Abstract: A cryptographic accelerator may include an input buffer to store an additional authenticated data (AAD) portion of a message and a plain text portion of the message. The cryptographic accelerator may include a cryptographic engine to generate cipher text using the plain text portion of the message, generate a message authentication code (MAC) using the AAD portion and either the plain text portion or the cipher text, determine a configuration for creating an assembled message in an output buffer of the cryptographic accelerator, and provide at least the cipher text to the output buffer to create the assembled message in the output buffer according to the configuration. The cryptographic accelerator may include the output buffer to provide the assembled message.

Abstract: A software protection method includes decrypting an encrypted executable file by a processor, and the steps of decrypting include the following steps. A linking instruction is executed in a first execution environment; based on the linking instruction, a signature corresponding to the encrypted executable file is generated in the first execution environment; based on the signature and a hash table, a decryption algorithm is performed and a key is generated in the first execution environment; and the key is transmitted from the first execution environment to a second execution environment that is different from the first execution environment. The encrypted executable file is in the second execution environment. A software protection system is also disclosed herein.

Abstract: A system that includes a fuel dispenser terminal and a remote controller. The fuel dispenser terminal is configured to generate a service request for a fuel purchase that includes card information, encrypt the service request, and send the encrypted service request to the remote controller. The fuel dispenser terminal is further configured to receive a personalized offer in response to sending the encrypted service request and display the personalized offer. The remote controller is configured to decrypt the service request to identify the card information associated with a customer and determine an identity of the customer based on the card information. The remote controller is further configured to generate a personalized offer for the customer based on their identity and send the personalized offer to the fuel dispenser terminal. The remote controller is further configured to re-encrypt the service request and send the re-encrypted service request to a service processor.

Abstract: A security system is disclosed in which a secure communication session is established between an external security processor and an interface device. After insertion of the external security processor into the interface device, an authorization server provides authorization to the external security processor and the interface device based on, for example, identification information for each device. A derived key may be generated using a common device security key, and a seed value stored at the interface device. The derived key may then be used for multiple communication sessions between the interface device and the external security processor.

Abstract: A first entity having a first set of tagged data and a second entity having a second set of tagged data share data that is selected based on a set of common tags present in both the first and second sets of tagged data. The set of common tags is determined using a private set intersection protocol that, in many examples, preserves the privacy of the two entities. In an embodiment, each entity identifies a set of data objects associated with the set of common tags, and another private set intersection protocol is performed to identify a set of common data objects available to both entities. Each entity provides, to the other entity, those data objects associated with the set of common tags that are not in the set of common data objects available to both entities thereby providing a matching set of data objects to both entities.

Abstract: A security circuit includes a decoder configured to receive input data and output a decoding signal in response to the input data, a first encoder configured to output one of first phenotypes corresponding to any one among integers in N-decimal (N is a natural number of 1 or more) as a first encoding value in response to the decoding signal, a second encoder configured to output one of second phenotypes corresponding to any one among integers in N-decimal as a second encoding value in response to the decoding signal, and a gate module circuit configured to generate output data by performing a logic operation on the first encoding value and the second encoding value.

Abstract: A method for establishing a fully private, information secure interconnection between a source and a destination over a data network with at least a portion of a public infrastructure. The method comprising at the source creating n shares of a source data according to a predetermined secret sharing scheme, and encrypting the n shares using (n, k) secret sharing. Further, defining for at least one node vi a directed edge (Vi1, Vi2) that has a k?1 capacity. All outgoing links of vi are connected to vi2. Additionally, using a maximum flow algorithm to define the maximum number of shares outgoing from vi2, and therefore from vi, on each outgoing link. The number of shares forwarded by node vi does not exceed the number of maximum shares that were defined by the maximum flow algorithm.

Abstract: This application relates to the field of wireless communications technologies. Embodiments of this application provide a security protection method, an apparatus, and a system, to resolve a problem of low efficiency in handing over a terminal between serving base stations. The method in this application includes: receiving, by a target access network device, a correspondence between user plane information and a security policy from a source access network device; and determining, by the target access network device based on the correspondence between user plane information and a security policy, a first user plane protection algorithm corresponding to the user plane information, where the first user plane protection algorithm includes one or both of a user plane encryption algorithm and a user plane integrity protection algorithm. This application is applicable to a procedure in which the terminal is handed over between serving base stations.

Abstract: Apparatus for the transfer of sensitive information between two parties facilitated by an intermediary, the apparatus adapted to: receive from the first party voice signals and data signals; determine a parameter relating to an estimate of the time required for sensitive information to be determined from the data signals received from the first party; transmit to the intermediary the received voice signals and the parameter; determine sensitive information from the received data signals; and transmit the sensitive information to the second party. A corresponding method is also provided.

Abstract: Techniques are disclosed for securely distributing entropy in a distributed environment. The entropy that is distributed may be quantum entropy that is generated by a quantum entropy generator or source. The true random entropy generated by a trusted entropy generator can be communicated securely among computer systems or hosts using secure communication channels that are set up using a portion of the entropy. The distribution techniques enable computer systems and hosts, which would otherwise not have access to such entropy generated by the trusted entropy source, to have access to the entropy.

Abstract: Disclosed is a system and method for verifying the authenticity of goods for sale. The system includes an authenticity device on the product which determines a code using a two step authenticity algorithm which inputs time as a variable and outputs the code. The code may be displayed on the authenticity device. The smart device contacts the manufacturer via an application and a wide area network and provides identification information regarding the product. Based on the identification information, the manufacturer finds the copy of the authenticity algorithm stored at the manufacturer, runs the algorithm, and returns the code to the smart device.

Abstract: Disclosed are a codebook processing method, a terminal device, and a network device, the method comprising: determining weighting coefficients for codebook calculation based on a first number and a second number, wherein a value of L representing the first number is half of a number of spatial beams, a value of M representing the second number is a number of discrete fourier transform (DFT) basis vectors, L and M are both integers, and the weighting coefficients comprise amplitude coefficients; performing processing on the weighting coefficients; and transmitting the processed weighting coefficients to a network device through channel state information (CSI).

Abstract: Disclosed are techniques for determining data relationships between privacy-restricted datapoints, sourced over a computer network, which require data privacy measures concealing at least some datapoints from other clients in the network that the datapoint respectively do not originate from. A first client encrypts a first datapoint with a public key of a public/private encryption scheme and communicates it to the second client along with the public key. The second client encrypts a corresponding second datapoint with the public key, then determines a relationship between the two encrypted datapoints, and communicates the determined relationship to a central client along with the public key. Random noise is encrypted by the central client and added to the determined relationship, then sent together to the first client, followed by decryption by the first client using the private key. The central client extracts the random noise after receiving the decrypted determined relationship.

Abstract: Disclosed are a calculation device for encryption using a public key and an encryption method thereof. The present method comprises: a step for setting a secret key, and generating a public key using the secret key and an error extracted from a discrete Gaussian distribution or a distribution that is within a short statistical distance thereto; and a step for applying the public key to a message, and then performing a rounding process to encrypt the message. Accordingly, encryption efficiency can be enhanced.

Abstract: A method and system for automating application of software patches to a server system having a virtualization layer. A plurality of software patches are downloaded to a computer system having a first operating system. The software patches to apply to a server console operating system are then determined. The software patches are automatically copied to the server system by executing a first script file. The copied software patches are automatically decompressed by executing a second script file. The decompressed software patches are installed in a specified order by executing the second script file. The console operating system is rebooted only after all software patches are installed.

Abstract: A processor includes an instruction decoder to receive a first instruction to process a secure hash algorithm 2 (SHA-2) hash algorithm, the first instruction having a first operand associated with a first storage location to store a SHA-2 state and a second operand associated with a second storage location to store a plurality of messages and round constants. The processor further includes an execution unit coupled to the instruction decoder to perform one or more iterations of the SHA-2 hash algorithm on the SHA-2 state specified by the first operand and the plurality of messages and round constants specified by the second operand, in response to the first instruction.

Abstract: A method is disclosed for implementing trust Internet of Things (IoT) services in an IoT device and a user device. The IoT device receives from the user device an authentication request comprising a hash value, first encrypted information and second encrypted information, where the IoT device determines whether the user device is successfully authenticated based on determining the user device public key and confirming that the user device public key exists in a list of access permitted user devices of the IoT device.

Abstract: A method for providing random numbers for control units communicating via a vehicle network, in which a random number generator having an aggregation component, a storage unit and a distribution component is provided. A plurality of control units each with at least one entropy source are formed. Their raw data are transmitted to the aggregation component via the vehicle network. A quality assurance of the combined raw data from the entropy sources is carried out using only those combined raw data which both occur in a non-deterministic manner and contain a minimum degree of entropy as qualified raw data. The qualified raw data are converted into an aggregated data block by a cryptographic one-way function and securely stored as a random number in the storage unit. The random number stored in the storage unit is transmitted to a control unit via the vehicle network by the distribution component.

Abstract: One embodiment of the present invention includes a server machine configured to establish a secure communication channel with a client machine via renewable tokens. The server machine receives a plurality of messages from a client machine over a secure communication channel, where the plurality of messages includes a first message that includes at least two of user authentication data, entity authentication data, first key exchange data, and encrypted message data. The server machine transmits, to the client machine, a second message that includes a master token comprising second key exchange data associated with the first key exchange data and at least one of a renewal time and an expiration time.

Abstract: An inner-product functional encryption scheme in which the maximum length of a ciphertext and the maximum length of a secret key are not restricted can be constructed. An encryption device (20) generates a ciphertext ctx in which a vector x is encrypted, using encryption setting information that is of a size depending on the size of the vector x and is generated using as input public information of a fixed size. A key generation device (30) generates a secret key sky in which a vector y is set, using key setting information that is of a size depending on the size of the vector y and is generated using as input the public information. A decryption device (40) decrypts the ciphertext ctx with the secret key sky to calculate an inner-product value of the vector x and the vector y.

Abstract: A method may include transferring data from a host to an encryption offload engine through an interconnect fabric, encrypting the data from the host at the encryption offload engine, and transferring the encrypted data from the encryption offload engine to a storage device through a peer-to-peer connection in the interconnect fabric. The method may further include transferring the encrypted data from the storage device to the encryption offload engine through a peer-to-peer connection in the interconnect fabric, decrypting the encrypted data from the storage device at the encryption offload engine, and transferring the decrypted data to the host through the interconnect fabric. The method may further include transferring the encrypted data from the storage device to the host, and verifying the encryption of the encrypted data at the host.

Abstract: A method for storing hierarchical data protected by access data in an untrustworthy environment, wherein unique identification values of child nodes of at least one associated tree are determined for the data and are stored together with the data. The root node entry point is calculated based on the access data by means of a predeterminable calculation function in a volatile way, and the root node entry point represents a secret node entry point from which the identification value of a root node of the tree is subsequently calculated. The root node represents one of the child nodes in this tree, as a child node generation step is applied to generate the identification values of the child nodes based on one of the secret node entry points. A child node numbering set contains at least as many different elements as the number of child nodes to be generated is created or used.

Abstract: A path for a node of a computing environment is secured. The securing includes obtaining, by the node, a message that includes an identifier of a shared key and an encrypted message. The node obtains the shared key from a key server and uses it to decrypt the encrypted message to obtain an encryption key and one or more parameters. A security parameters index to be associated with the encryption key and the one or more parameters is obtained. The node sends a response message to another node, the response message including the security parameters index.

Abstract: A scalar multiplication operation includes an iterative procedure performing a set of operations at each iteration on a bit or on a group of consecutive bits of a secret key. The multiplication operation includes multiplying values of projective format coordinates by a random value. The random value is a product of a random number generated over a range having as end value a first value, with a second value, which is larger than said first value. The first value is a power of two of a word size multiplied by a multiplier value, minus one. The second value is equal to a power of two of a number of bits of the coordinates divided by the first value. The multiplier value is an integer greater than or equal to one and smaller than a ratio of said number of bits to the word size.

Abstract: A network interface device comprises an integrated circuit device comprises at least one processor. A network interface device comprises a memory. The integrated device is configured to execute a function with respect to at least a part of stored data in said memory.

Abstract: Disclosed herein are embodiments of a cloud data synchronization system enabling an user operating a mobile client device to download mission-specific data sets from a fixed cloud-based server system to a database of the mobile client device, and then use the downloaded data sets independently on the mobile client device when the mobile client device is disconnected from a network connecting to the fixed cloud-based server system. When connectivity to the fixed cloud-based server system is re-established by the mobile client device in an intermittent and bandwidth-limited communication network environment, the fixed cloud-based server system may provide bi-directional data synchronization between records of the fixed cloud-based server system and the mobile client device to update the data sets on the fixed cloud-based server system and the mobile client device while operating in the intermittent and bandwidth-limited communication network environment.

Abstract: In artificial neural networks, and other similar applications, there is typically a large amount of data involved that is considered sparse data. Due to the large size of the data involved in such applications, it is helpful to compress the data to save bandwidth resources when transmitting the data and save memory resources when storing the data. Introduced herein is a compression technique that selects elements with significant values from data and restructures them into a structured sparse format. By generating metadata that enforces the structured sparse format and organizing the data according to the metadata, the introduced technique not only reduces the size of the data but also consistently places the data in a particular format. As such, hardware can be simplified and optimized to process the data much faster and much more efficiently than the conventional compression techniques that rely on a non-structured sparsity format.

Abstract: A tamper detecting component for a quantum communication system is a trusted node, configurable as a first endpoint trusted node, a middle-trusted node and a second endpoint trusted node. The trusted node has a tamper detection module and a secure memory. The tamper detection module deletes critical system parameters responsive to detecting physical tampering. The trusted node, as the first endpoint trusted node, exchanges a quantum key, encrypts data and transmits encrypted data. The trusted node as the middle-trusted node exchanges a quantum key, exchanges another quantum key, decrypts and re-encrypts data and transmits encrypted data. The trusted node as the second endpoint trusted node exchanges a quantum key, and decrypts data.

Abstract: A central server configured with an Attribute Authority (“AA”) acting as a Trusted Third Party mediating service provider and using X.509-compatible PKI and PMI, VPN technology, device-side thin client applications, security hardware (HSM, Network), cloud hosting, authentication, Active Directory and other solutions. This ecosystem results in real time management of credentials, identity profiles, communication lines, and keys. It is not centrally managed, rather distributes rights to users. Using its Inviter-Invitee protocol suite, Inviters vouch for the identity of Invitees who successfully complete the protocol establishing communication lines. Users establish and respond to authorization requests and other real-time verifications pertaining to accessing each communication line (not end point) and sharing encrypted digital files.

Abstract: There is provided a method comprising: generating and sharing an initial value of an integrity token between an endpoint node and a security backend computer, collecting data at the endpoint node, wherein dissimilar data types are aligned as input events, generating a new integrity token every time a new input event is written to a local repository of the endpoint node, wherein the new integrity token is generated based on the new input event and a prior integrity token that was generated prior to the new integrity token, removing the prior integrity token generated prior to the new integrity token from the endpoint node each time a new integrity token has been generated, and sending one or more input events with the new integrity token to the security backend computer for enabling the security backend computer checking integrity of the data received from the endpoint.

Abstract: Message decryption dependent on third-party confirmation of a condition precedent is disclosed. A message is encrypted with a message encryption key to form an encrypted message. A message decryption key that is configured to decrypt the encrypted message is encrypted with a key of a first entity to which the message is to be disclosed upon occurrence of a condition precedent to form an encrypted message decryption key. The encrypted message decryption key is encrypted with a key of a second entity configured to confirm the occurrence of the condition precedent to form a double encrypted message decryption key. A condition identifier that identifies the condition precedent is generated. The encrypted message, the double encrypted message decryption key, and the condition identifier are sent to the first entity.

Abstract: The embodiments of the present disclosure relate generally to systems and methods for obfuscating the operation of a device, in particular, timing and power consumption information.

Abstract: A surrounding information collection system requests a vehicle to transmit surrounding information, and stores the surrounding information transmitted from the vehicle in response to the request. The surrounding information collection system requests a vehicle to transmit surrounding information, the vehicle acquiring the surrounding information having accuracy greater than a threshold calculated based on accuracy of the stored surrounding information.

Abstract: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret. The different server decrypts the encrypted premaster secret, generates the master secret, and transmits the master secret to the server. The server receives the master secret and continues with the handshake procedure including generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.

Abstract: The invention relates to secure determination of a solution (S) to a computational task by a dealer-free threshold signature group. Access to a resource or reward is offered in exchange for the solution. The method enables individuals in said group to work together in a trust-less, or dealer-free manner. To achieve this, individuals generate their own key pair and use their public key to establish with the group an initial shared public key that they can all use, in parallel, to find a solution to the task. Their own private keys remain secret and, therefore, the collaboration is trust¬less, and operates efficiently, because a verified shared public key is created using the initial shared public key that was used when a solution is found and verified. The resource or reward can be secured by the verified shared public key.

Abstract: Techniques for encrypting keyboard data prior to its being received by an operating system of an endpoint device, reducing the possibility of unencrypted keyboard data being logged by a keylogger application running on the endpoint device. The techniques employ an encryption filter communicably coupled between a keyboard and the endpoint device. The encryption filter receives unencrypted keyboard data from the keyboard, encrypts the keyboard data, and provides the encrypted keyboard data to the operating system of the endpoint device. The techniques can be employed in association with a back-end data processing center of a security standard compliant organization, which can receive the encrypted keyboard data from the endpoint device, and decrypt the keyboard data for use on a host system. In this way, access and/or storage of unencrypted keyboard data at the endpoint device can be avoided.

Abstract: A method includes passing an original text document through distortion filter generators to generate a training dataset that includes distorted text documents. Each distortion filter generator is configured to distort words or letters of words in phrases of text of a facsimile image in a respective unique manner. A neural network model is trained to recognize each respective distortion and match each respective distortion with each respective distortion filter generator based on the training dataset and the original text document. Image data of one facsimile having at least one text distortion is received and inputted to the trained neural network model. The output of the trained neural network model is coupled to an input of an optical character recognition (OCR) engine. The trained neural network model and the OCR engine convert the received image data of the incoming facsimile corrected for the at least one text distortion to machine-encoded text.

Abstract: A quantum state measurement system includes a quantum state generator that generates an optical photon comprising a quantum state. A spectral converter modifies a spectrum of the optical photon and provides the optical photon comprising the quantum state with the modified spectrum. An optical switch switches the optical photon with the modified spectrum to one of a plurality of outputs. A measurement system determines a fidelity of the quantum state of the optical photon with the modified spectrum. A control system provides an electrical control signal to the quantum state generator in response to the determined fidelity of the quantum state that improves a fidelity of at least some subsequent generated optical photons comprising a quantum state that are generated by the quantum state generator after the optical photon.

Abstract: Methods, systems and apparatus for correcting a stream of syndrome measurements produced by a quantum computer. A layered representation of error propagation through quantum error detection circuits is received. The layered representation includes a plurality of line circuit layers that each represent a probability of local detection events in a quantum computer associated with one or more potential error processes in the execution of a quantum algorithm. During execution of the quantum algorithm, one or more syndrome measurements are received from quantum error detection circuits. The syndrome measurements are converted into detection events and written to an array that represents quantum error correction circuits that are grouped together at a sequence of steps in the quantum algorithm. Errors in the execution of the quantum algorithm are determined from the detection events in dependence upon the stored line circuit layers. Based on the determined errors, the syndrome measurements are corrected.

Abstract: A communication device is described including a receiver configured to receive a message including message data and a message authentication code, a first register for storing a received message authentication code and a second register for storing a computed message authentication code. The device also includes a first processor configured to extract the message authentication code from the message and to store the message authentication code in the first register, a second processor configured to compute a message authentication code based on the message data and to store the computed message authentication code in the second register, and a comparing circuit configured to compare the contents of the first register and the second register and to provide a comparison result.

Abstract: Methods, apparatus and computer software are provided for authorizing an EMV transaction between a user device and a point of sale terminal, particularly, but not exclusively, in situations where a secure element is not made available for the deployment of a payment application on the user device. The payment application is instead deployed to a processing environment that is outside of any secure element on the user device. The payment application is associated with a certificate and a corresponding hash. The hash is adapted to be generated on the basis of an application expiration date parameter, which is adapted to comprise data indicative of an expiration date of day level granularity associated with the certificate. During processing of the EMV transaction, the point-of-sale terminal verifies the hash, thereby establishing the authenticity of the application expiration date, and hence the validity of the certificate.

Abstract: Techniques for sharing secret key information in a system that includes a remote server that proxies cryptographic keys. In one technique, a proxy server receives, from a client device, a request for a cryptographic operation. The proxy server also receives, from the client device, secret key information that is associated with the request. Prior to the request, the proxy server did not have access to the secret key information. While storing the secret key information in memory of the proxy server, the proxy server sends the secret key information to a cryptographic device that stores one or more cryptographic key. The proxy server does not store the secret key information in any persistent storage. The cryptographic device performs the cryptographic operation based on the secret key information.

Abstract: A system for analyzing audio content is disclosed. In general, the system includes a transcription module, a correlation module, and a database. The transcription module is configured to receive a plurality of audio (and video) files generated by a plurality of different sources, execute speech-to-text transcriptions in real-time based on portions of audio content included within the audio files, and generate written transcripts of such transcriptions. The correlation module is configured to receive metadata associated with each of such audio files, derive correlations between such written transcripts and metadata, and report such correlations to a user of the system (and/or conclusions and classifications based on such correlations). The database is configured to receive, record, and make accessible for searching and review the correlations generated by the correlation module.

Abstract: Free-Space key distribution method comprising exchanging information between an emitter (100) and a receiver (200) based on the physical layer wiretap channel model, comprising the steps of randomly preparing (710), at the emitter (100), one qubit encoded with one of two possible non-identical quantum states, sending (720) the encoded qubit to the receiver (200) through a physical layer quantum-enhanced wiretap channel (500), such that an eavesdropper (300) tapping said channel is provided with partial information about the said states only, detecting and measuring (730) the received quantum states, key sifting (740) between the emitter and the receiver through a classical channel, calculating (750, 760) an amount of information available to any eavesdropper (300) based on the detected and received quantum states.

Abstract: An apparatus includes a memory and a hardware processor. The memory stores identification information of a user. The processor receives from a device a request for the identification information of the user and in response to the request, appends a data element to the identification information to produce a protected message. The processor also encrypts the protected message to produce an encrypted message and communicates the encrypted message to the device. The data element executes in response to the encrypted message being decrypted, and the data element encrypts the identification information when the data element executes.

Abstract: The present invention provides a secure technique that allows two communication apparatus that perform encrypted communication to have a common initial solution. A large number of user apparatuses all have a function of generating the same solution under the same condition as far as the user apparatuses have the same initial solution, and can perform encrypted communication using solutions successively generated in synchronization from the same initial solution. All the user apparatuses and a server share the same initial solution and have a function of generating the same solution under the same condition and thus can generate synchronized solutions. The server generates synchronization information, which is information required to generate the initial solution but is not the initial solution itself (S2002), and transmits the synchronization information to at least one of two user apparatuses performing encrypted communication (S2003).

Abstract: A root key (K_iwf) is derived at a network and sent to MTC UE (10). The K_iwf is used for deriving subkeys for protecting communication between MTC UE (10) and MTC-IWF (20). In a case where HSS (30) derives the K_iwf, HSS (30) send to MTC-IWF (20) the K_iwf in a new message (Update Subscriber Information). In a case where MME (40) derives the K_iwf, MME (40) sends the K_iwf through HSS (30) or directly to MTC-IWF (20). MTC-IWF (20) can derive the K_iwf itself. The K_iwf is sent through MME (40) to MTC UE (10) by use of a NAS SMC or Attach Accept message, or sent from MTC-IWF (20) directly to MTC UE (10). In a case where the K_iwf is sent from MME (40), MME (40) receives the K_iwf from HSS (30) in an Authentication Data Response message, or from MTC-IWF (20) directly.

Abstract: Techniques for using signed nonces to secure cloud shells are provided. The techniques include receiving, by a session manager service, a request to connect a user device to a secure connection to a secure shell instance. The session manager service may authorize the user device to access the secure shell instance and may configure the secure shell instance, being described by a shell identifier of the secure shell instance. The techniques also include generating, by the session manager service, a nonce token and providing the shell identifier, and a router address of the secure shell router to the user device. The techniques also include generating, by the session manager service, a signed nonce token using the nonce token; and providing the signed nonce token and the shell identifier to a user device.

Abstract: Disclosed are a system and method for calculating elliptic curve cryptography scalar multiplication using an FPGA (Field Programmable Gate Array), the system and method scheduling calculation, which is used in a Montgomery ladder Algorithm, and enabling efficient calculation through an improved modular arithmetic calculation method. The system for calculating elliptic curve cryptography (ECC) scalar multiplication using an FPGA includes: a scheduler implementing Montgomery ladder step calculation in a pipeline structure; a pipeline modular adder/subtractor implementing n-bit modular addition in a d-stage pipeline structure; and a modular multiplier implementing n-bit modular multiplication in a 10-stage pipeline structure up to maximum 256 bits.

Abstract: A computer-implemented method and a system provide a complete traceability of changes incurred in a security policy corresponding to a resource. A policy tracing engine (PTE) monitors and determines events of interest occurring at the resource. The PTE determines administrator-initiated intent-based changes and dynamic event-based changes incurred in the security policy and assigns a unique policy identifier (UPI) to the security policy. The UPI is a combination of unique identifiers assigned to the intent-based change and the event-based change. The PTE recomputes and stores the security policy and the UP in a policy database. The PTE receives network access information including the UPI from the corresponding resource deployed with the security policy. The PTE generates a traceability report that provides a complete traceability of each policy action performed in a networked environment to a source of each change incurred in the security policy as identified by the UPI.