and is decrypted within the FPGA when read back from memory. Data transferred between the FPGA and other components such as the CPU or GPU, whether directly or through memory, can similarly be encrypted using cryptographic keys known to the communicating components. Transferred data also can be digitally signed by the FPGA or other component to provide authentication. Code for programming the FPGA can be encrypted and signed by the author, loaded into the FPGA in an encrypted state, and then decrypted and authenticated by the FPGA itself, before programming the FPGA with the code.

Abstract: An authentication system for device-to-device (D2D) communication and an authentication method thereof are provided. The authentication system further includes first user equipment (UE) and an authentication server. The authentication server is located within a communication range of the first UE. When the first UE sends a connection request to the authentication server, the authentication server performs a routine authentication procedure on the first UE and provides key generation information to the first UE. The authentication server generates a server key according to the key generation information and a key derivation procedure. The first UE generates an equipment key according to the key generation information and the key derivation procedure to obtain authentication for D2D communication, such that the first user equipment and a second UE obtaining the authentication for D2D communication directly perform the D2D communication without performing the D2D communication through the authentication server.

Abstract: A software trusted platform module (sTPM) operates in a hypervisor, receives trust assurances from specialized hardware, and extends this trust such that the hypervisor performs trust attestation. The hypervisor receives a startup sequence validation from a TPM, or Trusted Platform Module. The TPM performs bus monitoring during a boot sequence of the computer system, records the startup sequence from the bus, and performs a hash on the sequence. The TPM performs an authentication exchange with the hypervisor such that the hypervisor authenticates the attestation of the computer system from the TPM, and the hypervisor, now delegated with trust assurances from the TPM, provides assurances to users via an authentication chain. The ATCB then performs the attestation of the computer system according to the attestation protocol much faster than the TPM. In this manner, the hypervisor operates as a software delegate of the TPM for providing user assurances of trust.

Abstract: A computer-implemented method for providing interfaces for creating transport layer security certificates may include (1) displaying a user interface for configuring a proposed digital certificate for use in a transport layer security protocol, (2) receiving user input via the user interface that specifies a certificate configuration feature for the proposed digital certificate, (3) assessing a projected impact of the certificate configuration feature on a security metric of the proposed digital certificate, and (4) presenting the projected impact of the certification configuration feature on the security metric via the user interface. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The present invention utilizes a high-speed serial data transceiver to generate two high-speed electric pulse signals. After passing through a gain network, the signals are used for driving an electro-optic phase modulator (PM) so as to realize phase modulation of photon signals. The present invention may directly use a high-speed digital signal to realize a four-phase modulation function needed by the BB84 quantum key distribution protocol without using a digital to analog converter or an analog switch. This can prevent modulation rate from being restricted by links including digital-to-analog conversion, switching of the analog and the like. A dual-electrode electro-optic phase modulator scheme can also effectively reduce requirements for amplitude of a modulation driving signal, thus facilitating realization of high-speed phase modulation, which meets requirements of quantum key distribution.

Abstract: Systems and methods for securely transferring authentication information between a user and an electronic resource are disclosed herein. The methods include providing an authentication image to a user interface. The authentication image is associated with a resource-side coordinate system and the providing includes encoding the resource-side coordinate system to generate a user-side coordinate system that is different from the resource-side coordinate system and transmitting the authentication image and the user-side coordinate system to the user interface. The methods further include receiving an encoded coordinate set, which uniquely identifies an authentication location in the user-side coordinate set and that is user-selected from the authentication image, from the user interface and decoding the encoded coordinate set to generate a decoded coordinate set that uniquely identifies the authentication location in the resource-side coordinate set. The systems include systems that perform the methods.

Abstract: A terminal device capable of managing a storage capacity is provided. The terminal device includes a storage which stores a plurality of contents, a controller which selects candidates to be deleted according to a characteristic value from among the plurality of contents and generates a deletion candidate list, a display which displays the deletion candidate list, and an input which receives a user command to select content to be deleted from the deletion candidate list. A method of managing a storage capacity includes checking a storage capacity of a terminal device; in response to the storage capacity meeting a preset capacity condition, selecting candidates to be deleted from among a plurality of contents and generating a deletion candidate list; displaying the deletion candidate list; and deleting at least one content selected from the deletion candidate list.

Abstract: Digital audio signal watermarking in real-time is difficult in an environment that has limited processing power. According to the invention, the channels in a data block-based audio multi-channel signal are prioritized with respect to watermarking importance, whereby the channel priority can change for different input signal data blocks. For a current input signal block, the most important channel is watermarked and the required processing time is determined. If this required processing time is shorter than a predefined application-dependent threshold, the next most important channel is marked and the additionally required processing time is determined, and so on. Due to the block-based nature of the audio watermarking including block overlap/add and due to the sensitivity of the resulting audio quality against blocking artifacts, several problems are solved in order to lead to acceptable performance and quality.

Abstract: Securing encrypted virtual hard disks may include a variety of processes. In one example, a virtual hard disk is created for a user and encrypted with a volume key, and the volume key placed in an administrator header. The administrator header may be encrypted with a protection key, the protection key created from a user identifier corresponding to the user, a volume identifier corresponding to the virtual hard disk, and two cryptographic secrets. The protection key may then destroyed after encrypting the administrator header and therefore, might never leave the encryption engine. The two cryptographic secrets may be stored in separate storage locations, one accessible to the user and the other accessible to administrators. Accordingly, the protection key might never transmitted or can be intercepted, and no single entity may be compromised to gain access to all of the information needed to recreate the protection key.

Abstract: Various embodiments of a computer-implemented method of information security using block cipher column rotations are described. The cipher state column rotations provide resistance to white box side channel memory correlation attacks designed to reverse-engineer a symmetric cipher key associated with the information security system. The column rotation operations can be performed on the cipher state of a block cipher, and then removed from the result, to provide obfuscation of the data when in memory, while not impacting the resulting output of the cipher or decipher operation. The method additionally includes performing a first rotation of an iteration specific cipher subkey according to the first rotation index, performing an iteration of the block cipher operations on the cipher state matrix, and rotating the columns of the cipher state matrix according to an inverse of the first rotation index.

Abstract: Generic media covers can be generated for digital media items submitted by publishers without a personalized media cover. A generic media cover can be generated for a media item by hashing a unique identifier of the media item that remains consistent throughout the life cycle of the media item. Bytes of the hashed value can be translated into graphic parameters which are used to generate the generic graphic. The graphic parameters can be attached to the generic graphic, thus allowing a user to regenerate the generic graphic at a desired resolution at a later point in time. Also disclosed are techniques for ensuring that generic media covers for a bundle of media items appear substantially similar.

Abstract: Described herein is a method and system for hierarchical wireless video with network coding which limits encryption operations to a critical set of network coding coefficients in combination with multi-resolution video coding. Such a method and system achieves hierarchical fidelity levels, robustness against wireless packet loss and efficient security by exploiting the algebraic structure of network coding.

Abstract: A method that builds a chain-of-custody for archived data is disclosed to ensure the integrity and reliability of the archived data. In one implementation, by using a certified Time Stamp Authority (TSA), an indelible record of each time the archived data is touched (e.g. created, stored, retrieved, accessed, tested, moved, or transformed) is generated to build verifiable links between events to ensure the custody of the data can be audited and verified that it has remained intact throughout its lifetime. The chain-of-custody, in combination with the storage architecture that ensures archive data has not changed through various software and hardware means (e.g., multiple hash signatures to ensure integrity, timestamp authorities to pinpoint each time the archived data was touched, location information to pinpoint physical location, and coordinated chain of custody on multiple replicas of the digital artifact) validates that the archived data has not changed since it was archived.

Abstract: This invention introduces a structured software engineering methodology for developing interactive network application systems that use a web browser as a user-dialog engine. The methodology uses two server types: Application Server(s) for instantiating and executing an application instance in binary code, and HTTP Server(s) for delivering to the user's browser the textual HTML+Javascript user-dialog documents used by this application instance during its execution. An application is accessed by executing at the user's browser an Application Instantiation Page (AIP) which is a part of this invention. The methodology is built into a notational programming language.

Abstract: A cryptographic method, including generating, using a meta-secret, a first plurality of cryptographic keys, each cryptographic key associated with a respective key identifier, creating, using the meta-secret, a second plurality of sets of secret-shares, which are capable, by combining all the secrets-shares in any one of the sets together with the respective key identifier, of generating the associated cryptographic key, and performing cryptographic operations using the cryptographic keys. Related methods and apparatus are also included.

Abstract: A method begins by a processing module generating an integrity check value for each encoded data slice of a set of encoded data slices to produce a set of integrity check values. The method continues with the processing module encoding the set of integrity check values to produce encoded integrity check values. The method continues with the processing module sending the encoded integrity check values for storage in a memory system.

Abstract: A method, system, and computer program product for access control for a server application provided between a server executing an application and a client. Access control is added to an existing server application (for example, a legacy application) without changing the application or the database. The method includes: capturing a screen from the server application; determining if the screen includes sensitive content; and checking a client user's authorization before sending a screen including sensitive content to the client. Determining if the screen includes sensitive content may include: carrying out text recognition on the screen content; and analyzing the output of the text recognition to identify sensitive content.

Abstract: The efficiency of multiplication in secure function computation is increased to make the secret function computation faster than before. Three or more computing apparatuses cooperate to generate a secret value of a random number, perform secure function computation for secret values of arbitrary values by using a function including addition and multiplication to compute concealed function values, and compute a secret value. If the secret value is [0], a concealed function value is output; otherwise, information indicating that tampering has been detected is output.

Abstract: An integrated cryptographic apparatus providing confidentiality and integrity includes an integrated cryptographic module including confidentiality and integrity. Further, the integrated cryptographic apparatus includes a hash function unit for detecting whether a message is modified by using the integrated cryptographic module. Furthermore, the integrated cryptographic apparatus includes a block cipher unit for constructing a data encryption algorithm by using the integrated cryptographic module.

Abstract: Methods and apparatus for a configurable-quality random data service are disclosed. A method includes implementing programmatic interfaces enabling a determination of respective characteristics of random data to be delivered to one or more clients of a random data service of a provider network. The method includes implementing security protocols for transmission of random data to the clients, including a protocol for transmission of random data to trusted clients at devices within the provider network. The method further includes obtaining, on behalf of a particular client and in accordance with the determined characteristics, random data from one or more servers of the provider network, and initiating a transmission of the random data directed to a destination associated with the particular client.

Abstract: A method and system of providing conditional access to encrypted content includes receiving unsolicited multiply encrypted video content and first decryption data over a broadcast network. Partially decrypted video content is obtained by decrypting a first layer of encryption of the encrypted video content using the first decryption data. The partially decrypted video content is stored. A request for viewing the encrypted video content is transmitted and second decryption data is received. A second layer of encryption of the encrypted video content is decrypted using the second decryption data.

Abstract: Method and system of key distribution by trusted nodes for a vehicular ad hoc network, the nodes of said network having at least one pair of public-private keys and the corresponding certificates, issued by a CA, said method comprising each vehicle node, on entering said network region, requesting a set of keys from an RSU node that is within range and within that region, said RSU node sending said vehicle node a set of private keys, selected from a pool of private keys, and a list with the key identifiers of the private keys shared by said vehicle node and the other vehicle nodes that have most recently contacted said RSU for a predetermined period of time; such that two nodes are able to establish a secure connection without further interaction by deriving a shared secret which is a cryptographic hash function of the keys shared by said two nodes.

Abstract: An infrastructure for securely communicating with electronic meters is described, which enables secure communication between a utility and a meter located at a customer, over a communication link or connection such as via a network. This enables messages to be sent from the utility to the meter and vice versa in a secure manner. The network provides a communication medium for communicating via the C12.22 protocol for secure metering. A cryptographic backend is used to cryptographically process messages to be sent to the meter and to similarly cryptographically process messages sent from the meter. By providing appropriate cryptographic measures such as key management, confidentiality and authentication, the meter can only interpret and process messages from a legitimate utility and the utility can ensure that the messages it receives are from a legitimate meter and contain legitimate information.

Abstract: A method is described for defining a reserved pattern of symbols, receiving in a crypto-module an input stream including sequential input symbols, applying a cipher to the input stream in the crypto-module so as to generate an intermediate stream including sequential output symbols corresponding respectively to the input symbols, and converting the intermediate stream to an output stream from the crypto-module by comparing successive groups of the input symbols and the corresponding output symbols to the reserved pattern and, upon finding a match to the reserved pattern in a given group, substituting the input symbols in the group into the intermediate stream in place of the corresponding output symbols. Related hardware and systems are also described.

Abstract: A communication terminal that can adjust which section of a one-time pad cipher key is used and achieve cipher communication when there is a possibility that the one-time pad cipher keys are not completely matched between communication terminals. A cipher key transfer device acquires a one-time pad cipher key from a key sharing system, divides the acquired one-time pad cipher key with a predetermined number of bits, and transfers the same to a mobile communication terminal after converting the same into one-time pad cipher key cartridges. Along with the partner's terminal, the mobile communication terminal negotiates which one-time pad cipher key cartridge will be used to perform cipher communication, decides the one-time pad cipher key cartridge to be used, and begins cipher communication.

Abstract: An apparatus includes a logging apparatus and a configuration apparatus. The logging apparatus has a security module operable to create a manipulation-proof log. The configuration apparatus is operable to configure a configurable microprocessor system. The configuration apparatus is further operable to be coupled to the logging apparatus in order to log a configuration of the microprocessor system using the logging apparatus.

Abstract: A method for encrypting a file using a combination of an electronic device and a protection communication-enabled (PCE) wireless device is provided. The method includes using an encryption/decryption engine executing on the electronic device to encrypt a first flag string, which is a binary string stored in a header of the file, with a digest value to create an encrypted flag string. The digest value is associated with the PCE wireless device, which is a device having a transmission application program installed thereon for enabling interaction between the PCE wireless device and the encryption/decryption engine. The method also includes encrypting at least a portion of the file using the digest value and a first password provided by a user, thereby generating an encrypted file that includes an encrypted version of at least a portion of the file, the encrypted flag string, and the first flag string.

Abstract: In a centralized credential management system, website credentials are stored in a vault storage at a vault. The website credentials are encrypted based upon a key not available to the vault and are for authenticating a user to a third party website. Through a client, a user authenticates to the vault and retrieves the encrypted website credentials and parameters and code for properly injecting the credentials into a website authentication form. The website credentials are decrypted at the client and injected into the authentication form using the parameters and code.

Abstract: A method, system and apparatus for management of push content is provided. An intermediation infrastructure mediates traffic from a push content server that is addressed to a computing device. The intermediation infrastructure enforces various policies such that, for example, unwanted communications are not pushed to the computing device.

Abstract: A system and method for realizing specific security features for a mobile device that may store sensitive and private data by providing secured communications to a paired remote device. In this respect, both the mobile device (which may be a mobile phone, for example) and the paired remote device (which may be a keychain, for example) include a SIM card that may have identification data stored therein. Once paired, the two devices may communicate encrypted security messages back and forth in order to implement various security measures to protect data and wireless communications. Such messages may be generated from initial information known only to each respective device such as a randomly generated offset number and a common time reference.

Abstract: Disclosed are various embodiments for obtaining a service request from a client, the service request including plaintext data to be encrypted and associated metadata. Ciphertext data is generated based upon the plaintext data. The ciphertext data is stored in a record in a data store of a cryptographic device. A service response is provided to the client, which includes a record identifier for the record in the data store.

Abstract: Differential uncloneable variability-based cryptography techniques are provided. The differential cryptography includes a hardware based public physically uncloneable function (PPUF) to perform the cryptography. The PPUF includes a first physically uncloneable function (PUF) and a second physically uncloneable function. An arbiter determines the output of the circuit using the outputs of the first and second PUFs. Cryptography can be performed by simulating the PPUF with selected input. The output of the simulation, along with timing information about a set of inputs from where the corresponding input is randomly selected for simulation, is used by the communicating party that has the integrated circuit with the PPUF to search for an input that produces the output. The input can be configured to be the secret key or a part of the secret key.

Abstract: A communication system that includes a sender computer and plurality of designated receiver computers coupled to the sender through a communication link. Each one of the receiver computers is equipped with computational resources stronger than the computational resources of an adversary computer. There is provided a method for sending a secret from the sender computer to a designated receiver computer. The sender computer defining a succession of computational tasks having respective solutions. The computational tasks are so defined such that the duration of solving each task by the receiver computer is shorter than what would have been required for the adversary computer to solve the task. Next, the sender computer sending through the link the succession of tasks encrypted by previous solutions and the receiver computer receiving the tasks and is capable of decrypting the secret faster than what would have been required for the adversary computer to decrypt the secret.

Abstract: A system includes a sending access point and a receiving access point. The sending access point divides a data stream into sets of packets, encrypts a first set of packets using a first encryption protocol, encrypts a second set of packets using a second encryption protocol, where the second encryption protocol is different from the first encryption protocol, transmits, using a first channel over a wireless network, the first set of packets, and transmits, using a second channel over the wireless network, the second set of packets. The receiving access point receives the first set of packets and the second set of packets, decrypts the first set of packets using the first encryption protocol, and decrypts the second set of packets using the second encryption protocol.

Abstract: A system for generating random key stream cipher texts passes an unencrypted random key stream through an AES engine to produce encrypted cipher text having a first block size in a first frequency domain; converts the encrypted cipher text in the first frequency domain to encrypted cipher text in a second frequency domain; and converts the encrypted cipher text having the first block size in the second frequency domain into smaller block sizes. The frequency in the first frequency domain is preferably lower than the frequency in the second frequency domain. The converting of the encrypted cipher text in the first frequency domain to encrypted cipher text in a second frequency domain may be effected by a dual clock domain FIFO.

Abstract: A method of encrypting broadcast and multicast data communicated between two or more parties, each party having knowledge of a shared key, is provided. The key is calculated using values, some of which are communicated between the parties, so that the shared key is not itself transferred. Avoiding the transfer of the key offers several advantages over existing encryption methods.